lp:~soren/ubuntu/oneiric/nova/reconcile-with-security

Branch merges

Propose for merging

No branches dependent on this one.

Rejected for merging into lp:ubuntu/oneiric-proposed/nova

Ubuntu Development Team: Pending requested 2011-10-27

Diff: 1610 lines (+1514/-9)

10 files modified

.pc/applied-patches (+1/-0)
.pc/security-fix-lp868360.patch/Authors (+125/-0)
.pc/security-fix-lp868360.patch/nova/api/ec2/__init__.py (+440/-0)
.pc/security-fix-lp868360.patch/nova/auth/manager.py (+842/-0)
Authors (+1/-0)
debian/changelog (+30/-0)
debian/patches/security-fix-lp868360.patch (+70/-0)
debian/patches/series (+1/-0)
nova/api/ec2/__init__.py (+2/-1)
nova/auth/manager.py (+2/-8)

api

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #868360: Incorrect secret key causes user details to be revealed

High

Fix Released

Link a bug report

Related blueprints

47. By Soren Hansen on 2011-10-27

Merge update from oneiric-security and add new changelog entry for -proposed:
* 2011.3-0ubuntu6.1 never made it past -proposed, due to 2011.3-
  0ubuntu6.2 which was a security fix (without the changes from
  2011.3-0ubuntu6.1). This upload brings the changes from 2011.3-
  0ubuntu6.1 back.
* SECURITY UPDATE: fix information leak via invalid key
  debina/patches/security-fix-lp868360.patch: adjust nova/auth/manager.py
  to not return access, secret or admin fields for User error and
  project_manager_id, description and member_ids for Project
  - LP: #868360
  - CVE-2011-XXXX

46. By Chuck Short on 2011-10-12

[Scott Moser]
* Removed db_pool complexities from nova.db.sqlalchemy.session (LP: #838581)

[Chuck Short]
* debian/patches/fix-iscsi-target-path.patch: Fix ISCSI target path patch.
  (LP: #871278)
* debian/control: Either install xen-hypervisor-4.1-amd64 or
  xen-hypervisor-4.1-i386 for nova-compute-xen. (LP: #873243)

45. By Robie Basak on 2011-10-05

* debian/patches/backport-libvirt-console-pipe.patch:
  - Patch updated to fix race on instance termination (LP: #868349)

44. By James Page on 2011-10-04

* debian/nova-common.postinst:
  - Set permissions recursively on /var/lib/nova to nova:nova for new
    installations (LP: #865169).
* debian/patches/backport-libvirt-console-pipe.patch:
  - Patch updated to use correct patchset from upstream - incorrect version
    was uploaded in -0ubuntu4 (LP: #832507).

43. By Chuck Short on 2011-09-30

[James Page]
* debian/nova-common.postinst:
  - Exclude mounted LXC rootfs filesystems within /var/lib/nova from
    user/group ownership changes (LP: #861260).
  - Ensure that primary group for 'nova' user is 'nova' so that files
    created by this user have the correct group ownership.

[Adam Gandelman]
* debian/nova-common.postinst: Restrict permissions of /var/log/nova
  (LP: #862816)

[Ante Karamatic]
* Add /usr/sbin/ietadm to sudoers (LP: #861547)
* debian/control: Fix typo in Vcs-Bzr

[Chuck Short]
* debian/patches/backport-libvirt-console-pipe.patch:
  Move console.log to a ringbuffer so that the console.log
  keeps filling up. (LP: #832507)
* debian/patches/backport-lxc-container-console-fix.patch:
  Make euca-get-console-output usable for LXC containers.
  (LP: #832159)
* debian/patches/backport-snapshot-cleanup.patch:
  Enforce snapshot cleanup. (LP: #861582).
* debian/patches/fix-lp863305-images-permission.patch:
  Fix image access control. (LP: #863305)

42. By Chuck Short on 2011-09-27

[Adam Gandelman]
* debian/nova-common.postinst: Create 'nova' group, add user to it
  (LP: #856530)
* debian/nova.conf, debian/nova-compute.upstart.in: Move reference of
  nova-compute.conf from nova.conf to nova-compute's argv. (LP: #839796)

[Chuck Short]
* debian/patches/backport-recreate-gateway-using-dhcp.patch:
  Makes sure to recreate gateway for moved ip. (LP: #859587)
* debian/control: Update Vcs info.

[ Scott Moser ]
* debian/patches/fqdn-in-local-hostname-of-ec2-metadata.patch
  Make the 'local-hostname' in the EC2 Metadata service contain
  the domainname also. (LP: #854614)

41. By Chuck Short on 2011-09-23

[Chuck Short]
* debian/rules, debian/control: Use dh_python2
* debian/control, debian/series,
  debian/patches/backport-iscsitarget-choice.patch,
  debian/nova_sudoers:
  + Change the default from iscsitarget to tgt.
* debian/control, debian/series,
  debian/patches/use-netcat-instead-of-socat.patch,
  debian/nova_sudoers:
   + Change from socat to netcat.
* debian/patches/block-migration-needs-copy-backingfile.patch:
  Fix block migration by needing to copy backing_file.

[Monty Taylor]
* Install a new paste config to enable deprecated auth.,

40. By Chuck Short on 2011-09-22

[Chuck Short]
* New upstream release.
* debian/control, debian/nova_sudoers:
  + Add iputils-arping and add /usr/bin/apring.
* debian/nova_sudoers: Clean up missing binaries.

[Monty Taylor]
* debian/control:
  + Add vlan to nova-compute

39. By Chuck Short on 2011-09-20

* debian/nova_sudoers:
  + Fix typo in nova_sudoers.
  + Tabs vs Spaces.
* debian/nova.conf:
  + Use force_dhcp_release.

38. By Chuck Short on 2011-09-16

* New uptream version.
* debian/rules: Dont fail tests.