[gentoo-commits] gentoo-x86 commit in dev-python/python-keystoneclient/files: 0.2.3-CVE-2013-2013.patch - gentoo-commits

From:	"Matt Thode (prometheanfire)" <prometheanfire@g.o>
To:	gentoo-commits@l.g.o
Subject:	[gentoo-commits] gentoo-x86 commit in dev-python/python-keystoneclient/files: 0.2.3-CVE-2013-2013.patch
Date:	Fri, 24 May 2013 14:27:02
Message-Id:	`20130524142659.194882171E@flycatcher.gentoo.org`

1

prometheanfire    13/05/24 14:26:59

2

3

  Added:                0.2.3-CVE-2013-2013.patch

4

  Log:

5

  updating keystoneclient for CVE-2013-2013

6

7

  (Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)

8

9

Revision  Changes    Path

10

1.1                  dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch

11

12

file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&view=markup

13

plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&content-type=text/plain

14

15

Index: 0.2.3-CVE-2013-2013.patch

16

===================================================================

17

From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001

18

From: Pradeep Kilambi <pkilambi@×××××.com>

19

Date: Thu, 9 May 2013 09:29:02 -0700

20

Subject: [PATCH] Allow secure user password update.

21

22

This patch allows the ability for user password to be updated via

23

a command prompt so the password doesnt show up in the bash history.

24

The prompted password is asked twice to verify the match.

25

If user cntl-D's the prompt a message appears suggesting user to use

26

either of the options to update the password.

27

28

Fixes: bug#938315

29

30

Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39

31

---

32

 keystoneclient/utils.py      | 23 ++++++++++++++++++++++-

33

 keystoneclient/v2_0/shell.py | 10 ++++++++--

34

 2 files changed, 30 insertions(+), 3 deletions(-)

35

36

diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py

37

index 3d708ca..f45ec34 100644

38

--- a/keystoneclient/utils.py

39

+++ b/keystoneclient/utils.py

40

@@ -1,5 +1,7 @@

41

-import uuid

42

+import getpass

43

 import hashlib

44

+import sys

45

+import uuid

46

47

 import prettytable

48

49

@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):

50

     hash_ = hashlib.md5()

51

     hash_.update(signed_text)

52

     return hash_.hexdigest()

53

+

54

+

55

+def prompt_for_password():

56

+    """

57

+     Prompt user for password if not provided so the password

58

+     doesn't show up in the bash history.

59

+    """

60

+    if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):

61

+        # nothing to do

62

+        return

63

+

64

+    while True:

65

+        try:

66

+            new_passwd = getpass.getpass('New Password: ')

67

+            rep_passwd = getpass.getpass('Repeat New Password: ')

68

+            if new_passwd == rep_passwd:

69

+                return new_passwd

70

+        except EOFError:

71

+            return

72

diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py

73

index 4c53cf7..0c7c233 100755

74

--- a/keystoneclient/v2_0/shell.py

75

+++ b/keystoneclient/v2_0/shell.py

76

@@ -17,6 +17,7 @@

77

78

 import argparse

79

 import getpass

80

+import sys

81

82

 from keystoneclient.v2_0 import client

83

 from keystoneclient import utils

84

@@ -103,14 +104,19 @@ def do_user_update(kc, args):

85

         print 'Unable to update user: %s' % e

86

87

88

-@×××××.arg('--pass', metavar='<password>', dest='passwd', required=True,

89

+@×××××.arg('--pass', metavar='<password>', dest='passwd', required=False,

90

            help='Desired new password')

91

 @utils.arg('user', metavar='<user>',

92

            help='Name or ID of user to update password')

93

 def do_user_password_update(kc, args):

94

     """Update user password"""

95

     user = utils.find_resource(kc.users, args.user)

96

-    kc.users.update_password(user, args.passwd)

97

+    new_passwd = args.passwd or utils.prompt_for_password()

98

+    if new_passwd is None:

99

+        msg = ("\nPlease specify password using the --pass option "

100

+               "or using the prompt")

101

+        sys.exit(msg)

102

+    kc.users.update_password(user, new_passwd)

103

104

105

 @utils.arg('--current-password', metavar='<current-password>',

106

--

107

1.8.1.5

1	prometheanfire 13/05/24 14:26:59
2
3	Added: 0.2.3-CVE-2013-2013.patch
4	Log:
5	updating keystoneclient for CVE-2013-2013
6
7	(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
8
9	Revision Changes Path
10	1.1 dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch
11
12	file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&view=markup
13	plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/dev-python/python-keystoneclient/files/0.2.3-CVE-2013-2013.patch?rev=1.1&content-type=text/plain
14
15	Index: 0.2.3-CVE-2013-2013.patch
16	===================================================================
17	From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001
18	From: Pradeep Kilambi <pkilambi@×××××.com>
19	Date: Thu, 9 May 2013 09:29:02 -0700
20	Subject: [PATCH] Allow secure user password update.
21
22	This patch allows the ability for user password to be updated via
23	a command prompt so the password doesnt show up in the bash history.
24	The prompted password is asked twice to verify the match.
25	If user cntl-D's the prompt a message appears suggesting user to use
26	either of the options to update the password.
27
28	Fixes: bug#938315
29
30	Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
31	---
32	keystoneclient/utils.py \| 23 ++++++++++++++++++++++-
33	keystoneclient/v2_0/shell.py \| 10 ++++++++--
34	2 files changed, 30 insertions(+), 3 deletions(-)
35
36	diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py
37	index 3d708ca..f45ec34 100644
38	--- a/keystoneclient/utils.py
39	+++ b/keystoneclient/utils.py
40	@@ -1,5 +1,7 @@
41	-import uuid
42	+import getpass
43	import hashlib
44	+import sys
45	+import uuid
46
47	import prettytable
48
49	@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
50	hash_ = hashlib.md5()
51	hash_.update(signed_text)
52	return hash_.hexdigest()
53	+
54	+
55	+def prompt_for_password():
56	+ """
57	+ Prompt user for password if not provided so the password
58	+ doesn't show up in the bash history.
59	+ """
60	+ if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
61	+ # nothing to do
62	+ return
63	+
64	+ while True:
65	+ try:
66	+ new_passwd = getpass.getpass('New Password: ')
67	+ rep_passwd = getpass.getpass('Repeat New Password: ')
68	+ if new_passwd == rep_passwd:
69	+ return new_passwd
70	+ except EOFError:
71	+ return
72	diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
73	index 4c53cf7..0c7c233 100755
74	--- a/keystoneclient/v2_0/shell.py
75	+++ b/keystoneclient/v2_0/shell.py
76	@@ -17,6 +17,7 @@
77
78	import argparse
79	import getpass
80	+import sys
81
82	from keystoneclient.v2_0 import client
83	from keystoneclient import utils
84	@@ -103,14 +104,19 @@ def do_user_update(kc, args):
85	print 'Unable to update user: %s' % e
86
87
88	-@×××××.arg('--pass', metavar='<password>', dest='passwd', required=True,
89	+@×××××.arg('--pass', metavar='<password>', dest='passwd', required=False,
90	help='Desired new password')
91	@utils.arg('user', metavar='<user>',
92	help='Name or ID of user to update password')
93	def do_user_password_update(kc, args):
94	"""Update user password"""
95	user = utils.find_resource(kc.users, args.user)
96	- kc.users.update_password(user, args.passwd)
97	+ new_passwd = args.passwd or utils.prompt_for_password()
98	+ if new_passwd is None:
99	+ msg = ("\nPlease specify password using the --pass option "
100	+ "or using the prompt")
101	+ sys.exit(msg)
102	+ kc.users.update_password(user, new_passwd)
103
104
105	@utils.arg('--current-password', metavar='<current-password>',
106	--
107	1.8.1.5

Gentoo Archives: gentoo-commits