fix for upstream bug 1181157 for folsom

(Portage version: 2.1.12.2/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)

3 files changed, 47 insertions, 2 deletions

diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index 34a086f1f68f..9af626a4b35b 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/keystone
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.23 2013/07/01 14:37:57 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.24 2013/07/17 16:30:36 prometheanfire Exp $
+
+*keystone-2012.2.4-r6 (17 Jul 2013)
+
+  17 Jul 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +files/2012.2.4-upstream-1181157.patch, +keystone-2012.2.4-r6.ebuild,
+  -keystone-2012.2.4-r5.ebuild:
+  fix for upstream bug 1181157 for folsom
 
   01 Jul 2013; Matthew Thode <prometheanfire@gentoo.org>
   keystone-2013.1.2-r1.ebuild:
diff --git a/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch b/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch
new file mode 100644
index 000000000000..f01643d083c5
--- /dev/null
+++ b/sys-auth/keystone/files/2012.2.4-upstream-1181157.patch
@@ -0,0 +1,37 @@
+From edbd3ad9158f96fdc7ed621d7c72cd2e71fa5101 Mon Sep 17 00:00:00 2001
+From: Dolph Mathews <dolph.mathews@gmail.com>
+Date: Tue, 28 May 2013 08:09:49 -0500
+Subject: [PATCH] Default signing_dir to secure temp dir (bug 1181157)
+
+Change-Id: I1a29f50b07a60de3d0519bf40074dbea92fa8656
+---
+ keystone/middleware/auth_token.py | 5 +++--
+ 1 file changed, 3 insertions(+), 2 deletions(-)
+
+diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
+index 01e6c58..b1a4d48 100644
+--- a/keystone/middleware/auth_token.py
++++ b/keystone/middleware/auth_token.py
+@@ -99,6 +99,7 @@ import json
+ import logging
+ import os
+ import stat
++import tempfile
+ import time
+ import webob
+ import webob.exc
+@@ -213,10 +214,10 @@ class AuthProtocol(object):
+         self.cert_file = self._conf_get('certfile')
+         self.key_file = self._conf_get('keyfile')
+ 
+-        #signing
++        # signing
+         self.signing_dirname = self._conf_get('signing_dir')
+         if self.signing_dirname is None:
+-            self.signing_dirname = '%s/keystone-signing' % os.environ['HOME']
++            self.signing_dirname = tempfile.mkdtemp(prefix='keystone-signing-')
+         LOG.info('Using %s as cache directory for signing certificate' %
+                  self.signing_dirname)
+         if os.path.exists(self.signing_dirname):
+-- 
+1.8.1.5
diff --git a/sys-auth/keystone/keystone-2012.2.4-r5.ebuild b/sys-auth/keystone/keystone-2012.2.4-r6.ebuild
index d8d7b64cfb88..e8eba2575642 100644
--- a/sys-auth/keystone/keystone-2012.2.4-r5.ebuild
+++ b/sys-auth/keystone/keystone-2012.2.4-r6.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4-r5.ebuild,v 1.1 2013/06/14 21:57:36 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2012.2.4-r6.ebuild,v 1.1 2013/07/17 16:30:36 prometheanfire Exp $
 
 EAPI=5
 #test restricted becaues of bad requirements given (old webob for instance)
@@ -74,6 +74,7 @@ PATCHES=(
 	"${FILESDIR}/keystone-folsom-4-CVE-2013-1977.patch"
 	"${FILESDIR}/keystone-folsom-4-CVE-2013-2104.patch"
 	"${FILESDIR}/keystone-folsom-4-CVE-2013-2157.patch"
+	"${FILESDIR}/2012.2.4-upstream-1181157.patch"
 )
 
 python_install() {