# HG changeset patch
# User Drew Fisher <drew.fisher@oracle.com>
# Date 1422487708 28800
# Node ID 86697167a9fba69f02b6ed26d81edaa16fead51d
# Parent  cfab3c6e04f155c21653770f68d17aa240b929d3
20433402 The fix for 20388250 is incomplete

diff -r cfab3c6e04f1 -r 86697167a9fb components/openstack/glance/patches/08-CVE-2015-1195.patch
--- a/components/openstack/glance/patches/08-CVE-2015-1195.patch	Wed Jan 28 13:37:34 2015 -0800
+++ b/components/openstack/glance/patches/08-CVE-2015-1195.patch	Wed Jan 28 15:28:28 2015 -0800
@@ -13,7 +13,7 @@
  store_opts = [
      cfg.ListOpt('known_stores',
                  default=[
-@@ -382,11 +384,11 @@ def validate_external_location(uri):
+@@ -382,10 +384,10 @@ def validate_external_location(uri):
      :param uri: The URI of external image location.
      :return: Whether given URI of external image location are OK.
      """
@@ -21,11 +21,7 @@
 -    valid_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys()
 -                     if scheme != 'file' and scheme != 'swift+config']
 -    return pieces.scheme in valid_schemes
-
-+    # TODO(gm): Use a whitelist of allowed schemes
++    # TODO(gm): Use a whitelist of allowed_schemes
++    known_schemes = [scheme for scheme in location.SCHEME_TO_CLS_MAP.keys()]
 +    scheme = urlparse.urlparse(uri).scheme
-+    return (scheme in get_known_schemes() and
-+            scheme not in RESTRICTED_URI_SCHEMAS)
-
- class ImageRepoProxy(glance.domain.proxy.Repo):
-
++    return (scheme in known_schemes and scheme not in RESTRICTED_URI_SCHEMAS)