- OpenStack-announce - lists.openstack.org

OpenStack Community Weekly Newsletter (Feb 22 - Mar 1)
by Stefano Maffulli 02 Mar '13

02 Mar '13

Highlights of the week Important CLA changes coming this weekend (2nd try) <http://markmail.org/message/azrdwianmnt2j5oc> Last weekend the change was blocked at the last minute by a request to amend the CLA text. We're trying again this weekend. Starting on March 3, 2013 1700UTC all contributors MUST review and agree to the new OpenStack Individual Contributor License Agreement and provide updated contact information at https://review.openstack.org/#/settings/agreements. On that day the Gerrit interface will be changing to present the new CLA text referring to the OpenStack Foundation, and will prompt you to agree to it there. Any previous agreement with OpenStack LLC will be marked expired at that time. The text of the new agreement is available for your convenience <https://review.openstack.org/static/cla.html>. You must also sign up for an OpenStack Foundation Individual Membership with the same E-mail address as used for your Gerrit contact information: http://openstack.org/register/. What's new in OpenStack Grizzly ? <http://www.enovance.com/%25postname> Folsom brought us two new core projects : Quantum <https://wiki.openstack.org/wiki/Quantum> (Networking) and Cinder <https://wiki.openstack.org/wiki/Cinder> (Volumes). Two new projects have been incubated : Ceilometer <https://wiki.openstack.org/wiki/Ceilometer> (metering) led by Nicolas Barcet <http://fr.linkedin.com/in/nbarcet> (VP Products at eNovance), and Heat <https://wiki.openstack.org/wiki/Heat> (Cloud Orchestration). Oslo <https://wiki.openstack.org/wiki/Oslo> is a new incubated project which produces a set of python libraries containing infrastructure code shared by all OpenStack projects. More details for each OpenStack project on this post by eNovance. OpenStack Ceilometer and Heat projects graduated <http://julien.danjou.info/blog/2013/openstack-ceilometer-head-graduated> The OpenStack Technical Committee <http://www.openstack.org/foundation/technical-committee/> have voted these last weeks about graduation of Heat <https://launchpad.net/heat> and Ceilometer <http://launchpad.net/ceilometer>, to change their status from /incubation/ to /integrated/*. *Heat and Ceilometer will be released as part as OpenStack for the next release cycle /Havana/, due in October 2013. **Raspberry Pi as a transparent squid caching proxy* <http://blog.stevebaker.org/2013/02/raspberry-pi-as-transparent-squid.html>* How does a hacker improve build times when he has a slow Internet connection? A fascinating use of a tiny sub-$50 computer (RaspberryPi) to build cloud images for OpenStack. By Steve Baker <http://blog.stevebaker.org/search/label/openstack> **Data placement in OpenStack Object Storage Swift* <http://swiftstack.com/blog/2013/02/25/data-placement-in-swift/>* Technical deep dive in how OpenStack Object Storage solves one of the hard problems of all distributed storage system: how to effectively place the data within the storage cluster. Swift has a "unique-as-possible" placement algorithm which ensures that the data is placed efficiently and with as much protection from hardware failure as possible. **The life of an OpenStack libvirt image* <http://www.pixelbeat.org/docs/openstack_libvirt_images/#1361764412>* The main stages of a Virtual Machine disk image as it transfers through OpenStack to be booted under libvirt explained by Pádraig Brady <http://www.pixelbeat.org/>. Security Advisories * OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335) <http://lists.openstack.org/pipermail/openstack-announce/2013-February/00008…> Tips and Tricks * By Daniel P. Berrangé <https://www.berrange.com/>: Installing a 4 node Fedora 18 OpenStack Folsom cluster with PackStack <https://www.berrange.com/posts/2013/03/01/installing-a-4-node-fedora-18-ope…> * By Victoria Martínez de la Cruz <http://vmartinezdelacruz.com/>: Attention newcomers! #openstack-101 is now open at Freenode <http://vmartinezdelacruz.com/attention-newcomers-openstack-101-is-now-open-…> * By Anita Kuno <http://anteaya.info/>: The Structure and Habits of Git <http://anteaya.info/blog/2013/02/26/the-structure-and-habits-of-git/> * By Andreas Jaeger <http://jaegerandi.blogspot.com/search/label/OpenStack>: Coordinating efforts to create OpenStack packages for openSUSE and SUSE Linux Enterprise Server <http://jaegerandi.blogspot.com/2013/02/coordinating-efforts-to-create.html> Upcoming Events * OpenStack Sessions @ Barcamp Bangalore13 <http://barcampbangalore.org/bcb/event/bcb13> Mar 02, 2013 -- Bangalore, India Details <http://barcampbangalore.org/bcb/event/bcb13> * Pulse Open Cloud Summit <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…>Mar 03, 2013 -- MGM Grand in Las Vegas, NV Details <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…> * Pulse 2013 <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> Mar 04 -- 06, 2013 -- Las Vegas, NV Details <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> * OpenStack Day Tokyo 2013 <http://openstackdays.com/en/> Mar 12, 2013 -- Tokyo, Japan Details <http://openstackdays.com/en/> * OpenStack Italia User Group: ...dove eravamo rimasti? <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> Mar 14, 2013 -- Milano, Italy Details <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> * PyCon 2013 & Job Fair <https://us.pycon.org/2013/> Mar 14 -- 17, 2013 -- Santa Clara, CA Details <https://us.pycon.org/2013/> * OpenStack Meetup <http://www.meetup.com/Indian-OpenStack-User-Group/events/105831232/> Mar 17, 2013 -- Bangalore, India Details <http://www.meetup.com/Indian-OpenStack-User-Group/events/105831232/> * OpenStack Object Storage (Swift) API Sprint at PyCon 2013 <https://us.pycon.org/2013/community/sprints/swift/> Mar 18, 2013 -- Santa Clara, CA Details <https://us.pycon.org/2013/community/sprints/swift/> * OpenStack Paris Meetup <http://www.meetup.com/OpenStack-France/events/104394682/> Mar 19, 2013 -- Paris, France Details <http://www.meetup.com/OpenStack-France/events/104394682/> * World Hosting Days 2013 <http://www.worldhostingdays.com/eng/index.php> Mar 19 -- 21, 2013 -- Rust, Germany Details <http://www.worldhostingdays.com/eng/index.php> * OpenStack Developers Meetup <http://www.meetup.com/openstack-atlanta/> Mar 21, 2013 -- Atlanta, GA Details <http://www.meetup.com/openstack-atlanta/> * 1st OpenStack User Group Nordics meetup <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> Apr 03, 2013 -- Kista, Sweden Details <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> * OpenStack Summit April 2013 <http://www.openstack.org/summit/portland-2013/> Apr 15 -- 18, 2013 -- Portland, OR Details <http://www.openstack.org/summit/portland-2013/> * OpenStack Israel <http://www.openstack.org/> May 27, 2013 -- Tel-Aviv, Israel Coming Soon <http://www.openstack.org/> * GigaOM Structure <http://event.gigaom.com/structure/> Jun 19 -- 20, 2013 -- San Francisco, CA Details <http://event.gigaom.com/structure/> Reports from past events * OpenStack Delhi Meetup <http://www.hastexo.com/blogs/syed/2013/02/25/openstack-delhi-meetup> Other News * The path to Ask OpenStack <http://lists.openstack.org/pipermail/community/2013-February/000153.html> * OpenStack Unit Testing: a Long Journey Starts With a Small Step <http://openstackgd.wordpress.com/2013/02/23/openstack-unit-testing-a-long-j…> * Session proposals for the Havana Design Summit now open <http://lists.openstack.org/pipermail/openstack-dev/2013-February/005664.html> * OpenStack Project Meeting: Summary <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-26-21.…> and full logs <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-26-21.…>. Welcome New Contributors Celebrating the first patches submitted this week by: * Jian Zhang, Intel * Dae S. Kim * Robert van Leeuwen, Spilgames /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

[OSSA-2013-006] VNC proxy can connect to the wrong VM (CVE-2013-0335)
by Russell Bryant 27 Feb '13

27 Feb '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 OpenStack Security Advisory: 2013-006 CVE: CVE-2013-0335 Date: February 26, 2013 Title: VNC proxy can connect to the wrong VM Reporter: Loganathan Parthipan (HP), Rohit Karajgi (NTT Data) Products: Nova Affects: All versions Description: Loganathan Parthipan (HP) and Rohit Karajgi (NTT Data) independently reported a vulnerability in Nova. If a user requests a console and then deletes the VM, it is possible that the console token could allow connectivity to a different VM before the console token expires if the VNC port gets reused in that time period. This issue can be worked around by disabling VNC support. Fixes: master (grizzly): https://review.openstack.org/#/c/22086/ stable/folsom: https://review.openstack.org/#/c/22758 stable/essex: https://review.openstack.org/#/c/22872/ References: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0335 https://bugs.launchpad.net/nova/+bug/1125378 - -- Russell Bryant OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iEYEARECAAYFAlEtAE4ACgkQFg9ft4s9SAZKLwCePGfNZAYdx2mjM2hWHt26Kff6 2HAAn38YuA93O4wg7SDUtcXar1Yr0d9q =sVp/ -----END PGP SIGNATURE-----

1 0

OpenStack Community Weekly Newsletter (Feb 15 – 22)
by Stefano Maffulli 23 Feb '13

23 Feb '13

Highlights of the week Important CLA changes coming this weekend <http://markmail.org/message/azrdwianmnt2j5oc> Starting on February 24, 2013 all contributors MUST review and agree to the new OpenStack Individual Contributor License Agreement and provide updated contact information at https://review.openstack.org/#/settings/agreements. On that day the Gerrit interface will be changing to present the new CLA text referring to the OpenStack Foundation, and will prompt you to agree to it there. Any previous agreement with OpenStack LLC will be marked expired at that time. The text of the new agreement is available for your convenience <https://review.openstack.org/static/cla.html> (changes “LLC” to “Foundation”, restores a sentence from ASF <https://review.openstack.org/#/c/22396/2/modules/openstack_project/files/ge…> and corrects a few typographical errors). You must also sign up for an OpenStack Foundation Individual Membership with the same E-mail address as used for your Gerrit contact information: http://openstack.org/register/. OpenStack outpaces Amazon, at least by hype <http://www.mirantis.com/blog/openstack-outpaces-amazon-at-least-by-hype/> A study conducted by TrendKite shows that at this point OpenStack has more media mentions than Amazon EC2, Eucalyptus, CloudStack and OpenNebula combined. If that is not enough, another chart from the same study appears to show that “OpenStack” media mentions are on par with that of “Cloud Computing.” CloudEnvy: Development in the cloud! <http://jake.ai/cloudenvy-development-in-the-cloud> Jake Dahn is working on a project called CloudEnvy which has potential to change the development patterns of web developers everywhere: it allows you to configure and distribute reproducible development environments in the cloud. Bring on the Crazy: Zero to Book in Five Days <http://www.openstack.org/blog/2013/02/bring-on-the-crazy-zero-to-book-in-fi…> Anne Gentle is leading a “crazy” project: a large, highly focused documentation sprint to write that operator’s guide — for operators by operators. Anne promised to pluck operators out of their day jobs, put them in a room, fuel them with coffee, BBQ, and TexMex, and get to writing. Sounds awesome to me: I’m voting for their panel On Writing the OpenStack Operations Manual in 5 Days <http://www.openstack.org/summit/portland-2013/vote-for-speakers/presentatio…> at the upcoming OpenStack Summit. The OpenStack Gate <http://dague.net/2013/02/21/the-openstack-gate/> The OpenStack project has a really impressive continuous integration system, which is one of its core strengths as a project. Every proposed change to our gerrit review <https://review.openstack.org/#/> system is subjected to a battery of tests on each commit, which has grown dramatically with time, and after formal review by core contributors, we run them all again before the merge. How can this gate merge hundreds of changes per day? Learn about Zuul, the OpenStack gatekeeper. Security Advisories * OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282) <http://lists.openstack.org/pipermail/openstack-announce/2013-February/00007…> * OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665) <http://lists.openstack.org/pipermail/openstack-announce/2013-February/00007…> Tips and Tricks * By Victoria Martínez de la Cruz <http://vmartinezdelacruz.com/>: How to work with blueprints without losing your mind <http://vmartinezdelacruz.com/how-to-work-with-blueprints-without-losing-you…> * By Anita Kuno <http://anteaya.info/>: OpenStack Release Cycle – n00b’s Eyeview <http://anteaya.info/blog/2013/02/20/openstack-release-cycle-n00bs-eyeview/> * By Daniel P. Berrangé <https://www.berrange.com/>: A reminder why you should never mount guest disk images on the host OS <https://www.berrange.com/posts/2013/02/20/a-reminder-why-you-should-never-m…> * By Everett Toews <http://blog.phymata.com/>: Swift Only with OpenStack DevStack on the Rackspace Cloud <http://blog.phymata.com/2013/02/18/swift-only-with-openstack-devstack-on-th…> * By Laura Alves <http://ladquin.dreamwidth.org/>: Doc for code and Doc as code – Part I <http://ladquin.dreamwidth.org/1207.html> * By Russell Bryant <http://russellbryantnet.wordpress.com/>: Deployment Considerations for nova-conductor Service in OpenStack Grizzly <http://russellbryantnet.wordpress.com/2013/02/19/deployment-considerations-…> * By Sébastien Han <http://sebastien-han.fr/>:override DHCP information sent by DNSMASQ to a VM <http://sebastien-han.fr/blog/2013/02/18/openstack-override-dhcp-information…> Upcoming Events * SCALE 11x <https://www.socallinuxexpo.org/scale11x/> Feb 22 – 24, 2013 – Los Angeles, CA Details <https://www.socallinuxexpo.org/scale11x/> * OpenStack in Production at Scale <http://www.meetup.com/meetup-group-NjZdcegA/events/103564202/> Feb 28, 2013 – Chicago, IL Details <http://www.meetup.com/meetup-group-NjZdcegA/events/103564202/> * Pulse Open Cloud Summit <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…>Mar 03, 2013 – MGM Grand in Las Vegas, NV Details <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…> * Pulse 2013 <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> Mar 04 – 06, 2013 – Las Vegas, NV Details <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> * OpenStack Day Tokyo 2013 <http://openstackdays.com/en/> Mar 12, 2013 – Tokyo, Japan Details <http://openstackdays.com/en/> * OpenStack Italia User Group: …dove eravamo rimasti? <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> Mar 14, 2013 – Milano, Italy Details <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> * OpenStack Object Storage (Swift) API Sprint at PyCon 2013 <https://us.pycon.org/2013/community/sprints/swift/> Mar 18, 2013 – Santa Clara, CA Details <https://us.pycon.org/2013/community/sprints/swift/> * OpenStack Paris Meetup <http://www.meetup.com/OpenStack-France/events/104394682/> Mar 19, 2013 – Paris, France Details <http://www.meetup.com/OpenStack-France/events/104394682/> * World Hosting Days 2013 <http://www.worldhostingdays.com/eng/index.php> Mar 19 – 21, 2013 – Rust, Germany Details <http://www.worldhostingdays.com/eng/index.php> * OpenStack Developers Meetup <http://www.meetup.com/openstack-atlanta/> Mar 21, 2013 – Atlanta, GA Details <http://www.meetup.com/openstack-atlanta/> * 1st OpenStack User Group Nordics meetup <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> Apr 03, 2013 – Kista, Sweden Details <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> * OpenStack Summit April 2013 <http://www.openstack.org/summit/portland-2013/> Apr 15 – 18, 2013 – Portland, OR Details <http://www.openstack.org/summit/portland-2013/> * OpenStack Israel <http://www.openstack.org/> May 27, 2013 – Tel-Aviv, Israel Coming Soon <http://www.openstack.org/> * GigaOM Structure <http://event.gigaom.com/structure/> Jun 19 – 20, 2013 – San Francisco, CA Details <http://event.gigaom.com/structure/> Reports from previous events * OpenStack mini conference @gnunify.in <http://www.hastexo.com/blogs/syed/2013/02/21/openstack-mini-conference-gnun…> * 2nd Swiss OpenStack User Group <http://www.openstack.org/blog/2013/02/2nd-swiss-openstack-user-group/> * TryStack.cn Community 2nd Meetup – 19th February 2013 <http://www.openstack.org/blog/2013/02/trystack-2nd-meetup-2013/> Other News * OpenStack wiki migration <http://ryandlane.com/blog/2013/02/19/openstack-wiki-migration/> * OpenStack newcomers channel opening in Freenode <http://markmail.org/message/ftdky3n6xstn3355> * Grizzly-3 development milestone available (Keystone, Glance, Nova, Horizon, Quantum, Cinder) <http://lists.openstack.org/pipermail/openstack-announce/2013-February/00008…> * OpenStack Project Meeting: Summary <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-19-21.…> and full logs <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-19-21.…> Welcome New Contributors Celebrating the first patches submitted this week by: * Toshiyuki Hayashi, NTT * Joe Topjian * David Höppner * Erik Zaadi, IBM * Nathanael Burton * alatynskaya, Mirantis * David Peraza, IBM * Brant Knudson, IBM /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

Grizzly-3 development milestone available (Keystone, Glance, Nova, Horizon, Quantum, Cinder)
by Thierry Carrez 22 Feb '13

22 Feb '13

Hi everyone, The last milestone of the Grizzly development cycle, "grizzly-3" is now available for testing. This milestone contains almost all of the features that will be shipped in the final 2013.1 ("Grizzly") release on April 4, 2013. This was an extremely busy milestone, with 100 blueprints implemented and more than 450 bugfixes overall. You can find the full list of new features and fixed bugs, as well as tarball downloads, at: https://launchpad.net/keystone/grizzly/grizzly-3 https://launchpad.net/glance/grizzly/grizzly-3 https://launchpad.net/nova/grizzly/grizzly-3 https://launchpad.net/horizon/grizzly/grizzly-3 https://launchpad.net/quantum/grizzly/grizzly-3 https://launchpad.net/cinder/grizzly/grizzly-3 Those projects are now temporarily feature-frozen (apart from already-granted exceptions) as we switch to testing and bugfixing mode in preparation for our first release candidates. Please test, try the new features, report bugs and help fix them ! Regards, -- Thierry Carrez (ttx) Release Manager, OpenStack

1 0

[OSSA 2013-005] Keystone EC2-style authentication accepts disabled user/tenants (CVE-2013-0282)
by Thierry Carrez 20 Feb '13

20 Feb '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-005 CVE: CVE-2013-0282 Date: February 19, 2013 Keystone EC2-style authentication accepts disabled user/tenants Reporter: Nathanael Burton (National Security Agency) Products: Keystone Affects: All versions Description: Nathanael Burton reported a vulnerability in EC2-style authentication in Keystone. Keystone fails to check whether a user, tenant, or domain is enabled before authenticating a user using the EC2 api. Authenticated, but disabled users (or authenticated users in disabled tenants or domains) could therefore retain access rights that were thought removed. Only setups enabling EC2-style authentication are affected. To disable EC2-style authentication to work around the issue, remove the EC2 extension (keystone.contrib.ec2:Ec2Extension.factory) from the keystone API pipeline in keystone.conf. Grizzly (development branch) fix: https://review.openstack.org/#/c/22319/ Folsom fix: https://review.openstack.org/#/c/22320/ Essex fix: https://review.openstack.org/#/c/22321/ References: https://bugs.launchpad.net/keystone/+bug/1121494 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0282 - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJRI7nbAAoJEFB6+JAlsQQjGHgP/2yHBH4Yvzl3Q0P4oMr2Vskb 9xroi6sEQTgP/KaidIiV2lORdgSqYZZlylW3EbHnR1Io9natqCLfYkkEdpagTUxM WcYXAJtBHbHN+hpeGiYojPsV1LmgIX81UrausX1k5U1ZtFkvOhrfhcXWPOozREkM WwhYjaGl14dmIusE7h0uY7VNTiQMI9LAft18OfJMNFTwA/FmkxlPO/Jea8CUwDIl LSLv+MRFw2M01TnsAYlnFsa9O7175q2DpNPCqXYjh38ewNBJHuArtuASkA7hHrMA wYUzAS3lho9WuGVG/GwZk1V//GQhpzn/VWxRCmuOS3tpwTksbkXF36kwOnP5Vu5N uo9jLBAovHIqfr0QGXGYMXA9Bu9jW5geUIuDNvpKkAFIiQVS3JcDWsqsu7otgjHY HKUKmYF66BAJmmaM7aXPswGs61B6F3SLIZCneOp9N8PnT3PCR57++zMEjEWBYuLw E4BDKPa1k2Q822hxWizhXAmkfc5t+AVk2kKPa9a5sMY2oNNrqtRR4+jMjXiS9CmU gQs9VbXrmMy577zcCkzj7ci7fY0iFUtHW7PhFKUpHf2Mpr2/vLwc4p8g5da8bTwU 2swDuJ/KPsd66oEYjQW0CGBymMTkmbZWUX4InAj1ZynESW46cb/CAaS8oGk2I6dC F3MMfAjNkfhO9srLLNoC =fWOa -----END PGP SIGNATURE-----

1 0

[OSSA 2013-004] Information leak and Denial of Service using XML entities (CVE-2013-1664, CVE-2013-1665)
by Thierry Carrez 20 Feb '13

20 Feb '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-004 CVE: CVE-2013-1664, CVE-2013-1665 Date: February 19, 2013 Title: Information leak and Denial of Service using XML entities Reporter: Jonathan Murray (NCC Group), Joshua Harlow (Yahoo!), Stuart Stent Products: Keystone, Nova, Cinder (see note) Affects: All versions Description: Jonathan Murray from NCC Group, Joshua Harlow from Yahoo! and Stuart Stent independently reported a vulnerabilities in the parsing of XML requests in Python XML libraries used in Keystone, Nova and Cinder. By using entities in XML requests, an unauthenticated attacker may consume excessive resources on the Keystone, Nova or Cinder API servers, resulting in a denial of service and potentially a crash (CVE-2013-1664). Authenticated attackers may also leverage XML entities to read the content of a local file on the Keystone API server (CVE-2013-1665). This only affects servers with XML support enabled. Note: The vulnerabilities are actually in the various affected Python XML libraries, but we provide OpenStack patches working around the issues. Grizzly (development branch) fixes: Nova: https://review.openstack.org/#/c/22309/ Cinder: https://review.openstack.org/#/c/22310/ Keystone: https://review.openstack.org/#/c/22315/ Folsom fixes: Nova: https://review.openstack.org/#/c/22312/ Cinder: https://review.openstack.org/#/c/22311/ Keystone: https://review.openstack.org/#/c/22314/ Essex fixes: Nova: https://review.openstack.org/#/c/22313/ Keystone: https://review.openstack.org/#/c/22316/ References: https://bugs.launchpad.net/nova/+bug/1100282 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1664 https://bugs.launchpad.net/keystone/+bug/1100279 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-1665 - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJRI5+DAAoJEFB6+JAlsQQj2fQQALLE9GEOIRGcj9gXXQ5mDS3l /CWI6ljTlVWxXy143lAUbkpvW0AHx0S6wVU38Hh/wS6D3u4JpxC2lERcI6KB7XyF R6F7qWzdwulh+0GX9n+8rO0qLVkqhB6hn3bCVUKu20N+cromJHsSgzDU6lvVlUAU dwc9eFWmg2d7bpESUdltDo9yEnz0jXxzOpCseC5/zfSo5RnJU1Oi4ZaiXPzbRqqb bQzKRGevLddHAMKJnKrYvpg5471LQ8bC7rMYwq44c4HH0+ZhwQVgwyBxdeyNGISI kJ1LhTGlDdTN1SBV3QDc0//pai2tQtcY96sQJ+1FWl9wrAMft+hSyCmRlsX2O4O1 zbN/iUEVmZRP1/JuD8tk+TDUlBdTSZai3pV9bVlRQ7GWUKSreDI38T87d+ZZe0Uz f63hafBSKGqQ/GD8s5HnJopvGK1vY2zgiNuORJc5PH8iPo/75YVRM3Ct6lFwooIe uPow6AbydISEVUbsK1AcLESQ6Uq4CufsNUColi1o+2PRlc2/Jt/ZXaFx2LfsE6ka m6cXJMIZZ6Mrz6ogtYnEYDkzPPQ7/oLXzVxoS3NCoh/LLxs838eqiAZ+mVVboAaO LOARFrqYw8wfg45JLqQ2mb/Oe10hPZdMwc+lQa2ccDYLBJXkrMKz7vHW8W47bM1H i5g9RJ8pkA5wFKxBgfKj =pNuW -----END PGP SIGNATURE-----

1 0

OpenStack Community Weekly Newsletter (Feb 8 – 15)
by Stefano Maffulli 16 Feb '13

16 Feb '13

Highlights of the week Important CLA changes coming in 10 days <http://markmail.org/message/azrdwianmnt2j5oc> Starting on February 24, 2013 all contributors MUST review and agree to the new OpenStack Individual Contributor License Agreement and provide updated contact information at https://review.openstack.org/#/settings/agreements. On that day the Gerrit interface will be changing to present the new CLA text referring to the OpenStack Foundation, and will prompt you to agree to it there. Any previous agreement with OpenStack LLC will be marked expired at that time. The text of the new agreement is available for your convenience <https://review.openstack.org/static/cla.html> (just changes “LLC” to “Foundation” and corrects a few typographical errors). You must also sign up for an OpenStack Foundation Individual Membership with the same E-mail address as used for your Gerrit contact information: http://openstack.org/register/. OpenStack Object Storage (aka Swift) for new contributors <http://swiftstack.com/blog/2013/12/03/swift-for-new-contributors/> As a developer, jumping into a mature codebase can be somewhat daunting. How is the code structured? What is the request flow? What’s the process for getting my changes contributed upstream? Find answers to these questions on this post by SwiftStack. Evolution of the incubation process <http://lists.openstack.org/pipermail/openstack-tc/2013-February/000119.html> The Technical Committee approved a set of changes to the incubation process, the process through which a project becomes part of the co-ordinated, integrated OpenStack release. One of the visible change is the switch from using the term “Core projects” to “Integrated”. Upstream University at the OpenStack summit <http://dachary.org/?p=1846> Upstream University is organizing a session <http://upstream-university.org/apply/> in advance of the next OpenStack summit <http://www.openstack.org/summit/portland-2013/>, in Portland. If you can fly in two days ahead of the event to spend the weekend improving your OpenStack contribution skills, please consider submitting an application <http://upstream-university.org/apply/> to attend the workshop. Python trademark at risk in Europe: Python Foundation needs your help <http://pyfound.blogspot.co.uk/2013/02/python-trademark-at-risk-in-europe-we…> For anyone who works in a company that has an office in a EU Community member state, the Python Software Foundation needs your help. There is a company in the UK that is trying to trademark the use of the term “Python” for all software, services, servers… pretty much anything having to do with a computer. The PSF is asking a letter on company letterhead to forward to their EU counsel. More details on PSF <http://PSF/>News <http://pyfound.blogspot.co.uk/2013/02/python-trademark-at-risk-in-europe-we…>. Report of Openstack project on SF State University campus <http://commons.sfsu.edu/report-openstack-project-campus> Two students (Brandon Lai and Pascal Schuele) under supervision of prof. Sameer Verma worked on exploring the cloud computing space in Fall 2012. They built a demo/prototype of a private cloud platform on campus and presented at the end of the semester. Prof. Verma hopes to continue to expand this project in Spring 2013. Security Advisories * CVE-2013-0247 : Keystone denial of service through invalid token requests <http://secstack.org/2013/02/cve-2013-0247-keystone-denial-of-service-throug…> Tips and Tricks * By Matthias Runge <http://www.matthias-runge.de/>: How to create a custom theme for Horizon <http://www.matthias-runge.de/2013/02/15/how-to-create-a-custom-theme-for-ho…> * By Julien Danjou <http://julien.danjou.info/blog/>: Cloud tools for Debian <http://julien.danjou.info/blog/2013/cloud-init-utils-debian> * By Derek Higgins <http://goodsquishy.com/>: Looking for a Fedora 18 qcow2 image to use on openstack <http://goodsquishy.com/2013/02/fedora-18-qcow2-image/> Upcoming Events * Second Swiss OpenStack User Group Meeting <http://www.meetup.com/zhgeeks/events/97648722/> Feb 19, 2013 – Zurich, Switzerland Details <http://www.meetup.com/zhgeeks/events/97648722/> * SCALE 11x <https://www.socallinuxexpo.org/scale11x/> Feb 22 – 24, 2013 – Los Angeles, CA Details <https://www.socallinuxexpo.org/scale11x/> * OpenStack Delhi NCR Meetup <http://www.meetup.com/Indian-OpenStack-User-Group/events/102301202/> Feb 22, 2013 – India Details <http://www.meetup.com/Indian-OpenStack-User-Group/events/102301202/> * OpenStack in Production at Scale <http://www.meetup.com/meetup-group-NjZdcegA/events/103564202/> Feb 28, 2013 – Chicago, IL Details <http://www.meetup.com/meetup-group-NjZdcegA/events/103564202/> * Pulse Open Cloud Summit <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…>Mar 03, 2013 – MGM Grand in Las Vegas, NV Details <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…> * Pulse 2013 <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> Mar 04 – 06, 2013 – Las Vegas, NV Details <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> * OpenStack Day Tokyo 2013 <http://openstackdays.com/en/> Mar 12, 2013 – Tokyo, Japan Details <http://openstackdays.com/en/> * OpenStack Italia User Group: …dove eravamo rimasti? <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> Mar 14, 2013 – Milano, Italy Details <http://www.meetup.com/OpenStack-User-Group-Italia/events/102481022/> * OpenStack Object Storage (Swift) API Sprint at PyCon 2013 <https://us.pycon.org/2013/community/sprints/swift/> Mar 18, 2013 – Santa Clara, CA Details <https://us.pycon.org/2013/community/sprints/swift/> * OpenStack Developers Meetup <http://www.meetup.com/openstack-atlanta/> Mar 21, 2013 – Atlanta, GA Details <http://www.meetup.com/openstack-atlanta/> * 1st OpenStack User Group Nordics meetup <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> Apr 03, 2013 – Kista, Sweden Details <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> * OpenStack Summit April 2013 <http://www.openstack.org/summit/portland-2013/> Apr 15 – 18, 2013 – Portland, OR Details <http://www.openstack.org/summit/portland-2013/> * OpenStack Israel <http://www.openstack.org/> May 27, 2013 – Tel-Aviv, Israel Coming Soon <http://www.openstack.org/> Other News * February 12th OpenStack Foundation Board Meeting <http://blogs.gnome.org/markmc/2013/02/15/february-12th-openstack-foundation…> * XenAPINFS – Integrated with Glance <http://blogs.citrix.com/2013/02/12/xenapinfs-integrated-with-glance/> * OpenStack Project Meeting: Summary <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-12-21.…> and full logs <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-12-21.…>. Welcome New Contributors Celebrating the first patches submitted this week by: * Tim Potter, HP * Jean-Baptiste RANSY, Alyseo * Nicholas Kuechler * Adalberto Medeiros, IBM /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

OpenStack Community Weekly Newsletter (Feb 1 – 8)
by Stefano Maffulli 09 Feb '13

09 Feb '13

Highlights of the week Best way to brag about contributing to Grizzly? Contributors to OpenStack Folsom received a nice patch to stick on something you carry every day like a backpack or your favorite sweater. Would you like to get a patch for Grizzly, too? Would you rather get something else to brag about your ‘Contributor’ status? Let us know your preferences. Packstack: Openstack Install tool <http://blog.flaper87.org/post/511441160f06d34258e8a6ac/> There is a new tool that installs Openstack either on bare metal or Vms: it can be found on github under the fedora-openstack organization. Packstack is currently in its first ages and still under heavy development but, it’s already capable of installing, customize some parameters and distribute most of the Openstack modules on a single server or several as well. It currently supports Red Hat based distros but there’s space for more. Testing <http://anteaya.info/blog/2013/02/07/testing/> (OpenStack) Anita Kuno <http://anteaya.info/>, one of our awesome intern of OPW program, tells the tales common to new developers learning about OpenStack developer’s community. In this new installation she tells us how she had to run some tests in /opt/stack/nova and every command failed. Why? She didn’t know. But now she does. Cloud Prizefight: OpenStack vs. VMware <http://www.mirantis.com/blog/cloud-prizefight-vmware-vs-openstack/> There have been many discussions in the cloud landscape comparing VMware and OpenStack. In fact, it’s one of the most popular topics among those thinking about using OpenStack. Mirantis’ Lee Xie judged the two in the following categories: design, features, use cases, and value. The categories are scored on a 10-point scale and then tallied to determine the winner. In a nutshell: How Does OpenStack work? <http://vmartinezdelacruz.com/in-a-nutshell-how-openstack-works/> Victoria Martínez de la Cruz <http://vmartinezdelacruz.com/>, another awesome intern of OPW program, uses pictures and words to explain in a blog post how OpenStack works. Security Advisories * Keystone denial of service through invalid token requests (CVE-2013-0247) <http://markmail.org/message/tan3hpm3rlpqb3rf> Tips and Tricks * By Adam Young <http://adam.younglogic.com/>: Using Puppet to setup PostgreSQL for Keystone on Fedora <http://adam.younglogic.com/2013/02/puppet-postgresql-keystone/> * By Victoria Martínez de la Cruz <http://vmartinezdelacruz.com/>: TryStack: OpenStack for fun and profit <http://vmartinezdelacruz.com/trystack-openstack-for-fun-and-profit/> Upcoming Events * OpenStack Mini-Conf at gnuNify <http://gnunify.in/2013/events/OpenStack_Mini_Conf> Feb 15, 2013 – Pune, India Details <http://gnunify.in/2013/event/OpenStack_Mini_Conf> * Second Swiss OpenStack User Group Meeting <http://www.meetup.com/zhgeeks/events/97648722/> Feb 19, 2013 – Zurich, Switzerland Details <http://www.meetup.com/zhgeeks/events/97648722/> * SCALE 11x <https://www.socallinuxexpo.org/scale11x/> Feb 22 – 24, 2013 – Los Angeles, CA Details <https://www.socallinuxexpo.org/scale11x/> * Pulse Open Cloud Summit <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…> Mar 03, 2013 – MGM Grand in Las Vegas, NV Details <http://www.ibmpulseblog.com/new-pulse-open-cloud-summit-arrive-early-on-sun…> * Pulse 2013 <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> Mar 04 – 06, 2013 – Las Vegas, NV Details <https://www-01.ibm.com/software/tivoli/pulse/agenda/index.html> * OpenStack Day Tokyo 2013 <http://openstackdays.com/en/> Mar 12, 2013 – Tokyo, Japan Details <http://openstackdays.com/en/> * OpenStack Swift API Sprint at PyCon 2013 <https://us.pycon.org/2013/community/sprints/swift/> Mar 18, 2013 – Santa Clara, CA Details <https://us.pycon.org/2013/community/sprints/swift/> * OpenStack Developers Meetup <http://www.meetup.com/openstack-atlanta/> Mar 21, 2013 – Atlanta, GA Details <http://www.meetup.com/openstack-atlanta/> * 1st OpenStack User Group Nordics meetup <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> Apr 03, 2013 – Kista, Sweden Details <http://www.meetup.com/OpenStack-User-Group-Nordics/events/95258382/> * OpenStack Summit April 2013 <http://www.openstack.org/summit/portland-2013/> Apr 15 – 18, 2013 – Portland, OR Details <http://www.openstack.org/summit/portland-2013/> * OpenStack Israel <http://www.openstack.org/> May 27, 2013 – Tel-Aviv, Israel Coming Soon <http://www.openstack.org/> Reports From Past Events * TryStack.cn 2013 first meetup <http://www.openstack.org/blog/2013/02/trystack-cn-2013-first-meetup/> Other News * Q&A with Lucas Welch Senior Communications Manager at Opscode: What’s cooking at Opscode? <http://rafstack.tumblr.com/post/42590542410>Consumerization of IT or Death: OpenStack and Agile IT Operations <http://www.mirantis.com/blog/consumerization-of-it-or-zombie-meat-openstack…> * Altai v1.1.0 with LDAP/AD support <http://openstackgd.wordpress.com/2013/02/04/altai-v1-1-0-with-ldapad-suppor…> * OpenStack Board of Directors Talks: Episode 7 with Joshua McKenty, co-Founder and CTO of Piston Cloud Computing <http://rafstack.tumblr.com/post/42509862319> * OpenStack Project Meeting: Summary <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-05-21.…> and full logs <http://eavesdrop.openstack.org/meetings/project/2013/project.2013-02-05-21.…>. Welcome New Contributors Celebrating the first patches submitted this week by: * Kurt Martin, HP * Svetlana Shturm, Mirantis * Mitsuhiko Yamazaki, NEC * Andrea Frittoli, HP * James Morgan, Rackspace * Jesse Pretorius * Nathan Reller, JHU APL * Rami Vaknin, Redhat /The weekly newsletter is a way for the community to learn about all the various activities occurring on a weekly basis. If you would like to add content to a weekly update or have an idea about this newsletter, please leave a comment./

1 0

unsubscribe
by Mark van den Bogaard 06 Feb '13

06 Feb '13

Met vriendelijke groeten, Mark van den Bogaard NLcom ICT Solutions T +31 (0)43 350 0190 F +31 (0)43 350 0192 E bogaard(a)nlcom.nl <mailto:bogaard@nlcom.nl> I www.nlcom.nl <http://www.nlcom.nl/> <http://www.facebook.com/nlcom> <http://twitter.com/nlcom> <http://www.linkedin.com/company/nlcom> Support: T +31 (0)43 3270555 Office: Hoogbrugplein 4, 6221 DB Maastricht KvK Zuid-Limburg: 14059477

1 0

[OSSA 2013-003] Keystone denial of service through invalid token requests (CVE-2013-0247)
by Thierry Carrez 06 Feb '13

06 Feb '13

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 OpenStack Security Advisory: 2013-003 CVE: CVE-2013-0247 Date: February 5, 2013 Title: Keystone denial of service through invalid token requests Reporter: Dan Prince (Red Hat) Products: Keystone Affects: All versions Description: Dan Prince of Red Hat reported a vulnerability in token creation error handling in Keystone. By requesting lots of invalid tokens, an unauthenticated user may fill up logs on Keystone API servers disks, potentially resulting in a denial of service attack against Keystone. Grizzly (development branch) fix: https://github.com/openstack/keystone/commit/8ec247bf61be0e487332d5d891246d… Folsom fix: https://github.com/openstack/keystone/commit/bb2226f944aaa38beb7fc08ce0a787… Essex fix: https://review.openstack.org/#/c/21216/ References: https://bugs.launchpad.net/keystone/+bug/1098307 http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=2013-0247 - -- Thierry Carrez (ttx) OpenStack Vulnerability Management Team -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBCAAGBQJRETGUAAoJEFB6+JAlsQQjbC0QAIzjY1gNe/Lr2X+xDOvz+q2v 7O6Tn2ZV3X1/fgdVbicl4CVnNzkb3mbG1/pIEl7FbpSFfY6a3a8leJZD7u9bKB6z M4xNGXITGJoT7HBo8ABvDH4X6p5oA/LDkuCZVotY4SHa5xIYRcQk884DbnIYoGe7 zXEek352gHgX7m0DmABm8Pz8E+IpyFIp8rdPEv4w9EeVDJmjhZvcgsMhKZmNahph DyBMDvdGY7nXeurzI43tMdWHkqYCljq1qagLqzNxjXJj796FNixUdwnBfmvkRuDI XvNOGQEnwWMdwRhHgQm9C6o9Y8OYnA2XXLxjKhYuNOYT09c2ZPqhITuT1Aka8eg4 Xnqt6OnGLhA8qq0zYfRPGAZFXghQ20NqSDU4CaZntYS9bFUZjQegnKA9qmo2bdJp TbtE/UoZgDAxAvm5n0myHuT2nw75RCM0FWvbKA6VpgK2qikx77rK6/Y5M68F1288 hj7qxMUrbsj0aNBPoWkgpUdIzH3oLsvVq4tRxhSUGj06UIOtXo9QVpxRjmOU46eM HKKL0n2Gfmi+kXgJfUdlGeQjlYUnNIx4pljn0RHRwyc5nLGdLUTy6ufnRclYRKSY roS2qlrR+gDkKeHP3JS1zcdFblg/VKrAK5IN+JIeKRbZ+l/g2ghFemoVYjdduR3E IRB0CC4khRi7njgBdDl1 =CzsK -----END PGP SIGNATURE-----

1 0