Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Gentoo Archives: gentoo-commits

From: Matt Thode <prometheanfire@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] repo/gentoo:master commit in: dev-python/oslo-middleware/, dev-python/oslo-middleware/files/
Date: Thu, 26 Jan 2017 21:44:07
Message-Id: 1485467021.ad8a82887a3e612cae719a7ce6219f9ee760fc66.prometheanfire@gentoo
1 commit: ad8a82887a3e612cae719a7ce6219f9ee760fc66
2 Author: Matthew Thode <prometheanfire <AT> gentoo <DOT> org>
3 AuthorDate: Thu Jan 26 21:40:53 2017 +0000
4 Commit: Matt Thode <prometheanfire <AT> gentoo <DOT> org>
5 CommitDate: Thu Jan 26 21:43:41 2017 +0000
6 URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=ad8a8288
7
8 dev-python/oslo-middleware: fix CVE-2017-2592 bug 606976
9
10 Package-Manager: portage-2.3.3
11
12 .../files/cve-2017-2592-stable-mitaka.patch | 90 ++++++++++++++++++++++
13 .../files/cve-2017-2592-stable-newton.patch | 90 ++++++++++++++++++++++
14 .../oslo-middleware-3.19.0-r1.ebuild | 59 ++++++++++++++
15 .../oslo-middleware-3.8.0-r2.ebuild | 60 +++++++++++++++
16 4 files changed, 299 insertions(+)
17
18 diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
19 new file mode 100644
20 index 00000000..b38cd59
21 --- /dev/null
22 +++ b/dev-python/oslo-middleware/files/cve-2017-2592-stable-mitaka.patch
23 @@ -0,0 +1,90 @@
24 +From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
25 +From: Jamie Lennox <jamielennox@×××××.com>
26 +Date: Wed, 28 Sep 2016 15:03:53 +1000
27 +Subject: [PATCH] Filter token data out of catch_errors middleware
28 +
29 +If an exception is caught by the catch_errors middleware the entire
30 +request is dumped into the log including sensitive information like
31 +tokens. Filter that information before outputting the failed request.
32 +
33 +Closes-Bug: #1628031
34 +Change-Id: I2563403993513c37751576223275350cac2e0937
35 +---
36 + oslo_middleware/catch_errors.py | 6 +++++-
37 + oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
38 + 2 files changed, 30 insertions(+), 1 deletion(-)
39 +
40 +diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
41 +index 43d085f..0934fc5 100644
42 +--- a/oslo_middleware/catch_errors.py
43 ++++ b/oslo_middleware/catch_errors.py
44 +@@ -14,6 +14,7 @@
45 + # under the License.
46 +
47 + import logging
48 ++import re
49 +
50 + import webob.dec
51 + import webob.exc
52 +@@ -24,6 +25,8 @@ from oslo_middleware import base
53 +
54 + LOG = logging.getLogger(__name__)
55 +
56 ++_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
57 ++
58 +
59 + class CatchErrors(base.ConfigurableMiddleware):
60 + """Middleware that provides high-level error handling.
61 +@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
62 + try:
63 + response = req.get_response(self.application)
64 + except Exception:
65 ++ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
66 + LOG.exception(_LE('An error occurred during '
67 +- 'processing the request: %s'), req)
68 ++ 'processing the request: %s'), req_str)
69 + response = webob.exc.HTTPInternalServerError()
70 + return response
71 +diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
72 +index 920bbe2..0b675e2 100644
73 +--- a/oslo_middleware/tests/test_catch_errors.py
74 ++++ b/oslo_middleware/tests/test_catch_errors.py
75 +@@ -13,6 +13,7 @@
76 + # License for the specific language governing permissions and limitations
77 + # under the License.
78 +
79 ++import fixtures
80 + import mock
81 + from oslotest import base as test_base
82 + import webob.dec
83 +@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
84 + self._test_has_request_id(application,
85 + webob.exc.HTTPInternalServerError.code)
86 + self.assertEqual(1, log_exc.call_count)
87 ++
88 ++ def test_filter_tokens_from_log(self):
89 ++ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
90 ++
91 ++ @webob.dec.wsgify
92 ++ def application(req):
93 ++ raise Exception()
94 ++
95 ++ app = catch_errors.CatchErrors(application)
96 ++ req = webob.Request.blank('/test',
97 ++ text=u'test data',
98 ++ method='POST',
99 ++ headers={'X-Auth-Token': 'secret1',
100 ++ 'X-Service-Token': 'secret2',
101 ++ 'X-Other-Token': 'secret3'})
102 ++ res = req.get_response(app)
103 ++ self.assertEqual(500, res.status_int)
104 ++
105 ++ output = logger.output
106 ++
107 ++ self.assertIn('X-Auth-Token: <removed>', output)
108 ++ self.assertIn('X-Service-Token: <removed>', output)
109 ++ self.assertIn('X-Other-Token: <removed>', output)
110 ++ self.assertIn('test data', output)
111 +--
112 +2.7.4
113 +
114
115 diff --git a/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
116 new file mode 100644
117 index 00000000..b38cd59
118 --- /dev/null
119 +++ b/dev-python/oslo-middleware/files/cve-2017-2592-stable-newton.patch
120 @@ -0,0 +1,90 @@
121 +From 095e90929d114e4b6cece67cb405741c14747356 Mon Sep 17 00:00:00 2001
122 +From: Jamie Lennox <jamielennox@×××××.com>
123 +Date: Wed, 28 Sep 2016 15:03:53 +1000
124 +Subject: [PATCH] Filter token data out of catch_errors middleware
125 +
126 +If an exception is caught by the catch_errors middleware the entire
127 +request is dumped into the log including sensitive information like
128 +tokens. Filter that information before outputting the failed request.
129 +
130 +Closes-Bug: #1628031
131 +Change-Id: I2563403993513c37751576223275350cac2e0937
132 +---
133 + oslo_middleware/catch_errors.py | 6 +++++-
134 + oslo_middleware/tests/test_catch_errors.py | 25 +++++++++++++++++++++++++
135 + 2 files changed, 30 insertions(+), 1 deletion(-)
136 +
137 +diff --git a/oslo_middleware/catch_errors.py b/oslo_middleware/catch_errors.py
138 +index 43d085f..0934fc5 100644
139 +--- a/oslo_middleware/catch_errors.py
140 ++++ b/oslo_middleware/catch_errors.py
141 +@@ -14,6 +14,7 @@
142 + # under the License.
143 +
144 + import logging
145 ++import re
146 +
147 + import webob.dec
148 + import webob.exc
149 +@@ -24,6 +25,8 @@ from oslo_middleware import base
150 +
151 + LOG = logging.getLogger(__name__)
152 +
153 ++_TOKEN_RE = re.compile('^(X-\w+-Token):.*$', flags=re.MULTILINE)
154 ++
155 +
156 + class CatchErrors(base.ConfigurableMiddleware):
157 + """Middleware that provides high-level error handling.
158 +@@ -37,7 +40,8 @@ class CatchErrors(base.ConfigurableMiddleware):
159 + try:
160 + response = req.get_response(self.application)
161 + except Exception:
162 ++ req_str = _TOKEN_RE.sub(r'\1: <removed>', req.as_text())
163 + LOG.exception(_LE('An error occurred during '
164 +- 'processing the request: %s'), req)
165 ++ 'processing the request: %s'), req_str)
166 + response = webob.exc.HTTPInternalServerError()
167 + return response
168 +diff --git a/oslo_middleware/tests/test_catch_errors.py b/oslo_middleware/tests/test_catch_errors.py
169 +index 920bbe2..0b675e2 100644
170 +--- a/oslo_middleware/tests/test_catch_errors.py
171 ++++ b/oslo_middleware/tests/test_catch_errors.py
172 +@@ -13,6 +13,7 @@
173 + # License for the specific language governing permissions and limitations
174 + # under the License.
175 +
176 ++import fixtures
177 + import mock
178 + from oslotest import base as test_base
179 + import webob.dec
180 +@@ -45,3 +46,27 @@ class CatchErrorsTest(test_base.BaseTestCase):
181 + self._test_has_request_id(application,
182 + webob.exc.HTTPInternalServerError.code)
183 + self.assertEqual(1, log_exc.call_count)
184 ++
185 ++ def test_filter_tokens_from_log(self):
186 ++ logger = self.useFixture(fixtures.FakeLogger(nuke_handlers=False))
187 ++
188 ++ @webob.dec.wsgify
189 ++ def application(req):
190 ++ raise Exception()
191 ++
192 ++ app = catch_errors.CatchErrors(application)
193 ++ req = webob.Request.blank('/test',
194 ++ text=u'test data',
195 ++ method='POST',
196 ++ headers={'X-Auth-Token': 'secret1',
197 ++ 'X-Service-Token': 'secret2',
198 ++ 'X-Other-Token': 'secret3'})
199 ++ res = req.get_response(app)
200 ++ self.assertEqual(500, res.status_int)
201 ++
202 ++ output = logger.output
203 ++
204 ++ self.assertIn('X-Auth-Token: <removed>', output)
205 ++ self.assertIn('X-Service-Token: <removed>', output)
206 ++ self.assertIn('X-Other-Token: <removed>', output)
207 ++ self.assertIn('test data', output)
208 +--
209 +2.7.4
210 +
211
212 diff --git a/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
213 new file mode 100644
214 index 00000000..062868e
215 --- /dev/null
216 +++ b/dev-python/oslo-middleware/oslo-middleware-3.19.0-r1.ebuild
217 @@ -0,0 +1,59 @@
218 +# Copyright 1999-2017 Gentoo Foundation
219 +# Distributed under the terms of the GNU General Public License v2
220 +# $Id$
221 +
222 +EAPI=6
223 +PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
224 +
225 +inherit distutils-r1
226 +
227 +DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
228 +HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
229 +SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
230 +S="${WORKDIR}/oslo.middleware-${PV}"
231 +
232 +LICENSE="Apache-2.0"
233 +SLOT="0"
234 +KEYWORDS="~amd64 ~arm64 ~x86"
235 +IUSE="test"
236 +
237 +PATCHES=( "${FILESDIR}/cve-2017-2592-stable-newton.patch" )
238 +
239 +CDEPEND="
240 + >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
241 + <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
242 +DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
243 + ${CDEPEND}
244 + test? (
245 + >=dev-python/fixtures-3.0.0[${PYTHON_USEDEP}]
246 + >=dev-python/mock-2.0.0[${PYTHON_USEDEP}]
247 + >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
248 + !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
249 + >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
250 + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
251 + !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
252 + <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
253 + >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
254 + >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
255 + )"
256 +RDEPEND="
257 + ${CDEPEND}
258 + >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
259 + >=dev-python/oslo-config-3.14.0[${PYTHON_USEDEP}]
260 + >=dev-python/oslo-context-2.9.0[${PYTHON_USEDEP}]
261 + >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
262 + >=dev-python/oslo-utils-3.16.0[${PYTHON_USEDEP}]
263 + >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
264 + >=dev-python/stevedore-1.16.0[${PYTHON_USEDEP}]
265 + >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
266 + >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
267 +"
268 +
269 +python_prepare_all() {
270 + sed -i '/^hacking/d' test-requirements.txt || die
271 + distutils-r1_python_prepare_all
272 +}
273 +
274 +python_test() {
275 + nosetests tests/ || die "test failed under ${EPYTHON}"
276 +}
277
278 diff --git a/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild b/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
279 new file mode 100644
280 index 00000000..1a7e55b
281 --- /dev/null
282 +++ b/dev-python/oslo-middleware/oslo-middleware-3.8.0-r2.ebuild
283 @@ -0,0 +1,60 @@
284 +# Copyright 1999-2017 Gentoo Foundation
285 +# Distributed under the terms of the GNU General Public License v2
286 +# $Id$
287 +
288 +EAPI=5
289 +PYTHON_COMPAT=( python2_7 python3_4 python3_5 )
290 +
291 +inherit distutils-r1
292 +
293 +DESCRIPTION="Components injected into wsgi pipelines to intercept request/response flows."
294 +HOMEPAGE="https://pypi.python.org/pypi/oslo.middleware"
295 +SRC_URI="mirror://pypi/${PN:0:1}/oslo.middleware/oslo.middleware-${PV}.tar.gz"
296 +S="${WORKDIR}/oslo.middleware-${PV}"
297 +
298 +LICENSE="Apache-2.0"
299 +SLOT="0"
300 +KEYWORDS="~amd64 ~arm64 ~x86"
301 +IUSE="test"
302 +
303 +FILES=( "${FILESDIR}/cve-2017-2592-stable-mitaka.patch" )
304 +
305 +CDEPEND="
306 + >=dev-python/pbr-1.6[${PYTHON_USEDEP}]
307 + <dev-python/pbr-2.0[${PYTHON_USEDEP}]"
308 +DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
309 + ${CDEPEND}
310 + test? (
311 + >=dev-python/fixtures-1.3.1[${PYTHON_USEDEP}]
312 + >=dev-python/mock-1.2[${PYTHON_USEDEP}]
313 + >=dev-python/oslo-sphinx-2.5.0[${PYTHON_USEDEP}]
314 + !~dev-python/oslo-sphinx-3.4.0[${PYTHON_USEDEP}]
315 + >=dev-python/oslotest-1.10.0[${PYTHON_USEDEP}]
316 + >=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
317 + !~dev-python/sphinx-1.2.0[${PYTHON_USEDEP}]
318 + <dev-python/sphinx-1.3.0[${PYTHON_USEDEP}]
319 + >=dev-python/testtools-1.4.0[${PYTHON_USEDEP}]
320 + >=dev-python/coverage-3.6[${PYTHON_USEDEP}]
321 + )"
322 +RDEPEND="
323 + ${CDEPEND}
324 + >=dev-python/Babel-1.3[${PYTHON_USEDEP}]
325 + >=dev-python/jinja-2.8[${PYTHON_USEDEP}]
326 + >=dev-python/oslo-config-3.7.0[${PYTHON_USEDEP}]
327 + >=dev-python/oslo-context-0.2.0[${PYTHON_USEDEP}]
328 + >=dev-python/oslo-i18n-2.1.0[${PYTHON_USEDEP}]
329 + >=dev-python/oslo-utils-3.5.0[${PYTHON_USEDEP}]
330 + >=dev-python/six-1.9.0[${PYTHON_USEDEP}]
331 + >=dev-python/stevedore-1.5.0[${PYTHON_USEDEP}]
332 + >=dev-python/webob-1.2.3[${PYTHON_USEDEP}]
333 + >=dev-python/debtcollector-1.2.0[${PYTHON_USEDEP}]
334 +"
335 +
336 +python_prepare_all() {
337 + sed -i '/^hacking/d' test-requirements.txt || die
338 + distutils-r1_python_prepare_all
339 +}
340 +
341 +python_test() {
342 + nosetests tests/ || die "test failed under ${EPYTHON}"
343 +}
Report Message
Find on MARC Find on Google Groups