debian/0000775000000000000000000000000012357307752007203 5ustar debian/control0000664000000000000000000000415212313703413010572 0ustar Source: python-pycadf Section: python Priority: optional Maintainer: Ubuntu Developers XSBC-Original-Maintainer: PKG OpenStack Uploaders: Julien Danjou , Thomas Goirand , Mehdi Abaakouk Build-Depends: debhelper (>= 9), openstack-pkg-tools, python-all (>= 2.6.6-3~), python-setuptools Build-Depends-Indep: python-babel, python-coverage, python-fixtures, python-iso8601, python-netaddr, python-oslo.config, python-oslosphinx, python-oslo.messaging, python-pbr (>= 0.5.21), python-mock, python-mox, python-six, python-subunit, python-testscenarios (>= 0.4), python-testtools, python-tz, python-webob (>= 1.2.3), testrepository (>=0.0.17) Standards-Version: 3.9.4 Vcs-Browser: http://anonscm.debian.org/gitweb/?p=openstack/python-pycadf.git Vcs-Git: git://anonscm.debian.org/openstack/python-pycadf.git Homepage: https://launchpad.net/pycadf Package: python-pycadf Architecture: all Pre-Depends: dpkg (>= 1.15.6~) Depends: python-babel, python-iso8601, python-netaddr, python-oslo.config, python-oslo.messaging, python-six, python-tz, ${misc:Depends}, ${python:Depends} Recommends: ${python:Recommends} Description: implementation of DMTF Cloud Audit (CADF) data model pyCADF is an implementation of DMTF Cloud Audit (CADF) data model. DMTF Cloud Management Initiative is promoting the work of the Cloud Management Work Group, the Cloud Auditing Data Federation Working Group, the System Virtualization, Partitioning, Clustering Working Group and the Software Entitlement Working Group. See http://dmtf.org for details. debian/changelog0000664000000000000000000000217312357307752011060 0ustar python-pycadf (0.4.1-0ubuntu1.1) trusty-security; urgency=medium * SECURITY UPDATE: X_AUTH_TOKEN disclosure - debian/patches/CVE-2014-4615.patch: filter out token in pycadf/middleware/notifier.py. - CVE-2014-4615 -- Marc Deslauriers Wed, 09 Jul 2014 14:53:47 -0400 python-pycadf (0.4.1-0ubuntu1) trusty; urgency=medium * New upstream release. * debian/control: - Add python-messaging as a dependency. - Use python-oslosphinx. - Add python-mox as a build dependency. -- Chuck Short Sun, 23 Mar 2014 20:40:29 -0400 python-pycadf (0.2-1build1) trusty; urgency=medium * Rebuild to drop files installed into /usr/share/pyshared. -- Matthias Klose Sun, 23 Feb 2014 13:52:44 +0000 python-pycadf (0.2-1) unstable; urgency=low * New upstream release. * Added --testr-args='--subunit ' when calling testr -- Thomas Goirand Tue, 01 Oct 2013 15:03:34 +0800 python-pycadf (0.1.5-1) unstable; urgency=low * Initial release. (Closes: #721906) -- Thomas Goirand Thu, 05 Sep 2013 00:29:51 +0800 debian/source/0000775000000000000000000000000012223762002010464 5ustar debian/source/format0000664000000000000000000000001412223762002011672 0ustar 3.0 (quilt) debian/compat0000664000000000000000000000000212223762002010362 0ustar 9 debian/patches/0000775000000000000000000000000012357307663010633 5ustar debian/patches/CVE-2014-4615.patch0000664000000000000000000000172712357307663013261 0ustar From 966d4410a1a69e0a3af678442a1a965dae80d720 Mon Sep 17 00:00:00 2001 From: Gordon Chung Date: Thu, 22 May 2014 10:11:52 -0400 Subject: remove token from notifier middleware notifier middleware is capturing token and sending it to MQ. this is not advisable so we should filter it out. Change-Id: I11d9f2f23fc3b60c945c33d4d02bd7640d88a083 Closes-Bug: #1321080 Index: python-pycadf-0.4.1/pycadf/middleware/notifier.py =================================================================== --- python-pycadf-0.4.1.orig/pycadf/middleware/notifier.py 2014-07-09 14:53:37.275602124 -0400 +++ python-pycadf-0.4.1/pycadf/middleware/notifier.py 2014-07-09 14:53:37.275602124 -0400 @@ -88,7 +88,7 @@ include them. """ return dict((k, v) for k, v in six.iteritems(environ) - if k.isupper()) + if k.isupper() and k != 'HTTP_X_AUTH_TOKEN') @log_and_ignore_error def process_request(self, request): debian/patches/series0000664000000000000000000000002412357307660012041 0ustar CVE-2014-4615.patch debian/copyright0000664000000000000000000000261112223762002011117 0ustar Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ Upstream-Name: pycadf Upstream-Contact: OpenStack Project Creator Source: git://github.com/stackforge/pycadf.git Files: debian/* Copyright: (c) 2013, Thomas Goirand License: Apache-2 Files: * Copyright: (c) 2013, OpenStack foundation (c) 2013, IBM corp. (c) 2013, Dreamhost (c) 2011-2013, USA gov & NASA (c) 2013, OpenStack LLC (c) 2012, SINA corp. (c) 2013, Gordon Chung (c) 2013, Matt Riedemann (c) 2013, Doug Hellmann License: Apache-2 License: Apache-2 Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at . http://www.apache.org/licenses/LICENSE-2.0 . Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. . On Debian-based systems the full text of the Apache version 2.0 license can be found in /usr/share/common-licenses/Apache-2.0. debian/watch0000664000000000000000000000011612223762002010213 0ustar version=3 http://pypi.python.org/packages/source/p/pycadf pycadf-(.*).tar.gz debian/gbp.conf0000664000000000000000000000023712223762002010605 0ustar [DEFAULT] upstream-branch = master debian-branch = debian/unstable upstream-tag = %(version)s compression = xz [git-buildpackage] export-dir = ../build-area/ debian/rules0000775000000000000000000000116012313702376010252 0ustar #!/usr/bin/make -f UPSTREAM_GIT = git://github.com/stackforge/pycadf.git include /usr/share/openstack-pkg-tools/pkgos.make export OSLO_PACKAGE_VERSION=$(VERSION) %: dh $@ --buildsystem=python_distutils --with python2 override_dh_auto_install: dh_auto_install -O--buildsystem=python_distutils rm -rf $(CURDIR)/debian/python-pycadf/usr/etc install -D -m 0664 etc/pycadf/api_audit_map.conf $(CURDIR)/debian/python-pycadf/etc/pycadf/api_audit_map.conf ifeq (,$(findstring nocheck, $(DEB_BUILD_OPTIONS))) override_dh_auto_test: #python setup.py testr --slowest --testr-args='--subunit ' testr init && testr run endif