opendevreview | Tim Burke proposed openstack/swift master: tests: Ensure XXE injection tests have config loaded https://review.opendev.org/c/openstack/swift/+/871005 | 01:03 |
---|---|---|
opendevreview | Jianjian Huo proposed openstack/swift master: Proxy: restructure cached updating shard ranges https://review.opendev.org/c/openstack/swift/+/870886 | 03:22 |
opendevreview | Jianjian Huo proposed openstack/swift master: Proxy: move '_get_update_shard' from base class to child class. https://review.opendev.org/c/openstack/swift/+/871022 | 06:26 |
opendevreview | Tim Burke proposed openstack/swift master: tests: Ensure XXE injection tests have config loaded https://review.opendev.org/c/openstack/swift/+/871005 | 17:50 |
opendevreview | Tim Burke proposed openstack/swift master: tests: Ensure XXE injection tests have config loaded https://review.opendev.org/c/openstack/swift/+/871005 | 19:26 |
opendevreview | Tim Burke proposed openstack/swift master: Clean up some cruft https://review.opendev.org/c/openstack/swift/+/871181 | 20:56 |
opendevreview | Tim Burke proposed openstack/swift stable/victoria: Fix stable gate https://review.opendev.org/c/openstack/swift/+/871185 | 21:19 |
opendevreview | Merged openstack/swift master: tests: Ensure XXE injection tests have config loaded https://review.opendev.org/c/openstack/swift/+/871005 | 21:49 |
opendevreview | Tim Burke proposed openstack/swift stable/zed: tests: Ensure XXE injection tests have config loaded https://review.opendev.org/c/openstack/swift/+/871135 | 22:03 |
opendevreview | Tim Burke proposed openstack/swift stable/yoga: s3api: Prevent XXE injections https://review.opendev.org/c/openstack/swift/+/870826 | 22:05 |
zigo | Hi there! | 22:09 |
zigo | timburke: I'm trying to backport the last CVE patch, and I'm having the first line change that fails when backporting to train: | 22:09 |
zigo | https://review.opendev.org/c/openstack/swift/+/870828/1/test/unit/common/middleware/s3api/test_multi_delete.py#458 | 22:09 |
zigo | Any idea why? | 22:09 |
timburke | zigo, not off-hand -- do you know what *is* in body when it fails? | 22:12 |
zigo | timburke: https://paste.opendev.org/show/b67mAP7NcLDa32x9xpci/ | 22:12 |
zigo | timburke: Does this help? | 22:13 |
timburke | yes, thanks! that seems familiar -- i feel like there was some change over the years to do with that xml declaration... let me see if i can track it down... that first test change was unrelated to the CVE, fwiw -- could probably drop it for the backport | 22:14 |
zigo | FYI, I got failures in all rocky to ussuri... | 22:15 |
zigo | Oh ok ! :) | 22:15 |
zigo | Thanks, that's helpful then. | 22:15 |
zigo | I'll do that. | 22:15 |
zigo | timburke: Also, FYI, I had to remove the usedforsecurity=False from the md5() call, as it seems it wasn't in earlier versions. | 22:18 |
zigo | Was this a new thing of that md5() function for victoria and up? Or maybe in OpenSSL? | 22:18 |
zigo | Looks like the diff is in buster vs bullseye... | 22:18 |
timburke | came in with https://github.com/openstack/swift/commit/5320ecbaf2c0e77842ab1ee3eb8106948dc06704 (part of getting FIPS support) | 22:19 |
zigo | Ok. | 22:21 |
timburke | hmmm... maybe i was remembering listing_formats wrt xml declarations... https://github.com/openstack/swift/commit/1b0172f5d31d8bb862f8c9b017cccaf657b93230 | 22:23 |
zigo | timburke: Do I need to also backport that, or it's just unit tests and I can ignore? | 22:25 |
timburke | just unit tests -- i'd ignore for now | 22:25 |
zigo | Thanks a lot. | 22:25 |
timburke | fwiw, i plan on getting backports up as far back as i can -- at some point in the last month i had working gates back through stein iirc, but they keep breaking in new and diverse ways :-( | 22:26 |
timburke | i can be sure to loop you in on how it goes trying to get back to train | 22:27 |
zigo | timburke: I have working env. in my Jenkins to build packages (with unit tests when building) up to Rocky. | 22:27 |
zigo | Rocky is in Buster, so Debian LTS... | 22:28 |
opendevreview | Tim Burke proposed openstack/swift stable/xena: s3api: Prevent XXE injections https://review.opendev.org/c/openstack/swift/+/870827 | 22:28 |
timburke | in the meeting this week, sounded like RH still had customers on queens, so you're in good company, i guess? going to do my best; this is exactly the sort of reason why i wanted to keep those old branches around, do what i can to help downstream packagers :-) | 22:31 |
zigo | This is the first time I'm in for Debian LTS ... :) | 22:32 |
opendevreview | Tim Burke proposed openstack/swift stable/yoga: s3api: Prevent XXE injections https://review.opendev.org/c/openstack/swift/+/870826 | 22:35 |
opendevreview | Tim Burke proposed openstack/swift stable/xena: s3api: Prevent XXE injections https://review.opendev.org/c/openstack/swift/+/870827 | 22:36 |
zigo | All of our public clusters are now up-to-date ! :) | 22:44 |
opendevreview | Tim Burke proposed openstack/swift stable/ussuri: DNM: check stable gate health https://review.opendev.org/c/openstack/swift/+/871198 | 22:48 |
timburke | zigo, 🎉 | 22:48 |
opendevreview | Tim Burke proposed openstack/swift stable/ussuri: Add attrs to lower-constraints https://review.opendev.org/c/openstack/swift/+/871136 | 23:53 |
Generated by irclog2html.py 2.17.3 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!