On Centos the lib/apache script in devstack downloads and compiles
uwsgi package. It uses pip-download to pull uwsgi tar file.
However, it does not return the full name of downloaded file so
right now the script looks for filename that starts with prefix
"uwsgi".
This method is case sensitive so after downloading file with name
uWSGI-2.0.19.tar.gz the script was unable to locate this file.
This change downloads the file to an empty directory and expect
it to be the only file there so there is no name vulnerability.
Reviewed: https:/ /review. opendev. org/c/openstack /devstack/ +/736189 /opendev. org/openstack/ devstack/ commit/ 10877d79d63507c eb24f234d66e01a b95ac4da9c
Committed: https:/
Submitter: "Zuul (22348)"
Branch: stable/queens
commit 10877d79d63507c eb24f234d66e01a b95ac4da9c
Author: iosetek <email address hidden>
Date: Wed Jun 17 14:32:46 2020 +0200
Fix for downloading uwsgi on centos in lib/apache
On Centos the lib/apache script in devstack downloads and compiles 2.0.19. tar.gz the script was unable to locate this file.
uwsgi package. It uses pip-download to pull uwsgi tar file.
However, it does not return the full name of downloaded file so
right now the script looks for filename that starts with prefix
"uwsgi".
This method is case sensitive so after downloading file with name
uWSGI-
This change downloads the file to an empty directory and expect
it to be the only file there so there is no name vulnerability.
Change-Id: I57e6219d675c95 1880808ced4e26c 2344ef15cee
Closes-Bug: #1883897