.testr.conf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 only run tests within heat/tests

requirements.txt | 19 9 + 10 - 0 !
1 file changed, 9 insertions(+), 10 deletions(-)

 fix requirements.txt
 This patch avoids FTBFS with dpkg-gencontrol being confused by the !=
 stuff.

heat/common/urlfetch.py | 3 2 + 1 - 0 !
1 file changed, 2 insertions(+), 1 deletion(-)

 cve-2016-9185: prevent template validate from scanning ports
 Prevent template validate from scanning ports
 .
 The template validation method in the heat API allows to specify the
 template to validate using a URL with the 'template_url,' parameter.
 .
 By entering invalid http URLs, like 'http://localhost:22' it is
 possible to scan ports by evaluating the error message of the request.
 .
 For example, the request
 .
 curl -H "Content-Type: application/json" -H "X-Auth-Token: <TOKEN>" \
 -X POST -d '{"template_url": "http://localhost:22"}' \
 http://127.0.0.1:8004/v1/<TENANT_ID>/validate
 .
 causes the following error message to be returned to the user:
 .
 "Could not retrieve template: Failed to retrieve template:
 ('Connection aborted.',
 BadStatusLine('SSH-2.0-OpenSSH_7.2p2 Ubuntu-4ubuntu2.1\\r\\n',))"
 .
 This could be misused by tenants to gain knowledge about the internal
 network the heat API runs in.
 .
 To prevent this information leak, this patch alters the error message
 to not include such details when the url scheme is not 'file'.
 .
 SecurityImpact
 .

doc/source/template_guide/hot_spec.rst | 10 0 + 10 - 0 !
1 file changed, 10 deletions(-)

 remove broken rst
 In hot_spec.rst, there's some lines that are FTBFS with the newer docutils.
 Since it doesn't seem that important, and it's best to keep the rest of the
 documentation, we're just removing the block.

requirements.txt | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 allow sqla 1.1