From: Thomas Goirand <zigo@debian.org>
Date: Wed, 10 Jun 2015 14:44:28 +0000 (+0200)
Subject:   * Dropped patch applied upstream:
X-Git-Url: https://review.fuel-infra.org/gitweb?a=commitdiff_plain;h=299bf65c332466219eea310a9319d2cbf13cb49d;p=openstack-build%2Fhorizon-build.git

  * Dropped patch applied upstream:
    - Persistent_XSS_in_Horizon_metadata_dashboard.patch

Rewritten-From: 4b63f8e0b5a96611bf80cec58527219b6017534b
---

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index 1f8ae42..ed4fd82 100644
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -3,6 +3,8 @@ horizon (2015.1.0+2015.06.09.git15.e63af6c598-1) unstable; urgency=medium
   * New upstream release (packaging 15th commit since 2015.1.0: e63af6c598):
     - CVE-2015-3219: Fixes XSS in Horizon Heat stack creation (Closes: #788306)
   * Fixed double entry in openstack-dashboard.triggers.
+  * Dropped patch applied upstream:
+    - Persistent_XSS_in_Horizon_metadata_dashboard.patch
 
  -- Thomas Goirand <zigo@debian.org>  Mon, 08 Jun 2015 16:26:13 +0200
 
diff --git a/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch b/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch
deleted file mode 100644
index befeb03..0000000
--- a/trusty/debian/patches/CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch
+++ /dev/null
@@ -1,27 +0,0 @@
-Description: Sanitation of metadata passed from Django
- We need to escape HTML in metadata passed from Django, which can lead to
- security issues. Refer to the bug for more details.
-From: Thai Tran <tqtran@us.ibm.com>
-Date: Fri, 1 May 2015 17:25:29 +0000 (-0700)
-X-Git-Url: https://review.openstack.org/gitweb?p=openstack%2Fhorizon.git;a=commitdiff_plain;h=a0101fe34abcb95012d215d4ba8f908632ba9876
-Co-Authored-By: Szymon Wroblewski <szymon.wroblewski@intel.com>
-Change-Id: I4821eacb0bb274befab7995f3a8f87c82d3997f5
-Bug-Ubuntu: https://bugs.launchpad.net/horizon/+bug/1449260
-Bug-Debian: https://bugs.debian.org/786741
-Origin: https://review.openstack.org/#/c/183656/
-
-diff --git a/horizon/templates/horizon/common/_modal_form_update_metadata.html b/horizon/templates/horizon/common/_modal_form_update_metadata.html
-index 1c8e1c9..1123247 100644
---- a/horizon/templates/horizon/common/_modal_form_update_metadata.html
-+++ b/horizon/templates/horizon/common/_modal_form_update_metadata.html
-@@ -11,8 +11,8 @@
-                     existing="existing"
-                     model="tree"></hz-metadata-tree>
-   <script type="text/javascript">
--    var existing_metadata = {{ existing_metadata|safe }};
--    var available_metadata = {{ available_metadata|safe }};
-+    var existing_metadata = JSON.parse('{{ existing_metadata|escapejs }}');
-+    var available_metadata = JSON.parse('{{ available_metadata|escapejs }}');
-   </script>
- {% endblock %}
- 
diff --git a/trusty/debian/patches/series b/trusty/debian/patches/series
index 6148701..d9124cb 100644
--- a/trusty/debian/patches/series
+++ b/trusty/debian/patches/series
@@ -2,4 +2,3 @@ fix-dashboard-django-wsgi.patch
 fix-dashboard-manage.patch
 fixed-horizon-MANIFEST.in.patch
 adds-minus-v-flag-when-running-nosetests.patch
-CVE-2015-3988_Persistent_XSS_in_Horizon_metadata_dashboard.patch