Created by Ubuntu Package Importer on 2013-01-06 and last modified on 2013-05-29
Get this branch:
bzr branch lp:ubuntu/quantal-proposed/keystone
Members of Ubuntu branches can upload to this branch. Log in for directions.

Branch merges

Related bugs

Related blueprints

Branch information

Ubuntu branches
Review team:
Ubuntu Development Team

Recent revisions

41. By James Page on 2013-05-29

debian/patches/update_certs.patch: Fix FTBFS. Original SSL certs
for test suite expired May 18 2013. Cherry-picked regenerated certs
from stable/folsom commit c14f2789.

40. By James Page on 2013-05-17

* Rebase on latest security fixes.
* SECURITY UPDATE: delete user token immediately upon delete when using v2
  - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
    token_api.delete_token() during delete. Also update test suite.
  - CVE-2013-2059
  - LP: #1166670

39. By Adam Gandelman on 2013-04-25

* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-1865.patch: [255b1d4]
  - debian/patches/CVE-2013-0282.patch: [f0b4d30]
  - debian/patches/CVE-2013-1664+1665.patch: [8a22745]
* Resynchronize with stable/folsom (09f28020) (LP: #1179707):
  - [5ea4fcf] V2 API reported at Beta LP: 1135230
  - [1889299] PKI-signed token hash saved as token ID for SQL backend only
    LP: 1073272
  - [40660f0] Key PKI tokens on hash in memcached for auth_token middleware
    LP: 1073343
  - [b3ce6a7] Use the right subprocess based on os monkeypatch
  - [bb1ded0] keystone-all --config-dir is being ignored LP: 1101129
  - [9e0a97d] Temporary network outage results in connection refused and
    invalid token LP: 1150299
  - [255b1d4] Validation of PKI tokens bypasses revocation check LP: 1129713
  - [8690166] PKI tokens are broken after 24 hours LP: 1074172
  - [790c87e] PKI tokens are broken after 24 hours LP: 1074172
  - [f0b4d30] EC2 authentication does not ensure user or tenant is enabled
    LP: 1121494
  - [8a22745] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282

38. By James Page on 2013-03-22

* Resync with latest security updates.
* SECURITY UPDATE: fix PKI revocation bypass
  - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
  - CVE-2013-1865
* SECURITY UPDATE: fix EC2-style authentication for disabled users
  - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
    to ensure user and tenant are enabled in EC2
  - CVE-2013-0282
* SECURITY UPDATE: fix denial of service
  - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
  - CVE-2013-1664
  - CVE-2013-1665

37. By Adam Gandelman on 2013-02-06

[ Adam Gandelman ]
* Dropped patches, applied upstream:
  - debian/patches/CVE-2013-0247.patch: [bb2226f]
* Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
  - [bb2226f] Add size validations for /tokens.
  - [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
  - [70e55f9] SQL backend fails if not all URL are defined in an endpoint
    LP: 1061736
  - [6c95b73] Unparseable endpoint URL's should raise a user friendly error
    LP: 1058494
  - [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
  - [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405

[ Chuck Short ]
* debian/patches/fix-ubuntu-tests.patch: Refreshed.

36. By Adam Gandelman on 2012-12-04

* Ubuntu updates:
  - debian/control: Ensure keystoneclient is upgraded with keystone,
    require python-keystoneclient >= 1:0.1.3. (LP: #1073273)
  - Dropped patches, applied upsteram:
    - debian/patches/CVE-2012-5563.patch
    - debian/patches/CVE-2012-5571.patch
    - debian/patches/fix-ssl-tests-lp1068851.patch
* Resynchronize with stable/folsom (7869c3ec) (LP: #1085255):
  - [f9d4766] token expires time incorrect for auth by one token
    (LP: #1079216)
  - [80d63c8] keystone throws error when removing user from tenant.
    (LP: #1078497)
  - [37308dd] Removing user from a tenant isn't invalidating user access to
    tenant (LP: #1064914)
  - [bec9b68] Redo part of bp/sql-identiy-pam undone by bug 968519
    (LP: #1068674)
  - [ee645e6] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [094c494] Non PKI Tokens longer than 32 characters can never be valid
    (LP: #1060389)
  - [3cd343b] Openssl tests rely on expired certificate (LP: #1068851)
  - [2f9807e] Set defaultbranch in .gitreview to stable/folsom

35. By Jamie Strandboge on 2012-11-28

* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914
* debian/patches/fix-ssl-tests-lp1068851.patch: update certificates for
  SSL tests
* SECURITY UPDATE: fix for token expiration
  - debian/patches/CVE-2012-5563.patch: ensure token expiration is
  - CVE-2012-5563
  - LP: #1079216

34. By Chuck Short on 2012-09-27

New upstream release.

33. By Chuck Short on 2012-09-26

New upstream release.

32. By Chuck Short on 2012-09-17

* New upstream version.
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.