From f60bcecdf38cef42e7911f978577e6ad6bbcd089 Mon Sep 17 00:00:00 2001
From: Mehdi Abaakouk <sileht@sileht.net>
Date: Mon, 17 Sep 2012 14:21:30 +0200
Subject: [PATCH] Remove upstream fixed CVE-2012-3540

Rewritten-From: 29e7fbc979ab7a03aaafcdad2267de3d9b567aee
---
 trusty/debian/changelog                       |  1 +
 ...ogin_redirect_other_than_same_origin.patch | 31 -------------------
 trusty/debian/patches/series                  |  1 -
 3 files changed, 1 insertion(+), 32 deletions(-)
 delete mode 100644 trusty/debian/patches/CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch

diff --git a/trusty/debian/changelog b/trusty/debian/changelog
index 1a97c0f..d864cee 100644
--- a/trusty/debian/changelog
+++ b/trusty/debian/changelog
@@ -1,6 +1,7 @@
 horizon (2012.2~e3-1) experimental; urgency=low
 
   * New upstream version
+  * Remove CVE-2012-3540 fixed by upstream
 
  -- Mehdi Abaakouk <sileht@sileht.net>  Mon, 10 Sep 2012 17:56:09 +0200
 
diff --git a/trusty/debian/patches/CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch b/trusty/debian/patches/CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch
deleted file mode 100644
index 4e1f5d5..0000000
--- a/trusty/debian/patches/CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch
+++ /dev/null
@@ -1,31 +0,0 @@
-Description: Disallow login redirects to anywhere other than the same origin.
-Author: Paul McMillan <paul.mcmillan@nebula.com>
-Origin: upstream
-Bug-Debian: http://bugs.debian.org/686050
-Bug-Ubuntu: https://launchpad.net/bugs/1039077
-
---- horizon-2012.1.1.orig/horizon/views/auth_forms.py
-+++ horizon-2012.1.1/horizon/views/auth_forms.py
-@@ -28,6 +28,7 @@ from django import shortcuts
- from django.conf import settings
- from django.contrib import messages
- from django.contrib.auth import REDIRECT_FIELD_NAME
-+from django.utils.http import same_origin
- from django.utils.translation import ugettext as _
- from keystoneclient import exceptions as keystone_exceptions
- 
-@@ -94,7 +95,13 @@ class Login(forms.SelfHandlingForm):
-         request.session['region_endpoint'] = endpoint
-         request.session['region_name'] = region_name
- 
--        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, "")
-+        redirect_to = request.REQUEST.get(REDIRECT_FIELD_NAME, None)
-+        # Make sure the requested redirect matches the protocol,
-+        # domain, and port of this request
-+        if redirect_to and not same_origin(
-+                request.build_absolute_uri(redirect_to),
-+                request.build_absolute_uri()):
-+            redirect_to = None
- 
-         if data.get('tenant', None):
-             try:
diff --git a/trusty/debian/patches/series b/trusty/debian/patches/series
index 3d6a997..e69de29 100644
--- a/trusty/debian/patches/series
+++ b/trusty/debian/patches/series
@@ -1 +0,0 @@
-CVE-2012-3540_disallow_login_redirect_other_than_same_origin.patch
-- 
2.45.2