Package: release.debian.org Severity: normal Tags: stretch User: release.debian....@packages.debian.org Usertags: pu
Hi, Cloudkitty FTBFS is fixed with the attached debdiff. Please allow me to upload this to Buster. Cheers, Thomas Goirand (zigo)
diff -Nru cloudkitty-8.0.0/debian/changelog cloudkitty-8.0.0/debian/changelog --- cloudkitty-8.0.0/debian/changelog 2019-01-24 14:45:39.000000000 +0100 +++ cloudkitty-8.0.0/debian/changelog 2019-06-28 15:01:45.000000000 +0200 @@ -1,3 +1,11 @@ +cloudkitty (8.0.0-4+deb10u1) buster; urgency=medium + + * Add upstream patch to fix FTBFS after we updated SQLAlchemy to fix + CVE-2019-7164 CVE-2019-7548 (SQL injection) (see debian bug 922669 and + 929321 for more info) (Closes: #930996). + + -- Thomas Goirand <z...@debian.org> Fri, 28 Jun 2019 15:01:45 +0200 + cloudkitty (8.0.0-4) unstable; urgency=medium * Correct default path to metrics.yml in [collect]/metrics_conf. diff -Nru cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch --- cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 1970-01-01 01:00:00.000000000 +0100 +++ cloudkitty-8.0.0/debian/patches/Fix_sqlalchemy_grouping_on_v1_storage.patch 2019-06-28 15:01:45.000000000 +0200 @@ -0,0 +1,39 @@ +Description: Fix sqlalchemy grouping on v1 storage (Fixes FTBFS in Buster) + This fixes "CompileError: Can't resolve label reference for + ORDER BY / GROUP BY." error messages raised by sqlalchemy when the groupby + expression includes a comma. +Author: Luka Peschke <luka.pesc...@objectif-libre.com> +Date: Tue, 4 Jun 2019 15:21:05 +0200 +Change-Id: Ia253175b45b8222aaee415ea535fa4102312be5a +Bug-Debian: https://bugs.debian.org/930996 +Origin: upstream, https://review.opendev.org/668120 +Last-Update: 2019-06-28 + +diff --git a/cloudkitty/storage/v1/sqlalchemy/__init__.py b/cloudkitty/storage/v1/sqlalchemy/__init__.py +index 77403e3..7b56da6 100644 +--- a/cloudkitty/storage/v1/sqlalchemy/__init__.py ++++ b/cloudkitty/storage/v1/sqlalchemy/__init__.py +@@ -127,7 +127,7 @@ class SQLAlchemyStorage(storage.BaseStorage): + self.frame_model.end <= end, + self.frame_model.res_type != '_NO_DATA_') + if groupby: +- q = q.group_by(groupby) ++ q = q.group_by(sqlalchemy.sql.text(groupby)) + + # Order by sum(rate) + q = q.order_by(sqlalchemy.func.sum(self.frame_model.rate)) +diff --git a/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml +new file mode 100644 +index 0000000..02c1e4d +--- /dev/null ++++ b/releasenotes/notes/fix-v1-storage-groupby-e865d1315bd390cb.yaml +@@ -0,0 +1,6 @@ ++--- ++fixes: ++ - | ++ ``CompileError: Can't resolve label reference for ORDER BY / GROUP BY.`` ++ errors that were sometimes raised by SQLAlchemy when using the v1 storage ++ backend and grouping on ``tenant_id`` and ``res_type`` have been fixed. +-- +2.7.4 + diff -Nru cloudkitty-8.0.0/debian/patches/series cloudkitty-8.0.0/debian/patches/series --- cloudkitty-8.0.0/debian/patches/series 2019-01-24 14:45:39.000000000 +0100 +++ cloudkitty-8.0.0/debian/patches/series 2019-06-28 15:01:45.000000000 +0200 @@ -1,3 +1,4 @@ allow-any-sqla-version.patch missing-files.patch remove-mathjax-extention-from-sphinx-doc.patch +Fix_sqlalchemy_grouping_on_v1_storage.patch
