updating for CVE-2015-1852

(Portage version: 2.2.14/cvs/Linux x86_64, signed Manifest commit with key 0x33ED3FD25AFC78BA)

3 files changed, 95 insertions, 18 deletions

diff --git a/dev-python/keystonemiddleware/ChangeLog b/dev-python/keystonemiddleware/ChangeLog
index 810e1b1c41c4..aecae6c115eb 100644
--- a/dev-python/keystonemiddleware/ChangeLog
+++ b/dev-python/keystonemiddleware/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for dev-python/keystonemiddleware
-# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/keystonemiddleware/ChangeLog,v 1.1 2014/09/22 21:29:58 prometheanfire Exp $
+# Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
+# $Header: /var/cvsroot/gentoo-x86/dev-python/keystonemiddleware/ChangeLog,v 1.2 2015/04/14 16:11:45 prometheanfire Exp $
+
+*keystonemiddleware-1.5.0 (14 Apr 2015)
+
+  14 Apr 2015; Matthew Thode <prometheanfire@gentoo.org>
+  +files/cve-2015-1852-master-keystonemiddleware.patch,
+  +keystonemiddleware-1.5.0.ebuild, -keystonemiddleware-1.1.1.ebuild:
+  updating for CVE-2015-1852
 
 *keystonemiddleware-1.1.1 (22 Sep 2014)
 
diff --git a/dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch b/dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch
new file mode 100644
index 000000000000..6ea8f99d5c3c
--- /dev/null
+++ b/dev-python/keystonemiddleware/files/cve-2015-1852-master-keystonemiddleware.patch
@@ -0,0 +1,63 @@
+diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py
+index d56482f..3fe13f9 100644
+--- a/keystonemiddleware/s3_token.py
++++ b/keystonemiddleware/s3_token.py
+@@ -35,6 +35,7 @@ import logging
+ import webob
+ 
+ from oslo_serialization import jsonutils
++from oslo_utils import strutils
+ import requests
+ import six
+ from six.moves import urllib
+@@ -116,7 +117,7 @@ class S3Token(object):
+                                             auth_port)
+ 
+         # SSL
+-        insecure = conf.get('insecure', False)
++        insecure = strutils.bool_from_string(conf.get('insecure', False))
+         cert_file = conf.get('certfile')
+         key_file = conf.get('keyfile')
+ 
+diff --git a/keystonemiddleware/tests/test_s3_token_middleware.py b/keystonemiddleware/tests/test_s3_token_middleware.py
+index fdadb76..4b910a6 100644
+--- a/keystonemiddleware/tests/test_s3_token_middleware.py
++++ b/keystonemiddleware/tests/test_s3_token_middleware.py
+@@ -124,7 +124,7 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
+     @mock.patch.object(requests, 'post')
+     def test_insecure(self, MOCK_REQUEST):
+         self.middleware = (
+-            s3_token.filter_factory({'insecure': True})(FakeApp()))
++            s3_token.filter_factory({'insecure': 'True'})(FakeApp()))
+ 
+         text_return_value = jsonutils.dumps(GOOD_RESPONSE)
+         if six.PY3:
+@@ -142,6 +142,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
+         mock_args, mock_kwargs = MOCK_REQUEST.call_args
+         self.assertIs(mock_kwargs['verify'], False)
+ 
++    def test_insecure_option(self):
++        # insecure is passed as a string.
++
++        # Some non-secure values.
++        true_values = ['true', 'True', '1', 'yes']
++        for val in true_values:
++            config = {'insecure': val, 'certfile': 'false_ind'}
++            middleware = s3_token.filter_factory(config)(FakeApp())
++            self.assertIs(False, middleware._verify)
++
++        # Some "secure" values, including unexpected value.
++        false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
++        for val in false_values:
++            config = {'insecure': val, 'certfile': 'false_ind'}
++            middleware = s3_token.filter_factory(config)(FakeApp())
++            self.assertEqual('false_ind', middleware._verify)
++
++        # Default is secure.
++        config = {'certfile': 'false_ind'}
++        middleware = s3_token.filter_factory(config)(FakeApp())
++        self.assertIs('false_ind', middleware._verify)
++
+ 
+ class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
+     def setUp(self):
diff --git a/dev-python/keystonemiddleware/keystonemiddleware-1.1.1.ebuild b/dev-python/keystonemiddleware/keystonemiddleware-1.5.0.ebuild
index 739d39eef635..90bee3374b2d 100644
--- a/dev-python/keystonemiddleware/keystonemiddleware-1.1.1.ebuild
+++ b/dev-python/keystonemiddleware/keystonemiddleware-1.5.0.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2014 Gentoo Foundation
+# Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/dev-python/keystonemiddleware/keystonemiddleware-1.1.1.ebuild,v 1.1 2014/09/22 21:29:58 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/dev-python/keystonemiddleware/keystonemiddleware-1.5.0.ebuild,v 1.1 2015/04/14 16:11:45 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -17,38 +17,45 @@ KEYWORDS="~amd64 ~x86 ~amd64-linux ~x86-linux"
 IUSE="doc examples test"
 
 DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-		>=dev-python/pbr-0.6[${PYTHON_USEDEP}]
-		!~dev-python/pbr-0.7[${PYTHON_USEDEP}]
+		>=dev-python/pbr-0.8[${PYTHON_USEDEP}]
 		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
 		test? (
+			>=dev-python/hacking-0.10[${PYTHON_USEDEP}]
+			<dev-python/hacking-0.11[${PYTHON_USEDEP}]
 			>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
 			>=dev-python/fixtures-0.3.14[${PYTHON_USEDEP}]
-			>=dev-python/hacking-0.8[${PYTHON_USEDEP}]
-			<dev-python/hacking-0.9[${PYTHON_USEDEP}]
-			>=dev-python/httpretty-0.8.0[${PYTHON_USEDEP}]
-			!~dev-python/httpretty-0.8.1[${PYTHON_USEDEP}]
-			!~dev-python/httpretty-0.8.2[${PYTHON_USEDEP}]
-			>=dev-python/keyring-2.1[${PYTHON_USEDEP}]
 			>=dev-python/mock-1.0[${PYTHON_USEDEP}]
 			>=dev-python/pycrypto-2.6[${PYTHON_USEDEP}]
-			dev-python/oslo-sphinx[${PYTHON_USEDEP}]
+			>=dev-python/oslo-sphinx-2.2.0[${PYTHON_USEDEP}]
+			dev-python/oslotest[${PYTHON_USEDEP}]
+			dev-python/oslo-messaging[${PYTHON_USEDEP}]
+			dev-python/requests-mock[${PYTHON_USEDEP}]
 			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
 			!~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
 			<dev-python/sphinx-1.3[${PYTHON_USEDEP}]
 			>=dev-python/testrepository-0.0.18[${PYTHON_USEDEP}]
 			>=dev-python/testresources-0.2.4[${PYTHON_USEDEP}]
-			>=dev-python/testtools-0.9.34[${PYTHON_USEDEP}]
+			>=dev-python/testtools-0.9.36[${PYTHON_USEDEP}]
+			!~dev-python/testtools-1.2.0[${PYTHON_USEDEP}]
+			>=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
 		)"
 
 RDEPEND=">=dev-python/Babel-1.3[${PYTHON_USEDEP}]
 		>=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}]
-		>=dev-python/netaddr-0.7.6[${PYTHON_USEDEP}]
-		>=dev-python/oslo-config-1.4.0[${PYTHON_USEDEP}]
-		>=dev-python/requests-1.2.1[${PYTHON_USEDEP}]
-		>=dev-python/six-1.7.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-config-1.9.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-i18n-1.3.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-serialization-1.2.0[${PYTHON_USEDEP}]
+		>=dev-python/oslo-utils-1.2.0[${PYTHON_USEDEP}]
+		>=dev-python/pycadf-0.8.0[${PYTHON_USEDEP}]
+		>=dev-python/python-keystoneclient-1.1.0[${PYTHON_USEDEP}]
+		>=dev-python/requests-2.2.0[${PYTHON_USEDEP}]
+		!~dev-python/requests-2.4.0[${PYTHON_USEDEP}]
+		>=dev-python/six-1.9.0[${PYTHON_USEDEP}]
 		>=dev-python/webob-1.2.3[${PYTHON_USEDEP}]"
 
 PATCHES=(
+"${FILESDIR}/cve-2015-1852-master-keystonemiddleware.patch"
 )
 
 python_compile_all() {