[Bug 1929469] Re: Regression Xenial/Queens: caused by d/p/CVE-2020-29565.patch

Jorge Niedbalski 1929469 at bugs.launchpad.net
Tue May 25 17:50:12 UTC 2021 

Hello,

I have verified that current xenial-proposed UCA fixes the issue.


Running version 

ii  python-django-horizon            3:13.0.3-0ubuntu2~cloud0
all          Django module providing web based interaction with
OpenStack


Danger: An error occurred. Please try again later.

--
root at juju-420d12-twitter-package-8:/var/log# ack -i traceback apache2/ -A 100
apache2/error.log
13:[Tue May 25 17:41:00.091443 2021] [wsgi:error] [pid 1591:tid 140549426509568] Traceback (most recent call last):
14-[Tue May 25 17:41:00.091446 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
15-[Tue May 25 17:41:00.091452 2021] [wsgi:error] [pid 1591:tid 140549426509568]     response = wrapped_callback(request, *callback_args, **callback_kwargs)
16-[Tue May 25 17:41:00.091455 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
17-[Tue May 25 17:41:00.091457 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return view_func(request, *args, **kwargs)
18-[Tue May 25 17:41:00.091460 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec
19-[Tue May 25 17:41:00.091462 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return view_func(request, *args, **kwargs)
20-[Tue May 25 17:41:00.091464 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
21-[Tue May 25 17:41:00.091467 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return view_func(request, *args, **kwargs)
22-[Tue May 25 17:41:00.091469 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec
23-[Tue May 25 17:41:00.091471 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return view_func(request, *args, **kwargs)
24-[Tue May 25 17:41:00.091474 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec
25-[Tue May 25 17:41:00.091476 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return view_func(request, *args, **kwargs)
26-[Tue May 25 17:41:00.091478 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view
27-[Tue May 25 17:41:00.091480 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return self.dispatch(request, *args, **kwargs)
28-[Tue May 25 17:41:00.091483 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch
29-[Tue May 25 17:41:00.091497 2021] [wsgi:error] [pid 1591:tid 140549426509568]     return handler(request, *args, **kwargs)
30-[Tue May 25 17:41:00.091500 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get
31-[Tue May 25 17:41:00.091502 2021] [wsgi:error] [pid 1591:tid 140549426509568]     context = self.get_context_data(**kwargs)
32-[Tue May 25 17:41:00.091504 2021] [wsgi:error] [pid 1591:tid 140549426509568]   File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data
33-[Tue May 25 17:41:00.091506 2021] [wsgi:error] [pid 1591:tid 140549426509568]     allowed_hosts=[self.request.get_host()]):
34-[Tue May 25 17:41:00.091508 2021] [wsgi:error] [pid 1591:tid 140549426509568] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts'

--- Upgraded to -proposed

Success: IP address 10.5.150.1 associated.

root at juju-420d12-twitter-package-8:/var/log# ps aux|grep apache
root     18942  0.0  0.3 105064  7920 ?        Ss   17:48   0:00 /usr/sbin/apache2 -k start
horizon  18945  0.0  0.4 271272  8624 ?        Sl   17:48   0:00 /usr/sbin/apache2 -k start
horizon  18946  0.0  0.4 271280  8624 ?        Sl   17:48   0:00 /usr/sbin/apache2 -k start
www-data 18947  0.0  0.5 396476 10480 ?        Sl   17:48   0:00 /usr/sbin/apache2 -k start
www-data 18948  0.0  0.5 396476 10480 ?        Sl   17:48   0:00 /usr/sbin/apache2 -k start
root     19036  0.0  0.0  12976   952 pts/0    S+   17:48   0:00 grep --color=auto apache
root at juju-420d12-twitter-package-8:/var/log# dpkg -l |grep -i horizon
ii  openstack-dashboard-ubuntu-theme 3:13.0.3-0ubuntu2~cloud1                   all          Transitional dummy package for Ubuntu theme for Horizon
ii  python-django-horizon            3:13.0.3-0ubuntu2~cloud1                   all          Django module providing web based interaction with OpenStack

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1929469

Title:
  Regression Xenial/Queens: caused by d/p/CVE-2020-29565.patch

Status in Ubuntu Cloud Archive:
  Fix Released
Status in OpenStack Dashboard (Horizon):
  Invalid

Bug description:
  [Environment]

  Xenial/Queens
  Horizon 13.0.3 >

  [Description]

  Horizon horizon (3:13.0.3-0ubuntu2) introduced patch CVE-2020-29565, which breaks X/Q clouds the reason
  is that the allowed_host argument was introduced in 1.11 (https://github.com/django/django/commit/f227b8d15d9d0e0c50eb6459cf4556bccc3fae53)
  but Xenial has 1.8.7

  The regression is introduced by patch
  debian/patches/CVE-2020-29565.patch.

  Operations such as associating a floating ip via dashboard fails with
  the following traceback:

  [Thu May 06 20:28:40.715395 2021] [wsgi:error] [pid 227689:tid 139873006274304] Internal Server Error: /project/floating_ips/associate/
  [Thu May 06 20:28:40.715463 2021] [wsgi:error] [pid 227689:tid 139873006274304] Traceback (most recent call last):
  [Thu May 06 20:28:40.715469 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
  [Thu May 06 20:28:40.715474 2021] [wsgi:error] [pid 227689:tid 139873006274304] response = wrapped_callback(request, *callback_args, **callback_kwargs)
  [Thu May 06 20:28:40.715479 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
  [Thu May 06 20:28:40.715483 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
  [Thu May 06 20:28:40.715488 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec
  [Thu May 06 20:28:40.715492 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
  [Thu May 06 20:28:40.715497 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
  [Thu May 06 20:28:40.715501 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
  [Thu May 06 20:28:40.715506 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec
  [Thu May 06 20:28:40.715510 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
  [Thu May 06 20:28:40.715515 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec
  [Thu May 06 20:28:40.715535 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
  [Thu May 06 20:28:40.715540 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view
  [Thu May 06 20:28:40.715545 2021] [wsgi:error] [pid 227689:tid 139873006274304] return self.dispatch(request, *args, **kwargs)
  [Thu May 06 20:28:40.715549 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch
  [Thu May 06 20:28:40.715553 2021] [wsgi:error] [pid 227689:tid 139873006274304] return handler(request, *args, **kwargs)
  [Thu May 06 20:28:40.715557 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get
  [Thu May 06 20:28:40.715561 2021] [wsgi:error] [pid 227689:tid 139873006274304] context = self.get_context_data(**kwargs)
  [Thu May 06 20:28:40.715565 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data
  [Thu May 06 20:28:40.715569 2021] [wsgi:error] [pid 227689:tid 139873006274304] allowed_hosts=[self.request.get_host()]):
  [Thu May 06 20:28:40.715573 2021] [wsgi:error] [pid 227689:tid 139873006274304] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts'

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1929469/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list