horizon bup

(Portage version: 2.2.8-r1/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)

3 files changed, 12 insertions, 77 deletions

diff --git a/www-apps/horizon/ChangeLog b/www-apps/horizon/ChangeLog
index 6fd3da8daa5e..e9db05c60f52 100644
--- a/www-apps/horizon/ChangeLog
+++ b/www-apps/horizon/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for www-apps/horizon
 # Copyright 1999-2014 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/ChangeLog,v 1.21 2014/02/24 07:18:49 idella4 Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/ChangeLog,v 1.22 2014/03/23 20:36:08 prometheanfire Exp $
+
+*horizon-2013.1.5 (23 Mar 2014)
+
+  23 Mar 2014; Matthew Thode <prometheanfire@gentoo.org>
+  +horizon-2013.1.5.ebuild, -files/cve-2013-6858_2013.1.4.patch,
+  -horizon-2013.1.4-r1.ebuild:
+  horizon bup
 
   24 Feb 2014; Ian Delaney <idella4@gentoo.org> -horizon-2013.2.1.ebuild:
   rm old 2013.2.1 by request of maintainer
diff --git a/www-apps/horizon/files/cve-2013-6858_2013.1.4.patch b/www-apps/horizon/files/cve-2013-6858_2013.1.4.patch
deleted file mode 100644
index 19a5bc85e8a9..000000000000
--- a/www-apps/horizon/files/cve-2013-6858_2013.1.4.patch
+++ /dev/null
@@ -1,73 +0,0 @@
-From: Rob Raymond <rob.raymond@hp.com>
-Date: Mon, 4 Nov 2013 19:12:40 +0000 (-0700)
-Subject: Fix bug by escaping strings from Nova before displaying them
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=b14debc73132d1253220192e110f00f62ddb8bbc
-
-Fix bug by escaping strings from Nova before displaying them
-
-Fixes bug #1247675
-
-(cherry-picked from commit b8ff480)
-Change-Id: I3637faafec1e1fba081533ee020f4ee218fea101
----
-
-diff --git a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
-index 2311e5c..17a4fb5 100644
---- a/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
-+++ b/openstack_dashboard/dashboards/project/images_and_snapshots/volume_snapshots/tables.py
-@@ -17,6 +17,7 @@
- import logging
- 
- from django.core.urlresolvers import reverse
-+from django.utils import html
- from django.utils import safestring
- from django.utils.http import urlencode
- from django.utils.translation import ugettext_lazy as _
-@@ -68,6 +69,7 @@ class SnapshotVolumeNameColumn(tables.Column):
-         request = self.table.request
-         volume_name = api.cinder.volume_get(request,
-                                             snapshot.volume_id).display_name
-+        volume_name = html.escape(volume_name)
-         return safestring.mark_safe(volume_name)
- 
-     def get_link_url(self, snapshot):
-diff --git a/openstack_dashboard/dashboards/project/volumes/tables.py b/openstack_dashboard/dashboards/project/volumes/tables.py
-index b14145b..e5426c1 100644
---- a/openstack_dashboard/dashboards/project/volumes/tables.py
-+++ b/openstack_dashboard/dashboards/project/volumes/tables.py
-@@ -19,7 +19,7 @@ import logging
- from django.core.urlresolvers import reverse, NoReverseMatch
- from django.template.defaultfilters import title
- from django.utils import safestring
--from django.utils.html import strip_tags
-+from django.utils import html
- from django.utils.translation import ugettext_lazy as _
- 
- from horizon import exceptions
-@@ -111,7 +111,7 @@ def get_attachment_name(request, attachment):
-                                          "attachment information."))
-     try:
-         url = reverse("horizon:project:instances:detail", args=(server_id,))
--        instance = '<a href="%s">%s</a>' % (url, name)
-+        instance = '<a href="%s">%s</a>' % (url, html.escape(name))
-     except NoReverseMatch:
-         instance = name
-     return instance
-@@ -132,7 +132,7 @@ class AttachmentColumn(tables.Column):
-             # without the server name...
-             instance = get_attachment_name(request, attachment)
-             vals = {"instance": instance,
--                    "dev": attachment["device"]}
-+                    "dev": html.escape(attachment["device"])}
-             attachments.append(link % vals)
-         return safestring.mark_safe(", ".join(attachments))
- 
-@@ -225,7 +225,7 @@ class AttachmentsTable(tables.DataTable):
-     def get_object_display(self, attachment):
-         instance_name = get_attachment_name(self.request, attachment)
-         vals = {"dev": attachment['device'],
--                "instance_name": strip_tags(instance_name)}
-+                "instance_name": html.escape(instance_name)}
-         return _("%(dev)s on instance %(instance_name)s") % vals
- 
-     def get_object_by_id(self, obj_id):
diff --git a/www-apps/horizon/horizon-2013.1.4-r1.ebuild b/www-apps/horizon/horizon-2013.1.5.ebuild
index b268a2baaeef..3a14bc536163 100644
--- a/www-apps/horizon/horizon-2013.1.4-r1.ebuild
+++ b/www-apps/horizon/horizon-2013.1.5.ebuild
@@ -1,6 +1,6 @@
-# Copyright 1999-2013 Gentoo Foundation
+# Copyright 1999-2014 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2013.1.4-r1.ebuild,v 1.1 2013/12/13 17:13:20 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/www-apps/horizon/horizon-2013.1.5.ebuild,v 1.1 2014/03/23 20:36:08 prometheanfire Exp $
 
 EAPI=5
 PYTHON_COMPAT=( python2_7 )
@@ -35,4 +35,5 @@ RDEPEND=">=dev-python/django-1.4[${PYTHON_USEDEP}]
 		dev-python/pytz[${PYTHON_USEDEP}]
 		dev-python/lockfile[${PYTHON_USEDEP}]"
 
-PATCHES=( "${FILESDIR}/cve-2013-6858_2013.1.4.patch" )
+PATCHES=(
+)