[openstack-glance/el6-grizzly] reinstate EPEL specific patches
Pádraig Brady
pbrady at fedoraproject.org
Fri Jun 7 00:16:43 UTC 2013
commit 40ecd7945021ebe3c95e9ecc878af87f19e133eb
Author: Pádraig Brady <P at draigBrady.com>
Date: Fri Jun 7 01:15:22 2013 +0100
reinstate EPEL specific patches
Avoid-NULLs-in-crypto-padding.patch | 47 +++++++++++++++++++++++++++++++++++
crypto.random.patch | 39 +++++++++++++++++++++++++++++
openstack-glance-newdeps.patch | 41 ++++++++++++++++++++++++++++++
openstack-glance.spec | 10 ++++++-
4 files changed, 135 insertions(+), 2 deletions(-)
---
diff --git a/Avoid-NULLs-in-crypto-padding.patch b/Avoid-NULLs-in-crypto-padding.patch
new file mode 100644
index 0000000..7ebb40b
--- /dev/null
+++ b/Avoid-NULLs-in-crypto-padding.patch
@@ -0,0 +1,47 @@
+From 4458d6af24ba1e9dcb72b7b15b99cba9dce6b4ca Mon Sep 17 00:00:00 2001
+From: Eoghan Glynn <eglynn at redhat.com>
+Date: Wed, 30 Jan 2013 17:43:52 +0000
+Subject: [PATCH] Avoid NULLs in crypto padding.
+
+Also include missing import of the os module.
+
+The problem does not exist upstream, as the regression was
+introduced in a RHEL-specific patch:
+
+ efebcc2b36353becd1e570ce4b4be5a659fa78e3
+
+Fixes bug: 906051
+
+Change-Id: I70a9b3340ff454ae75c32ee75e121f0de4de938b
+Reviewed-on: https://code.engineering.redhat.com/gerrit/2809
+Reviewed-by: Nikola Dipanov <ndipanov at redhat.com>
+Tested-by: Nikola Dipanov <ndipanov at redhat.com>
+---
+ glance/common/crypt.py | 7 ++++++-
+ 1 file changed, 6 insertions(+), 1 deletion(-)
+
+diff --git a/glance/common/crypt.py b/glance/common/crypt.py
+index ef6496b..3874de7 100644
+--- a/glance/common/crypt.py
++++ b/glance/common/crypt.py
+@@ -21,6 +21,10 @@ Routines for URL-safe encrypting/decrypting
+ """
+
+ import base64
++import os
++import random
++import string
++
+ from Crypto.Cipher import AES
+
+
+@@ -38,7 +42,8 @@ def urlsafe_encrypt(key, plaintext, blocksize=16):
+ Pads text to be encrypted
+ """
+ pad_length = (blocksize - len(text) % blocksize)
+- pad = os.urandom(pad_length - 1)
++ pad = "".join([random.choice([chr(i) for i in range(1,0xFF)])
++ for j in xrange(pad_length - 1)])
+ # We use chr(0) as a delimiter between text and padding
+ return text + chr(0) + pad
+
diff --git a/crypto.random.patch b/crypto.random.patch
new file mode 100644
index 0000000..e67cc10
--- /dev/null
+++ b/crypto.random.patch
@@ -0,0 +1,39 @@
+Crypto.Random was added in python-crypto-2.1.0 to replace
+the problematic randpool in 2.0.1: http://www.pycrypto.org/randpool-broken
+However on Linux os.urandom() should be fine to set IV.
+
+I'm not sure it's necessary to pad with random bytes,
+but I'm leaving that as is for now:
+http://www.codekoala.com/blog/2009/aes-encryption-python-using-pycrypto/#comment-25921785
+http://eli.thegreenplace.net/2010/06/25/aes-encryption-of-files-in-python-with-pycrypto/
+
+diff -Naur glance-2012.1.orig/glance/common/crypt.py glance-2012.1/glance/common/crypt.py
+--- glance-2012.1.orig/glance/common/crypt.py 2012-03-30 13:12:40.000000000 +0000
++++ glance-2012.1/glance/common/crypt.py 2012-04-09 01:46:38.244937150 +0000
+@@ -21,10 +21,7 @@
+ """
+
+ import base64
+-
+ from Crypto.Cipher import AES
+-from Crypto import Random
+-from Crypto.Random import random
+
+
+ def urlsafe_encrypt(key, plaintext, blocksize=16):
+@@ -41,13 +38,12 @@
+ Pads text to be encrypted
+ """
+ pad_length = (blocksize - len(text) % blocksize)
+- sr = random.StrongRandom()
+- pad = ''.join(chr(sr.randint(1, 0xFF)) for i in range(pad_length - 1))
++ pad = os.urandom(pad_length - 1)
+ # We use chr(0) as a delimiter between text and padding
+ return text + chr(0) + pad
+
+ # random initial 16 bytes for CBC
+- init_vector = Random.get_random_bytes(16)
++ init_vector = os.urandom(16)
+ cypher = AES.new(key, AES.MODE_CBC, init_vector)
+ padded = cypher.encrypt(pad(str(plaintext)))
+ return base64.urlsafe_b64encode(init_vector + padded)
diff --git a/openstack-glance-newdeps.patch b/openstack-glance-newdeps.patch
new file mode 100644
index 0000000..f3eecec
--- /dev/null
+++ b/openstack-glance-newdeps.patch
@@ -0,0 +1,41 @@
+Delve into pkg_resources a little to get it to modify sys.path,
+so that our parallel installed egg takes precedence over the
+system default module versions.
+
+diff -up glance-2011.3/glance/__init__.py.newdeps glance-2011.3/glance/__init__.py
+--- glance-2011.3/glance/__init__.py.newdeps 2012-01-06 17:22:36.000000000 +0000
++++ glance-2011.3/glance/__init__.py 2012-01-06 17:25:01.019063547 +0000
+@@ -18,3 +18,31 @@
+ import gettext
+
+ gettext.install('glance', unicode=1)
++
++import sys
++import pkg_resources
++
++# If there is a conflicting non egg module,
++# i.e. an older standard system module installed,
++# then replace it with this requirement
++def replace_dist(requirement):
++ try:
++ return pkg_resources.require(requirement)
++ except pkg_resources.VersionConflict:
++ e = sys.exc_info()[1]
++ dist=e.args[0]
++ req=e.args[1]
++ if dist.key == req.key and not dist.location.endswith('.egg'):
++ del pkg_resources.working_set.by_key[dist.key]
++ # We assume there is no need to adjust sys.path
++ # and the associated pkg_resources.working_set.entries
++ return pkg_resources.require(requirement)
++
++replace_dist("SQLALchemy >= 0.6.3")
++replace_dist("WebOb >= 1.0")
++replace_dist("Routes >= 1.12.3")
++
++replace_dist("PasteDeploy >= 1.5.0")
++# This hack is needed because replace_dist() results in
++# the standard paste module path being at the start of __path__.
++# TODO: See can we get pkg_resources to do the right thing directly
++import paste
++paste.__path__.insert(0, paste.__path__.pop(-1))
diff --git a/openstack-glance.spec b/openstack-glance.spec
index 7fdabe9..b0a77ea 100644
--- a/openstack-glance.spec
+++ b/openstack-glance.spec
@@ -1,6 +1,6 @@
Name: openstack-glance
Version: 2013.1.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: OpenStack Image Service
Group: Applications/System
@@ -21,6 +21,9 @@ Source4: openstack-glance.logrotate
Patch0001: 0001-Don-t-access-the-net-while-building-docs.patch
# EPEL specific
+Patch100: openstack-glance-newdeps.patch
+Patch101: crypto.random.patch
+Patch102: Avoid-NULLs-in-crypto-padding.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -107,6 +110,9 @@ This package contains documentation files for glance.
%patch0001 -p1
+%patch100 -p1
+%patch101 -p1
+%patch102 -p1
# Remove bundled egg-info
rm -rf glance.egg-info
@@ -284,7 +290,7 @@ fi
%doc doc/build/html
%changelog
-* Thu Jun 6 2013 John Bresnahan <jbresnah at redhat.com> 2013.1.2
+* Thu Jun 6 2013 John Bresnahan <jbresnah at redhat.com> 2013.1.2-2
- Update to 2013.1.2
* Mon May 13 2013 Pádraig Brady <P at draigBrady.com> 2013.1-3
More information about the scm-commits
mailing list