prometheanfire 14/03/16 19:54:35
Modified: ChangeLog
Added: keystone-2013.1.4-r3.ebuild
keystone-2013.2.2-r1.ebuild
Log:
fix for bug 503446 CVE-2014-2237
(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key
0x2471eb3e40ac5ac3)
Revision Changes Path
1.61 sys-auth/keystone/ChangeLog
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/ChangeLog?rev=1.61&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/ChangeLog?rev=1.61&content-type=text/plain
diff :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/ChangeLog?r1=1.60&r2=1.61
Index: ChangeLog
===================================================================
RCS file: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v
retrieving revision 1.60
retrieving revision 1.61
diff -u -r1.60 -r1.61
--- ChangeLog 24 Feb 2014 03:03:27 -0000 1.60
+++ ChangeLog 16 Mar 2014 19:54:35 -0000 1.61
@@ -1,6 +1,14 @@
# ChangeLog for sys-auth/keystone
# Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.60
2014/02/24 03:03:27 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.61
2014/03/16 19:54:35 prometheanfire Exp $
+
+*keystone-2013.2.2-r1 (16 Mar 2014)
+*keystone-2013.1.4-r3 (16 Mar 2014)
+
+ 16 Mar 2014; Matthew Thode <[email protected]>
+ +files/2013.1.4-CVE-2014-2237.patch, +files/2013.2.2-CVE-2014-2237.patch,
+ +keystone-2013.1.4-r3.ebuild, +keystone-2013.2.2-r1.ebuild:
+ fix for bug 503446 CVE-2014-2237
24 Feb 2014; Ian Delaney <[email protected]> -keystone-2013.2.1-r1.ebuild:
rm old 2013.2.1 by request of maintainer
1.1 sys-auth/keystone/keystone-2013.1.4-r3.ebuild
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/keystone-2013.1.4-r3.ebuild?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/keystone-2013.1.4-r3.ebuild?rev=1.1&content-type=text/plain
Index: keystone-2013.1.4-r3.ebuild
===================================================================
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header:
/var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.1.4-r3.ebuild,v 1.1
2014/03/16 19:54:35 prometheanfire Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
inherit distutils-r1
DESCRIPTION="The Openstack authentication, authorization, and service catalog
written in Python."
HOMEPAGE="https://launchpad.net/keystone";
SRC_URI="http://launchpad.net/${PN}/grizzly/${PV}/+download/${P}.tar.gz";
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="+sqlite mysql postgres ldap test"
REQUIRED_USE="|| ( mysql postgres sqlite )"
#todo, seperate out rdepend via use flags
DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
test? ( dev-python/Babel
dev-python/decorator
dev-python/eventlet
dev-python/greenlet
dev-python/httplib2
dev-python/iso8601
dev-python/lxml
dev-python/netifaces
dev-python/nose
dev-python/nosexcover
dev-python/passlib
dev-python/paste
dev-python/pastedeploy
dev-python/python-pam
dev-python/repoze-lru
dev-python/routes
dev-python/sphinx
>=dev-python/sqlalchemy-migrate-0.7
dev-python/tempita
>=dev-python/webob-1.0.8
dev-python/webtest
dev-python/python-memcached
)"
RDEPEND="dev-python/eventlet[${PYTHON_USEDEP}]
dev-python/greenlet[${PYTHON_USEDEP}]
>=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
>=dev-python/python-keystoneclient-0.2.1[${PYTHON_USEDEP}]
<=dev-python/python-keystoneclient-0.3[${PYTHON_USEDEP}]
dev-python/lxml[${PYTHON_USEDEP}]
>=dev-python/oslo-config-1.1.0[${PYTHON_USEDEP}]
<dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
dev-python/passlib[${PYTHON_USEDEP}]
dev-python/paste[${PYTHON_USEDEP}]
dev-python/pastedeploy[${PYTHON_USEDEP}]
dev-python/python-daemon[${PYTHON_USEDEP}]
>=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
dev-python/routes[${PYTHON_USEDEP}]
>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
virtual/python-argparse[${PYTHON_USEDEP}]
sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.10[sqlite,${PYTHON_USEDEP}] )
mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.10[mysql,${PYTHON_USEDEP}] )
postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.10[postgres,${PYTHON_USEDEP}] )
ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )"
PATCHES=(
"${FILESDIR}/2013.1.4-CVE-2013-4477.patch"
"${FILESDIR}/2013.1.4-CVE-2014-2237.patch"
)
# "${FILESDIR}/keystone-grizzly-2-CVE-2013-2157.patch"
#
python_test() {
# https://bugs.launchpad.net/keystone/+bug/1241956
nosetests -e 'test_keystoneclient*' || die "testsuite failed under
${EPYTHON}"
}
python_install() {
distutils-r1_python_install
newconfd "${FILESDIR}/keystone.confd" keystone
newinitd "${FILESDIR}/keystone.initd" keystone
diropts -m 0750
keepdir /etc/keystone /var/log/keystone
insinto /etc/keystone
doins etc/keystone.conf.sample etc/logging.conf.sample
doins etc/default_catalog.templates etc/policy.json
}
1.1 sys-auth/keystone/keystone-2013.2.2-r1.ebuild
file :
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/keystone-2013.2.2-r1.ebuild?rev=1.1&view=markup
plain:
http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/keystone-2013.2.2-r1.ebuild?rev=1.1&content-type=text/plain
Index: keystone-2013.2.2-r1.ebuild
===================================================================
# Copyright 1999-2014 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header:
/var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.2-r1.ebuild,v 1.1
2014/03/16 19:54:35 prometheanfire Exp $
EAPI=5
PYTHON_COMPAT=( python2_7 )
inherit distutils-r1 user
DESCRIPTION="The Openstack authentication, authorization, and service catalog
written in Python."
HOMEPAGE="https://launchpad.net/keystone";
SRC_URI="http://launchpad.net/${PN}/havana/${PV}/+download/${P}.tar.gz";
LICENSE="Apache-2.0"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="+sqlite mysql postgres ldap test"
REQUIRED_USE="|| ( mysql postgres sqlite )"
#todo, seperate out rdepend via use flags
RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
<dev-python/webob-1.3[${PYTHON_USEDEP}]
>=dev-python/eventlet-0.13.0[${PYTHON_USEDEP}]
>=dev-python/greenlet-0.3.2[${PYTHON_USEDEP}]
dev-python/netaddr[${PYTHON_USEDEP}]
>=dev-python/pastedeploy-1.5.0[${PYTHON_USEDEP}]
dev-python/paste[${PYTHON_USEDEP}]
>=dev-python/routes-1.12.3[${PYTHON_USEDEP}]
sqlite? ( >=dev-python/sqlalchemy-0.7.8[sqlite,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.99[sqlite,${PYTHON_USEDEP}] )
mysql? ( >=dev-python/sqlalchemy-0.7.8[mysql,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.99[mysql,${PYTHON_USEDEP}] )
postgres? ( >=dev-python/sqlalchemy-0.7.8[postgres,${PYTHON_USEDEP}]
<dev-python/sqlalchemy-0.7.99[postgres,${PYTHON_USEDEP}] )
>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
dev-python/passlib[${PYTHON_USEDEP}]
>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
>=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}]
>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
>=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
dev-python/oauth2[${PYTHON_USEDEP}]
>=dev-python/dogpile-cache-0.5.2[${PYTHON_USEDEP}]
dev-python/python-daemon[${PYTHON_USEDEP}]
virtual/python-argparse[${PYTHON_USEDEP}]
ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )
>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
test? ( ${RDEPEND}
>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
>=dev-python/hacking-0.5.6[${PYTHON_USEDEP}]
<dev-python/hacking-0.8[${PYTHON_USEDEP}]
dev-python/httplib2[${PYTHON_USEDEP}]
>=dev-python/keyring-1.6.1[${PYTHON_USEDEP}]
<dev-python/keyring-2.0[${PYTHON_USEDEP}]
>=dev-python/mox-0.5.3[${PYTHON_USEDEP}]
dev-python/nose[${PYTHON_USEDEP}]
dev-python/nosexcover[${PYTHON_USEDEP}]
>=dev-python/nosehtmloutput-0.0.3[${PYTHON_USEDEP}]
>=dev-python/openstack-nose-plugin-0.7[${PYTHON_USEDEP}]
dev-python/oslo-sphinx[${PYTHON_USEDEP}]
>=dev-python/requests-1.1[${PYTHON_USEDEP}]
>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
<dev-python/sphinx-1.2[${PYTHON_USEDEP}]
>=dev-python/testtools-0.9.32[${PYTHON_USEDEP}]
>=dev-python/webtest-2.0[${PYTHON_USEDEP}]
>=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
ldap? ( ~dev-python/python-ldap-2.3.13 ) )
>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
PATCHES=(
"${FILESDIR}/2013.2.2-CVE-2014-2237.patch"
)
pkg_setup() {
enewgroup keystone
enewuser keystone -1 -1 /var/lib/keystone keystone
}
python_prepare_all() {
mkdir ${PN}/tests/tmp || die
cp etc/keystone-paste.ini ${PN}/tests/tmp/ || die
distutils-r1_python_prepare_all
}
python_test() {
# https://bugs.launchpad.net/keystone/+bug/1262564
nosetests || die "testsuite failed under python2.7"
}
python_install() {
distutils-r1_python_install
newconfd "${FILESDIR}/keystone.confd" keystone
newinitd "${FILESDIR}/keystone.initd" keystone
diropts -m 0750
keepdir /etc/keystone /var/log/keystone
insinto /etc/keystone
doins etc/keystone.conf.sample etc/logging.conf.sample
doins etc/default_catalog.templates etc/policy.json
doins etc/policy.v3cloudsample.json etc/keystone-paste.ini
fowners keystone:keystone /etc/keystone /var/log/keystone
}
pkg_postinst() {
elog "You might want to run:"
elog "emerge --config =${CATEGORY}/${PF}"
elog "if this is a new install."
elog "If you have not already configured your openssl installation"
elog "please do it by modifying /etc/ssl/openssl.cnf"
elog "BEFORE issuing the configuration command."
elog "Otherwise default values will be used."
}
pkg_config() {
if [ ! -d "${ROOT}"/etc/keystone/ssl ] ; then
einfo "Press ENTER to configure the keystone PKI, or Control-C
to abort now..."
read
"${ROOT}"/usr/bin/keystone-manage pki_setup --keystone-user
keystone --keystone-group keystone
else
einfo "keystone PKI certificates directory already present,
skipping configuration"
fi
}
