stable/essex horizon installs unusable version of glance

Bug #1057125 reported by Brian Waldon on 2012-09-26
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Dashboard (Horizon)
Brian Waldon
Brian Waldon
horizon (Ubuntu)

Bug Description

The pip-requires file installs the master version of glance, not the stable/essex version. Horizon needs the glance available in stable/essex glance which has been removed in master.

Related branches

CVE References

Brian Waldon (bcwaldon) on 2012-09-26
Changed in horizon:
assignee: nobody → Brian Waldon (bcwaldon)
status: New → In Progress
Gabriel Hurley (gabriel-hurley) wrote :

Targeting to essex series

Gabriel Hurley (gabriel-hurley) wrote :

Closing this for master since it's an essex issue. It's correctly targeted now.

Changed in horizon:
status: In Progress → Invalid

Submitter: Jenkins
Branch: stable/essex

commit 7e651d770e187d16393abce699a76a99f977f6f0
Author: Brian Waldon <email address hidden>
Date: Wed Sep 26 12:54:33 2012 -0700

    Use glance stable/essex rather than master

    The pip-requires file should explicitly install stable/essex
    glance rather than master. The dependency on glance's client is
    broken if horizon tries to use glance master.

    Fixes bug 1057125

    Change-Id: I770e5e5e854141200307ddd33b1998000fbe57b5

Changed in horizon (Ubuntu):
status: New → Fix Released
Steve Langasek (vorlon) wrote :

xception, but this bug is linked from the SRU changelog and would require direct verification. Please either complete the bug description with a test case for this bug, or re-upload without a reference in the changelog.

Hello Brian, or anyone else affected,

Accepted horizon into precise-proposed. The package will build now and be available at in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at . Thank you in advance!

Changed in horizon (Ubuntu Precise):
status: New → Fix Committed
tags: added: verification-needed

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, Horizon has been deployed and configured across multiple nodes using precise-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

Please Note the list of installed packages at the top and bottom of the report.

For records of upstream test coverage of this update, please see the Jenkins links in the comments of the relevant upstream code-review(s):

Stable review:

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Yolanda Robla (yolanda.robla) wrote :

Test coverage log.

tags: added: verification-done
removed: verification-needed

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 2012.1.3+stable-20130423-5ce39422-0ubuntu1

horizon (2012.1.3+stable-20130423-5ce39422-0ubuntu1) precise-proposed; urgency=low

  * Resynchronize with stable/essex (LP: #1089488)
    - [7e651d7] stable/essex horizon installs unusable version of glance
      (LP: #1057125)
    - [35eada8] open redirect / phishing attack via "next" parameter
      (LP: #1039077)
    - [8889311] TypeError when trying to delete an unnamed volume via dashboard
      (LP: #1031291)
    - [f862d9e] Wrong 'Download CSV Summary' link (LP: #1020555)
    - [9b22d68] When adding ICMP rule, the type/code is being validated as
      from/to ports (LP: #997669)
    - [52bbba1] Added --only-selenium option in
  * Dropped patches, superseeded by new snapshot:
    - debian/patches/CVE-2012-3540.patch [35eada8]
 -- Yolanda <email address hidden> Wed, 24 Apr 2013 15:46:28 +0200

Changed in horizon (Ubuntu Precise):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers