From 84074d411ce774406aa4e485437e7b5302d931bc Mon Sep 17 00:00:00 2001
From: Bruce Ashfield <bruce.ashfield@windriver.com>
Date: Fri, 9 May 2014 15:18:08 -0400
Subject: core: update core components to latest havana/stable releases
 Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>

---
 .../CVE-2014-2828-keystone-1300274.patch           | 60 ----------------------
 1 file changed, 60 deletions(-)
 delete mode 100644 meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch

(limited to 'meta-openstack/recipes-devtools/python/python-keystone')

diff --git a/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch b/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch
deleted file mode 100644
index 1c5392f..0000000
--- a/meta-openstack/recipes-devtools/python/python-keystone/CVE-2014-2828-keystone-1300274.patch
+++ /dev/null
@@ -1,60 +0,0 @@
-From e364ba5b12de8e4c11bd80bcca903f9615dcfc2e Mon Sep 17 00:00:00 2001
-From: Florent Flament <florent.flament-ext@cloudwatt.com>
-Date: Tue, 1 Apr 2014 12:48:22 +0000
-Subject: Sanitizes authentication methods received in requests.
-
-When a user authenticates against Identity V3 API, he can specify
-multiple authentication methods. This patch removes duplicates, which
-could have been used to achieve DoS attacks.
-
-Closes-Bug: 1300274
-(cherry picked from commit ef868ad92c00e23a4a5e9eb71e3e0bf5ae2fff0c)
-Cherry-pick from https://review.openstack.org/#/c/84425/
-
-Change-Id: I6e60324309baa094a5e54b012fb0fc528fea72ab
-
-diff --git a/keystone/auth/controllers.py b/keystone/auth/controllers.py
-index c3399df..4944316 100644
---- a/keystone/auth/controllers.py
-+++ b/keystone/auth/controllers.py
-@@ -225,7 +225,13 @@ class AuthInfo(object):
-         :returns: list of auth method names
- 
-         """
--        return self.auth['identity']['methods'] or []
-+        # Sanitizes methods received in request's body
-+        # Filters out duplicates, while keeping elements' order.
-+        method_names = []
-+        for method in self.auth['identity']['methods']:
-+            if method not in method_names:
-+                method_names.append(method)
-+        return method_names
- 
-     def get_method_data(self, method):
-         """Get the auth method payload.
-diff --git a/keystone/tests/test_v3_auth.py b/keystone/tests/test_v3_auth.py
-index d07e6ae..e89e29f 100644
---- a/keystone/tests/test_v3_auth.py
-+++ b/keystone/tests/test_v3_auth.py
-@@ -81,6 +81,18 @@ class TestAuthInfo(test_v3.RestfulTestCase):
-                           None,
-                           auth_data)
- 
-+    def test_get_method_names_duplicates(self):
-+        auth_data = self.build_authentication_request(
-+            token='test',
-+            user_id='test',
-+            password='test')['auth']
-+        auth_data['identity']['methods'] = ['password', 'token',
-+                                            'password', 'password']
-+        context = None
-+        auth_info = auth.controllers.AuthInfo(context, auth_data)
-+        self.assertEqual(auth_info.get_method_names(),
-+                         ['password', 'token'])
-+
-     def test_get_method_data_invalid_method(self):
-         auth_data = self.build_authentication_request(
-             user_id='test',
--- 
-cgit v0.10.1
-
-- 
cgit v1.2.3-54-g00ecf