--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/components/openstack/glance/patches/09-CVE-2015-5286.patch	Mon Oct 19 13:13:17 2015 -0700
@@ -0,0 +1,80 @@
+From 868d9161c60f839cbf53393b804d7c0c41338e5b Mon Sep 17 00:00:00 2001
+From: Mike Fedosin <[email protected]>
+Date: Thu, 1 Oct 2015 18:28:48 +0300
+Subject: [PATCH] Catch NotAuthenticated exception in import task
+
+If glance uses registry as data_api then it's possible
+that token may expire during image import task and Glance
+will have NotUauthenticated exception.
+
+This code adds a correct handling of this exception and
+allows Glance to remove stale chunks from store.
+
+Partial-Bug: #1498163
+
+Change-Id: Ia6e1fe0d27b13b920ee7e728feb5305dec77e066
+(cherry picked from ebdf076cc9bd5d9239cdc96c6e7cecc72f852bbb)
+---
+ glance/common/scripts/image_import/main.py         |  3 ++-
+ .../unit/common/scripts/image_import/test_main.py  | 26 ++++++++++++++++++++++
+ 2 files changed, 28 insertions(+), 1 deletion(-)
+
+diff --git a/glance/common/scripts/image_import/main.py b/glance/common/scripts/image_import/main.py
+index ced93c9..5e9dc5c 100644
+--- a/glance/common/scripts/image_import/main.py
++++ b/glance/common/scripts/image_import/main.py
+@@ -109,7 +109,8 @@ def import_image(image_repo, image_factory, task_input, task_id, uri):
+                     "processing.") % {"image_id": image_id,
+                                       "task_id": task_id}
+             raise exception.Conflict(msg)
+-    except (exception.Conflict, exception.NotFound):
++    except (exception.Conflict, exception.NotFound,
++            exception.NotAuthenticated):
+         with excutils.save_and_reraise_exception():
+             if new_image.locations:
+                 for location in new_image.locations:
+diff --git a/glance/tests/unit/common/scripts/image_import/test_main.py b/glance/tests/unit/common/scripts/image_import/test_main.py
+index a81a66c..78ba8a2 100644
+--- a/glance/tests/unit/common/scripts/image_import/test_main.py
++++ b/glance/tests/unit/common/scripts/image_import/test_main.py
+@@ -16,7 +16,10 @@
+ import mock
+ import urllib2
+ 
++import glance.common.exception as exception
+ from glance.common.scripts.image_import import main as image_import_script
++from glance.common import store_utils
++
+ import glance.tests.utils as test_utils
+ 
+ 
+@@ -91,3 +94,26 @@ class TestImageImport(test_utils.BaseTestCase):
+         image = mock.Mock()
+         self.assertRaises(urllib2.URLError,
+                           image_import_script.set_image_data, image, uri, None)
++
++    @mock.patch.object(image_import_script, 'create_image')
++    @mock.patch.object(image_import_script, 'set_image_data')
++    @mock.patch.object(store_utils, 'delete_image_location_from_backend')
++    def test_import_image_failed_with_expired_token(
++            self, mock_delete_data, mock_set_img_data, mock_create_image):
++        image_id = mock.ANY
++        locations = ['location']
++        image = mock.Mock(image_id=image_id, locations=locations)
++        image_repo = mock.Mock()
++        image_repo.get.side_effect = [image, exception.NotAuthenticated]
++        image_factory = mock.ANY
++        task_input = mock.Mock(image_properties=mock.ANY)
++        uri = mock.ANY
++
++        mock_create_image.return_value = image
++        self.assertRaises(exception.NotAuthenticated,
++                          image_import_script.import_image,
++                          image_repo, image_factory,
++                          task_input, None, uri)
++        self.assertEqual(1, mock_set_img_data.call_count)
++        mock_delete_data.assert_called_once_with(
++            mock_create_image().context, image_id, 'location')
+-- 
+1.9.1
+