Re: [Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
On 03/03/2014 02:23 PM, Sean Dague wrote: > On 03/03/2014 12:56 PM, Tristan Cacqueray wrote: >> On 02/28/2014 07:52 PM, david.co...@oracle.com wrote: OpenStack Security Advisory: 2014-005 CVE: CVE-2013-6396 Date: February 17, 2014 Title: Missing SSL certificate check in Python Swift client Reporter: Thomas Leaman (HP) Products: python-swiftclient Versions: 1.0 version up to 1.9.0 >>> python-swiftclient fix (included in 2.0 release): https://review.openstack.org/#/c/69187 >>> >>> I understand why the fix is specific to the 2.x branch >>> (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) >>> but does anyone know how compatible this version of python-swiftclient >>> is with Grizzly? In particular, both Glance and Horizon from Grizzly >>> strictly specify python-swiftclient>=1.2,<2 but I know in Havana and >>> later the upper-bound was removed. >> >> Hi David, >> >> the bump to 2.x included some API changes (in method parameters and CLI >> options), and "may" works for grizzly. >> >> For the record, I just tested 2.x branch against grizzly, and basics >> commands worked as expected (list, upload, download). >> >> Best regards, >> Tristan > > 2.x isn't grizzly compatible, we ran into substantial issues with the > swift cli which made us dump a bunch of the swift tests in the gate to > stop blocking stable/havana code from moving forward. > > -Sean > > > > ___ > Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > Post to : openstack@lists.openstack.org > Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack > are you relying on us (packagers) to change the version requirements to <= 2.0 instead of < 2.0? I would like to get this fixed for grizzly in Gentoo as well. -- -- Matthew Thode (prometheanfire) signature.asc Description: OpenPGP digital signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
On 03/03/2014 12:56 PM, Tristan Cacqueray wrote: > On 02/28/2014 07:52 PM, david.co...@oracle.com wrote: >>> OpenStack Security Advisory: 2014-005 >>> CVE: CVE-2013-6396 >>> Date: February 17, 2014 >>> Title: Missing SSL certificate check in Python Swift client >>> Reporter: Thomas Leaman (HP) >>> Products: python-swiftclient >>> Versions: 1.0 version up to 1.9.0 >> >>> python-swiftclient fix (included in 2.0 release): >>> https://review.openstack.org/#/c/69187 >> >> I understand why the fix is specific to the 2.x branch >> (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) >> but does anyone know how compatible this version of python-swiftclient >> is with Grizzly? In particular, both Glance and Horizon from Grizzly >> strictly specify python-swiftclient>=1.2,<2 but I know in Havana and >> later the upper-bound was removed. > > Hi David, > > the bump to 2.x included some API changes (in method parameters and CLI > options), and "may" works for grizzly. > > For the record, I just tested 2.x branch against grizzly, and basics > commands worked as expected (list, upload, download). > > Best regards, > Tristan 2.x isn't grizzly compatible, we ran into substantial issues with the swift cli which made us dump a bunch of the swift tests in the gate to stop blocking stable/havana code from moving forward. -Sean -- Sean Dague http://dague.net signature.asc Description: OpenPGP digital signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
On 02/28/2014 07:52 PM, david.co...@oracle.com wrote: >> OpenStack Security Advisory: 2014-005 >> CVE: CVE-2013-6396 >> Date: February 17, 2014 >> Title: Missing SSL certificate check in Python Swift client >> Reporter: Thomas Leaman (HP) >> Products: python-swiftclient >> Versions: 1.0 version up to 1.9.0 > >> python-swiftclient fix (included in 2.0 release): >> https://review.openstack.org/#/c/69187 > > I understand why the fix is specific to the 2.x branch > (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) > but does anyone know how compatible this version of python-swiftclient > is with Grizzly? In particular, both Glance and Horizon from Grizzly > strictly specify python-swiftclient>=1.2,<2 but I know in Havana and > later the upper-bound was removed. Hi David, the bump to 2.x included some API changes (in method parameters and CLI options), and "may" works for grizzly. For the record, I just tested 2.x branch against grizzly, and basics commands worked as expected (list, upload, download). Best regards, Tristan signature.asc Description: OpenPGP digital signature ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Re: [Openstack] [OSSA 2014-005] Missing SSL certificate check in Python Swift client (CVE-2013-6396)
OpenStack Security Advisory: 2014-005 CVE: CVE-2013-6396 Date: February 17, 2014 Title: Missing SSL certificate check in Python Swift client Reporter: Thomas Leaman (HP) Products: python-swiftclient Versions: 1.0 version up to 1.9.0 python-swiftclient fix (included in 2.0 release): https://review.openstack.org/#/c/69187 I understand why the fix is specific to the 2.x branch (https://bugs.launchpad.net/python-swiftclient/+bug/1199783/comments/21) but does anyone know how compatible this version of python-swiftclient is with Grizzly? In particular, both Glance and Horizon from Grizzly strictly specify python-swiftclient>=1.2,<2 but I know in Havana and later the upper-bound was removed. ___ Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack Post to : openstack@lists.openstack.org Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack