fixing cve-2015-1856

Package-Manager: portage-2.2.14/cvs/Linux x86_64 Manifest-Sign-Key: 0x33ED3FD25AFC78BA
author: Matt Thode <prometheanfire@gentoo.org> 2015-04-14 15:25:49 +0000
committer: Matt Thode <prometheanfire@gentoo.org> 2015-04-14 15:25:49 +0000
commit: d6e6c692581d3254ce528562dfe6eb16ba4176fd (patch)
tree: 37d90634a516424f03cef000400a0bd40e02bfa2 /sys-cluster/swift
parent: Version bump (diff)
download: historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.tar.gz
historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.tar.bz2
historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.zip
5 files changed, 280 insertions, 135 deletions
diff --git a/sys-cluster/swift/ChangeLog b/sys-cluster/swift/ChangeLog
index 9f68afdb0bb8..94783dd6c9b5 100644
--- a/sys-cluster/swift/ChangeLog
+++ b/sys-cluster/swift/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-cluster/swift
 # Copyright 1999-2015 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/swift/ChangeLog,v 1.41 2015/04/13 17:47:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/swift/ChangeLog,v 1.42 2015/04/14 15:25:39 prometheanfire Exp $
+
+*swift-2.2.2-r1 (14 Apr 2015)
+
+  14 Apr 2015; Matthew Thode <prometheanfire@gentoo.org>
+  +files/cve-2015-1856-master-kilo.patch, +swift-2.2.2-r1.ebuild,
+  -swift-2.2.0.ebuild, -swift-2.2.2.ebuild:
+  fixing cve-2015-1856
 
   13 Apr 2015; Matthew Thode <prometheanfire@gentoo.org> swift-2.2.2.ebuild:
   signing should work now
diff --git a/sys-cluster/swift/Manifest b/sys-cluster/swift/Manifest
index 62c9d4dd3f03..1516b436a02e 100644
--- a/sys-cluster/swift/Manifest
+++ b/sys-cluster/swift/Manifest
@@ -1,30 +1,30 @@
 -----BEGIN PGP SIGNED MESSAGE-----
 Hash: SHA256
 
+AUX cve-2015-1856-master-kilo.patch 11096 SHA256 c57f05cae2a7543a757222ea3bd6543789c4d6abd73e85b6ccffa0a5ef8b06a7 SHA512 65b4d016f11fe97efa95749e3033aefbc06750cbc1e17ece245bbd1bb6bf20c9cc65d14fa10e763188cd49648413e8cd88b8684b0502ac8596fd25d214f89afe WHIRLPOOL 8ba9422600bd6edd220c949c15e651371b416f0600953429b641d7575902176ea021c6d628d549ddbdc97945c24919b77f9118a350af9a28a599bb86b130300d
 AUX swift-account.initd 992 SHA256 a920abae629964eace9edb9e15e754bbb6765dcd6845a7f2819ed07831ea7c8b SHA512 f2ff3a7054a240d58c8b6584539365908fabcee8fdbe067dba2fb6562306a96f94450ed56a93c16e985813e266e7e0afa34e921b8d9bed754bbd85c5dab85670 WHIRLPOOL 757ccd49fcf9afbfaa5f3f7df3ee45cd30104b1c5f190a10f452bdbcdc5c1dfdc6cd9eae85d2c60c80a062f56af2cad7bc7ce80dd552ac0e812a1bc2f0e72a8e
 AUX swift-container.initd 1004 SHA256 491f8e91ceb18be23c021853099360dfac891823dd4bbde96599fe56b07b2aa0 SHA512 1466b167356a33412c02ba99470cccf15080aacedc8d265b67472991ee980dae90cfcc5852c202ae8c20ee093632f009d2f86d10b2df6d936308a5d08d29bbe4 WHIRLPOOL 490fa033625f096b58c5de0fd8eeadd9e14460384e6fe69165cfdfb17c6abceb06a07d76e04fb066eb49c7752b94e1698c92d8c21874e57162c3a86dad5ca908
 AUX swift-object.initd 986 SHA256 e53fd0e15faad19da10258d9857f24ceb0c589d06bff57f0546019fc76f0f004 SHA512 b3f91ce7a4c4439c8c7d2a06412f24ddf6315d2afed4aba20d0e8214a00ba01fb8b1d6d61f5cc8d175980264e3c53018a37c6d2e7ba922daa94a93156f1236cd WHIRLPOOL c5fbce2c8d828bf68de07490f0d3b95a03e4889e9433c3c61764b7998e3cfef6644fbc50f40aa6ae9b501df6bc50bed7b52e30a4594a9b6a84a8411bf919fade
 AUX swift-proxy.initd 1502 SHA256 65e8d40f51324e7c61121ea0d38b607084d9d1bec0859cdefb8b09a86ba993cb SHA512 17e9875b3e7f5dfaa1681279cb59708dfa12fdd866a5fb9c3968dd081a4c95d0bc51ab652916073b0b42b2ce9cfbf997093ce9c0e5d4c66b43242ef4f6dd7387 WHIRLPOOL d800071bd7e44e97ef97f4beff5f4aa8c932a01c8ddd067b3f5b1d7256554cb1d9d8eac80b738198cb3870fb88b7cf11ef41e8b842b8b898e510a11b376c6570
-DIST swift-2.2.0.tar.gz 996021 SHA256 be3bc94faf57af64f689bbe65855624ea711ada1eaf55d234a0536d76b3065f7 SHA512 606eaa777dea842588d59b3e751e346d144fa82312c40d62e7158f148da364686d29524fc7f5f1b3b9b3aab88332fa4a0515bb2fba5bcd310a2a0aa8572beaf6 WHIRLPOOL 8922e70afc797664e1aa70b5d43493c92ca7c44c3143fe028474b796cb76724b502db3d95a885e7c3bf427e1313a32c14844c103d9a260a841cb21d7637ad355
 DIST swift-2.2.2.tar.gz 1038850 SHA256 d97ff8e3c1381611ca2f9cd3eb13000e3339166e06d67ec079ce9ec958d1a088 SHA512 5abe34679305df18dabf49e6e9a6ddf7b890718a4586b1a33cadf0eb47412861a4af53d6124d2a238e463603d11b134a5afa2867939cb3cea49774ae9601d8e6 WHIRLPOOL 57f7364c0e2fa9094837b7127d4380df52a263150be05d84142e1d1256911d0466e7098a7f2a0380b087fb5da313d5a65a973f42b1e39bc102be46f21000c8ef
-EBUILD swift-2.2.0.ebuild 4118 SHA256 1b8fff08bd913c6b75c9484cdf54549530d155d106b2c1c1577f17f95432e8e5 SHA512 def7126e0817d2445b3b68ed61a353db13656cff35a9893477d57613382a59fcf4cb618fcfe4b254c8dd6fe6ebce4e4ea87df00c90a907285b2c04a3da06315a WHIRLPOOL 42c139e41ffc6f6362a4753804fe48f0d1d57221d913723cffa7482c491e18a5bc1c350726d7af9400fb1d08ec881583b7f33e363f56c5a66be10a5e0221bcf1
-EBUILD swift-2.2.2.ebuild 4042 SHA256 e3fae838fbbf468ee93955b043b5c398951ea50ac18996d1f7469e8c93fdb377 SHA512 874841de55af4ca85cb1f8302c161ee2906da9009f98ac177ef63b46f431f9f016d08dc5ef02cea6c982cd5a2a7aaf38568e84b4169f6e4a030dceca1ff4e41c WHIRLPOOL d1d9d1741b3bd2006c47fd8ad1af5f4eb04e72fd35f45d5151995ed65298845338b248585f5d278b8ebf1a65fd23f92f5a7a8e5dfe9b4d480a7cb6f46f047f4d
+EBUILD swift-2.2.2-r1.ebuild 4091 SHA256 e636fc3daf38751da971e52573888bbf9a13713effff418ef71945dc0d542f04 SHA512 018521764c18349ba0e9d32a0418103c861bb1576ea57c080ae7656cb6839bf10c9d40bbedbf7b6a99d25dfef194aa16fdf82e38297a59a0ffa9a5417a81b333 WHIRLPOOL 076d22eb72af072f882f018e9c42e95e84b898c2a43b19c743413dbb36eb449deebf46be4966bdd43c1370a4cfdf10852edcab69874bcd243c85aad83a077a3d
 EBUILD swift-9999.ebuild 3995 SHA256 0e9b13e7327e541b2afd5cce0b25118452d2df36a0b00355b4a1bf78af07ea8f SHA512 b9dfadc3a915c5c24c6ed34415023f06ce0e736f5a892b8266311eb79a7c81f722750f5356aa7fbf2709594517df61fd1c78cb6816b98bc8f15efdfb16f73f61 WHIRLPOOL 9319a30f1c3320a81fb6c13770ca7852f2eda5f1d589a3c6d02d9c4154af6d35d6c5609a86affaf602f15774dcb4302b12ee29aa64420a114630b321ed9b194b
-MISC ChangeLog 7363 SHA256 c9f391ce564705d96c3d54e15cba578afbbe107afa2660baf7fcd1f498a90eec SHA512 5ac7c2109519a016847e15c5f2a52c9b3e3277a28a397c70496027760e16d88c65189df16af2410b0441555a55c736ec352c2027417f6e645b384146a8ab93b9 WHIRLPOOL 93f17be931f7234a2b27ee069fd6c4421c42199716c5b1aba8a76b150c22c525b5562426e9e16ec6fe06ea1226446c63b77e4c131bb4c3a13a5999999153746e
+MISC ChangeLog 7585 SHA256 1b2625d827c7ce2aef9782734e091a41debc7eb03444a9e5ee0b90d95b34485f SHA512 60328354b7ddc3dfec7e747c85a1a9269bf4929d3b833b6f8f3ae1b4eeb2fd43dd1f796ce5d3cb9ddae8a36b8971bcb004756d715b62a1958082a03544e3de41 WHIRLPOOL 30ffbe351e2a0c151ef842d8e470e3761adc6368a19b624b83db6f08d393fad846d6f27e358fe36bd3d7c379cb189dd1026a11897e8c63630e897dd6fa27f80f
 MISC metadata.xml 718 SHA256 3b5950b308bb7bff9c0b1e1df0ec6d2616a42225c6a60f8d23f8774cf3dcb0d8 SHA512 e86d128b5c6ccacfcb8032d33cc1a7e00ecfaa1d0e1fe325ef067f0073a5d411e27e84f89e7f843a7d242d8aca2163978f08f71f91bef43675adb5156d4716df WHIRLPOOL 8fdfc74a8b54c32edc06618e7ac59227a79ab24b32ee8757f14cd2dbed49786422bed58b4dce1808397856604027d0a148f74bb0d0e97cbaa232030fb93e0454
 -----BEGIN PGP SIGNATURE-----
+Version: GnuPG v2
 
-iQIcBAEBCAAGBQJVLAFEAAoJEGSje+quGaTon5gQAKYKqWNn5Z5PbxwyyB24itm6
-nOlLExN385BZGFzFNeDbqw5S7Klt+PFEQOxWy8Yt5noINuBo9gIfEdTcjMdHfij8
-lPFk+H2pCMQlbO7RdmRFe3kjaKEbaTTys1daCdszCgu2FQs5Ib4YJTICHvctsCpL
-YuoZUlyyxwwkXwPDX5NCcVq6RX267XQXKmi8HBGzjysda6SoGlKy9EwVflkhCOfU
-0s7QQkeocJtJyamIe16OyxLSNGb62hCJ1y76t/fmiwvR+ORUKGPJau2yaiKpNlfk
-uZJdDZuHl12ZKIdwf0Tg4aY8+rHkP+gIeAk/3yWHnKmkmJEnfu0T4OQvPK5FLMQ3
-3SVebX1VC1iAcOTmd6SOrzCuzB+keHRmY6CJdP+rwl6VJVk9aEjA7HlLy0UqqjRf
-RfVvbROme2dxGO3iArO8DEGtBwG/wrarUrAWEzVeWdVO8LsL9Dy8SSg0AcY4yV+r
-o+jLG1O2rtTXXQPC7FIaZkY9kwP75COkXsbnEcoqGl7JkLvi/9fjwUa6wghyP1VW
-c/lyXCoYl6DkDKqrup/MtKJ8U5B77WMhLJ0+FLm52BCqPfS8PatNwtI08BNAdr6b
-CHxbIowXeKTM1Sy5iqF36QvDpQYZstxkIgWroHUJxppvoJ1tyReZyqT6mZfdQ+Y+
-o5KxGTPP0+YIuo9gKyF/
-=x0Iu
+iQIcBAEBCAAGBQJVLTF/AAoJEGSje+quGaToa98P/RWdW4HVC6LvdfprUVAdj2Kn
+XZk0EirQZDUH6zSslzoKnSLaC0jZTjII8r+edVoXpwkYB3g5C7/DZTmbHPvrsPo0
+txIAd5LS9tAQdO3NurqAGs++w/B13wYz7Of0Jz+fVJPfLEV5HrtSEqQ/67FdSLWD
+Hpe8aBcZQHYQhzdMlupEVXcPzxHyJAOEsWVqo0xiQtqVqitM6EcPcGfufshr7jkQ
+sK0OMVtBVt8sdHfSDaLESsnTSU3M+WjOiNdunW+3mUpF8syih0pocBEbxYsvMVPX
+5dZV30t7y6HNNRN1luBrDjAD6er4iXhfST6SI9b9JNBzqBvPYN9JZ3RQ8JCPn8s2
+zqHJRRyU81Hf+on8fKQapfbkC5XNgqtC1M7BZDPf4LBGjDC28tV/iwTw9ZLsZ//V
+o7XYU0g/jWvpMV8gnn0TpJDsLX38jSMJsilA2tPZHLwsxNA40U0alNRIjtv96yN9
+sBX95TXoH66ZT0oLGgAjIDpg31JvmnfNdXLfs4GKMhPsr7oQfq48u6BjR77dyJY0
+6uxHcVEnl0BmFUPdDD5U/8s7e7/BaUyvgN5fz3YISzBMJm+QK44KEhdQiEHzWUsI
+VX8HqOCOhOwdptHnzaH/jLy6n6E93ZSolOAOt9uc4I7w3l9S+DpkCbQ6my5hunEq
++dqDTHJu/rZA2mStR1GP
+=tCrv
 -----END PGP SIGNATURE-----
diff --git a/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch b/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch
new file mode 100644
index 000000000000..7b885ec80bd3
--- /dev/null
+++ b/sys-cluster/swift/files/cve-2015-1856-master-kilo.patch
@@ -0,0 +1,253 @@
+From 2d1a6f0e2abf16a21765fa9f62830bfbcdb812d5 Mon Sep 17 00:00:00 2001
+From: John Dickinson <me@not.mn>
+Date: Fri, 20 Mar 2015 10:17:25 +0000
+Subject: [PATCH] Prevent unauthorized delete in versioned container
+
+An authenticated user can delete the most recent version of any
+versioned object who's name is known if the user has listing access
+to the x-versions-location container. Only Swift setups with
+allow_version setting are affected.
+
+This patch closes this bug.
+
+Co-Authored-By: Clay Gerrard <clay.gerrard@gmail.com>
+Co-Authored-By: Christian Schwede <info@cschwede.de>
+Co-Authored-By: Alistair Coles <alistair.coles@hp.com>
+
+Closes-Bug: 1430645
+Change-Id: Ibacc7413afe7cb6f77d92e5941dcfdf4768ffa18
+---
+ swift/proxy/controllers/obj.py | 12 ++++---
+ test/functional/tests.py       | 52 +++++++++++++++++++++++++++++++
+ test/unit/proxy/test_server.py | 71 ++++++++++++++++++++++++++++++++++++++++--
+ 3 files changed, 129 insertions(+), 6 deletions(-)
+
+diff --git a/swift/proxy/controllers/obj.py b/swift/proxy/controllers/obj.py
+index 70b0d0c..2b53ba7 100644
+--- a/swift/proxy/controllers/obj.py
++++ b/swift/proxy/controllers/obj.py
+@@ -910,6 +910,10 @@ class ObjectController(Controller):
+         req.acl = container_info['write_acl']
+         req.environ['swift_sync_key'] = container_info['sync_key']
+         object_versions = container_info['versions']
++        if 'swift.authorize' in req.environ:
++            aresp = req.environ['swift.authorize'](req)
++            if aresp:
++                return aresp
+         if object_versions:
+             # this is a version manifest and needs to be handled differently
+             object_versions = unquote(object_versions)
+@@ -980,11 +984,11 @@ class ObjectController(Controller):
+                 # remove 'X-If-Delete-At', since it is not for the older copy
+                 if 'X-If-Delete-At' in req.headers:
+                     del req.headers['X-If-Delete-At']
++                if 'swift.authorize' in req.environ:
++                    aresp = req.environ['swift.authorize'](req)
++                    if aresp:
++                        return aresp
+                 break
+-        if 'swift.authorize' in req.environ:
+-            aresp = req.environ['swift.authorize'](req)
+-            if aresp:
+-                return aresp
+         if not containers:
+             return HTTPNotFound(request=req)
+         partition, nodes = obj_ring.get_nodes(
+diff --git a/test/functional/tests.py b/test/functional/tests.py
+index 931f364..6268801 100644
+--- a/test/functional/tests.py
++++ b/test/functional/tests.py
+@@ -2409,6 +2409,14 @@ class TestObjectVersioningEnv(object):
+         cls.account = Account(cls.conn, tf.config.get('account',
+                                                       tf.config['username']))
+ 
++        # Second connection for ACL tests
++        config2 = deepcopy(tf.config)
++        config2['account'] = tf.config['account2']
++        config2['username'] = tf.config['username2']
++        config2['password'] = tf.config['password2']
++        cls.conn2 = Connection(config2)
++        cls.conn2.authenticate()
++
+         # avoid getting a prefix that stops halfway through an encoded
+         # character
+         prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8")
+@@ -2462,6 +2470,14 @@ class TestCrossPolicyObjectVersioningEnv(object):
+         cls.account = Account(cls.conn, tf.config.get('account',
+                                                       tf.config['username']))
+ 
++        # Second connection for ACL tests
++        config2 = deepcopy(tf.config)
++        config2['account'] = tf.config['account2']
++        config2['username'] = tf.config['username2']
++        config2['password'] = tf.config['password2']
++        cls.conn2 = Connection(config2)
++        cls.conn2.authenticate()
++
+         # avoid getting a prefix that stops halfway through an encoded
+         # character
+         prefix = Utils.create_name().decode("utf-8")[:10].encode("utf-8")
+@@ -2496,6 +2512,15 @@ class TestObjectVersioning(Base):
+                 "Expected versioning_enabled to be True/False, got %r" %
+                 (self.env.versioning_enabled,))
+ 
++    def tearDown(self):
++        super(TestObjectVersioning, self).tearDown()
++        try:
++            # delete versions first!
++            self.env.versions_container.delete_files()
++            self.env.container.delete_files()
++        except ResponseError:
++            pass
++
+     def test_overwriting(self):
+         container = self.env.container
+         versions_container = self.env.versions_container
+@@ -2555,6 +2580,33 @@ class TestObjectVersioning(Base):
+         self.assertEqual(3, versions_container.info()['object_count'])
+         self.assertEqual("112233", man_file.read())
+ 
++    def test_versioning_check_acl(self):
++        container = self.env.container
++        versions_container = self.env.versions_container
++        versions_container.create(hdrs={'X-Container-Read': '.r:*,.rlistings'})
++
++        obj_name = Utils.create_name()
++        versioned_obj = container.file(obj_name)
++        versioned_obj.write("aaaaa")
++        self.assertEqual("aaaaa", versioned_obj.read())
++
++        versioned_obj.write("bbbbb")
++        self.assertEqual("bbbbb", versioned_obj.read())
++
++        # Use token from second account and try to delete the object
++        org_token = self.env.account.conn.storage_token
++        self.env.account.conn.storage_token = self.env.conn2.storage_token
++        try:
++            self.assertRaises(ResponseError, versioned_obj.delete)
++        finally:
++            self.env.account.conn.storage_token = org_token
++
++        # Verify with token from first account
++        self.assertEqual("bbbbb", versioned_obj.read())
++
++        versioned_obj.delete()
++        self.assertEqual("aaaaa", versioned_obj.read())
++
+ 
+ class TestObjectVersioningUTF8(Base2, TestObjectVersioning):
+     set_up = False
+diff --git a/test/unit/proxy/test_server.py b/test/unit/proxy/test_server.py
+index 39d637d..41f0ea3 100644
+--- a/test/unit/proxy/test_server.py
++++ b/test/unit/proxy/test_server.py
+@@ -56,7 +56,7 @@ from swift.proxy.controllers.base import get_container_memcache_key, \
+     get_account_memcache_key, cors_validation
+ import swift.proxy.controllers
+ from swift.common.swob import Request, Response, HTTPUnauthorized, \
+-    HTTPException
++    HTTPException, HTTPForbidden
+ from swift.common import storage_policy
+ from swift.common.storage_policy import StoragePolicy, \
+     StoragePolicyCollection, POLICIES
+@@ -1615,6 +1615,7 @@ class TestObjectController(unittest.TestCase):
+     ])
+     def test_DELETE_on_expired_versioned_object(self):
+         methods = set()
++        authorize_call_count = [0]
+ 
+         def test_connect(ipaddr, port, device, partition, method, path,
+                          headers=None, query_string=None):
+@@ -1640,6 +1641,10 @@ class TestObjectController(unittest.TestCase):
+             for obj in object_list:
+                 yield obj
+ 
++        def fake_authorize(req):
++            authorize_call_count[0] += 1
++            return None  # allow the request
++
+         with save_globals():
+             controller = proxy_server.ObjectController(self.app,
+                                                        'a', 'c', 'o')
+@@ -1651,7 +1656,8 @@ class TestObjectController(unittest.TestCase):
+                              204, 204, 204,  # delete for the pre-previous
+                              give_connect=test_connect)
+             req = Request.blank('/v1/a/c/o',
+-                                environ={'REQUEST_METHOD': 'DELETE'})
++                                environ={'REQUEST_METHOD': 'DELETE',
++                                         'swift.authorize': fake_authorize})
+ 
+             self.app.memcache.store = {}
+             self.app.update_request(req)
+@@ -1661,6 +1667,67 @@ class TestObjectController(unittest.TestCase):
+                            ('PUT', '/a/c/o'),
+                            ('DELETE', '/a/foo/2')]
+             self.assertEquals(set(exp_methods), (methods))
++            self.assertEquals(authorize_call_count[0], 2)
++
++    @patch_policies([
++        StoragePolicy(0, 'zero', False, object_ring=FakeRing()),
++        StoragePolicy(1, 'one', True, object_ring=FakeRing())
++    ])
++    def test_denied_DELETE_of_versioned_object(self):
++        """
++        Verify that a request with read access to a versions container
++        is unable to cause any write operations on the versioned container.
++        """
++        methods = set()
++        authorize_call_count = [0]
++
++        def test_connect(ipaddr, port, device, partition, method, path,
++                         headers=None, query_string=None):
++            methods.add((method, path))
++
++        def fake_container_info(account, container, req):
++            return {'status': 200, 'sync_key': None,
++                    'meta': {}, 'cors': {'allow_origin': None,
++                                         'expose_headers': None,
++                                         'max_age': None},
++                    'sysmeta': {}, 'read_acl': None, 'object_count': None,
++                    'write_acl': None, 'versions': 'foo',
++                    'partition': 1, 'bytes': None, 'storage_policy': '1',
++                    'nodes': [{'zone': 0, 'ip': '10.0.0.0', 'region': 0,
++                               'id': 0, 'device': 'sda', 'port': 1000},
++                              {'zone': 1, 'ip': '10.0.0.1', 'region': 1,
++                               'id': 1, 'device': 'sdb', 'port': 1001},
++                              {'zone': 2, 'ip': '10.0.0.2', 'region': 0,
++                               'id': 2, 'device': 'sdc', 'port': 1002}]}
++
++        def fake_list_iter(container, prefix, env):
++            object_list = [{'name': '1'}, {'name': '2'}, {'name': '3'}]
++            for obj in object_list:
++                yield obj
++
++        def fake_authorize(req):
++            # deny write access
++            authorize_call_count[0] += 1
++            return HTTPForbidden(req)  # allow the request
++
++        with save_globals():
++            controller = proxy_server.ObjectController(self.app,
++                                                       'a', 'c', 'o')
++            controller.container_info = fake_container_info
++            # patching _listing_iter simulates request being authorized
++            # to list versions container
++            controller._listing_iter = fake_list_iter
++            set_http_connect(give_connect=test_connect)
++            req = Request.blank('/v1/a/c/o',
++                                environ={'REQUEST_METHOD': 'DELETE',
++                                         'swift.authorize': fake_authorize})
++
++            self.app.memcache.store = {}
++            self.app.update_request(req)
++            resp = controller.DELETE(req)
++            self.assertEqual(403, resp.status_int)
++            self.assertFalse(methods, methods)
++            self.assertEquals(authorize_call_count[0], 1)
+ 
+     def test_PUT_auto_content_type(self):
+         with save_globals():
+-- 
+1.9.1
+
+
diff --git a/sys-cluster/swift/swift-2.2.0.ebuild b/sys-cluster/swift/swift-2.2.0.ebuild
deleted file mode 100644
index b0554ac5b91c..000000000000
--- a/sys-cluster/swift/swift-2.2.0.ebuild
+++ /dev/null
@@ -1,116 +0,0 @@
-# Copyright 1999-2014 Gentoo Foundation
-# Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/swift/swift-2.2.0.ebuild,v 1.1 2014/11/18 19:27:57 prometheanfire Exp $
-
-EAPI=5
-PYTHON_COMPAT=( python2_7 )
-
-inherit distutils-r1 eutils linux-info user
-
-DESCRIPTION="A highly available, distributed, eventually consistent object/blob store"
-HOMEPAGE="https://launchpad.net/swift"
-SRC_URI="http://launchpad.net/${PN}/juno/${PV}/+download/${P}.tar.gz"
-
-LICENSE="Apache-2.0"
-SLOT="0"
-KEYWORDS="~amd64 ~x86"
-IUSE="proxy account container object test +memcache"
-REQUIRED_USE="|| ( proxy account container object )"
-
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-		>=dev-python/pbr-0.6.0[${PYTHON_USEDEP}]
-		<dev-python/pbr-1.0[${PYTHON_USEDEP}]
-		test? ( >=dev-python/hacking-0.8.0[${PYTHON_USEDEP}]
-				<dev-python/hacking-0.9[${PYTHON_USEDEP}]
-				dev-python/coverage[${PYTHON_USEDEP}]
-				dev-python/nose[${PYTHON_USEDEP}]
-				dev-python/nosexcover[${PYTHON_USEDEP}]
-				dev-python/openstack-nose-plugin[${PYTHON_USEDEP}]
-				dev-python/nosehtmloutput[${PYTHON_USEDEP}]
-				>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
-				<dev-python/sphinx-1.2[${PYTHON_USEDEP}]
-				dev-python/oslo-sphinx[${PYTHON_USEDEP}]
-				>=dev-python/mock-1.0[${PYTHON_USEDEP}]
-				dev-python/python-swiftclient[${PYTHON_USEDEP}] )"
-
-RDEPEND=">=dev-python/dnspython-1.9.4[${PYTHON_USEDEP}]
-		>=dev-python/eventlet-0.9.15[${PYTHON_USEDEP}]
-		>=dev-python/greenlet-0.3.1[${PYTHON_USEDEP}]
-		>=dev-python/netifaces-0.5[${PYTHON_USEDEP}]
-		!~dev-python/netifaces-0.10.0[${PYTHON_USEDEP}]
-		!~dev-python/netifaces-0.10.1[${PYTHON_USEDEP}]
-		>=dev-python/pastedeploy-1.3.3[${PYTHON_USEDEP}]
-		>=dev-python/simplejson-2.0.9[${PYTHON_USEDEP}]
-		dev-python/pyxattr[${PYTHON_USEDEP}]
-		memcache? ( net-misc/memcached )
-		net-misc/rsync[xattr]"
-
-CONFIG_CHECK="~EXT3_FS_XATTR ~SQUASHFS_XATTR ~CIFS_XATTR ~JFFS2_FS_XATTR
-~TMPFS_XATTR ~UBIFS_FS_XATTR ~EXT2_FS_XATTR ~REISERFS_FS_XATTR ~EXT4_FS_XATTR
-~ZFS"
-
-PATCHES=(
-)
-
-pkg_setup() {
-	enewuser swift
-	enewgroup swift
-}
-
-src_prepare() {
-	sed -i 's/xattr/pyxattr/g' "${S}/swift.egg-info/requires.txt"
-	sed -i 's/xattr/pyxattr/g' "${S}/requirements.txt"
-	distutils-r1_python_prepare_all
-}
-
-src_test () {
-	# https://bugs.launchpad.net/swift/+bug/1249727
-	find . \( -name test_wsgi.py -o -name test_locale.py -o -name test_utils.py \) -delete || die
-	SKIP_PIP_INSTALL=1 PBR_VERSION=0.6.0 sh .unittests || die
-}
-
-python_install() {
-	distutils-r1_python_install
-	keepdir /etc/swift
-	insinto /etc/swift
-
-	newins "etc/swift.conf-sample" "swift.conf"
-#	newins "etc/swift-bench.conf-sample" "swift-bench.conf-sample"
-	newins "etc/rsyncd.conf-sample" "rsyncd.conf"
-	newins "etc/mime.types-sample" "mime.types-sample"
-	newins "etc/memcache.conf-sample" "memcache.conf-sample"
-	newins "etc/drive-audit.conf-sample" "drive-audit.conf-sample"
-	newins "etc/dispersion.conf-sample" "dispersion.conf-sample"
-
-	if use proxy; then
-		newinitd "${FILESDIR}/swift-proxy.initd" "swift-proxy"
-		newins "etc/proxy-server.conf-sample" "proxy-server.conf"
-		if use memcache; then
-			sed -i '/depend/a\
-    need memcached' "${D}/etc/init.d/swift-proxy"
-		fi
-	fi
-	if use account; then
-		newinitd "${FILESDIR}/swift-account.initd" "swift-account"
-		newins "etc/account-server.conf-sample" "account-server.conf"
-	fi
-	if use container; then
-		newinitd "${FILESDIR}/swift-container.initd" "swift-container"
-		newins "etc/container-server.conf-sample" "container-server.conf"
-	fi
-	if use object; then
-		newinitd "${FILESDIR}/swift-object.initd" "swift-object"
-		newins "etc/object-server.conf-sample" "object-server.conf"
-		newins "etc/object-expirer.conf-sample" "object-expirer.conf"
-	fi
-
-	fowners swift:swift "/etc/swift" || die "fowners failed"
-}
-
-pkg_postinst() {
-	elog "Openstack swift will default to using insecure http unless a"
-	elog "certificate is created in /etc/swift/cert.crt and the associated key"
-	elog "in /etc/swift/cert.key.  These can be created with the following:"
-	elog "  * cd /etc/swift"
-	elog "  * openssl req -new -x509 -nodes -out cert.crt -keyout cert.key"
-}
diff --git a/sys-cluster/swift/swift-2.2.2.ebuild b/sys-cluster/swift/swift-2.2.2-r1.ebuild
index 60624fa12619..d876a07e04f5 100644
--- a/sys-cluster/swift/swift-2.2.2.ebuild
+++ b/sys-cluster/swift/swift-2.2.2-r1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2015 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-cluster/swift/swift-2.2.2.ebuild,v 1.5 2015/04/13 17:47:47 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-cluster/swift/swift-2.2.2-r1.ebuild,v 1.1 2015/04/14 15:25:39 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -55,6 +55,7 @@ CONFIG_CHECK="~EXT3_FS_XATTR ~SQUASHFS_XATTR ~CIFS_XATTR ~JFFS2_FS_XATTR
 ~ZFS"
 
 PATCHES=(
+"${FILESDIR}/cve-2015-1856-master-kilo.patch"
 )
 
 pkg_setup() {
author	Matt Thode <prometheanfire@gentoo.org>	2015-04-14 15:25:49 +0000
committer	Matt Thode <prometheanfire@gentoo.org>	2015-04-14 15:25:49 +0000
commit	d6e6c692581d3254ce528562dfe6eb16ba4176fd (patch)
tree	37d90634a516424f03cef000400a0bd40e02bfa2 /sys-cluster/swift
parent	Version bump (diff)
download	historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.tar.gz historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.tar.bz2 historical-d6e6c692581d3254ce528562dfe6eb16ba4176fd.zip