diff options
| author |   Matthew Thode <prometheanfire@gentoo.org> | 2013-05-28 20:58:21 +0000 |
|---|---|---|
| committer | Matthew Thode <prometheanfire@gentoo.org> | 2013-05-28 20:58:21 +0000 |
| commit | d8a00dc556f0222053c8f06af9256743fd1fadb3 (patch) | |
| tree | f1120913dc6146a49c17ce6542b887d5d8826815 /sys-auth | |
| parent | Sort USE_EXPAND. (diff) | |
| download | gentoo-2-d8a00dc556f0222053c8f06af9256743fd1fadb3.tar.gz gentoo-2-d8a00dc556f0222053c8f06af9256743fd1fadb3.tar.bz2 gentoo-2-d8a00dc556f0222053c8f06af9256743fd1fadb3.zip | |
better fix for keystone 2012.2.4 cve-2013-2104
(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3)
Diffstat (limited to 'sys-auth')
| -rw-r--r-- | sys-auth/keystone/ChangeLog | 6 | ||||
| -rw-r--r-- | sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch | 33 |
2 files changed, 33 insertions, 6 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog index d9d54804d28c..c63c8f1b151e 100644 --- a/sys-auth/keystone/ChangeLog +++ b/sys-auth/keystone/ChangeLog @@ -1,6 +1,10 @@ # ChangeLog for sys-auth/keystone # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2 -# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.19 2013/05/28 16:34:39 prometheanfire Exp $ +# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.20 2013/05/28 20:58:20 prometheanfire Exp $ + + 28 May 2013; Matthew Thode <prometheanfire@gentoo.org> + files/keystone-folsom-4-CVE-2013-2104.patch, keystone-2012.2.4-r4.ebuild: + better fix for keystone 2012.2.4 cve-2013-2104 *keystone-2012.2.4-r4 (28 May 2013) diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch index c3fb33fd712f..ef760abb037c 100644 --- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch +++ b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch @@ -1,4 +1,4 @@ -From 1d15ee512d0bebba23bdb997ae839bd6ab5d9317 Mon Sep 17 00:00:00 2001 +From 8d23da1302dde9d38bbc227d9aba30da919b60c8 Mon Sep 17 00:00:00 2001 From: Adam Young <ayoung@redhat.com> Date: Mon, 13 May 2013 16:07:51 -0400 Subject: [PATCH] Check token Expiration @@ -9,20 +9,43 @@ Bug 1179615 Change-Id: I8516d87ffc72cf35d3bff6fc21cb5324da4ad2bb --- - keystone/middleware/auth_token.py | 26 +++++++++++------- + keystone/middleware/auth_token.py | 30 +++++++++++++-------- tests/signing/Makefile | 2 +- tests/signing/auth_token_revoked.pem | 10 +++---- tests/signing/auth_token_scoped_expired.json | 1 + tests/signing/auth_token_scoped_expired.pem | 40 ++++++++++++++++++++++++++++ tests/test_auth_token_middleware.py | 10 +++++++ - 6 files changed, 74 insertions(+), 15 deletions(-) + 6 files changed, 76 insertions(+), 17 deletions(-) create mode 100644 tests/signing/auth_token_scoped_expired.json create mode 100644 tests/signing/auth_token_scoped_expired.pem diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py -index 01e6c58..f5e631a 100644 +index 01e6c58..b1a574b 100644 --- a/keystone/middleware/auth_token.py +++ b/keystone/middleware/auth_token.py +@@ -95,6 +95,7 @@ HTTP_X_ROLE + + import datetime + import httplib ++import iso8601 + import json + import logging + import os +@@ -259,13 +260,12 @@ class AuthProtocol(object): + self._token_revocation_list_fetched_time = None + self.token_revocation_list_cache_timeout = \ + datetime.timedelta(seconds=0) ++ self._iso8601 = iso8601 + if memcache_servers: + try: + import memcache +- import iso8601 + LOG.info('Using memcache for caching token') + self._cache = memcache.Client(memcache_servers.split(',')) +- self._iso8601 = iso8601 + except ImportError as e: + LOG.warn('disabled caching due to missing libraries %s', e) + @@ -512,7 +512,8 @@ class AuthProtocol(object): data = json.loads(verified) else: @@ -198,5 +221,5 @@ index e6893ee..dfe424f 100644 req = webob.Request.blank('/') req.headers['X-Auth-Token'] = 'invalid-token' -- -1.8.1.5 +1.8.1.2 |