Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status
summaryrefslogtreecommitdiff
path: root/sys-auth/keystone
diff options
context:
space:
mode:
Diffstat (limited to 'sys-auth/keystone')
-rw-r--r--sys-auth/keystone/ChangeLog6
-rw-r--r--sys-auth/keystone/Manifest30
-rw-r--r--sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch33
3 files changed, 48 insertions, 21 deletions
diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index d9d54804d28c..c63c8f1b151e 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,10 @@
# ChangeLog for sys-auth/keystone
# Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.19 2013/05/28 16:34:39 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.20 2013/05/28 20:58:20 prometheanfire Exp $
+
+ 28 May 2013; Matthew Thode <prometheanfire@gentoo.org>
+ files/keystone-folsom-4-CVE-2013-2104.patch, keystone-2012.2.4-r4.ebuild:
+ better fix for keystone 2012.2.4 cve-2013-2104
*keystone-2012.2.4-r4 (28 May 2013)
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
index 3f1d0e08bbc7..c913d3332673 100644
--- a/sys-auth/keystone/Manifest
+++ b/sys-auth/keystone/Manifest
@@ -4,7 +4,7 @@ Hash: SHA256
AUX keystone-folsom-4-CVE-2013-1977.patch 1114 SHA256 af81df239364cab3f94b14636359a19e6c8474f8282d2c174e3e75208fa508c6 SHA512 e9139487cdf6185d0405fd034a48c451c15ab568ebb6d4e58c2c50160ef8dc6b926a31fd0b31c646ecfccf68f2b667d9577bbe6e169ef28f8abfc06ae9031210 WHIRLPOOL c2ed7858f514f3d4a45303b0a307eb259c3c53373160ad35afcb7012ca63f9360d152f4869745579b678d990ed6f929ef050b1c68683bac656123a0aea394ec0
AUX keystone-folsom-4-CVE-2013-2030.patch 2318 SHA256 fd824a4000da663568f26dbcfa6de031911ebdca1dea2c0958b3d5398d4d9ba6 SHA512 6b00a6d9062dd418299f9f02891fbfaa86f8f69db394ccfff31367555d1d7dbad1cf0d5a8647b61addeaabd2107b9f75cdc1986df8186de5c428f33533abffab WHIRLPOOL 842c4adb14c4a4501ea84c0082c0f28295027e27fee9957eafea6db9397a26c4955eb355b955d625bf5df818c1178af2267270aedec93bc47da8f17b59eaeca2
AUX keystone-folsom-4-CVE-2013-2059.patch 2340 SHA256 9c3a1d953abd719c55c77fd13295c0aa5caf730a4656f3a111a1bfc1d92a282c SHA512 c6f50ed21c95c7be256f0a15ef804eaf16f32fec038be53742ce85b9a303f4c613728c95af606aafd779009f298a68517668594a590fa40258dbbb6646c3fbed WHIRLPOOL 723b4d0e5573a2e7473e4613fcfc717d1e0d90ff18a7559baa7fe0a21c6c5fcb84648afcb227ea9231ed87738e0c17cf79153287d2d6b14a65974a67e78dbd2f
-AUX keystone-folsom-4-CVE-2013-2104.patch 11353 SHA256 5c2f86b572453cbf7d08f0a423a649ba1ddedf1eb0d825527430dc67804ec235 SHA512 8beb3ce69c889dcdcb258d062934927252e833a06010cbafc7b16047253e77e47c71830846e9e566c721b6e8b33d64ce2ebf59deb2d34df7a9e5c14d0034c290 WHIRLPOOL de1dc8b758d3974a4b4dbab03d6c5138a978658c92024c10706bf99213cecb823c4c76d64ddcb632eba366ce0fd34fa2c45071150460b688d79f6e457b509918
+AUX keystone-folsom-4-CVE-2013-2104.patch 12123 SHA256 28893546fa4d9df031285f892be629a475d0464e0c8a9e0a9ab77df7ef8d7fba SHA512 8116ee1227af98a7fd640ea2f16fab9f9a41af24d71d2d82031804dc19fc3aae4d26cc20233d7304a42423fa6b06e69766d19e11ba6fb8adeadc8ffa83f8ae34 WHIRLPOOL 5448626f6ac17eb7512d43683badbf12f1ca1de2b8ab706a786cb17db22b5f9da48d099d1ed33c429ac715621e64707b4d453ccaaf5a83b9408dba43bf51a021
AUX keystone-grizzly-1-CVE-2013-1977.patch 1545 SHA256 a052c366ed38f4a40e10809080da9106400de59224323b21ef5e609f71674c52 SHA512 59b4cd7a83bc662d9e0459fefe6a5d8a3976fd653220d9248c97a8007af45d23cc0bb38bbba378bdaf5951c70901bbebde709b1717980fb3741da11a21d30573 WHIRLPOOL e2e1f5f9c02edd07a3e738ca8d6997a64df65a147c75d19d0d269712a3b92b77506c0941d131a9183ccea6f0ffed13a1e5e746d39555675c5cb132ff5ade1020
AUX keystone.confd 67 SHA256 8faa32d3354df30b1d1c98cf481be162c27583b84e387f8da57611b689bc2448 SHA512 75b040eda6ef8701e8dac8f34b3dd3c96aedde3b005fac01f20592b3d8afb8bbce57fadc466cda69d7192f96460a5c704d941a16b96d02f3e80f1a3e264c2efe WHIRLPOOL 8e8cb4e8991ca8d8cf1e874bd2286900ca63379c73793bca906ecfc1318ee63a8af6d1f6090e9ef296bfbe5abf018368a5ad6430de1efdea0db626d8c697f3c4
AUX keystone.initd 1177 SHA256 fcf7e532f2f3fad8413455f67d8e9c4c0522ff99e69bd95d4fff49d2dfa243ac SHA512 a0281f5fdd96963d9479a3463e6b5f1947a2c3c8694e464d4d293ef237392bed796ec7b8431e1add7b73334ed5e11158347f35ab562edda5f7aa7bdb9b05e51e WHIRLPOOL d819103e6f2bdd7ca4d5ab2f645f8ca168cc46567ff7c2d00cb2d536c08319aaa472b06b8f98cf2b6de940089f444e7aa752e4c9deeb849a834108394dfe1862
@@ -14,22 +14,22 @@ DIST keystone-2013.1.1.tar.gz 791324 SHA256 a00664dd20adf36e1e78a6b29f49f7947e2f
EBUILD keystone-2012.2.4-r4.ebuild 2640 SHA256 b41240e50c6f943523f619c3c8f2001f3ab03f6de4070d8c1a61274a8cb5abde SHA512 7eb59189fab88d910d201d2a1099af1317327e9544dbba65803055f4a13958c9c676c7b807b68ab197c9c72a0a94991ccfdf8a88a917ff92b4315ac3507a62b1 WHIRLPOOL 6dd2f64318c2d15ad96b3d91f7c0054c011f1d5f0483c4f36957b59052e13c8a02d8fe9eed8300e3c85033c2f1863f04301a3263227a9c6d8e7eb79d928621fd
EBUILD keystone-2013.1.1.ebuild 2920 SHA256 e6290cedad04b9c6801ce9c73a1b4e2b25cce8a53b3057c51b8880cabd36d2d3 SHA512 283de4603b1788135cbbe0ff31c26fa9290067cd945941093cbcd844ae37388577775c6e320db6353e8e3b1c664700a06a00c73584396c1a135fc1bf27ab6aed WHIRLPOOL 06fde096d6a034a1d2e2e5dd3ead39c4c6a63faa5bc741b18ef31b7a38809b6696aabc9b7f3cf342f03efe28ca149c8fea8c318e48e42dca0e5e150c7ade113b
EBUILD keystone-9999.ebuild 2942 SHA256 048862e16792a3de401129f16b01fdfedbbcebc0f126dd1a39fb63c0118cd030 SHA512 767dccb4ce53d3162156f965c97bb4d33ff6d1d7dfd5efaa3a223d66915694f2d946e6e7774b73ac1c4f5a42af6228dafd3f30d3fb57da59bc293bae141a18a7 WHIRLPOOL 944e87af5b6a7f4276d49751d0b578052257c833350a568e7dd031f138b20a1714e38874f4992486fd8ca51d83e01516c055a244c634ec35e931149d120fdbc2
-MISC ChangeLog 4339 SHA256 dd2a2082a4b9eabcc66c84ff8542eebb8e4dcccee3fbcebe2355eb16f075eed3 SHA512 184d9577c63754d27bab6dfcd3c7221d96f73c000e71efbee8b2a0f1fbc5fa66de9b1fd7d934e168c95ad9958324ceba68802e063a83f5085231ff556cc65622 WHIRLPOOL b23b2d4a0332b7074a3a65616d13d5e91fc700f26c2840cefa3bd4a46426523e5cb4cadb7f6d32ec0b25fed090fc12fc211b56981d2efbff11e920095b6f317a
+MISC ChangeLog 4522 SHA256 4ec1621eb97293d54b243dc3cd51193f73ab77752b8f5a4cea04eb2046c7aeda SHA512 520ca85e2bbf6c10aca01a1ac538ea4e063d37c8c8743adc645c3d7654a695b330384b7f9639f65e74f9d7de00361609ea6957310cee550a6ce6c13aa9454f16 WHIRLPOOL 4a1ce61d4d69b626ebf2d7187665507ab3a365d85067fd8c05d909ac017d1c8f4425772e781523f098336d612c3a746e0ba049e80b1d1285ebdf5afe7c1cad31
MISC metadata.xml 399 SHA256 7f8946a43a8187a3901e53e0e3b4293e49bb2a1d1785c472b1d0ffd83e0ba2a8 SHA512 9448005b3be5621b302b4c71d190c621f245163a2c7aa8277a3af8132558543c774e9bb20b39bcb0ad896db5d2feac7649b107d7850f68e437f18214891ab16f WHIRLPOOL b46a5eadc17d5e38d23efed9620772e6d5e2cbd7733e1c0a8d15a506cacc8a31e9b26a354a1b749a7c64bff08722658b2feb651679a6a6054cd3b551839ddb38
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.19 (GNU/Linux)
-iQIcBAEBCAAGBQJRpNz3AAoJECRx6z5ArFrDMZkQAIl4+n8LbKFf1fMhyKSmH1ok
-xNmghaCqVwGfdyPzGsjMMTHrTbqSXXfL19MBxvoAXAOg/qWAckBqg9mlkduGBawS
-jGuU69ThfmTcL6s+rmmYmjT0nS8wFkW5n52YBv5+4r1bIf5mA+HPxTqqwdzJLjev
-lRFIgHAzwduALUE5NErv1wYXJfE4ddoY46e4GOwQVRlL5jSXdntXmtDFggTEpLlA
-kiZv8EyQg5pP2hN/QDiHcQM/LJREXHYBtUVTwJbZxpiVAdsBJxynZfyofHyERh+z
-wk4eWoIWplQN+Ya2hC2P15+M5OnD3YbMcW/jr38UzvZIoqPaKSdcjxJylE9o9uhm
-8rwgRtzvaNa58CVhuOeLBk9l7nQof6a6TuIpY14cGFup49hMCf1xMr77TvgykkE4
-N2tjN4lt+eLRVNgWQDqZEWKPVlj/Bv7v6kYe4Z1I5z+l7rj1NpEkEhXXXiId21ER
-xQsKt9oO9VxD9JglAUo0iiZp1CqsM3Tm8isJdF9OAnt00V5Cn07ywZsEMp5xNcUt
-ioktc37PRE3XEP3kcO0ERsEYOv4MSly+sSenBmVuFlAt6gcjkGzlPmLp2aGGR2mP
-AAk7eQEhExR0LFcgHhY2+X2nnhQjpiu9IOlDOjt2XNe55TSBcnMahSFFGs9XrXhP
-xO4PrOXeTUp8aR72ABAL
-=mQuV
+iQIcBAEBCAAGBQJRpRq2AAoJECRx6z5ArFrDxuwQAKE6GMYVONJnswlE+JD0MJEi
+tJHXI3b8+VAXrDD+okD7rUNYezgPrzx4w2+mHZ2dmCwINHG6dSw2vkI/fQKLZtrp
+aKTbY02qY8xP1bV/tpYFehhxFYg0QmuoCosr7TcmEKP0UtQlgXVK8m0kcdJb0sb9
+uxMxMEKb4oVjR3E8loRQMANLmUpzZhGxfRldHMGQVoAsxYhbABzcakLLObmg09+e
+LeHF54kBbpejiEcmm5aFYzjbqn2Jfj35cR6EkpR7V8g9YMO/oKp/B7BVuPPPTerp
+S4UFf7ae+Ss4zR9F3/z5DU2j1KwSx/JegBq0hP/SwhDpOC7FC6rXjAui8Q6u4vIR
+g76pnq15/NmmywdzaKvxtzAbXEuXCiCgaZqjvvH9NpbQZm7khVaeLj+OlaSRvOmm
+8kf4c9yOxsA66MSKae2wjaRnXJVKKG4xYK5Oak5ZU6tzucPgvdIbS259g07dkatL
+9KW13pAkVwzxpdlBO30rC0KVtTD6/aO89LojA2eppCizBPLYFdKrEpvpZVFHHPNs
+WM3XvZA0ZknDXvlvINvmWNIQyZcv4bCSYDCSZ3XjTyJEsJT/446aTQ+grgIBWjti
+wTico05Gh5T1RSApz0p592EdLvM0RlkqAH7isowCnNTM2UK9IcH+QKzK8ESADUHl
+ndbjZ6XQs4xAvGmmvFFk
+=uf1a
-----END PGP SIGNATURE-----
diff --git a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch
index c3fb33fd712f..ef760abb037c 100644
--- a/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch
+++ b/sys-auth/keystone/files/keystone-folsom-4-CVE-2013-2104.patch
@@ -1,4 +1,4 @@
-From 1d15ee512d0bebba23bdb997ae839bd6ab5d9317 Mon Sep 17 00:00:00 2001
+From 8d23da1302dde9d38bbc227d9aba30da919b60c8 Mon Sep 17 00:00:00 2001
From: Adam Young <ayoung@redhat.com>
Date: Mon, 13 May 2013 16:07:51 -0400
Subject: [PATCH] Check token Expiration
@@ -9,20 +9,43 @@ Bug 1179615
Change-Id: I8516d87ffc72cf35d3bff6fc21cb5324da4ad2bb
---
- keystone/middleware/auth_token.py | 26 +++++++++++-------
+ keystone/middleware/auth_token.py | 30 +++++++++++++--------
tests/signing/Makefile | 2 +-
tests/signing/auth_token_revoked.pem | 10 +++----
tests/signing/auth_token_scoped_expired.json | 1 +
tests/signing/auth_token_scoped_expired.pem | 40 ++++++++++++++++++++++++++++
tests/test_auth_token_middleware.py | 10 +++++++
- 6 files changed, 74 insertions(+), 15 deletions(-)
+ 6 files changed, 76 insertions(+), 17 deletions(-)
create mode 100644 tests/signing/auth_token_scoped_expired.json
create mode 100644 tests/signing/auth_token_scoped_expired.pem
diff --git a/keystone/middleware/auth_token.py b/keystone/middleware/auth_token.py
-index 01e6c58..f5e631a 100644
+index 01e6c58..b1a574b 100644
--- a/keystone/middleware/auth_token.py
+++ b/keystone/middleware/auth_token.py
+@@ -95,6 +95,7 @@ HTTP_X_ROLE
+
+ import datetime
+ import httplib
++import iso8601
+ import json
+ import logging
+ import os
+@@ -259,13 +260,12 @@ class AuthProtocol(object):
+ self._token_revocation_list_fetched_time = None
+ self.token_revocation_list_cache_timeout = \
+ datetime.timedelta(seconds=0)
++ self._iso8601 = iso8601
+ if memcache_servers:
+ try:
+ import memcache
+- import iso8601
+ LOG.info('Using memcache for caching token')
+ self._cache = memcache.Client(memcache_servers.split(','))
+- self._iso8601 = iso8601
+ except ImportError as e:
+ LOG.warn('disabled caching due to missing libraries %s', e)
+
@@ -512,7 +512,8 @@ class AuthProtocol(object):
data = json.loads(verified)
else:
@@ -198,5 +221,5 @@ index e6893ee..dfe424f 100644
req = webob.Request.blank('/')
req.headers['X-Auth-Token'] = 'invalid-token'
--
-1.8.1.5
+1.8.1.2