lp:ubuntu/raring-updates/keystone
- Get this branch:
- bzr branch lp:ubuntu/raring-updates/keystone
Branch merges
Branch information
Recent revisions
- 50. By Adam Gandelman
-
* Resynchronize with stable/grizzly (9666fc0) (LP: #1241202):
- [6792499] periodic-keystone- python27- stable- grizzly fails due to"No
module named netaddr" LP: 1212939
- [775d7a7] Fix and test token revocation list API
- [0876ea2] N+1 lookups in groups SQL LP: 1218675
- [afbc75b] Disabling a tenant would not disable a user token LP: 1179955
- [9666fc0] User operations with LDAP Identity and
enabled_mask/user_ enabled_ default fail LP: 1210175 - 49. By Jamie Strandboge
-
* SECURITY UPDATE: revoke user tokens when disabling/delete a project
- debian/patches/ CVE-2013- 4222.patch: add _delete_ tokens_ for_project( ) to
common/controller. py and use it in identity/ controllers. py
(LP: #1179955)
- CVE-2013-4222
* SECURITY UPDATE: fix and test token revocation list API
- debian/patches/ CVE-2013- 4294.patch: fix token matching for memcache
backend token revocation (LP: #1202952)
- CVE-2013-4294 - 48. By Adam Gandelman
-
* Dropped patches, applied upstream:
- debian/patches/ CVE-2013- 2157.patch: [c100fd2]
* Resynchronize with stable/grizzly (f60f742) (LP: #1210447):
- [4b22c02] Bump stable/grizzly next version to 2013.1.3
- [c100fd2] Force simple Bind for authentication
- [b426022] password in clear in keystone.log LP: 1166697
- [8ea8024] Performance issue when delete tokens for users LP: 1178063
- [76a94c6] Editing User fails when the user already has a Primary Project
LP: 1161963
- [27a5b42] User roles are replaced by group roles in v3 tokens
LP: 1197874
- [f60f742] Unscoped tokens are revoked when assigning a role to a user
LP: 1170186
* debian/control: Update Vcs field. - 47. By Adam Gandelman
-
* Rebased to include latest security updates:
- debian/patches/ CVE-2013- 2157.patch: Cherry-picked from stable/grizzly. - 46. By Jamie Strandboge
-
* SECURITY UPDATE: fix authentication bypass when using LDAP backend
- debian/patches/ CVE-2013- 2157.patch: identity/ backends/ ldap/core. py is
adjusted to raise an assertion for invalid password when using LDAP and
an empty password is submitted
- CVE-2013-2157
- LP: #1187305 - 45. By James Page
-
* Rebase against latest security updates.
* Dropped patches:
- debian/patches/ CVE-2013- 2059.patch: [678b06a] - 44. By Jamie Strandboge
-
* SECURITY UPDATE: delete user token immediately upon delete when using v2
API
- CVE-2013-2059.patch: adjust keystone/ identity/ controllers. py to call
_delete_tokens_ for_user( ) during delete. Also update test suite.
- CVE-2013-2059
- LP: #1166670 - 43. By Chuck Short
-
[ Adam Gandelman ]
* debian/patches/ sql_connection. patch: Ensure SQL by default for all
backends. (LP: #1158563)
* debian/rules: Reinstate use of test_overrides.conf to target upstream
defaults when running unit tests.[ Chuck Short ]
* New upstream release.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/saucy/keystone