diff options
author | Matthew Thode <prometheanfire@gentoo.org> | 2014-10-11 23:34:40 +0000 |
---|---|---|
committer | Matthew Thode <prometheanfire@gentoo.org> | 2014-10-11 23:34:40 +0000 |
commit | 1b96a96c2e97bad554dc253dc8f6aa52b5a21c29 (patch) | |
tree | f1a99fd74e82bfdabfe859d883236d10a632b8a9 /www-apps | |
parent | bup (diff) | |
download | gentoo-2-1b96a96c2e97bad554dc253dc8f6aa52b5a21c29.tar.gz gentoo-2-1b96a96c2e97bad554dc253dc8f6aa52b5a21c29.tar.bz2 gentoo-2-1b96a96c2e97bad554dc253dc8f6aa52b5a21c29.zip |
bup
(Portage version: 2.2.8-r2/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'www-apps')
-rw-r--r-- | www-apps/horizon/ChangeLog | 9 | ||||
-rw-r--r-- | www-apps/horizon/files/2014.1.2-CVE-2014-3594.patch | 53 | ||||
-rw-r--r-- | www-apps/horizon/horizon-2014.1.3.ebuild (renamed from www-apps/horizon/horizon-2014.1.2.ebuild) | 5 | ||||
-rw-r--r-- | www-apps/horizon/horizon-2014.1.9999.ebuild | 10 |
4 files changed, 17 insertions, 60 deletions
diff --git a/www-apps/horizon/ChangeLog b/www-apps/horizon/ChangeLog index f4ea88310b07..039fe1bdcad5 100644 --- a/www-apps/horizon/ChangeLog +++ b/www-apps/horizon/ChangeLog @@ -1,6 +1,13 @@ # ChangeLog for www-apps/horizon # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/ChangeLog,v 1.33 2014/08/21 20:59:43 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/ChangeLog,v 1.34 2014/10/11 23:34:40 prometheanfire Exp $ + +*horizon-2014.1.3 (11 Oct 2014) + + 11 Oct 2014; Matthew Thode <prometheanfire@gentoo.org> + +horizon-2014.1.3.ebuild, -files/2014.1.2-CVE-2014-3594.patch, + -horizon-2014.1.2.ebuild, horizon-2014.1.9999.ebuild: + bup *horizon-2014.1.2 (21 Aug 2014) diff --git a/www-apps/horizon/files/2014.1.2-CVE-2014-3594.patch b/www-apps/horizon/files/2014.1.2-CVE-2014-3594.patch deleted file mode 100644 index 564e53b0d634..000000000000 --- a/www-apps/horizon/files/2014.1.2-CVE-2014-3594.patch +++ /dev/null @@ -1,53 +0,0 @@ -From ba908ae88d5925f4f6783eb234cc4ea95017472b Mon Sep 17 00:00:00 2001 -From: Julie Pichon <jpichon@redhat.com> -Date: Tue, 29 Jul 2014 16:17:44 +0100 -Subject: Fix XSS issue with the unordered_list filter - -When using the unordered_list filter in a Horizon table (as opposed to -a template directly), autoescaping is not set by default and the input -wasn't sanitised. - -Closes-Bug: #1349491 -Change-Id: Id82eefe48ccb17a158751ec65d24f3ac779380ec - -diff --git a/openstack_dashboard/dashboards/admin/aggregates/tables.py b/openstack_dashboard/dashboards/admin/aggregates/tables.py -index 5cefae1..f0c2122 100644 ---- a/openstack_dashboard/dashboards/admin/aggregates/tables.py -+++ b/openstack_dashboard/dashboards/admin/aggregates/tables.py -@@ -93,6 +93,10 @@ def get_zone_hosts(zone): - return host_details - - -+def safe_unordered_list(value): -+ return filters.unordered_list(value, autoescape=True) -+ -+ - class HostAggregatesTable(tables.DataTable): - name = tables.Column('name', verbose_name=_('Name')) - availability_zone = tables.Column('availability_zone', -@@ -100,11 +104,11 @@ class HostAggregatesTable(tables.DataTable): - hosts = tables.Column(get_aggregate_hosts, - verbose_name=_("Hosts"), - wrap_list=True, -- filters=(filters.unordered_list,)) -+ filters=(safe_unordered_list,)) - metadata = tables.Column(get_metadata, - verbose_name=_("Metadata"), - wrap_list=True, -- filters=(filters.unordered_list,)) -+ filters=(safe_unordered_list,)) - - class Meta: - name = "host_aggregates" -@@ -123,7 +127,7 @@ class AvailabilityZonesTable(tables.DataTable): - hosts = tables.Column(get_zone_hosts, - verbose_name=_('Hosts'), - wrap_list=True, -- filters=(filters.unordered_list,)) -+ filters=(safe_unordered_list,)) - available = tables.Column(get_available, - verbose_name=_('Available'), - status=True, --- -cgit v0.10.1 - diff --git a/www-apps/horizon/horizon-2014.1.2.ebuild b/www-apps/horizon/horizon-2014.1.3.ebuild index 9a3db8afb733..86a6ce11d3eb 100644 --- a/www-apps/horizon/horizon-2014.1.2.ebuild +++ b/www-apps/horizon/horizon-2014.1.3.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2014.1.2.ebuild,v 1.1 2014/08/21 20:59:43 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2014.1.3.ebuild,v 1.1 2014/10/11 23:34:40 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -33,7 +33,7 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] dev-python/oslo-sphinx[${PYTHON_USEDEP}] dev-python/selenium[${PYTHON_USEDEP}] >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.1.9999[${PYTHON_USEDEP}] >=dev-python/testtools-0.9.34[${PYTHON_USEDEP}] )" RDEPEND=">=dev-python/django-1.4[${PYTHON_USEDEP}] @@ -62,7 +62,6 @@ RDEPEND=">=dev-python/django-1.4[${PYTHON_USEDEP}] >=dev-python/six-1.6.0[${PYTHON_USEDEP}]" PATCHES=( - "${FILESDIR}/2014.1.2-CVE-2014-3594.patch" ) src_test() { diff --git a/www-apps/horizon/horizon-2014.1.9999.ebuild b/www-apps/horizon/horizon-2014.1.9999.ebuild index 273f9e5db196..0a1f1b9f3da6 100644 --- a/www-apps/horizon/horizon-2014.1.9999.ebuild +++ b/www-apps/horizon/horizon-2014.1.9999.ebuild @@ -1,6 +1,6 @@ # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2014.1.9999.ebuild,v 1.3 2014/08/10 20:13:31 slyfox Exp $ +# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2014.1.9999.ebuild,v 1.4 2014/10/11 23:34:40 prometheanfire Exp $ EAPI=5 PYTHON_COMPAT=( python2_7 ) @@ -34,13 +34,14 @@ DEPEND="dev-python/setuptools[${PYTHON_USEDEP}] dev-python/oslo-sphinx[${PYTHON_USEDEP}] dev-python/selenium[${PYTHON_USEDEP}] >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}] - <dev-python/sphinx-1.2[${PYTHON_USEDEP}] + <dev-python/sphinx-1.1.9999[${PYTHON_USEDEP}] >=dev-python/testtools-0.9.34[${PYTHON_USEDEP}] )" RDEPEND=">=dev-python/django-1.4[${PYTHON_USEDEP}] <dev-python/django-1.7[${PYTHON_USEDEP}] >=dev-python/django-compressor-1.3[${PYTHON_USEDEP}] >=dev-python/django-openstack-auth-1.1.4[${PYTHON_USEDEP}] + !~dev-python/django-openstack-auth-1.1.6[${PYTHON_USEDEP}] >=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}] >=dev-python/httplib2-0.7.5[${PYTHON_USEDEP}] >=dev-python/iso8601-0.1.9[${PYTHON_USEDEP}] @@ -59,7 +60,10 @@ RDEPEND=">=dev-python/django-1.4[${PYTHON_USEDEP}] >=dev-python/python-swiftclient-1.6[${PYTHON_USEDEP}] >=dev-python/python-troveclient-1.0.3[${PYTHON_USEDEP}] >=dev-python/pytz-2010h[${PYTHON_USEDEP}] - >=dev-python/six-1.5.2[${PYTHON_USEDEP}]" + >=dev-python/six-1.6.0[${PYTHON_USEDEP}]" + +PATCHES=( +) src_test() { ./run_tests.sh -N --coverage |