Merge lp:~gandelman-a/ubuntu/saucy/keystone/2013.2.1 into lp:~ubuntu-server-dev/keystone/havana

Proposed by Adam Gandelman on 2013-12-19
Status: Merged
Approved by: Chuck Short on 2014-01-02
Approved revision: 243
Merged at revision: 241
Proposed branch: lp:~gandelman-a/ubuntu/saucy/keystone/2013.2.1
Merge into: lp:~ubuntu-server-dev/keystone/havana
Diff against target: 174 lines (+80/-17)
2 files modified
debian/changelog (+36/-1)
debian/patches/fix-ubuntu-tests.patch (+44/-16)
To merge this branch: bzr merge lp:~gandelman-a/ubuntu/saucy/keystone/2013.2.1
Reviewer Review Type Date Requested Status
Ubuntu Server Developers 2013-12-19 Pending
Review via email: mp+199722@code.launchpad.net

Commit message

2013.2.1

Description of the change

2013.2.1. WIP: Waiting on a patch from jdstrand to fix a test suite FTBFS introduced in stable/havana security update.

To post a comment you must log in.
Adam Gandelman (gandelman-a) wrote :

Updated to include security fixes. Note that one patch applied by security team adjusted a test that came with the CVE fix, that requires a newer version of keystoneclient. We can safely skip the test on failure.

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-12-18 18:39:07 +0000
3+++ debian/changelog 2013-12-23 22:17:23 +0000
4@@ -1,11 +1,46 @@
5-keystone (1:2013.2.1-0ubuntu2) UNRELEASED; urgency=low
6+keystone (1:2013.2.1-0ubuntu1) saucy-proposed; urgency=low
7
8+ * Resynchronize with stable/havana (03ed8c3) (LP: #1262788):
9+ - [e6adb2f] Opening stable/havana
10+ - [4221b60] Removing role adds role with LDAP backend LP: 1242855
11+ - [3c25be5] Update memcache to match global requirements for stable/havana
12+ - [d927273] Keystone tests determine rootdir relative to pwd LP: 1241198
13+ - [64ac189] Updated from global requirements
14+ - [03ed8c3] [OSSA 2013-032] Keystone trust circumvention through EC2-style
15+ tokens (CVE-2013-6391) LP: 1242597
16+ * Dropped patches, applied upstream:
17+ - debian/patches/CVE-2013-4477.patch: [4221b60]
18+ - debian/patches/CVE-2013-6391.patch: [03ed8c3]
19+ * debian/patches/fix-ubuntu-tests.patch: Update to skip a test introduced
20+ with [03ed8c3] that requires a more recent version of
21+ python-keystoneclient.
22 * debian/patches/revert-stable-havana-requirements.patch: Revert
23 version bumps to dependencies in stable/havana back to what was
24 shipped with Saucy.
25
26 -- Adam Gandelman <adamg@ubuntu.com> Tue, 17 Dec 2013 20:08:25 -0800
27
28+keystone (1:2013.2-0ubuntu1.2) saucy-security; urgency=low
29+
30+ * SECURITY UPDATE: Keystone trust circumvention through EC2-style tokens
31+ - debian/patches/CVE-2013-6391.patch: addjust to store the trust_id with
32+ the ec2 keypair and pass this with metadata when requesting v2 token
33+ - CVE-2013-6391
34+ - LP: #1242597
35+
36+ -- Jamie Strandboge <jamie@ubuntu.com> Thu, 19 Dec 2013 13:45:15 -0600
37+
38+keystone (1:2013.2-0ubuntu1.1) saucy-security; urgency=low
39+
40+ * SECURITY UPDATE: don't add role when attempting to remove a non-existent
41+ role
42+ - debian/patches/CVE-2013-4477.patch: raise RoleNotFound with exception
43+ ldap.NO_SUCH_OBJECT
44+ - CVE-2013-4477
45+ - LP: #1242855
46+
47+ -- Jamie Strandboge <jamie@ubuntu.com> Tue, 05 Nov 2013 09:06:12 -0600
48+
49 keystone (1:2013.2-0ubuntu1) saucy; urgency=low
50
51 * New upstream release (LP: #1236462).
52
53=== modified file 'debian/patches/fix-ubuntu-tests.patch'
54--- debian/patches/fix-ubuntu-tests.patch 2013-12-18 04:08:31 +0000
55+++ debian/patches/fix-ubuntu-tests.patch 2013-12-23 22:17:23 +0000
56@@ -1,7 +1,7 @@
57 Index: keystone/keystone/tests/test_associate_project_endpoint_extension.py
58 ===================================================================
59---- keystone.orig/keystone/tests/test_associate_project_endpoint_extension.py 2013-12-17 20:02:48.219728454 -0800
60-+++ keystone/keystone/tests/test_associate_project_endpoint_extension.py 2013-12-17 20:02:48.211728454 -0800
61+--- keystone.orig/keystone/tests/test_associate_project_endpoint_extension.py 2013-12-23 14:12:31.076093251 -0800
62++++ keystone/keystone/tests/test_associate_project_endpoint_extension.py 2013-12-23 14:12:31.068093251 -0800
63 @@ -17,6 +17,8 @@
64 import os
65 import uuid
66@@ -25,8 +25,8 @@
67 def setUp(self):
68 Index: keystone/keystone/tests/test_content_types.py
69 ===================================================================
70---- keystone.orig/keystone/tests/test_content_types.py 2013-12-17 20:02:48.219728454 -0800
71-+++ keystone/keystone/tests/test_content_types.py 2013-12-17 20:02:48.211728454 -0800
72+--- keystone.orig/keystone/tests/test_content_types.py 2013-12-23 14:12:31.076093251 -0800
73++++ keystone/keystone/tests/test_content_types.py 2013-12-23 14:12:31.068093251 -0800
74 @@ -15,6 +15,7 @@
75 # under the License.
76
77@@ -67,8 +67,8 @@
78 """Convenience method so that we can test authenticated requests."""
79 Index: keystone/keystone/tests/test_keystoneclient.py
80 ===================================================================
81---- keystone.orig/keystone/tests/test_keystoneclient.py 2013-12-17 20:02:48.219728454 -0800
82-+++ keystone/keystone/tests/test_keystoneclient.py 2013-12-17 20:02:48.211728454 -0800
83+--- keystone.orig/keystone/tests/test_keystoneclient.py 2013-12-23 14:12:31.076093251 -0800
84++++ keystone/keystone/tests/test_keystoneclient.py 2013-12-23 14:12:31.068093251 -0800
85 @@ -16,6 +16,7 @@
86
87 import uuid
88@@ -147,8 +147,8 @@
89 # NOTE(termie): update_enabled doesn't return anything, probably a bug
90 Index: keystone/keystone/tests/test_no_admin_token_auth.py
91 ===================================================================
92---- keystone.orig/keystone/tests/test_no_admin_token_auth.py 2013-12-17 20:02:48.219728454 -0800
93-+++ keystone/keystone/tests/test_no_admin_token_auth.py 2013-12-17 20:02:48.211728454 -0800
94+--- keystone.orig/keystone/tests/test_no_admin_token_auth.py 2013-12-23 14:12:31.076093251 -0800
95++++ keystone/keystone/tests/test_no_admin_token_auth.py 2013-12-23 14:12:31.068093251 -0800
96 @@ -16,6 +16,7 @@
97
98 import os
99@@ -171,8 +171,8 @@
100 self.loadapp(tests.tmpdir('no_admin_token_auth'), name='admin'),
101 Index: keystone/keystone/tests/test_v3.py
102 ===================================================================
103---- keystone.orig/keystone/tests/test_v3.py 2013-12-17 20:02:48.219728454 -0800
104-+++ keystone/keystone/tests/test_v3.py 2013-12-17 20:02:48.211728454 -0800
105+--- keystone.orig/keystone/tests/test_v3.py 2013-12-23 14:12:31.076093251 -0800
106++++ keystone/keystone/tests/test_v3.py 2013-12-23 14:12:31.072093251 -0800
107 @@ -18,6 +18,7 @@
108 import uuid
109
110@@ -207,8 +207,8 @@
111 self.project = self.new_project_ref(
112 Index: keystone/keystone/tests/test_v3_protection.py
113 ===================================================================
114---- keystone.orig/keystone/tests/test_v3_protection.py 2013-12-17 20:02:48.219728454 -0800
115-+++ keystone/keystone/tests/test_v3_protection.py 2013-12-17 20:02:48.211728454 -0800
116+--- keystone.orig/keystone/tests/test_v3_protection.py 2013-12-23 14:12:31.076093251 -0800
117++++ keystone/keystone/tests/test_v3_protection.py 2013-12-23 14:12:31.072093251 -0800
118 @@ -16,6 +16,7 @@
119 # under the License.
120
121@@ -240,8 +240,8 @@
122 self.identity_api.create_domain(self.domainA['id'], self.domainA)
123 Index: keystone/keystone/tests/test_wsgi.py
124 ===================================================================
125---- keystone.orig/keystone/tests/test_wsgi.py 2013-12-17 20:02:48.219728454 -0800
126-+++ keystone/keystone/tests/test_wsgi.py 2013-12-17 20:02:48.211728454 -0800
127+--- keystone.orig/keystone/tests/test_wsgi.py 2013-12-23 14:12:31.076093251 -0800
128++++ keystone/keystone/tests/test_wsgi.py 2013-12-23 14:12:31.072093251 -0800
129 @@ -15,6 +15,7 @@
130 # under the License.
131
132@@ -288,8 +288,8 @@
133 if (user_locale == LANG_ID and
134 Index: keystone/run_tests.sh
135 ===================================================================
136---- keystone.orig/run_tests.sh 2013-12-17 20:02:48.219728454 -0800
137-+++ keystone/run_tests.sh 2013-12-17 20:02:48.215728454 -0800
138+--- keystone.orig/run_tests.sh 2013-12-23 14:12:31.076093251 -0800
139++++ keystone/run_tests.sh 2013-12-23 14:12:31.072093251 -0800
140 @@ -70,7 +70,7 @@
141 never_venv=0
142 force=0
143@@ -299,3 +299,31 @@
144 wrapper=""
145 just_flake8=0
146 short_flake8=0
147+Index: keystone/keystone/tests/test_keystoneclient_sql.py
148+===================================================================
149+--- keystone.orig/keystone/tests/test_keystoneclient_sql.py 2013-12-23 14:11:56.408093565 -0800
150++++ keystone/keystone/tests/test_keystoneclient_sql.py 2013-12-23 14:14:14.980092310 -0800
151+@@ -14,6 +14,7 @@
152+ # License for the specific language governing permissions and limitations
153+ # under the License.
154+
155++import nose
156+ import uuid
157+
158+ from keystoneclient.contrib.ec2 import utils as ec2_utils
159+@@ -136,8 +137,13 @@
160+
161+ # Create a client for user_two, scoped to the trust
162+ client = self.get_client(self.user_two)
163+- ret = client.authenticate(trust_id=trust_id,
164+- tenant_id=self.tenant_bar['id'])
165++ try:
166++ ret = client.authenticate(trust_id=trust_id,
167++ tenant_id=self.tenant_bar['id'])
168++ except:
169++ m = 'Skipped by Ubuntu-- need python-keystoneclient 0.4.1'
170++ raise nose.exc.SkipTest(m)
171++ self.assertTrue(ret)
172+ self.assertTrue(ret)
173+ self.assertTrue(client.auth_ref.trust_scoped)
174+ self.assertEqual(trust_id, client.auth_ref.trust_id)

Subscribers

People subscribed via source and target branches