1 |
prometheanfire 13/05/28 20:58:21 |
2 |
|
3 |
Modified: keystone-folsom-4-CVE-2013-2104.patch |
4 |
Log: |
5 |
better fix for keystone 2012.2.4 cve-2013-2104 |
6 |
|
7 |
(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3) |
8 |
|
9 |
Revision Changes Path |
10 |
1.2 sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch |
11 |
|
12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?rev=1.2&view=markup |
13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?rev=1.2&content-type=text/plain |
14 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?r1=1.1&r2=1.2 |
15 |
|
16 |
Index: keystone-folsom-4-CVE-2013-2104.patch |
17 |
=================================================================== |
18 |
RCS file: /var/cvsroot/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch,v |
19 |
retrieving revision 1.1 |
20 |
retrieving revision 1.2 |
21 |
diff -u -r1.1 -r1.2 |
22 |
--- keystone-folsom-4-CVE-2013-2104.patch 28 May 2013 16:34:39 -0000 1.1 |
23 |
+++ keystone-folsom-4-CVE-2013-2104.patch 28 May 2013 20:58:21 -0000 1.2 |
24 |
@@ -1,4 +1,4 @@ |
25 |
-From 1d15ee512d0bebba23bdb997ae839bd6ab5d9317 Mon Sep 17 00:00:00 2001 |
26 |
+From 8d23da1302dde9d38bbc227d9aba30da919b60c8 Mon Sep 17 00:00:00 2001 |
27 |
From: Adam Young <ayoung@××××××.com> |
28 |
Date: Mon, 13 May 2013 16:07:51 -0400 |
29 |
Subject: [PATCH] Check token Expiration |
30 |
@@ -9,20 +9,43 @@ |
31 |
|
32 |
Change-Id: I8516d87ffc72cf35d3bff6fc21cb5324da4ad2bb |
33 |
--- |
34 |
- keystone/middleware/auth_token.py | 26 +++++++++++------- |
35 |
+ keystone/middleware/auth_token.py | 30 +++++++++++++-------- |
36 |
tests/signing/Makefile | 2 +- |
37 |
tests/signing/auth_token_revoked.pem | 10 +++---- |
38 |
tests/signing/auth_token_scoped_expired.json | 1 + |
39 |
tests/signing/auth_token_scoped_expired.pem | 40 ++++++++++++++++++++++++++++ |
40 |
tests/test_auth_token_middleware.py | 10 +++++++ |
41 |
- 6 files changed, 74 insertions(+), 15 deletions(-) |
42 |
+ 6 files changed, 76 insertions(+), 17 deletions(-) |
43 |
create mode 100644 tests/signing/auth_token_scoped_expired.json |
44 |
create mode 100644 tests/signing/auth_token_scoped_expired.pem |
45 |
|
46 |
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py |
47 |
-index 01e6c58..f5e631a 100644 |
48 |
+index 01e6c58..b1a574b 100644 |
49 |
--- a/keystone/middleware/auth_token.py |
50 |
+++ b/keystone/middleware/auth_token.py |
51 |
+@@ -95,6 +95,7 @@ HTTP_X_ROLE |
52 |
+ |
53 |
+ import datetime |
54 |
+ import httplib |
55 |
++import iso8601 |
56 |
+ import json |
57 |
+ import logging |
58 |
+ import os |
59 |
+@@ -259,13 +260,12 @@ class AuthProtocol(object): |
60 |
+ self._token_revocation_list_fetched_time = None |
61 |
+ self.token_revocation_list_cache_timeout = \ |
62 |
+ datetime.timedelta(seconds=0) |
63 |
++ self._iso8601 = iso8601 |
64 |
+ if memcache_servers: |
65 |
+ try: |
66 |
+ import memcache |
67 |
+- import iso8601 |
68 |
+ LOG.info('Using memcache for caching token') |
69 |
+ self._cache = memcache.Client(memcache_servers.split(',')) |
70 |
+- self._iso8601 = iso8601 |
71 |
+ except ImportError as e: |
72 |
+ LOG.warn('disabled caching due to missing libraries %s', e) |
73 |
+ |
74 |
@@ -512,7 +512,8 @@ class AuthProtocol(object): |
75 |
data = json.loads(verified) |
76 |
else: |
77 |
@@ -198,5 +221,5 @@ |
78 |
req = webob.Request.blank('/') |
79 |
req.headers['X-Auth-Token'] = 'invalid-token' |
80 |
-- |
81 |
-1.8.1.5 |
82 |
+1.8.1.2 |