lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru
- Get this branch:
- bzr branch lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru
Branch merges
- James Page: Approve
-
Diff: 33638 lines (+30158/-3073)34 files modified.pc/applied-patches (+0/-3)
.pc/fix-ubuntu-tests.patch/tests/test_keystoneclient.py (+9/-9)
.pc/keystone-CVE-2012-3542.patch/keystone/identity/core.py (+0/-625)
.pc/keystone-CVE-2012-4413.patch/keystone/identity/core.py (+0/-626)
.pc/keystone-CVE-2012-4413.patch/keystone/token/core.py (+0/-107)
.pc/keystone-CVE-2012-4413.patch/tests/test_keystoneclient.py (+0/-970)
.pc/keystone-CVE-2012-5571.patch/keystone/contrib/ec2/core.py (+0/-347)
ChangeLog (+29735/-0)
PKG-INFO (+10/-0)
debian/changelog (+29/-0)
debian/keystone.logrotate (+3/-0)
debian/patches/fix-ubuntu-tests.patch (+10/-12)
debian/patches/keystone-CVE-2012-3542.patch (+0/-18)
debian/patches/keystone-CVE-2012-4413.patch (+0/-147)
debian/patches/keystone-CVE-2012-5571.patch (+0/-62)
debian/patches/series (+0/-3)
doc/keystone_compat_flows.sdx (+0/-99)
keystone.egg-info/PKG-INFO (+10/-0)
keystone.egg-info/SOURCES.txt (+176/-0)
keystone.egg-info/dependency_links.txt (+1/-0)
keystone.egg-info/not-zip-safe (+1/-0)
keystone.egg-info/requires.txt (+11/-0)
keystone.egg-info/top_level.txt (+1/-0)
keystone/identity/core.py (+4/-4)
keystone/token/backends/kvs.py (+13/-8)
keystone/token/backends/memcache.py (+31/-1)
keystone/token/backends/sql.py (+6/-1)
keystone/token/core.py (+11/-5)
setup.cfg (+8/-11)
setup.py (+1/-1)
tests/test_backend.py (+56/-5)
tests/test_backend_memcache.py (+29/-6)
tests/test_keystoneclient.py (+1/-1)
tools/pip-requires (+2/-2)
Related bugs
Bug #1046905: Memcached Token Backend does not support list tokens | Undecided | Fix Released | |
Bug #1049309: keystone package: logrotate should have compress option | Undecided | Fix Released | |
Bug #1050025: Token invalidation in case of role grant/revoke should be limited to affected tenant | Undecided | Fix Released | |
Bug #1056373: memcache driver needs protection against unicode user keys | Undecided | Fix Released | |
Bug #1073569: Jenkins jobs fail because of incompatibility between sqlalchemy-migrate and the newest sqlalchemy-0.8.0b1 | Critical | Fix Released |
Related blueprints
Branch information
- Owner:
- Yolanda Robla
- Status:
- Development
Recent revisions
- 29. By Yolanda Robla
-
[ Chuck Short ]
* debian/keystone. logrotate: Compress log file when rotated. (LP: #1049309) [ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
- [8735009] Removing user from a tenant isn't invalidating user access to
tenant (CVE-2012-5571)
- [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
- [ddb4019] Open 2012.1.4 development
- [0e1f05e] memcache driver needs protection against unicode user keys
(LP: #1056373)
- [176ee9b] Token invalidation in case of role grant/revoke should be
limited to affected tenant (LP: #1050025)
- [58ac669] Token validation includes revoked roles (CVE-2012-4413)
- [cd1e48a] Memcached Token Backend does not support list tokens
(LP: #1046905)
- [5438d3b] Update user's default tenant partially succeeds without authz
(CVE-2012-3542)* Dropped, superseeded by new snapshot:
- debian/patches/ CVE-2012- 4413.patch [58ac669]
- debian/patches/ CVE-2012- 5571.patch [8735009]
- debian/patches/ CVE-2012- 3542.patch [5438d3b] - 28. By Jamie Strandboge
-
* SECURITY UPDATE: fix for EC2-style credentials invalidation
- debian/patches/ CVE-2012- 5571.patch: adjust contrib/ec2/core.py to verify
that the user is in at least one valid role for the tenant
- CVE-2012-5571
- LP: #1064914 - 27. By Steve Beattie
-
* SECURITY UPDATE: Pre-existing tokens continue to be valid after
granting or revoking a user's access (LP: #1041396)
- debian/patches/ keystone- CVE-2012- 4413.patch: invalidate all user
tokens upon role grant/revoke
- CVE-2012-4413 - 26. By Steve Beattie
-
* SECURITY UPDATE: tenants are able to be added to users without
authorization (LP: #1040626)
- debian/patches/ keystone- CVE-2012- 3542: require authz to update a
user's tenant.
- CVE-2012-3542 - 25. By Chuck Short
-
* New upstream version.
* debian/man/keystone. 8: Mention that there is a lack of ssl support. - 24. By Chuck Short
-
[Chuck Short]
* New upstream version.
* debian/keystone. install: install tools/{ convert_ to_sqlite. sh,
sample_data.sh}[Adam Gandelman]
* debian/patches/ fix-ubuntu- tests.patch: Also skip keystoneclient
essex 3 tests, add patch description
* debian/keystone. logrotate: Add logrotate config (LP: #962426) - 23. By Chuck Short
-
[Chuck Short]
* New usptream version.
* debian/control: Add python-iso8601 as a depends.
* debian/patches/ fix-ubuntu- tests.patch: Disable git checkout on some
of the tests.
* dropped swift as a depends.[Adam Gandelman]
* debian/patches/ sql_connection. patch: Refresh
* debian/logging. conf: Update and enable file logging (LP: #959610)
* debian/keystone. prerm: Only attempt to cleanup database if it was
configured during installation. (LP: #948719)
* debian/rules: Fix doc builds + clean (LP: #956019)
* debian/control: Add python-{nova, swift} as Build-Depends, required
for doc building
* debian/rules, debian/tests/test_ overrides. conf: Setup a proper environment
for unit testing - 21. By Chuck Short
-
[ Adam Gandleman ]
* debian/patches/ keystone- auth.patch: Drop, applied upstream at commit
29337e66.
* debian/patches/ sql_connection. patch: Refresh [ Chuck Short ]
* New upstream release.
* debian/patches/ sql_connection. patch: Refreshed.
Branch metadata
- Branch format:
- Branch format 7
- Repository format:
- Bazaar repository format 2a (needs bzr 1.16 or later)
- Stacked on:
- lp:ubuntu/raring/keystone