| 1 |
prometheanfire 13/05/28 20:58:21 |
| 2 |
|
| 3 |
Modified: keystone-folsom-4-CVE-2013-2104.patch |
| 4 |
Log: |
| 5 |
better fix for keystone 2012.2.4 cve-2013-2104 |
| 6 |
|
| 7 |
(Portage version: 2.1.11.62/cvs/Linux x86_64, signed Manifest commit with key 0x2471eb3e40ac5ac3) |
| 8 |
|
| 9 |
Revision Changes Path |
| 10 |
1.2 sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch |
| 11 |
|
| 12 |
file : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?rev=1.2&view=markup |
| 13 |
plain: http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?rev=1.2&content-type=text/plain |
| 14 |
diff : http://sources.gentoo.org/viewvc.cgi/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch?r1=1.1&r2=1.2 |
| 15 |
|
| 16 |
Index: keystone-folsom-4-CVE-2013-2104.patch |
| 17 |
=================================================================== |
| 18 |
RCS file: /var/cvsroot/gentoo-x86/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch,v |
| 19 |
retrieving revision 1.1 |
| 20 |
retrieving revision 1.2 |
| 21 |
diff -u -r1.1 -r1.2 |
| 22 |
--- keystone-folsom-4-CVE-2013-2104.patch 28 May 2013 16:34:39 -0000 1.1 |
| 23 |
+++ keystone-folsom-4-CVE-2013-2104.patch 28 May 2013 20:58:21 -0000 1.2 |
| 24 |
@@ -1,4 +1,4 @@ |
| 25 |
-From 1d15ee512d0bebba23bdb997ae839bd6ab5d9317 Mon Sep 17 00:00:00 2001 |
| 26 |
+From 8d23da1302dde9d38bbc227d9aba30da919b60c8 Mon Sep 17 00:00:00 2001 |
| 27 |
From: Adam Young <ayoung@××××××.com> |
| 28 |
Date: Mon, 13 May 2013 16:07:51 -0400 |
| 29 |
Subject: [PATCH] Check token Expiration |
| 30 |
@@ -9,20 +9,43 @@ |
| 31 |
|
| 32 |
Change-Id: I8516d87ffc72cf35d3bff6fc21cb5324da4ad2bb |
| 33 |
--- |
| 34 |
- keystone/middleware/auth_token.py | 26 +++++++++++------- |
| 35 |
+ keystone/middleware/auth_token.py | 30 +++++++++++++-------- |
| 36 |
tests/signing/Makefile | 2 +- |
| 37 |
tests/signing/auth_token_revoked.pem | 10 +++---- |
| 38 |
tests/signing/auth_token_scoped_expired.json | 1 + |
| 39 |
tests/signing/auth_token_scoped_expired.pem | 40 ++++++++++++++++++++++++++++ |
| 40 |
tests/test_auth_token_middleware.py | 10 +++++++ |
| 41 |
- 6 files changed, 74 insertions(+), 15 deletions(-) |
| 42 |
+ 6 files changed, 76 insertions(+), 17 deletions(-) |
| 43 |
create mode 100644 tests/signing/auth_token_scoped_expired.json |
| 44 |
create mode 100644 tests/signing/auth_token_scoped_expired.pem |
| 45 |
|
| 46 |
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py |
| 47 |
-index 01e6c58..f5e631a 100644 |
| 48 |
+index 01e6c58..b1a574b 100644 |
| 49 |
--- a/keystone/middleware/auth_token.py |
| 50 |
+++ b/keystone/middleware/auth_token.py |
| 51 |
+@@ -95,6 +95,7 @@ HTTP_X_ROLE |
| 52 |
+ |
| 53 |
+ import datetime |
| 54 |
+ import httplib |
| 55 |
++import iso8601 |
| 56 |
+ import json |
| 57 |
+ import logging |
| 58 |
+ import os |
| 59 |
+@@ -259,13 +260,12 @@ class AuthProtocol(object): |
| 60 |
+ self._token_revocation_list_fetched_time = None |
| 61 |
+ self.token_revocation_list_cache_timeout = \ |
| 62 |
+ datetime.timedelta(seconds=0) |
| 63 |
++ self._iso8601 = iso8601 |
| 64 |
+ if memcache_servers: |
| 65 |
+ try: |
| 66 |
+ import memcache |
| 67 |
+- import iso8601 |
| 68 |
+ LOG.info('Using memcache for caching token') |
| 69 |
+ self._cache = memcache.Client(memcache_servers.split(',')) |
| 70 |
+- self._iso8601 = iso8601 |
| 71 |
+ except ImportError as e: |
| 72 |
+ LOG.warn('disabled caching due to missing libraries %s', e) |
| 73 |
+ |
| 74 |
@@ -512,7 +512,8 @@ class AuthProtocol(object): |
| 75 |
data = json.loads(verified) |
| 76 |
else: |
| 77 |
@@ -198,5 +221,5 @@ |
| 78 |
req = webob.Request.blank('/') |
| 79 |
req.headers['X-Auth-Token'] = 'invalid-token' |
| 80 |
-- |
| 81 |
-1.8.1.5 |
| 82 |
+1.8.1.2 |
Archives