lp://staging/ubuntu/quantal-proposed/keystone

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Related blueprints

41. By James Page on 2013-05-29

debian/patches/update_certs.patch: Fix FTBFS. Original SSL certs
for test suite expired May 18 2013. Cherry-picked regenerated certs
from stable/folsom commit c14f2789.

40. By James Page on 2013-05-17

* Rebase on latest security fixes.
* SECURITY UPDATE: delete user token immediately upon delete when using v2
  API
  - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
    token_api.delete_token() during delete. Also update test suite.
  - CVE-2013-2059
  - LP: #1166670

39. By Adam Gandelman on 2013-04-25

* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-1865.patch: [255b1d4]
  - debian/patches/CVE-2013-0282.patch: [f0b4d30]
  - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
* Resynchronize with stable/folsom (09f28020) (LP: #1179707):
  - [5ea4fcf] V2 API reported at Beta LP: 1135230
  - [1889299] PKI-signed token hash saved as token ID for SQL backend only
    LP: 1073272
  - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
    LP: 1073343
  - [b3ce6a7] Use the right subprocess based on os monkeypatch
  - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
  - [9e0a97d] Temporary network outage results in connection refused and
    invalid token LP: 1150299
  - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
  - [8690166] PKI tokens are broken after 24 hours LP: 1074172
  - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
  - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
    LP: 1121494
  - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282

38. By James Page on 2013-03-22

* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
  - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
    to ensure user and tenant are enabled in EC2
  - CVE-2013-0282
* SECURITY UPDATE: fix denial of service
  - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
  - CVE-2013-1664
  - CVE-2013-1665

37. By Adam Gandelman on 2013-02-06

[ Adam Gandelman ]
* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-0247.patch: [bb2226f]
* Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
  - [bb2226f] Add size validations for /tokens.
  - [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
  - [70e55f9] SQL backend fails if not all URL are defined in an endpoint
    LP: 1061736
  - [6c95b73] Unparseable endpoint URL's should raise a user friendly error
    LP: 1058494
  - [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
  - [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405

[ Chuck Short ]
* debian/patches/fix-ubuntu-tests.patch: Refreshed.

36. By Adam Gandelman on 2012-12-04

* Ubuntu updates:
  - debian/control: Ensure keystoneclient is upgraded with keystone,
    require python-keystoneclient >= 1:0.1.3. (LP: #1073273)
  - Dropped patches, applied upsteram:
    - debian/patches/CVE-2012-5563.patch
    - debian/patches/CVE-2012-5571.patch
    - debian/patches/fix-ssl-tests-lp1068851.patch
* Resynchronize with stable/folsom (7869c3ec) (LP: #1085255):
  - [f9d4766] token expires time incorrect for auth by one token
    (LP: #1079216)
  - [80d63c8] keystone throws error when removing user from tenant.
    (LP: #1078497)
  - [37308dd] Removing user from a tenant isn't invalidating user access to
    tenant (LP: #1064914)
  - [bec9b68] Redo part of bp/sql-identiy-pam undone by bug 968519
    (LP: #1068674)
  - [ee645e6] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [094c494] Non PKI Tokens longer than 32 characters can never be valid
    (LP: #1060389)
  - [3cd343b] Openssl tests rely on expired certificate (LP: #1068851)
  - [2f9807e] Set defaultbranch in .gitreview to stable/folsom

35. By Jamie Strandboge on 2012-11-28

* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914
* debian/patches/fix-ssl-tests-lp1068851.patch: update certificates for
  SSL tests
* SECURITY UPDATE: fix for token expiration
  - debian/patches/CVE-2012-5563.patch: ensure token expiration is
    maintained
  - CVE-2012-5563
  - LP: #1079216

34. By Chuck Short on 2012-09-27

New upstream release.

33. By Chuck Short on 2012-09-26

New upstream release.

32. By Chuck Short on 2012-09-17

* New upstream version.
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)