--- a/components/python/keystonemiddleware/patches/CVE-2015-1852.patch	Mon May 16 14:46:20 2016 +0200
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,86 +0,0 @@
-This upstream patch addresses CVE-2015-1852 in keystonemiddleware. It
-should be able to be removed when keystoneclient 1.6.0 or later is
-integrated.
-
-From 59f720ccc9a92da025baf7dc692e8e582ebfae0a Mon Sep 17 00:00:00 2001
-From: Brant Knudson <[email protected]>
-Date: Mon, 23 Mar 2015 18:19:18 -0500
-Subject: [PATCH] Fix s3_token middleware parsing insecure option
-
-The "insecure" option was being treated as a bool when it was
-actually provided as a string. The fix is to parse the string to
-a bool.
-
-Closes-Bug: 1411063
-Change-Id: Id674f40532215788675c97a8fdfa91d4420347b3
----
- keystonemiddleware/s3_token.py                     |    3 ++-
- .../tests/test_s3_token_middleware.py              |   24 +++++++++++++++++++-
- 2 files changed, 25 insertions(+), 2 deletions(-)
-
-diff --git a/keystonemiddleware/s3_token.py b/keystonemiddleware/s3_token.py
-index 37bcf4c..6c716c3 100644
---- a/keystonemiddleware/s3_token.py
-+++ b/keystonemiddleware/s3_token.py
-@@ -35,6 +35,7 @@ import logging
- import webob
- 
- from oslo.serialization import jsonutils
-+from oslo.utils import strutils
- import requests
- import six
- from six.moves import urllib
-@@ -116,7 +117,7 @@ class S3Token(object):
-                                             auth_port)
- 
-         # SSL
--        insecure = conf.get('insecure', False)
-+        insecure = strutils.bool_from_string(conf.get('insecure', False))
-         cert_file = conf.get('certfile')
-         key_file = conf.get('keyfile')
- 
-diff --git a/keystonemiddleware/tests/test_s3_token_middleware.py b/keystonemiddleware/tests/test_s3_token_middleware.py
-index bf94391..6545fa3 100644
---- a/keystonemiddleware/tests/test_s3_token_middleware.py
-+++ b/keystonemiddleware/tests/test_s3_token_middleware.py
-@@ -124,7 +124,7 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
-     @mock.patch.object(requests, 'post')
-     def test_insecure(self, MOCK_REQUEST):
-         self.middleware = (
--            s3_token.filter_factory({'insecure': True})(FakeApp()))
-+            s3_token.filter_factory({'insecure': 'True'})(FakeApp()))
- 
-         text_return_value = jsonutils.dumps(GOOD_RESPONSE)
-         if six.PY3:
-@@ -142,6 +142,28 @@ class S3TokenMiddlewareTestGood(S3TokenMiddlewareTestBase):
-         mock_args, mock_kwargs = MOCK_REQUEST.call_args
-         self.assertIs(mock_kwargs['verify'], False)
- 
-+    def test_insecure_option(self):
-+        # insecure is passed as a string.
-+
-+        # Some non-secure values.
-+        true_values = ['true', 'True', '1', 'yes']
-+        for val in true_values:
-+            config = {'insecure': val, 'certfile': 'false_ind'}
-+            middleware = s3_token.filter_factory(config)(FakeApp())
-+            self.assertIs(False, middleware._verify)
-+
-+        # Some "secure" values, including unexpected value.
-+        false_values = ['false', 'False', '0', 'no', 'someweirdvalue']
-+        for val in false_values:
-+            config = {'insecure': val, 'certfile': 'false_ind'}
-+            middleware = s3_token.filter_factory(config)(FakeApp())
-+            self.assertEqual('false_ind', middleware._verify)
-+
-+        # Default is secure.
-+        config = {'certfile': 'false_ind'}
-+        middleware = s3_token.filter_factory(config)(FakeApp())
-+        self.assertIs('false_ind', middleware._verify)
-+
- 
- class S3TokenMiddlewareTestBad(S3TokenMiddlewareTestBase):
-     def setUp(self):
--- 
-1.7.9.2
-
branch	s11u3-sru
changeset 6035	c9748fcc32de
parent 6016	a477397bba8b
child 6054	b5ae16fb8526