-
keystone (1:2014.1.5-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (91255f1) (LP: #1467533):
- [a1548eb] backend_argument should be marked secret
- [e6eba4b] Remove oslo.serialization from requirements.txt
- [0e0efdb] Work with pymongo 3.0
- [91255f1] Deal with PEP-0476 certificate chaining checking
* d/p/drop-oslo-serialization.patch: Dropped; Fixed upstream.
* d/p/fix-requirements.patch: Rebased
-- Corey Bryant <email address hidden> Mon, 22 Jun 2015 10:14:38 -0400
-
keystone (1:2014.1.4-0ubuntu2) trusty; urgency=medium
* d/p/drop-oslo-serialization.patch: Drop oslo.serialization (LP: #1437741).
* d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).
-- Corey Bryant <email address hidden> Mon, 30 Mar 2015 09:07:47 -0400
-
keystone (1:2014.1.4-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (9aec35a) (LP: #1432608):
- [d72e6fa] Correct initialization order for logging to use eventlet locks
- [0967058] Additional test coverage for password changes
- [f45f678] Keystoneclient tests from venv-installed client
- [5d2e2ce] Fix race on default role creation
- [35d937d] Fix test_provider_token_expiration_validation transient failure
- [3817e75] Make sure scoping to the project of a disabled domain result in 401.
- [9aec35a] Add oslo.serialization for latest keystoneclient
* d/p/fix-requirements.patch: Rebased
* d/p/fix-ubuntu-tests.patch: Rebased
-- Corey Bryant <email address hidden> Thu, 19 Mar 2015 09:31:57 +0000
-
keystone (1:2014.1.3-0ubuntu2.1) trusty-security; urgency=medium
* No change rebuild for security:
- [878f12e] Adds a whitelist for endpoint catalog substitution
+ CVE-2014-3621
+ LP: #1354208
-- Marc Deslauriers <email address hidden> Tue, 21 Oct 2014 12:13:36 -0400
-
keystone (1:2014.1.3-0ubuntu2) trusty; urgency=medium
[ Edward Hope-Morley ]
* Added python-ldap as install dep (LP: #1364854)
-- Chuck Short <email address hidden> Fri, 10 Oct 2014 12:54:47 -0400
-
keystone (1:2014.1.3-0ubuntu1) trusty; urgency=medium
[ Corey Bryant ]
* Resynchronize with stable/icehouse (8485dbc) (LP: #1377136):
- [89ebfe9] Fix tests comparing tokens
- [6bf25d0] Fix typo on cache backend module
- [1c8f9f9] Set LDAP certificate trust options for LDAPS and TLS
- [878f12e] Adds a whitelist for endpoint catalog substitution
- [a391713] Remove extraenous instantiations of managers
- [25cbcf5] Avoid conversion of binary LDAP values
- [b3765d7] Catalog driver generates v3 catalog from v2 catalog
- [824f66d] Ensure token is a string
- [30f9247] Add workaround to support tox 1.7.2
- [80502d3] Fixes catalog URL formatting to never return None
- [f3198d8] Updates keystone.catalog.core.format_url tests
- [c959cbd] Ignore broken endpoints in get_catalog
- [126440d] Ignore broken endpoints in get_v3_catalog
- [c48ec38] No longer allow listing users by email
- [18d4843] Fixes an issue with the XMLEquals matcher
- [c6cd627] Implicitly ignore attributes that are mapped to None in LDAP
- [8485dbc] Remove `with_lockmode` use from Trust SQL backend.
* d/p/fix-requirements.patch: Rebased.
* d/p/add-version-info.patch: Rebased.
-- Chuck Short <email address hidden> Mon, 06 Oct 2014 09:08:41 -0400
-
keystone (1:2014.1.2.1-0ubuntu1.1) trusty-security; urgency=medium
* No change rebuild for security:
- [7378512] Block delegation escalation of privilege
+ CVE-2014-3476
+ LP: #1324592
- [44555e8] Ensure that in v2 auth tenant_id matches trust
+ CVE-2014-3520
+ LP: #1331912
- [6cbf835] Fix revocation event handling with MySQL
+ CVE-2014-5251
+ LP: #1347961
- [bdb88c6] Fix for V2 token issued_at time changing
+ CVE-2014-5252
+ LP: #1348820
- [317f9d3] Fix revoking domain-scoped tokens
+ CVE-2014-5253
+ LP: #1349597
-- Jamie Strandboge <email address hidden> Thu, 21 Aug 2014 09:06:13 -0500
-
keystone (1:2014.1.2.1-0ubuntu1) trusty; urgency=medium
[ Corey Bryant ]
* Resynchronize with stable/icehouse (935fd60) (LP: #1354159):
- [6cbf835] Fix revocation event handling with MySQL
- [c900a6e] Make test_revoke expiry times distinct
- [5c89c89] Fix revoking a scoped token from an unscoped token
- [dfb0ff0] Add a test for revoking a scoped token from an unscoped
- [317f9d3] Fix revoking domain-scoped tokens
- [cccc3f3] Correct revocation event test for domain_id
- [bdb88c6] Fix for V2 token issued_at time changing
- [0c34e79] Add tests related to V2 token issued_at time changing
- [8e87504] Don't override tox envdir for pep8
- [774b6ab] Correct the region table to be InnoDB and UTF8
- [6f8c444] HEAD responses should return same status as GET
- [44555e8] Ensure that in v2 auth tenant_id matches trust
- [2baae78] Do not log 14+ INFO lines on a broken pipe error (eventlet)
- [cef4fbc] Properly invalidate cache for get_*_by_name methods
- [e08b62a] Make sure domains are enabled by default
- [7378512] Block delegation escalation of privilege
- [935fd60] Encode/Decode LDAP parameters to/from UTF-8
* d/p/fix-requirements.patch: Refreshed.
[ James Page ]
* d/watch: Point to tarballs.openstack.org for release artifacts.
-- Corey Bryant <email address hidden> Fri, 08 Aug 2014 16:47:10 -0400
-
keystone (1:2014.1.1-0ubuntu1) trusty; urgency=medium
* Resynchronize with stable/icehouse (1716748) (LP: #1328134):
- [4408625] sql migration: ensure using innodb utf8 for assignment table
- [786af98] SQL and LDAP fixes for get_roles_for_user_and_project user=group ID
- [e56fe4c] Updated from global requirements
- [0bd819c] Removed duplication with list_user_ids_for_project
- [b932321] Allow any attributes in mapping and include in results
- [1716748] Treat LDAP attribute names as case-insensitive
* d/p/fix-requirements.patch: Drop minimum version of six to align to version
in Ubuntu 14.04.
-- Corey Bryant <email address hidden> Mon, 09 Jun 2014 15:57:33 -0400
-
keystone (1:2014.1-0ubuntu1) trusty; urgency=medium
* New upstream release (LP: #1298959).
-- James Page <email address hidden> Thu, 17 Apr 2014 10:18:51 +0100
-
keystone (1:2014.1~rc2-0ubuntu1) trusty; urgency=medium
[ Chuck Short ]
* debian/control: Add python-oslotest as a build dependency.
[ Corey Bryant ]
* New upstream release. (LP: #1298959)
-- Corey Bryant <email address hidden> Tue, 08 Apr 2014 08:36:51 -0400
-
keystone (1:2014.1~rc1-0ubuntu1) trusty; urgency=medium
[ James Page ]
* d/p/*: Refreshed
* d/p/revoke-api.patch: Dropped, not needed for master branch.
* d/control: Add python-kombu and python-lockfile to BD's and dependencies
for python-keystone (LP: #1292478).
[ Chuck Short ]
* New upstream release. (LP: #1298959)
* d/p/ubuntu-oslo.sphinx.patch: Dropped no longer needed.
* debian/control: Use python-oslosphinx.
* d/patches/add-version-info.patch: Re-enabled.
* d/keystone.logrotate: Use copytruncate instead of restart. (LP: #1297705)
-- Chuck Short <email address hidden> Fri, 28 Mar 2014 07:38:36 -0400
-
keystone (1:2014.1~b3-0ubuntu3) trusty; urgency=medium
* d/p/revoke-api.patch: Add upstream patch to resolve critical issue with
token revocation (LP: #1289935).
* d/keystone.postinst: Ensure db_sync is only run when the default sqlite
connection is configured (LP: #1290423).
-- Corey Bryant <email address hidden> Wed, 12 Mar 2014 23:20:05 -0500
-
keystone (1:2014.1~b3-0ubuntu2) trusty; urgency=medium
* Make test execution more verbose to avoid timeouts on buildds:
- d/rules: Use run_tests.sh wrapper to execute tests.
- d/control: Add BD on subunit.
* d/*: Wrap and sort.
-- James Page <email address hidden> Thu, 06 Mar 2014 21:37:04 +0000
-
keystone (1:2014.1~b3-0ubuntu1) trusty; urgency=low
[ Chuck Short ]
* d/patches/ubuntu-oslo.sphinx.patch: Override oslosphinx namesapce.
* d/control: Add python-pycadf as a build-dependency.
* d/control: Add python-oslo.messaging as a build-dependency.
* d/control: Add python-jsonschema as a build-dependency.
* d/control: Add python-pymongo as a build-dependency.
* d/patches/add-version-info.patch: Temporarily disable.
[ James Page ]
* New upstream milestone release.
* d/patches/*: Refreshed.
-- James Page <email address hidden> Thu, 06 Mar 2014 18:09:12 +0000
-
keystone (1:2014.1~b2-0ubuntu1) trusty; urgency=low
[ Chuck Short ]
* New upstream release.
* debian/patches/fix-ubuntu-tests.patch: Refreshed.
* debian/patches/sql-connection.patch: Refreshed
* debian/patches/debian/patches/disable-oauth2.patch: Refreshed
* debian/control:
- Add python-pecan, python-crypto,
python-mock, python-oauthlib, and python-wsme as dependencies.
- Remove suggestion for python-oauth2.
* debian/rules: Use a clean keystone.conf while running
the tests.
* debian/patches/disable-oauth2.patch: Dropped no longer needed.
(LP: #1240382)
* debian/keystone.conf: Removed
[ Yolanda Robla ]
* debian/patches/add-version-info.patch: Add platform to identify
what the server is running.
* debian/control: Bump python-keystoneclient version.
-- Chuck Short <email address hidden> Thu, 23 Jan 2014 12:32:11 -0500
-
keystone (1:2014.1~b1-0ubuntu1) trusty; urgency=low
* New upstream release.
* debian/control:
- open icehouse release.
- Add python-six as a build dependency.
- Drop python-nose as a build dependency.
* debian/rules:
- Use sphinx-build to build docs and man
pages.
- Call testrepository directly.
* debian/patches/fix-ubuntu-tests.patch: Refreshed.
* debian/patches/disable-oauth2.patch: Refreshed.
-- Chuck Short <email address hidden> Thu, 05 Dec 2013 14:30:11 -0500
-
keystone (1:2013.2-0ubuntu1.1) saucy-security; urgency=low
* SECURITY UPDATE: don't add role when attempting to remove a non-existent
role
- debian/patches/CVE-2013-4477.patch: raise RoleNotFound with exception
ldap.NO_SUCH_OBJECT
- CVE-2013-4477
- LP: #1242855
-- Jamie Strandboge <email address hidden> Tue, 05 Nov 2013 09:06:12 -0600
-
keystone (1:2013.2-0ubuntu1) saucy; urgency=low
* New upstream release (LP: #1236462).
-- Chuck Short <email address hidden> Thu, 17 Oct 2013 10:22:54 -0400
-
keystone (1:2013.2~rc4-0ubuntu1) saucy; urgency=low
* New upstream release candidate (LP: #1240592).
-- Chuck Short <email address hidden> Wed, 16 Oct 2013 12:09:40 -0400