Ubuntu
keystone package

lp:~gandelman-a/ubuntu/quantal/keystone/2012.2.4

Quantal (12.10)
2012.2.4

Created by Adam Gandelman on 2013-04-26 and last modified on 2013-04-26

Get this branch:: bzr branch lp:~gandelman-a/ubuntu/quantal/keystone/2012.2.4

Only Adam Gandelman can upload to this branch. If you are Adam Gandelman please log in for upload directions.

Branch merges

No branches dependent on this one.

Merged into lp:~openstack-ubuntu-testing/keystone/folsom at revision 163

Openstack Ubuntu Testers: Pending requested 2013-04-26

Related bugs

Link a bug report

Related blueprints

Branch information

Owner:: Adam Gandelman

Status:: Development

Recent revisions

163. By Adam Gandelman on 2013-04-26: * Dropped patches, applied upstream:
  - debian/patches/CVE-2013-1865.patch: [255b1d4]
  - debian/patches/CVE-2013-0282.patch: [f0b4d30]
  - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
* Resynchronize with stable/folsom (09f28020):
  - [5ea4fcf] V2 API reported at Beta LP: 1135230
  - [1889299] PKI-signed token hash saved as token ID for SQL backend only
    LP: 1073272
  - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
    LP: 1073343
  - [b3ce6a7] Use the right subprocess based on os monkeypatch
  - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
  - [9e0a97d] Temporary network outage results in connection refused and
    invalid token LP: 1150299
  - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
  - [8690166] PKI tokens are broken after 24 hours LP: 1074172
  - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
  - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
    LP: 1121494
  - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
162. By Adam Gandelman on 2013-04-23: Resync changelog with current package in quantal-proposed.
161. By James Page on 2013-03-22: * Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
  - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
    to ensure user and tenant are enabled in EC2
  - CVE-2013-0282
* SECURITY UPDATE: fix denial of service
  - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
  - CVE-2013-1664
  - CVE-2013-1665
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
  - LP: #1129713
160. By Adam Gandelman on 2013-02-21: 2012.2.3+stable-20130220-37b35328-0ubuntu1
159. By Adam Gandelman on 2013-02-06: 2012.2.3
158. By Adam Gandelman on 2013-02-05: 2012.2.3
157. By Adam Gandelman on 2013-02-05: Update changelog.
156. By Chuck Short on 2013-01-23: debian/patches/fix-ubuntu-tests.patch: Rediffed
155. By Adam Gandelman on 2012-12-03: Merge 2012.2.1 changes.
154. By Adam Gandelman on 2012-10-31: Update changelog format to cater to stable/folsom git entries.

Branch metadata

Branch format:: Branch format 7

Repository format:: Bazaar repository format 2a (needs bzr 1.16 or later)

This branch contains Public information

Everyone can see this information.

Subscribers

Adam Gandelman

Ubuntukeystone package