-
glance (1:2014.1.5-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: access restrictions bypass via status changing
- debian/patches/CVE-2015-5251.patch: prevent image status being
directly modified in glance/api/v1/__init__.py,
glance/api/v1/images.py, glance/tests/functional/v1/test_api.py,
glance/tests/integration/legacy_functional/test_v1_api.py,
test-requirements.txt.
- CVE-2015-5251
* SECURITY UPDATE: storage quota bypass
- debian/patches/CVE-2015-5286.patch: cleanup chunks for deleted image
if token expired in glance/api/v1/upload_utils.py,
glance/api/v2/image_data.py.
- CVE-2015-5286
* SECURITY UPDATE: image status manipulation through locations removal
- debian/patches/CVE-2016-0757.patch: prevent user from removing last
location of the image in glance/api/v2/images.py,
glance/tests/functional/v2/test_images.py,
glance/tests/unit/v2/test_images_resource.py.
- CVE-2016-0757
-- Marc Deslauriers <email address hidden> Fri, 25 Aug 2017 13:10:04 -0400
-
glance (1:2014.1.5-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (f66170d) (LP: #1467533):
- [f66170d] Fix Icehouse RBD delete image on creation failure
* d/p/fix-requirements.patch: Rebased
-- Corey Bryant <email address hidden> Mon, 22 Jun 2015 10:12:40 -0400
-
glance (1:2014.1.4-0ubuntu2) trusty; urgency=medium
* d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).
-- Corey Bryant <email address hidden> Mon, 30 Mar 2015 08:54:37 -0400
-
glance (1:2014.1.4-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (81ea399) (LP: #1432608):
- [f1260cc] Cleanup chunks for deleted image that was 'saving'
- [7d3a1db] Prevent file, swift+config and filesystem schemes
- [8bdb7ed] To prevent client use v2 patch api to handle file and swift location
- [4b5cb74] Can not delete images if db deadlock occurs
- [ef77c79] Move oslo.vmware higher in requirements.txt
- [312e93e] Make rbd store's pool handling more universal
- [81ea399] Do not log password in swift URLs in g-registry
* d/p/fix-requirements.patch: Rebased
-- Corey Bryant <email address hidden> Thu, 19 Mar 2015 08:56:17 +0000
-
glance (1:2014.1.3-0ubuntu1) trusty; urgency=medium
[ Corey Bryant ]
* Resynchronize with stable/icehouse (01ebe84) (LP: #1377136):
- [f43b1c2] Block sqlalchemy-migrate 0.9.2
- [d0453ae] Check on schemes not stores
- [bba31d0] Fix collection order issues and unit test failures
- [31a4d18] Enforce image_size_cap on v2 upload
- [fcc9379] Fix image killed after deletion
- [01ebe84] Set python hash seed to 0 in tox.ini
-- Chuck Short <email address hidden> Mon, 06 Oct 2014 08:49:14 -0400
-
glance (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium
* SECURITY UPDATE: Enforce image_size_cap on v2 upload
- debian/patches/CVE-2014-5356.patch: ensure image_size_cap should be
checked and enforced on upload
- CVE-2014-5356
- LP: #1315321
-- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:22:53 -0500
-
glance (1:2014.1.2-0ubuntu1) trusty; urgency=medium
[ Corey Bryant ]
* Resynchronize with stable/icehouse (94383db) (LP: #1354159):
- [5508653] Fix lazy translation UnicodeErrors
- [94383db] Provide explicit image create value for test_image_paginate case
* d/p/fix-requirements.patch: Refreshed.
* d/p/skip-tests.patch: Dropped.
* d/p/skip-tests-2.patch: Updated description.
[ James Page ]
* d/watch: Point to tarballs.openstack.org for release artifacts.
-- Corey Bryant <email address hidden> Thu, 07 Aug 2014 17:09:28 -0400
-
glance (1:2014.1.1-0ubuntu2) trusty; urgency=medium
* d/p/skip-tests-2.patch: Add patch to skip broken upstream tests.
See https://bugs.launchpad.net/glance/+bug/1298918.
glance (1:2014.1.1-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (cd1c30a) (LP: #1328134):
- [19de115] Prevent creation of http images with invalid URIs
- [e96a53a] Fixes installation of test-requirements
- [cd1c30a] Updated from global requirements
* d/p/fix-requirements.patch: Add patch to drop minimum version requirement
for six.
-- Corey Bryant <email address hidden> Tue, 01 Jul 2014 17:09:32 -0400
-
glance (1:2014.1.1-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (cd1c30a) (LP: #1328134):
- [19de115] Prevent creation of http images with invalid URIs
- [e96a53a] Fixes installation of test-requirements
- [cd1c30a] Updated from global requirements
* d/p/fix-requirements.patch: Add patch to drop minimum version requirement
for six.
-- Corey Bryant <email address hidden> Mon, 09 Jun 2014 14:55:05 -0400
-
glance (1:2014.1-0ubuntu1) trusty; urgency=medium
* New upstream release (LP: #1299055).
-- Corey Bryant <email address hidden> Wed, 16 Apr 2014 13:07:26 -0400
-
glance (1:2014.1~rc2-0ubuntu1) trusty; urgency=medium
[ Chuck Short ]
* New upstream release candidate (LP: #1299055).
* debian/patches/sql_conn.patch: Refreshed.
* debian/glance-api.install: Install missing schema.json file.
(LP: #1307518)
[ Thomas Bechtold ]
* debian/glance-common.postinst: Set correct owner/group for /var/lib/glance
and subdirs only on local filesystems (LP: #1302044).
-- Chuck Short <email address hidden> Sat, 12 Apr 2014 08:45:20 -0400
-
glance (1:2014.1~rc1-0ubuntu1) trusty; urgency=medium
[ James Page ]
* d/glance-common.postinst: Don't recursively set permissions on
/var/lib/glance as it might not be a local filesystem (LP: #1214947).
[ Chuck Short ]
* debian/control: Use python-oslosphinx.
* debian/patches/use-oslo.sphinx.patch: Dropped no longer needed.
[ Corey Bryant ]
* New upstream release (LP: #1299055).
-- Corey Bryant <email address hidden> Tue, 01 Apr 2014 16:57:09 -0400
-
glance (1:2014.1~b3-0ubuntu2) trusty; urgency=medium
* d/glance-registry.postinst: Tidy detection of the default sqlite
connection when running db_sync (LP: #1290423).
-- James Page <email address hidden> Thu, 13 Mar 2014 10:38:35 +0000
-
glance (1:2014.1~b3-0ubuntu1) trusty; urgency=low
* New upstream release.
* debian/patches/bump-sqlalchemy-versions.patch: Dropped no longer needed.
* debian/patches/disable-network-for-docs.patch: Dropped no longer needed.
* debian/patches/use-oslo.sphinx.patch: Use oslo.sphinx for the namespace.
* debian/control:
- Dropped python-nose as a build dependency.
- Add testrepository as a build dependency.
- Add python-suds as a build dependency.
- Add python-oslo.vmware as a build dependency.
-- Chuck Short <email address hidden> Thu, 06 Mar 2014 12:54:54 -0500
-
glance (1:2014.1~b2-0ubuntu1) trusty; urgency=medium
* New upstream release.
* debian/control: Add python-psutil as a build dependency.
* debian/patches/skip-tests.patch: Rediffed.
* debian/patches/debian/patches/ensure_versioned_db_models.patch:
Removed crufty patch.
-- Chuck Short <email address hidden> Thu, 23 Jan 2014 13:09:00 -0500
-
glance (1:2014.1~b1-0ubuntu1) trusty; urgency=low
* New upstream release.
* debian/control:
- Open icehouse release.
- Add python-oslo.messaging dependency.
* debian/patches/skip-patches: Refreshed.
* debian/rules: Refactored doc creation.
-- Chuck Short <email address hidden> Thu, 05 Dec 2013 13:10:01 -0500
-
glance (1:2013.2-0ubuntu1) saucy; urgency=low
* New upstream release (LP: #1236462).
-- Chuck Short <email address hidden> Thu, 17 Oct 2013 10:11:10 -0400
-
glance (1:2013.2~rc2-0ubuntu1) saucy; urgency=low
* New upstream release candidate.
-- Chuck Short <email address hidden> Fri, 11 Oct 2013 09:50:59 -0400
