ubuntu/+source/keystone:ubuntu/precise-devel

Last commit made on 2013-05-16
Get this branch:
git clone -b ubuntu/precise-devel https://git.launchpad.net/ubuntu/+source/keystone
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/precise-devel
Repository:
lp:ubuntu/+source/keystone

Recent commits

bdf794f... by Jamie Strandboge on 2013-05-15

Import patches-unapplied version 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: f8113a3f67b2340447d2b506f74317b3106d2311

New changelog entries:
  * SECURITY UPDATE: delete user token immediately upon delete when using v2
    API
    - CVE-2013-2059.patch: adjust keystone/identity/core.py to call
      token_api.delete_token() during delete. Also update test suite.
    - CVE-2013-2059
    - LP: #1166670

f8113a3... by Yolanda Robla on 2013-04-23

Import patches-unapplied version 2012.1.3+stable-20130423-f48dd0fc-0ubuntu1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 13a28253df23bc0c9ebfeee17cac5449e19c4609

New changelog entries:
  * Resynchronize with stable/essex (LP: #1089488):
    - [7402f5e] EC2 authentication does not ensure user or tenant is enabled
      LP: 1121494
    - [8945567] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
    - [7b5b72f] Add size validations for /tokens.
    - [ef1e682] docutils 0.10 incompatible with sphinx 1.1.3 LP: 1091333
    - [8735009] Removing user from a tenant isn't invalidating user access to
      tenant (LP: #1064914)
    - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [ddb4019] Open 2012.1.4 development
    - [0e1f05e] memcache driver needs protection against unicode user keys
      (LP: #1056373)
    - [176ee9b] Token invalidation in case of role grant/revoke should be
      limited to affected tenant (LP: #1050025)
    - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
      (LP: #1041396)
    - [cd1e48a] Memcached Token Backend does not support list tokens
      (LP: #1046905)
    - [5438d3b] Update user's default tenant partially succeeds without authz
      (LP: #1040626)
  * Dropped patches, superseeded by new snapshot:
    - debian/patches/CVE-2013-0282.patch [7402f5e]
    - debian/patches/CVE-2013-1664+1665.patch [8945567]
    - debian/patches/keystone-CVE-2012-5571.patch [8735009]
    - debian/patches/keystone-CVE-2012-4413.patch [58ac669]
    - debian/patches/keystone-CVE-2012-3542.patch [5438d3b]
  * Refreshed patches:
    - debian/patches/CVE-2013-0247.patch
    - debian/patches/fix-ubuntu-tests.patch

13a2825... by Jamie Strandboge on 2013-02-19

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2.5 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 130325cb95a9a8e1121e14c27ecb91b2fa683333

New changelog entries:
  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
    - LP: #1121494
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665
    - LP: #1100279

130325c... by Jamie Strandboge on 2013-01-31

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2.4 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 2b704958067b41d0e64a0d3a7dcfdd750738fa73

New changelog entries:
  * SECURITY UPDATE: fix token creation error handling
    - debian/patches/CVE-2013-0247.patch: validate size of user_id, username,
      password, tenant_name, tenant_id and token size to help guard against a
      denial of service via large log files filling the disk
    - CVE-2013-0247

2b70495... by Jamie Strandboge on 2012-11-26

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2.3 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: db80aef6ecb2fb02c8e0d25cfba71ed1b2933227

New changelog entries:
  * SECURITY UPDATE: fix for EC2-style credentials invalidation
    - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
      that the user is in at least one valid role for the tenant
    - CVE-2012-5571
    - LP: #1064914

db80aef... by Steve Beattie on 2012-09-12

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2.2 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 73939d2ba6aada15a3eeb3063a0c50647ed56558

New changelog entries:
  * SECURITY UPDATE: Pre-existing tokens continue to be valid after
    granting or revoking a user's access (LP: #1041396)
    - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
      tokens upon role grant/revoke
    - CVE-2012-4413

73939d2... by Steve Beattie on 2012-08-30

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2.1 to ubuntu/precise-security

Imported using git-ubuntu import.

Changelog parent: 4e6b3cae52f96193d56d0208942b872fa7a3859e

New changelog entries:
  * SECURITY UPDATE: tenants are able to be added to users without
    authorization (LP: #1040626)
    - debian/patches/keystone-CVE-2012-3542: require authz to update a
      user's tenant.
    - CVE-2012-3542

4e6b3ca... by Adam Gandelman on 2012-08-24

Import patches-unapplied version 2012.1+stable~20120824-a16a0ab9-0ubuntu2 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: b084a9782fbc6bc4f9977ac55ff9d3109d370665

New changelog entries:
  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
      Dropped.
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)

b084a97... by Chuck Short on 2012-06-05

Import patches-unapplied version 2012.1+stable~20120608-aff45d6-0ubuntu1 to ubuntu/precise-proposed

Imported using git-ubuntu import.

Changelog parent: 2ee4ff3bbe0e3ed375e2efa05af2484258e70e1a

New changelog entries:
  * New usptream snapshot. (LP: #1010473)
  * Resynchronize with stable/essex:
    - aff45d6 - Make import_nova_auth only create roles which don't already exist
      (LP: #959294)
  * debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch: Backported
    fix for "Flush tenant membership deletion before user." (LP: #998137)

2ee4ff3... by Chuck Short on 2012-04-05

Import patches-unapplied version 2012.1-0ubuntu1 to ubuntu/precise

Imported using git-ubuntu import.

Changelog parent: ea7dde7c702457fbefa9271f596985f5f164bd49

New changelog entries:
  * New upstream version.
  * debian/man/keystone.8: Mention that there is a lack of ssl support.