From c0d63cecd8c082fbde9843b3ebc2d465ad341d35 Mon Sep 17 00:00:00 2001
From: Raildo Mascena <rmascena@localhost.localdomain>
Date: Wed, 19 Aug 2020 14:05:31 -0300
Subject: [PATCH] Bump pysaml2 requeriment to avoid CVE-2020-5390

Although, Keystone doesn't use the pysaml2 signature on [0]
Would be nice to bump the pysaml2 version for, at least, 5.0.0[1] in
order to have the the CVE fix included[2].

[0]https://opendev.org/openstack/keystone/src/branch/master/keystone/federation/idp.py#L440-L521
[1] https://github.com/IdentityPython/pysaml2/releases/tag/v5.0.0
[2] https://github.com/advisories/GHSA-qf7v-8hj3-4xw7

Change-Id: I1d3776f7f1feb6485feecb140703f23027ca3a6f
---
 lower-constraints.txt | 2 +-
 requirements.txt      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/lower-constraints.txt b/lower-constraints.txt
index fefc5535eb..6f3bcec049 100644
--- a/lower-constraints.txt
+++ b/lower-constraints.txt
@@ -46,7 +46,7 @@ pycadf==1.1.0
 pycodestyle==2.0.0
 python-ldap===3.0.0
 pymongo===3.0.2
-pysaml2==4.5.0
+pysaml2==5.0.0
 PyJWT==1.6.1
 PyMySQL==0.7.6
 python-keystoneclient==3.8.0
diff --git a/requirements.txt b/requirements.txt
index 9e0473078f..7084bee9c1 100644
--- a/requirements.txt
+++ b/requirements.txt
@@ -28,7 +28,7 @@ oslo.serialization!=2.19.1,>=2.18.0 # Apache-2.0
 oslo.upgradecheck>=0.1.0 # Apache-2.0
 oslo.utils>=3.33.0 # Apache-2.0
 oauthlib>=0.6.2 # BSD
-pysaml2>=4.5.0
+pysaml2>=5.0.0
 PyJWT>=1.6.1 # MIT
 dogpile.cache>=0.6.2 # BSD
 jsonschema>=3.2.0 # MIT