[Bug 1929469] Re: Regression Xenial/Queens: caused by d/p/CVE-2020-29565.patch
Jorge Niedbalski
1929469 at bugs.launchpad.net
Tue May 25 17:50:12 UTC 2021
Hello,
I have verified that current xenial-proposed UCA fixes the issue.
Running version
ii python-django-horizon 3:13.0.3-0ubuntu2~cloud0
all Django module providing web based interaction with
OpenStack
Danger: An error occurred. Please try again later.
--
root at juju-420d12-twitter-package-8:/var/log# ack -i traceback apache2/ -A 100
apache2/error.log
13:[Tue May 25 17:41:00.091443 2021] [wsgi:error] [pid 1591:tid 140549426509568] Traceback (most recent call last):
14-[Tue May 25 17:41:00.091446 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
15-[Tue May 25 17:41:00.091452 2021] [wsgi:error] [pid 1591:tid 140549426509568] response = wrapped_callback(request, *callback_args, **callback_kwargs)
16-[Tue May 25 17:41:00.091455 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
17-[Tue May 25 17:41:00.091457 2021] [wsgi:error] [pid 1591:tid 140549426509568] return view_func(request, *args, **kwargs)
18-[Tue May 25 17:41:00.091460 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec
19-[Tue May 25 17:41:00.091462 2021] [wsgi:error] [pid 1591:tid 140549426509568] return view_func(request, *args, **kwargs)
20-[Tue May 25 17:41:00.091464 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
21-[Tue May 25 17:41:00.091467 2021] [wsgi:error] [pid 1591:tid 140549426509568] return view_func(request, *args, **kwargs)
22-[Tue May 25 17:41:00.091469 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec
23-[Tue May 25 17:41:00.091471 2021] [wsgi:error] [pid 1591:tid 140549426509568] return view_func(request, *args, **kwargs)
24-[Tue May 25 17:41:00.091474 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec
25-[Tue May 25 17:41:00.091476 2021] [wsgi:error] [pid 1591:tid 140549426509568] return view_func(request, *args, **kwargs)
26-[Tue May 25 17:41:00.091478 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view
27-[Tue May 25 17:41:00.091480 2021] [wsgi:error] [pid 1591:tid 140549426509568] return self.dispatch(request, *args, **kwargs)
28-[Tue May 25 17:41:00.091483 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch
29-[Tue May 25 17:41:00.091497 2021] [wsgi:error] [pid 1591:tid 140549426509568] return handler(request, *args, **kwargs)
30-[Tue May 25 17:41:00.091500 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get
31-[Tue May 25 17:41:00.091502 2021] [wsgi:error] [pid 1591:tid 140549426509568] context = self.get_context_data(**kwargs)
32-[Tue May 25 17:41:00.091504 2021] [wsgi:error] [pid 1591:tid 140549426509568] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data
33-[Tue May 25 17:41:00.091506 2021] [wsgi:error] [pid 1591:tid 140549426509568] allowed_hosts=[self.request.get_host()]):
34-[Tue May 25 17:41:00.091508 2021] [wsgi:error] [pid 1591:tid 140549426509568] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts'
--- Upgraded to -proposed
Success: IP address 10.5.150.1 associated.
root at juju-420d12-twitter-package-8:/var/log# ps aux|grep apache
root 18942 0.0 0.3 105064 7920 ? Ss 17:48 0:00 /usr/sbin/apache2 -k start
horizon 18945 0.0 0.4 271272 8624 ? Sl 17:48 0:00 /usr/sbin/apache2 -k start
horizon 18946 0.0 0.4 271280 8624 ? Sl 17:48 0:00 /usr/sbin/apache2 -k start
www-data 18947 0.0 0.5 396476 10480 ? Sl 17:48 0:00 /usr/sbin/apache2 -k start
www-data 18948 0.0 0.5 396476 10480 ? Sl 17:48 0:00 /usr/sbin/apache2 -k start
root 19036 0.0 0.0 12976 952 pts/0 S+ 17:48 0:00 grep --color=auto apache
root at juju-420d12-twitter-package-8:/var/log# dpkg -l |grep -i horizon
ii openstack-dashboard-ubuntu-theme 3:13.0.3-0ubuntu2~cloud1 all Transitional dummy package for Ubuntu theme for Horizon
ii python-django-horizon 3:13.0.3-0ubuntu2~cloud1 all Django module providing web based interaction with OpenStack
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to Ubuntu Cloud Archive.
https://bugs.launchpad.net/bugs/1929469
Title:
Regression Xenial/Queens: caused by d/p/CVE-2020-29565.patch
Status in Ubuntu Cloud Archive:
Fix Released
Status in OpenStack Dashboard (Horizon):
Invalid
Bug description:
[Environment]
Xenial/Queens
Horizon 13.0.3 >
[Description]
Horizon horizon (3:13.0.3-0ubuntu2) introduced patch CVE-2020-29565, which breaks X/Q clouds the reason
is that the allowed_host argument was introduced in 1.11 (https://github.com/django/django/commit/f227b8d15d9d0e0c50eb6459cf4556bccc3fae53)
but Xenial has 1.8.7
The regression is introduced by patch
debian/patches/CVE-2020-29565.patch.
Operations such as associating a floating ip via dashboard fails with
the following traceback:
[Thu May 06 20:28:40.715395 2021] [wsgi:error] [pid 227689:tid 139873006274304] Internal Server Error: /project/floating_ips/associate/
[Thu May 06 20:28:40.715463 2021] [wsgi:error] [pid 227689:tid 139873006274304] Traceback (most recent call last):
[Thu May 06 20:28:40.715469 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 132, in get_response
[Thu May 06 20:28:40.715474 2021] [wsgi:error] [pid 227689:tid 139873006274304] response = wrapped_callback(request, *callback_args, **callback_kwargs)
[Thu May 06 20:28:40.715479 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
[Thu May 06 20:28:40.715483 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
[Thu May 06 20:28:40.715488 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 52, in dec
[Thu May 06 20:28:40.715492 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
[Thu May 06 20:28:40.715497 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 36, in dec
[Thu May 06 20:28:40.715501 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
[Thu May 06 20:28:40.715506 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 113, in dec
[Thu May 06 20:28:40.715510 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
[Thu May 06 20:28:40.715515 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/decorators.py", line 84, in dec
[Thu May 06 20:28:40.715535 2021] [wsgi:error] [pid 227689:tid 139873006274304] return view_func(request, *args, **kwargs)
[Thu May 06 20:28:40.715540 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 71, in view
[Thu May 06 20:28:40.715545 2021] [wsgi:error] [pid 227689:tid 139873006274304] return self.dispatch(request, *args, **kwargs)
[Thu May 06 20:28:40.715549 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 89, in dispatch
[Thu May 06 20:28:40.715553 2021] [wsgi:error] [pid 227689:tid 139873006274304] return handler(request, *args, **kwargs)
[Thu May 06 20:28:40.715557 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 155, in get
[Thu May 06 20:28:40.715561 2021] [wsgi:error] [pid 227689:tid 139873006274304] context = self.get_context_data(**kwargs)
[Thu May 06 20:28:40.715565 2021] [wsgi:error] [pid 227689:tid 139873006274304] File "/usr/share/openstack-dashboard/horizon/workflows/views.py", line 101, in get_context_data
[Thu May 06 20:28:40.715569 2021] [wsgi:error] [pid 227689:tid 139873006274304] allowed_hosts=[self.request.get_host()]):
[Thu May 06 20:28:40.715573 2021] [wsgi:error] [pid 227689:tid 139873006274304] TypeError: is_safe_url() got an unexpected keyword argument 'allowed_hosts'
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1929469/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list