[openstack-glance/el6-grizzly] reinstate EPEL specific patches

Pádraig Brady pbrady at fedoraproject.org
Fri Jun 7 00:16:43 UTC 2013 

commit 40ecd7945021ebe3c95e9ecc878af87f19e133eb
Author: Pádraig Brady <P at draigBrady.com>
Date:   Fri Jun 7 01:15:22 2013 +0100

    reinstate EPEL specific patches

 Avoid-NULLs-in-crypto-padding.patch |   47 +++++++++++++++++++++++++++++++++++
 crypto.random.patch                 |   39 +++++++++++++++++++++++++++++
 openstack-glance-newdeps.patch      |   41 ++++++++++++++++++++++++++++++
 openstack-glance.spec               |   10 ++++++-
 4 files changed, 135 insertions(+), 2 deletions(-)
---
diff --git a/Avoid-NULLs-in-crypto-padding.patch b/Avoid-NULLs-in-crypto-padding.patch
new file mode 100644
index 0000000..7ebb40b
--- /dev/null
+++ b/Avoid-NULLs-in-crypto-padding.patch
@@ -0,0 +1,47 @@
+From 4458d6af24ba1e9dcb72b7b15b99cba9dce6b4ca Mon Sep 17 00:00:00 2001
+From: Eoghan Glynn <eglynn at redhat.com>
+Date: Wed, 30 Jan 2013 17:43:52 +0000
+Subject: [PATCH] Avoid NULLs in crypto padding.
+
+Also include missing import of the os module.
+
+The problem does not exist upstream, as the regression was
+introduced in a RHEL-specific patch:
+
+  efebcc2b36353becd1e570ce4b4be5a659fa78e3
+
+Fixes bug: 906051
+
+Change-Id: I70a9b3340ff454ae75c32ee75e121f0de4de938b
+Reviewed-on: https://code.engineering.redhat.com/gerrit/2809
+Reviewed-by: Nikola Dipanov <ndipanov at redhat.com>
+Tested-by: Nikola Dipanov <ndipanov at redhat.com>
+---
+ glance/common/crypt.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/glance/common/crypt.py b/glance/common/crypt.py
+index ef6496b..3874de7 100644
+--- a/glance/common/crypt.py
++++ b/glance/common/crypt.py
+@@ -21,6 +21,10 @@ Routines for URL-safe encrypting/decrypting
+ """
+ 
+ import base64
++import os
++import random
++import string
++
+ from Crypto.Cipher import AES
+ 
+ 
+@@ -38,7 +42,8 @@ def urlsafe_encrypt(key, plaintext, blocksize=16):
+         Pads text to be encrypted
+         """
+         pad_length = (blocksize - len(text) % blocksize)
+-        pad = os.urandom(pad_length - 1)
++        pad = "".join([random.choice([chr(i) for i in range(1,0xFF)])
++                      for j in xrange(pad_length - 1)])
+         # We use chr(0) as a delimiter between text and padding
+         return text + chr(0) + pad
+ 
diff --git a/crypto.random.patch b/crypto.random.patch
new file mode 100644
index 0000000..e67cc10
--- /dev/null
+++ b/crypto.random.patch
@@ -0,0 +1,39 @@
+Crypto.Random was added in python-crypto-2.1.0 to replace
+the problematic randpool in 2.0.1: http://www.pycrypto.org/randpool-broken
+However on Linux os.urandom() should be fine to set IV.
+
+I'm not sure it's necessary to pad with random bytes,
+but I'm leaving that as is for now:
+http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/#comment-25921785
+http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/
+
+diff -Naur glance-2012.1.orig/glance/common/crypt.py glance-2012.1/glance/common/crypt.py
+--- glance-2012.1.orig/glance/common/crypt.py	2012-03-30 13:12:40.000000000 +0000
++++ glance-2012.1/glance/common/crypt.py	2012-04-09 01:46:38.244937150 +0000
+@@ -21,10 +21,7 @@
+ """
+ 
+ import base64
+-
+ from Crypto.Cipher import AES
+-from Crypto import Random
+-from Crypto.Random import random
+ 
+ 
+ def urlsafe_encrypt(key, plaintext, blocksize=16):
+@@ -41,13 +38,12 @@
+         Pads text to be encrypted
+         """
+         pad_length = (blocksize - len(text) % blocksize)
+-        sr = random.StrongRandom()
+-        pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
++        pad = os.urandom(pad_length - 1)
+         # We use chr(0) as a delimiter between text and padding
+         return text + chr(0) + pad
+ 
+     # random initial 16 bytes for CBC
+-    init_vector = Random.get_random_bytes(16)
++    init_vector = os.urandom(16)
+     cypher = AES.new(key, AES.MODE_CBC, init_vector)
+     padded = cypher.encrypt(pad(str(plaintext)))
+     return base64.urlsafe_b64encode(init_vector + padded)
diff --git a/openstack-glance-newdeps.patch b/openstack-glance-newdeps.patch
new file mode 100644
index 0000000..f3eecec
--- /dev/null
+++ b/openstack-glance-newdeps.patch
@@ -0,0 +1,41 @@
+Delve into pkg_resources a little to get it to modify sys.path,
+so that our parallel installed egg takes precedence over the
+system default module versions.
+
+diff -up glance-2011.3/glance/__init__.py.newdeps glance-2011.3/glance/__init__.py
+--- glance-2011.3/glance/__init__.py.newdeps	2012-01-06 17:22:36.000000000 +0000
++++ glance-2011.3/glance/__init__.py	2012-01-06 17:25:01.019063547 +0000
+@@ -18,3 +18,31 @@
+ import gettext
+ 
+ gettext.install('glance', unicode=1)
++
++import sys
++import pkg_resources
++
++# If there is a conflicting non egg module,
++# i.e. an older standard system module installed,
++# then replace it with this requirement
++def replace_dist(requirement):
++    try:
++        return pkg_resources.require(requirement)
++    except pkg_resources.VersionConflict:
++        e = sys.exc_info()[1]
++        dist=e.args[0]
++        req=e.args[1]
++        if dist.key == req.key and not dist.location.endswith('.egg'):
++            del pkg_resources.working_set.by_key[dist.key]
++            # We assume there is no need to adjust sys.path
++            # and the associated pkg_resources.working_set.entries
++            return pkg_resources.require(requirement)
++
++replace_dist("SQLALchemy >= 0.6.3")
++replace_dist("WebOb >= 1.0")
++replace_dist("Routes >= 1.12.3")
++
++replace_dist("PasteDeploy >= 1.5.0")
++# This hack is needed because replace_dist() results in
++# the standard paste module path being at the start of __path__.
++# TODO: See can we get pkg_resources to do the right thing directly
++import paste
++paste.__path__.insert(0, paste.__path__.pop(-1))
diff --git a/openstack-glance.spec b/openstack-glance.spec
index 7fdabe9..b0a77ea 100644
--- a/openstack-glance.spec
+++ b/openstack-glance.spec
@@ -1,6 +1,6 @@
 Name:             openstack-glance
 Version:          2013.1.2
-Release:          1%{?dist}
+Release:          2%{?dist}
 Summary:          OpenStack Image Service
 
 Group:            Applications/System
@@ -21,6 +21,9 @@ Source4:          openstack-glance.logrotate
 Patch0001: 0001-Don-t-access-the-net-while-building-docs.patch
 
 # EPEL specific
+Patch100:         openstack-glance-newdeps.patch
+Patch101:         crypto.random.patch
+Patch102:         Avoid-NULLs-in-crypto-padding.patch
 
 BuildArch:        noarch
 BuildRequires:    python2-devel
@@ -107,6 +110,9 @@ This package contains documentation files for glance.
 
 %patch0001 -p1
 
+%patch100 -p1
+%patch101 -p1
+%patch102 -p1
 
 # Remove bundled egg-info
 rm -rf glance.egg-info
@@ -284,7 +290,7 @@ fi
 %doc doc/build/html
 
 %changelog
-* Thu Jun  6 2013 John Bresnahan <jbresnah at redhat.com> 2013.1.2
+* Thu Jun  6 2013 John Bresnahan <jbresnah at redhat.com> 2013.1.2-2
 - Update to 2013.1.2
 
 * Mon May 13 2013 Pádraig Brady <P at draigBrady.com> 2013.1-3

More information about the scm-commits mailing list