Package: horizon / 2012.1.1-10
Patch seriesview the series file
|CVE 2012 3540_disallow_login_redirect_other_than_same_origin.patch | (download)||
9 8 + 1 - 0 !
disallow login redirects to anywhere other than the same origin.
|keyerror 688254.patch | (download)||
50 50 + 0 - 0 !
fixes a keyerror when displaying instances & volumes . bug 1053488 prevents the display of the Instances & Volumes page for every account with administrative permissions, once a volume has been created and attached to an instance. While there are workarounds ( such as using an unprivileged account to display the same page ), it affects almost all admin users deploying the current release of horizon in Essex. . The source of the problem is that the relevant portion of code loops over all existing volumes while it only has access to the instances that are owned by the current tenant. As a consequence, it fails to find the instance to which a volume is attached when it does not belong to the current tenant. . A possible fix would be to change the behaviour of the volume list API so that it only returns the volumes of the current tenant even when the user has administrative rights. However, this would be a user visible change that may have side effects beyond the current bug. . The proposed patch catches the lookup error when the instance is not found for a given volume and creates a fake instance object which will only be used to display the name "UNKNOWN". . The associated test re-creates the conditions and derives from the class that will give administrative permissions to the test user. However, since the data is created from fixed data instead of being actually retrieved from the API, this derivation is only included to illustrate the purpose of the test. . Once 2012.1.2 is released, this patch should be dropped, if https://bugs.launchpad.net/horizon/+bug/1053488 has been fixed in stable/essex. .
|launch from volume with valid volume size.patch | (download)||
1 1 + 0 - 0 !
launch from volume with valid volume size