-
keystone (1:2013.1.4-0ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: don't add role when attempting to remove a non-existent
role
- debian/patches/CVE-2013-4477.patch: raise RoleNotFound with exception
ldap.NO_SUCH_OBJECT
- CVE-2013-4477
- LP: #1242855
-- Jamie Strandboge <email address hidden> Tue, 05 Nov 2013 09:09:26 -0600
-
keystone (1:2013.1.4-0ubuntu1) raring-proposed; urgency=low
* Resynchronize with stable/grizzly (9666fc0) (LP: #1241202):
- [6792499] periodic-keystone-python27-stable-grizzly fails due to"No
module named netaddr" LP: 1212939
- [775d7a7] Fix and test token revocation list API
- [0876ea2] N+1 lookups in groups SQL LP: 1218675
- [afbc75b] Disabling a tenant would not disable a user token LP: 1179955
- [9666fc0] User operations with LDAP Identity and
enabled_mask/user_enabled_default fail LP: 1210175
-- Adam Gandelman <email address hidden> Thu, 17 Oct 2013 13:52:59 -0700
-
keystone (1:2013.1.3-0ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: revoke user tokens when disabling/delete a project
- debian/patches/CVE-2013-4222.patch: add _delete_tokens_for_project() to
common/controller.py and use it in identity/controllers.py
(LP: #1179955)
- CVE-2013-4222
* SECURITY UPDATE: fix and test token revocation list API
- debian/patches/CVE-2013-4294.patch: fix token matching for memcache
backend token revocation (LP: #1202952)
- CVE-2013-4294
-- Jamie Strandboge <email address hidden> Tue, 22 Oct 2013 10:06:36 -0500
-
keystone (1:2013.1.3-0ubuntu1) raring-proposed; urgency=low
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-2157.patch: [c100fd2]
* Resynchronize with stable/grizzly (f60f742) (LP: #1210447):
- [4b22c02] Bump stable/grizzly next version to 2013.1.3
- [c100fd2] Force simple Bind for authentication
- [b426022] password in clear in keystone.log LP: 1166697
- [8ea8024] Performance issue when delete tokens for users LP: 1178063
- [76a94c6] Editing User fails when the user already has a Primary Project
LP: 1161963
- [27a5b42] User roles are replaced by group roles in v3 tokens
LP: 1197874
- [f60f742] Unscoped tokens are revoked when assigning a role to a user
LP: 1170186
* debian/control: Update Vcs field.
-- Adam Gandelman <email address hidden> Fri, 09 Aug 2013 10:06:27 +0100
-
keystone (1:2013.1.2-0ubuntu2) raring-proposed; urgency=low
* Rebased to include latest security updates:
- debian/patches/CVE-2013-2157.patch: Cherry-picked from stable/grizzly.
keystone (1:2013.1.2-0ubuntu1) raring-proposed; urgency=low
* Resynchronize with stable/grizzly (8dd57da1) (LP: #1188788):
- [8dd57da] Migration 020 incorrectly assigns roles. LP: 1186128
- [81a4d38] Removing a user from a project would result to all members of
that project to be removed LP: 1170649
- [39c4ca1] default_domain_id breaks the ability to map keystone to ldap
LP: 1168726
- [69d0733] Lacking initial rule for list_groups_for_user operation in
sample policy.json LP: 1167836
- [45fa69b] LDAP list group users should not fail if user entry deleted
LP: 1174585
- [6090bbe] Update sample_data.sh to match docs LP: 1073291
- [a00bab7] use swift stable branch
-- Adam Gandelman <email address hidden> Sun, 16 Jun 2013 21:45:44 -0700
-
keystone (1:2013.1.1-0ubuntu2.1) raring-security; urgency=low
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
- debian/patches/CVE-2013-2157.patch: identity/backends/ldap/core.py is
adjusted to raise an assertion for invalid password when using LDAP and
an empty password is submitted
- CVE-2013-2157
- LP: #1187305
-- Jamie Strandboge <email address hidden> Thu, 13 Jun 2013 06:49:54 -0500
-
keystone (1:2013.1.1-0ubuntu2) raring-proposed; urgency=low
* Rebase against latest security updates.
* Dropped patches:
- debian/patches/CVE-2013-2059.patch: [678b06a]
keystone (1:2013.1.1-0ubuntu1) raring-proposed; urgency=low
* Resynchronize with stable/grizzly (678b06a9) (LP: #1179626):
- [678b06a] Deleted user can still create instances LP: 1166670
- [b874c8f] keystone ipv6 tests fail LP: 1176204
- [3aa0f45] Set defaultbranch in .gitreview to stable/grizzly
- [c5037dd] admin_token and LDAP password show up in log in DEBUG mode
LP: 1172195
- [76efb5c] residual grants after delete action LP: 1125637
- [2b5b24e] PKI support breaks memcache token backend LP: 1119641
- [9446a99] non-default auth plugins can't be configured LP: 1157515
- [717f1aa] Upgrading from folsom to grizzly results in all tenants/users
being disabled (LP: #1167421)
-- James Page <email address hidden> Fri, 17 May 2013 10:42:16 +0100
-
keystone (1:2013.1.1-0ubuntu1) raring-proposed; urgency=low
* Resynchronize with stable/grizzly (678b06a9) (LP: #1179626):
- [678b06a] Deleted user can still create instances LP: 1166670
- [b874c8f] keystone ipv6 tests fail LP: 1176204
- [3aa0f45] Set defaultbranch in .gitreview to stable/grizzly
- [c5037dd] admin_token and LDAP password show up in log in DEBUG mode
LP: 1172195
- [76efb5c] residual grants after delete action LP: 1125637
- [2b5b24e] PKI support breaks memcache token backend LP: 1119641
- [9446a99] non-default auth plugins can't be configured LP: 1157515
- [717f1aa] Upgrading from folsom to grizzly results in all tenants/users
being disabled (LP: #1167421)
-- Adam Gandelman <email address hidden> Tue, 14 May 2013 07:49:15 -0700
-
keystone (1:2013.1-0ubuntu1.1) raring-security; urgency=low
* SECURITY UPDATE: delete user token immediately upon delete when using v2
API
- CVE-2013-2059.patch: adjust keystone/identity/controllers.py to call
_delete_tokens_for_user() during delete. Also update test suite.
- CVE-2013-2059
- LP: #1166670
-- Jamie Strandboge <email address hidden> Tue, 07 May 2013 14:01:37 -0500
-
keystone (1:2013.1-0ubuntu1) raring; urgency=low
[ Adam Gandelman ]
* debian/patches/sql_connection.patch: Ensure SQL by default for all
backends. (LP: #1158563)
* debian/rules: Reinstate use of test_overrides.conf to target upstream
defaults when running unit tests.
[ Chuck Short ]
* New upstream release.
-- Chuck Short <email address hidden> Fri, 05 Apr 2013 22:32:17 -0500
-
keystone (1:2013.1~rc3-0ubuntu1) raring; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Tue, 02 Apr 2013 08:50:49 -0500
-
keystone (1:2013.1~rc2-0ubuntu1) raring; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Thu, 28 Mar 2013 10:24:18 -0500
-
keystone (1:2013.1~rc1-0ubuntu1) raring; urgency=low
[ James Page ]
* d/watch: Update uversionmangle to deal with upstream versioning
changes, remove tarballs.openstack.org.
* d/rules: Stop using packaging specific test overrides when
running unit tests.
[ Chuck Short ]
* New upstream release.
* debian/control: Clean-up build-depends
- Dropped pylint not needed.
- Dropped python-all-dev and python-support not needed.
- Renamed python-oslo-config to python-oslo.config.
- Dropped python-prettytable no longer needed.
- Dropped pyhthon-novaclient no longer needed.
- Dropped pep8 no longer needed.
* debian/control:Clean-up depends:
- Dropped python-prettytable no longer needed.
* Update standards
[ Adam Gandelman ]
* d/control: Bump python-keystoneclient version requirement to >= 1:0.2.3.
* debian/keystone.postinst: Run pki_setup during configure to intitialize
PKI infrastructure for signed tokens (now enabled by default).
-- Chuck Short <email address hidden> Fri, 22 Mar 2013 08:16:09 -0500
-
keystone (2013.1.g3-0ubuntu1) raring; urgency=low
[ Chuck Short ]
* New upstream version.
* debian/patches/sql_connection.patch: Rediffed
* debian/control: Add python-oslo-config.
[ James Page ]
* Refreshed patches.
* d/keystone.template,po: Removed debconf detritus from packaging.
-- Chuck Short <email address hidden> Fri, 22 Feb 2013 08:28:35 -0600
-
keystone (2013.1~g2-0ubuntu1) raring; urgency=low
[ James Page ]
* Re-enable gating of package build based on successful unit testing:
- d/tests/test_overrides.conf: Fixup test configuration to use
correct certificate locations.
- d/p/fix-ubuntu-tests.patch: Skip tests for older versions of
keystoneclient based on checkouts of upstream git repo.
- d/rules: Re-enable package build failure on test failure.
* d/control: Bump dependencies on python-keystoneclient to >= 1:0.2.
* d/control: Update Vcs-Bzr location to point to correct branch.
* d/control,d/po/*: Setup package templates for translation.
* d/man/*: Corrected spellings in man pages.
* d/keystone.upstart: Tweak 'stop on' to be triggered on all
appropriate runlevel transitions, use start-stop-daemon to startup
keystone daemon.
[ Adam Gandelman ]
* debian/keystone.manpages: Install sphinx-generated manpages instead
of our own outdated and unneeded versions. (LP: #1082050)
[ Chuck Short ]
* New upstream release.
* Remove incomplete/broken dbconfig-common scripts.
-- Chuck Short <email address hidden> Fri, 11 Jan 2013 08:47:26 -0600
-
keystone (2013.1~g1-0ubuntu1) raring; urgency=low
[ Adam Gandelman ]
* debian/tests/test_overrides.conf: Update for Grizzly test suite.
* debian/control: Drop python-nova.
[ Chuck Short ]
* New upstream release.
* debian/rules: FTBFS if there is a missing binary.
* debian/rules: Temporarily pass the tests since you need to run
keystone in order to run the tests.
* debian/patches/*: Refrehsed.
-- Chuck Short <email address hidden> Fri, 23 Nov 2012 09:01:53 -0600
-
keystone (2013.1~g1~20121101.2629-0ubuntu1) raring; urgency=low
* New upstream release.
* debian/tests/test_overrides.conf: Update for Grizzly test suite.
* debian/control: Drop python-nova.
-- Adam Gandelman <email address hidden> Fri, 02 Nov 2012 13:48:49 +0100
-
keystone (2012.2-0ubuntu2) raring; urgency=low
* debian/control: Ensure keystoneclient is upgraded with keystone,
require python-keystoneclient >= 1:0.1.3. (LP: #1073273)
-- Adam Gandelman <email address hidden> Wed, 31 Oct 2012 13:43:11 +0100
-
keystone (2012.2-0ubuntu1) quantal; urgency=low
* New upstream release.
-- Chuck Short <email address hidden> Thu, 27 Sep 2012 12:22:07 -0500
