[openstack-keystone/f17] Require authz to update user's tenant (CVE-2012-3542)
Alan Pevec
apevec at fedoraproject.org
Fri Aug 31 00:25:27 UTC 2012
commit b037c81d64bfb3766ee1e87705e2ca4c48cc3bd1
Author: Alan Pevec <apevec at redhat.com>
Date: Fri Aug 31 02:17:26 2012 +0200
Require authz to update user's tenant (CVE-2012-3542)
...authz-to-update-user-s-tenant-bug-1040626.patch | 22 ++++++++++++++++++++
openstack-keystone.spec | 7 +++++-
2 files changed, 28 insertions(+), 1 deletions(-)
---
diff --git a/0004-Require-authz-to-update-user-s-tenant-bug-1040626.patch b/0004-Require-authz-to-update-user-s-tenant-bug-1040626.patch
new file mode 100644
index 0000000..53d3087
--- /dev/null
+++ b/0004-Require-authz-to-update-user-s-tenant-bug-1040626.patch
@@ -0,0 +1,22 @@
+From ca6c5512983c2059a64aa4bcf0fa4b334a212562 Mon Sep 17 00:00:00 2001
+From: Dolph Mathews <dolph.mathews at gmail.com>
+Date: Thu, 23 Aug 2012 07:39:20 -0500
+Subject: [PATCH] Require authz to update user's tenant (bug 1040626)
+
+Change-Id: I82f80b84af2bc4db00b3dcb87a2ec338816a82e9
+---
+ keystone/identity/core.py | 1 +
+ 1 files changed, 1 insertions(+), 0 deletions(-)
+
+diff --git a/keystone/identity/core.py b/keystone/identity/core.py
+index a0704f1..db3ce31 100644
+--- a/keystone/identity/core.py
++++ b/keystone/identity/core.py
+@@ -436,6 +436,7 @@ class UserController(wsgi.Application):
+
+ def update_user_tenant(self, context, user_id, user):
+ """Update the default tenant."""
++ self.assert_admin(context)
+ # ensure that we're a member of that tenant
+ tenant_id = user.get('tenantId')
+ self.identity_api.add_user_to_tenant(context, tenant_id, user_id)
diff --git a/openstack-keystone.spec b/openstack-keystone.spec
index a72def9..127a5a3 100644
--- a/openstack-keystone.spec
+++ b/openstack-keystone.spec
@@ -9,7 +9,7 @@
Name: openstack-keystone
Version: 2012.1.2
-Release: 1%{?dist}
+Release: 2%{?dist}
Summary: OpenStack Identity Service
License: ASL 2.0
@@ -26,6 +26,7 @@ Source5: openstack-keystone-sample-data
Patch0001: 0001-fix-man-page-build.patch
Patch0002: 0002-fix-sphinx-warnings.patch
Patch0003: 0003-match-egg-and-spec-requires.patch
+Patch0004: 0004-Require-authz-to-update-user-s-tenant-bug-1040626.patch
BuildArch: noarch
BuildRequires: python2-devel
@@ -112,6 +113,7 @@ This package contains documentation for Keystone.
%patch0001 -p1
%patch0002 -p1
%patch0003 -p1
+%patch0004 -p1
find . \( -name .gitignore -o -name .placeholder \) -delete
find keystone -name \*.py -exec sed -i '/\/usr\/bin\/env python/d' {} \;
@@ -249,6 +251,9 @@ fi
%endif
%changelog
+* Thu Aug 30 2012 Alan Pevec <apevec at redhat.com> 2012.1.2-2
+- Require authz to update user's tenant (CVE-2012-3542)
+
* Mon Aug 13 2012 Alan Pevec <apevec at redhat.com> 2012.1.2-1
- updated to stable essex release 2012.1.2
More information about the scm-commits
mailing list