[openstack-glance/el6-grizzly] avoid issue with crypto compat patch (#906051)

Mon May 13 00:23:12 UTC 2013

commit 71a2845d8a3fb5b0509a806045f8bb8e8b1ef4be
Author: Pádraig Brady <P at draigBrady.com>
Date:   Mon May 13 00:49:38 2013 +0100

    avoid issue with crypto compat patch (#906051)
    
    Conflicts:
    
    	openstack-glance.spec

 Avoid-NULLs-in-crypto-padding.patch |   47 +++++++++++++++++++++++++++++++++++
 openstack-glance.spec               |    7 ++++-
 2 files changed, 53 insertions(+), 1 deletions(-)
---

diff --git a/Avoid-NULLs-in-crypto-padding.patch b/Avoid-NULLs-in-crypto-padding.patch
new file mode 100644
index 0000000..7ebb40b
--- /dev/null
+++ b/Avoid-NULLs-in-crypto-padding.patch
@@ -0,0 +1,47 @@
+From 4458d6af24ba1e9dcb72b7b15b99cba9dce6b4ca Mon Sep 17 00:00:00 2001
+From: Eoghan Glynn <eglynn at redhat.com>
+Date: Wed, 30 Jan 2013 17:43:52 +0000
+Subject: [PATCH] Avoid NULLs in crypto padding.
+
+Also include missing import of the os module.
+
+The problem does not exist upstream, as the regression was
+introduced in a RHEL-specific patch:
+
+  efebcc2b36353becd1e570ce4b4be5a659fa78e3
+
+Fixes bug: 906051
+
+Change-Id: I70a9b3340ff454ae75c32ee75e121f0de4de938b
+Reviewed-on: https://code.engineering.redhat.com/gerrit/2809
+Reviewed-by: Nikola Dipanov <ndipanov at redhat.com>
+Tested-by: Nikola Dipanov <ndipanov at redhat.com>
+---
+ glance/common/crypt.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/glance/common/crypt.py b/glance/common/crypt.py
+index ef6496b..3874de7 100644
+--- a/glance/common/crypt.py
++++ b/glance/common/crypt.py
+@@ -21,6 +21,10 @@ Routines for URL-safe encrypting/decrypting
+ """
+ 
+ import base64
++import os
++import random
++import string
++
+ from Crypto.Cipher import AES
+ 
+ 
+@@ -38,7 +42,8 @@ def urlsafe_encrypt(key, plaintext, blocksize=16):
+         Pads text to be encrypted
+         """
+         pad_length = (blocksize - len(text) % blocksize)
+-        pad = os.urandom(pad_length - 1)
++        pad = "".join([random.choice([chr(i) for i in range(1,0xFF)])
++                      for j in xrange(pad_length - 1)])
+         # We use chr(0) as a delimiter between text and padding
+         return text + chr(0) + pad
+ 
diff --git a/openstack-glance.spec b/openstack-glance.spec
index ca46db9..ebf4ec3 100644
--- a/openstack-glance.spec
+++ b/openstack-glance.spec
@@ -1,6 +1,6 @@
 Name:             openstack-glance
 Version:          2013.1
-Release:          1%{?dist}
+Release:          2%{?dist}
 Summary:          OpenStack Image Service
 
 Group:            Applications/System
@@ -21,6 +21,7 @@ Patch0001: 0001-Don-t-access-the-net-while-building-docs.patch
 # EPEL specific
 Patch100:         openstack-glance-newdeps.patch
 Patch101:         crypto.random.patch
+Patch102:         Avoid-NULLs-in-crypto-padding.patch
 
 BuildArch:        noarch
 BuildRequires:    python2-devel
@@ -109,6 +110,7 @@ This package contains documentation files for glance.
 
 %patch100 -p1
 %patch101 -p1
+%patch102 -p1
 
 # Remove bundled egg-info
 rm -rf glance.egg-info
@@ -279,6 +281,9 @@ fi
 %doc doc/build/html
 
 %changelog
+* Mon May 13 2013 Pádraig Brady <P at draigBrady.com> 2013.1-2
+- Avoid issue with crypto compat patch (#906051)
+
 * Mon Apr 08 2013 Nikola Đipanov <ndipanov at redhat.com> 2013.1-1
 - Update to Grizzly final
 
