diff options
| author |   Matt Thode <prometheanfire@gentoo.org> | 2013-05-17 15:35:57 +0000 |
|---|---|---|
| committer | Matt Thode <prometheanfire@gentoo.org> | 2013-05-17 15:35:57 +0000 |
| commit | f1e081b89c31f304bfe4e745e6055f8f4fa79ff5 (patch) | |
| tree | 0b6f0a13034e911193ca9acf6b568af6e7186c56 /sys-auth/keystone | |
| parent | Stable for HPPA (bug #464430). (diff) | |
| download | historical-f1e081b89c31f304bfe4e745e6055f8f4fa79ff5.tar.gz historical-f1e081b89c31f304bfe4e745e6055f8f4fa79ff5.tar.bz2 historical-f1e081b89c31f304bfe4e745e6055f8f4fa79ff5.zip | |
fix for CVE-2013-1977 bug 466500
Package-Manager: portage-2.1.11.62/cvs/Linux x86_64
Manifest-Sign-Key: 0x2471EB3E40AC5AC3
Diffstat (limited to 'sys-auth/keystone')
| -rw-r--r-- | sys-auth/keystone/ChangeLog | 10 | ||||
| -rw-r--r-- | sys-auth/keystone/Manifest | 32 | ||||
| -rw-r--r-- | sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch | 21 | ||||
| -rw-r--r-- | sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-1977.patch | 40 | ||||
| -rw-r--r-- | sys-auth/keystone/keystone-2012.2.4-r3.ebuild (renamed from sys-auth/keystone/keystone-2012.2.4-r2.ebuild) | 3 |
5 files changed, 89 insertions, 17 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog index 529317ee263b..d427f47e952b 100644 --- a/sys-auth/keystone/ChangeLog +++ b/sys-auth/keystone/ChangeLog @@ -1,6 +1,14 @@ # ChangeLog for sys-auth/keystone # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.17 2013/05/10 16:14:06 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.18 2013/05/17 15:35:49 prometheanfire Exp $ + +*keystone-2012.2.4-r3 (17 May 2013) + + 17 May 2013; Matthew Thode <prometheanfire@gentoo.org> + +files/keystone-folsom-4-CVE-2013-1977.patch, + +files/keystone-grizzly-1-CVE-2013-1977.patch, +keystone-2012.2.4-r3.ebuild, + -keystone-2012.2.4-r2.ebuild: + fix for CVE-2013-1977 bug 466500 *keystone-2012.2.4-r2 (10 May 2013) diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest index 9996a3380cc0..e71d47dd021c 100644 --- a/sys-auth/keystone/Manifest +++ b/sys-auth/keystone/Manifest @@ -1,32 +1,34 @@ -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 +AUX keystone-folsom-4-CVE-2013-1977.patch 1114 SHA256 af81df239364cab3f94b14636359a19e6c8474f8282d2c174e3e75208fa508c6 SHA512 e9139487cdf6185d0405fd034a48c451c15ab568ebb6d4e58c2c50160ef8dc6b926a31fd0b31c646ecfccf68f2b667d9577bbe6e169ef28f8abfc06ae9031210 WHIRLPOOL c2ed7858f514f3d4a45303b0a307eb259c3c53373160ad35afcb7012ca63f9360d152f4869745579b678d990ed6f929ef050b1c68683bac656123a0aea394ec0 AUX keystone-folsom-4-CVE-2013-2030.patch 2318 SHA256 fd824a4000da663568f26dbcfa6de031911ebdca1dea2c0958b3d5398d4d9ba6 SHA512 6b00a6d9062dd418299f9f02891fbfaa86f8f69db394ccfff31367555d1d7dbad1cf0d5a8647b61addeaabd2107b9f75cdc1986df8186de5c428f33533abffab WHIRLPOOL 842c4adb14c4a4501ea84c0082c0f28295027e27fee9957eafea6db9397a26c4955eb355b955d625bf5df818c1178af2267270aedec93bc47da8f17b59eaeca2 AUX keystone-folsom-4-CVE-2013-2059.patch 2340 SHA256 9c3a1d953abd719c55c77fd13295c0aa5caf730a4656f3a111a1bfc1d92a282c SHA512 c6f50ed21c95c7be256f0a15ef804eaf16f32fec038be53742ce85b9a303f4c613728c95af606aafd779009f298a68517668594a590fa40258dbbb6646c3fbed WHIRLPOOL 723b4d0e5573a2e7473e4613fcfc717d1e0d90ff18a7559baa7fe0a21c6c5fcb84648afcb227ea9231ed87738e0c17cf79153287d2d6b14a65974a67e78dbd2f +AUX keystone-grizzly-1-CVE-2013-1977.patch 1545 SHA256 a052c366ed38f4a40e10809080da9106400de59224323b21ef5e609f71674c52 SHA512 59b4cd7a83bc662d9e0459fefe6a5d8a3976fd653220d9248c97a8007af45d23cc0bb38bbba378bdaf5951c70901bbebde709b1717980fb3741da11a21d30573 WHIRLPOOL e2e1f5f9c02edd07a3e738ca8d6997a64df65a147c75d19d0d269712a3b92b77506c0941d131a9183ccea6f0ffed13a1e5e746d39555675c5cb132ff5ade1020 AUX keystone.confd 67 SHA256 8faa32d3354df30b1d1c98cf481be162c27583b84e387f8da57611b689bc2448 SHA512 75b040eda6ef8701e8dac8f34b3dd3c96aedde3b005fac01f20592b3d8afb8bbce57fadc466cda69d7192f96460a5c704d941a16b96d02f3e80f1a3e264c2efe WHIRLPOOL 8e8cb4e8991ca8d8cf1e874bd2286900ca63379c73793bca906ecfc1318ee63a8af6d1f6090e9ef296bfbe5abf018368a5ad6430de1efdea0db626d8c697f3c4 AUX keystone.initd 1177 SHA256 fcf7e532f2f3fad8413455f67d8e9c4c0522ff99e69bd95d4fff49d2dfa243ac SHA512 a0281f5fdd96963d9479a3463e6b5f1947a2c3c8694e464d4d293ef237392bed796ec7b8431e1add7b73334ed5e11158347f35ab562edda5f7aa7bdb9b05e51e WHIRLPOOL d819103e6f2bdd7ca4d5ab2f645f8ca168cc46567ff7c2d00cb2d536c08319aaa472b06b8f98cf2b6de940089f444e7aa752e4c9deeb849a834108394dfe1862 AUX keystone_test-requires.patch 1082 SHA256 6c91814d1a6aea942f23767b13a9ad77fb08ae16255887d974abd9db852c563a SHA512 d6fc133b44555e50895b9d82f9240aff284e1668ef35823a3e82900ccf9e6a7e11a448f4998c1d8f0938f5d45ce1506bd27417f576ee99aa7738ae74424ec343 WHIRLPOOL 0689d244f94a5489c7ca4551c5fb7c436f6012a932b4fb0142a759c734d5ce24a1aa813c9c1a5356dc38f4b4b342c85703413656139085155f9c5ab89dd012c5 DIST keystone-2012.2.4.tar.gz 555448 SHA256 ab3a9a6c1f8ef9b95a73920883294f888f298db6330b8d4ed43e28354e8ca7af SHA512 481bde4372525c92144059c94d95ddac95dc720e486428f2e7ad1d5e0c6c2b6eb9a17be40f83c5866b522a512a2a3d331a08498c6704b794fea343fc2c0c1d93 WHIRLPOOL 243d9fe82988fd6057ffdae7971b570cb129a168fba3f6a38ea105fadc51e7e9fbfd29d88bb389572fc00cfbe0cc17e9e4c4f4ebf9d61ff589148b1b0c171558 DIST keystone-2013.1.1.tar.gz 791324 SHA256 a00664dd20adf36e1e78a6b29f49f7947e2f2426c0ae375f8acde01e75bdb579 SHA512 7d4fd0cd649f783214dc3aad48853682db529fa336631e601d55c6b45355dbc670bcabf76f642db6808c5d46aae70062eb8fe5c5e3a20247954beb5a6c4fda7b WHIRLPOOL 96df00049325cc96c1b54ebecbb95cf8d47f0e580703ce8b8942e1e4f75604a98fc33f2972a1b1dffbba2225c502a692d7f84241ffc1f66da27f6a325789e08c -EBUILD keystone-2012.2.4-r2.ebuild 2590 SHA256 f5d0a6020e1160bd8b861000725ea00ed8c8de65794fa74112e65838cc1de254 SHA512 b811bc3e238332aa4ea74d3a14960dcad0329bec48c303a187a9b63de1b1fbd7270949b7c2072191ea7ce4a72428aa4496886e737f9600e35280df742b4f5e2d WHIRLPOOL 28f40b73971f0cc8fec1f20b6c2936c7d524443662d9d4ac2c85da1258a4d61847439a480b3f4d5bfb6f6f7d3062f56550dbb9a8726bfc7f12e00f5f2374909a +EBUILD keystone-2012.2.4-r3.ebuild 2643 SHA256 e5f8eb30741c50ab131dbc5ebe4edf5605e29eff1fa779155b97fd6c8ca1edb4 SHA512 a0230b889a21a8c4863aa7a550d74597573d39adc0310f9a682f39b1529a62593dd1e55132723672ab6465fff533da586fa5534fa1c898a07a2ecf1c85972cef WHIRLPOOL 986c7ccadfbae63c2f2d43ca25870e5b7d8167f105ac64465252931c7eea36899d8249fb23f0427178c9d6ddfd3703d0b0e387d4139937648aa5d808d3d6d9f5 EBUILD keystone-2013.1.1.ebuild 2920 SHA256 e6290cedad04b9c6801ce9c73a1b4e2b25cce8a53b3057c51b8880cabd36d2d3 SHA512 283de4603b1788135cbbe0ff31c26fa9290067cd945941093cbcd844ae37388577775c6e320db6353e8e3b1c664700a06a00c73584396c1a135fc1bf27ab6aed WHIRLPOOL 06fde096d6a034a1d2e2e5dd3ead39c4c6a63faa5bc741b18ef31b7a38809b6696aabc9b7f3cf342f03efe28ca149c8fea8c318e48e42dca0e5e150c7ade113b EBUILD keystone-9999.ebuild 2942 SHA256 048862e16792a3de401129f16b01fdfedbbcebc0f126dd1a39fb63c0118cd030 SHA512 767dccb4ce53d3162156f965c97bb4d33ff6d1d7dfd5efaa3a223d66915694f2d946e6e7774b73ac1c4f5a42af6228dafd3f30d3fb57da59bc293bae141a18a7 WHIRLPOOL 944e87af5b6a7f4276d49751d0b578052257c833350a568e7dd031f138b20a1714e38874f4992486fd8ca51d83e01516c055a244c634ec35e931149d120fdbc2 -MISC ChangeLog 3803 SHA256 34d86ccf74ec45058fe6c649f4ffe3cf8da4b448b5c3e5a63ab7569daa92fbac SHA512 26cbddde3d6b77eaf1bbce6b9ff05a9fddeb78e77cb2c8dd7623735ff6aff374ba69d89f9b71b55bebdc006275970a941b46adde25efb4f464e72187c65f6b17 WHIRLPOOL e2e8869d31f6e20e10d1c15cd4a054c756368b804a196b67c94e4baa1ea543c49294773104624778d65407940dd0f8621301310c44fede356ae121f5185e7f80 +MISC ChangeLog 4092 SHA256 6a9eb15117588a682275c888d37ae6cf03ef237550f540a607664ff376fae7df SHA512 2665b408ee044d55f4b37b3d084dd47e4e95e055d19ca712a5c8920cc2f51f5404807a00668eab275cd64c592f017a763cebed6ef2cc0db7aad7608933d8db36 WHIRLPOOL 438b5a505624c637f8a12f2b31724f5e11cc77ff8ce39333c6886f97e2e51d24326d66a40059aeeda07df71b61013ac22c98d0c98f45adda81c7659e2d54f3fd MISC metadata.xml 399 SHA256 7f8946a43a8187a3901e53e0e3b4293e49bb2a1d1785c472b1d0ffd83e0ba2a8 SHA512 9448005b3be5621b302b4c71d190c621f245163a2c7aa8277a3af8132558543c774e9bb20b39bcb0ad896db5d2feac7649b107d7850f68e437f18214891ab16f WHIRLPOOL b46a5eadc17d5e38d23efed9620772e6d5e2cbd7733e1c0a8d15a506cacc8a31e9b26a354a1b749a7c64bff08722658b2feb651679a6a6054cd3b551839ddb38 -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) -iQIcBAEBCAAGBQJRjR0IAAoJECRx6z5ArFrDdKQQAMrB+mZi42LlHZOE4/C7voQi -L/D6OCvSYRH7yOBpZI4BI1PZphZ2/E3q/hCbQLj1TdIPJgztu1t4DCWYhFGBT5kP -SUAQMFs/Qh1B/UtQ299BxqB6C+gSDAMfP81qQ3v7MrLY5NlHwn9DTqNa4YAP1NDN -ROJd0xmWd8q/8E9q2N4l+2wcEZq3vh8zB7KX+o5Kg0jqzgyNmomgsHzYNiZ8XX6E -r0IB9pZoxlSXMrkvqA6Fer0bu96T6xL2MreKMSkqymOdAlObaTls9XQ1O85B2YhD -UIg/s4BIL/SBFBDYxXW8CUMz6L3M1/9BRxlnCH4d5LpiUPvh2iqH4AOnrwkqhGvJ -WOFdgucNs0bpX+/y8mDVj8JZv51HLf90WkU/cuUOWA9IsqGc7PccX+zN7a1o2Oup -DXh90b6XREBLCRLhlEFL3c8dKUlIzYOCZnJgCLekjqddwCHE6GU9mDFWEcWoRUIn -S0ZgIlvL9Al3a/DIntGfTT+pqz2duUix6WXl3mKcUOErWlBS+NI87KxIC6VVv1K4 -tW9325u9q6cjmByGmOdhIiEIBjUfDtyqqJHTMeseucEzqUCnKo0KASDbxvs5uAOg -wrjgnYDSpItEw3T7qbvzwHqXjFUZNFZHaAiIwuRL+EMitJ9t0nGVEA4wHXiRrqce -jr4nWn/UuJnA1hH+0sUw -=PWZc +iQIcBAEBCAAGBQJRlk6WAAoJECRx6z5ArFrDFz8P/31wI20UY09HM9vxWkq6v9dK +Y/Klby/gfugzjjqsnbkHNNPqDxCEr9RNSw3vMfgjR8oi4GSKzp2nBgGNJ3FiV+Ts +TSo7WYet2bdo+TcDRLOUfOmpEisf9MMO8W6p8IGrclIdiZyeEOnplYI2ZMitF+Mb +Gi0aO0Hpljvj6QU/XpCy54IC/De6ZiUvUtenhv0aW82vfEIGdSbjvwZbfMwoqG9F ++ae03wTGMTj7QesCu8iNkB8qJdD+n2oWzfip6P4xVYWurAea+oCkTrYoFKOxEjt/ +zEleqPbMNGEeuAVlCLaN8rEmk/Y4mfkF6T/QsNX4rN45NIYssOQ14sSTwnAOdI1y +moleidpJzYYu8I20xLofUXT8HfBa8w6BAQ0FpcLljDhhGz7AIgEM6JRGL5K/XQyr +jcZVufyptuS29c5BFszlpkF+2bXp0Ed6wk0KiAS+nQch+WVC56CmXDmXhJHi88CA +eLfgxvcRhqxJuufAVbIEaarIHQmr0FU+ItDVdsym0AlBYPsxCw/PfY9730tryP/z +b4Ng/WeZmdfNumk9X1D0v9yI5FnIHclx1fY922LnOJ8h68W3wKo9LndD3R4xxV3E +PurS937WPynpuqsmZSyINHa9GeOvIXvc0Ot3ews3uj7/AeXvuxb3XAj0xZoBibsN +F1W2ReIntHlAfuLPrbDQ +=VJ4j -----END PGP SIGNATURE----- diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch new file mode 100644 index 000000000000..91084fc23fb3 --- /dev/null +++ b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-1977.patch @@ -0,0 +1,21 @@ +diff -Naur keystone-2012.2.4/keystone/config.py keystone-2012.2.4.new/keystone/config.py +--- keystone-2012.2.4/keystone/config.py 2013-04-11 15:02:19.000000000 -0400 ++++ keystone-2012.2.4.new/keystone/config.py 2013-05-17 11:26:57.557918817 -0400 +@@ -110,7 +110,7 @@ + group = kw.pop('group', None) + return conf.register_cli_opt(cfg.IntOpt(*args, **kw), group=group) + +-register_str('admin_token', default='ADMIN') ++register_str('admin_token', secret=True, default='ADMIN') + register_str('bind_host', default='0.0.0.0') + register_str('compute_port', default=8774) + register_str('admin_port', default=35357) +@@ -162,7 +162,7 @@ + #ldap + register_str('url', group='ldap', default='ldap://localhost') + register_str('user', group='ldap', default='dc=Manager,dc=example,dc=com') +-register_str('password', group='ldap', default='freeipa4all') ++register_str('password', group='ldap', secret=True, default='freeipa4all') + register_str('suffix', group='ldap', default='cn=example,cn=com') + register_bool('use_dumb_member', group='ldap', default=False) + register_str('user_name_attribute', group='ldap', default='sn') diff --git a/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-1977.patch b/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-1977.patch new file mode 100644 index 000000000000..355d4a33edd2 --- /dev/null +++ b/sys-auth/keystone/files/keystone-grizzly-1-CVE-2013-1977.patch @@ -0,0 +1,40 @@ +From d43e2a51a1ed7adbed3c5ddf001d46bc4a824ae8 Mon Sep 17 00:00:00 2001 +From: Xuhan Peng <xuhanp@cn.ibm.com> +Date: Fri, 12 Apr 2013 16:19:37 +0800 +Subject: [PATCH] Mark LDAP password and admin_token secret + +Add secret=True to LDAP password and admin_token +of keystone configuration. + +Fix bug #1172195 + +Change-Id: I8ef7f705e3f6b374ff427c20eb761892d5146a75 +--- + keystone/common/config.py | 4 ++-- + 1 file changed, 2 insertions(+), 2 deletions(-) + +diff --git a/keystone/common/config.py b/keystone/common/config.py +index d7b6ff7..84ea83f 100644 +--- a/keystone/common/config.py ++++ b/keystone/common/config.py +@@ -188,7 +188,7 @@ def configure(): + register_cli_str('pydev-debug-host', default=None) + register_cli_int('pydev-debug-port', default=None) + +- register_str('admin_token', default='ADMIN') ++ register_str('admin_token', secret=True, default='ADMIN') + register_str('bind_host', default='0.0.0.0') + register_int('compute_port', default=8774) + register_int('admin_port', default=35357) +@@ -286,7 +286,7 @@ def configure(): + # ldap + register_str('url', group='ldap', default='ldap://localhost') + register_str('user', group='ldap', default=None) +- register_str('password', group='ldap', default=None) ++ register_str('password', group='ldap', secret=True, default=None) + register_str('suffix', group='ldap', default='cn=example,cn=com') + register_bool('use_dumb_member', group='ldap', default=False) + register_str('dumb_member', group='ldap', default='cn=dumb,dc=nonexistent') +-- +1.8.1.5 + diff --git a/sys-auth/keystone/keystone-2012.2.4-r2.ebuild b/sys-auth/keystone/keystone-2012.2.4-r3.ebuild index c17b197b8cbc..b4e12026585f 100644 --- a/sys-auth/keystone/keystone-2012.2.4-r2.ebuild +++ b/sys-auth/keystone/keystone-2012.2.4-r3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2013 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4-r2.ebuild,v 1.1 2013/05/10 16:14:06 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4-r3.ebuild,v 1.1 2013/05/17 15:35:49 prometheanfire Exp $ EAPI=5 #test restricted becaues of bad requirements given (old webob for instance) @@ -72,6 +72,7 @@ RDEPEND="${DEPEND} PATCHES=( "${FILESDIR}/keystone-folsom-4-CVE-2013-2030.patch" "${FILESDIR}/keystone-folsom-4-CVE-2013-2059.patch" + "${FILESDIR}/keystone-folsom-4-CVE-2013-1977.patch" ) python_install() { |