Package: swift-plugin-s3 / 1.7-5+deb8u1

Metadata

Package Version Patches format
swift-plugin-s3 1.7-5+deb8u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
fix_signature_bug_to_use_RAW_PATH_INFO.patch | (download)

swift3/middleware.py | 5 4 + 1 - 0 !
1 file changed, 4 insertions(+), 1 deletion(-)

 [patch] fix signature bug to use raw_path_info

This fixes signature creation to use RAW_PATH_INFO.

Swift3 could not create correct signature in case of
using escaped character(e.g. %2F, %2D) in PATH_INFO,
because env['PATH_INFO'] was decoded(unescaped) by
eventlet.wsgi before a request arrived at swift3.
It caused signature mismatch and authentication failure.

This change enables swift3 to create signature from
RAW_PATH_INFO and fixes that bug.

Note: This patch works well only in later version than
      eventlet 0.9.17, because older version does not
      have RAW_PATH_INFO variable.
      When using older version, swift3 works in the same
      way as ever(use req.path of swob).

Signed-off-by: Kota Tsuyuzaki <tsuyuzaki.kota@lab.ntt.co.jp>

Updated_HEAD_and_ACL_calls_to_objects_to_work_correctly.patch | (download)

swift3/middleware.py | 20 9 + 11 - 0 !
1 file changed, 9 insertions(+), 11 deletions(-)

 [patch] updated head and acl calls to objects to work correctly


CVE 2015 8466.patch | (download)

swift3/middleware.py | 9 7 + 2 - 0 !
1 file changed, 7 insertions(+), 2 deletions(-)

 cve-2015-8466: replay attack - date/date header unvalidated