Package: horizon / 2012.1.1-10

Metadata

Package Version Patches format
horizon 2012.1.1-10 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
CVE 2012 3540_disallow_login_redirect_other_than_same_origin.patch | (download)

horizon/views/auth_forms.py | 9 8 + 1 - 0 !
1 file changed, 8 insertions(+), 1 deletion(-)

 disallow login redirects to anywhere other than the same origin.
keyerror 688254.patch | (download)

horizon/dashboards/nova/instances_and_volumes/tests.py | 50 50 + 0 - 0 !
horizon/dashboards/nova/instances_and_volumes/views.py | 8 7 + 1 - 0 !
2 files changed, 57 insertions(+), 1 deletion(-)

 fixes a keyerror when displaying instances & volumes
 .
 bug 1053488 prevents the display of the Instances & Volumes page for
 every account with administrative permissions, once a volume has been
 created and attached to an instance. While there are workarounds (
 such as using an unprivileged account to display the same page ), it
 affects almost all admin users deploying the current release of
 horizon in Essex.
 .
 The source of the problem is that the relevant portion of code loops
 over all existing volumes while it only has access to the instances
 that are owned by the current tenant. As a consequence, it fails to
 find the instance to which a volume is attached when it does not
 belong to the current tenant.
 .
 A possible fix would be to change the behaviour of the volume list
 API so that it only returns the volumes of the current tenant even
 when the user has administrative rights. However, this would be a
 user visible change that may have side effects beyond the current
 bug.
 .
 The proposed patch catches the lookup error when the instance is not
 found for a given volume and creates a fake instance object which
 will only be used to display the name "UNKNOWN".
 .
 The associated test re-creates the conditions and derives from
 the class that will give administrative permissions to the test
 user. However, since the data is created from fixed data instead of
 being actually retrieved from the API, this derivation is only
 included to illustrate the purpose of the test.
 .
 Once 2012.1.2 is released, this patch should be dropped, if
 https://bugs.launchpad.net/horizon/+bug/1053488
 has been fixed in stable/essex. 
 . 
launch from volume with valid volume size.patch | (download)

AUTHORS | 1 1 + 0 - 0 !
horizon/dashboards/nova/images_and_snapshots/images/forms.py | 2 1 + 1 - 0 !
horizon/dashboards/nova/images_and_snapshots/images/tests.py | 6 3 + 3 - 0 !
horizon/dashboards/nova/images_and_snapshots/images/views.py | 2 1 + 1 - 0 !
4 files changed, 6 insertions(+), 5 deletions(-)

 launch from volume with valid volume size