Created by Yolanda Robla on 2012-12-18 and last modified on 2012-12-18
Get this branch:
bzr branch lp:~yolanda.robla/ubuntu/precise/keystone/essex-sru
Only Yolanda Robla can upload to this branch. If you are Yolanda Robla please log in for upload directions.

Branch merges

Related bugs

Related blueprints

Branch information

Yolanda Robla

Recent revisions

30. By Yolanda Robla on 2012-12-18

fixing typo in changelog

29. By Yolanda Robla on 2012-12-17

[ Chuck Short ]
* debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309)

[ Yolanda Robla Mota ]
* Resynchronize with stable/essex (c17a9992):
  - [8735009] Removing user from a tenant isn't invalidating user access to
    tenant (CVE-2012-5571)
  - [025b1d5] Jenkins jobs fail because of incompatibility between sqlalchemy-
    migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
  - [ddb4019] Open 2012.1.4 development
  - [0e1f05e] memcache driver needs protection against unicode user keys
    (LP: #1056373)
  - [176ee9b] Token invalidation in case of role grant/revoke should be
    limited to affected tenant (LP: #1050025)
  - [58ac669] Token validation includes revoked roles (CVE-2012-4413)
  - [cd1e48a] Memcached Token Backend does not support list tokens
    (LP: #1046905)
  - [5438d3b] Update user's default tenant partially succeeds without authz

* Dropped, superseeded by new snapshot:
  - debian/patches/CVE-2012-4413.patch [58ac669]
  - debian/patches/CVE-2012-5571.patch [8735009]
  - debian/patches/CVE-2012-3542.patch [5438d3b]

28. By Jamie Strandboge on 2012-11-26

* SECURITY UPDATE: fix for EC2-style credentials invalidation
  - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
    that the user is in at least one valid role for the tenant
  - CVE-2012-5571
  - LP: #1064914

27. By Steve Beattie on 2012-09-12

* SECURITY UPDATE: Pre-existing tokens continue to be valid after
  granting or revoking a user's access (LP: #1041396)
  - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
    tokens upon role grant/revoke
  - CVE-2012-4413

26. By Steve Beattie on 2012-08-30

* SECURITY UPDATE: tenants are able to be added to users without
  authorization (LP: #1040626)
  - debian/patches/keystone-CVE-2012-3542: require authz to update a
    user's tenant.
  - CVE-2012-3542

25. By Chuck Short on 2012-04-05

* New upstream version.
* debian/man/keystone.8: Mention that there is a lack of ssl support.

24. By Chuck Short on 2012-04-04

[Chuck Short]
* New upstream version.
* debian/keystone.install: install tools/{convert_to_sqlite.sh,

[Adam Gandelman]
* debian/patches/fix-ubuntu-tests.patch: Also skip keystoneclient
  essex 3 tests, add patch description
* debian/keystone.logrotate: Add logrotate config (LP: #962426)

23. By Chuck Short on 2012-03-26

[Chuck Short]
* New usptream version.
* debian/control: Add python-iso8601 as a depends.
* debian/patches/fix-ubuntu-tests.patch: Disable git checkout on some
  of the tests.
* dropped swift as a depends.

[Adam Gandelman]
* debian/patches/sql_connection.patch: Refresh
* debian/logging.conf: Update and enable file logging (LP: #959610)
* debian/keystone.prerm: Only attempt to cleanup database if it was
  configured during installation. (LP: #948719)
* debian/rules: Fix doc builds + clean (LP: #956019)
* debian/control: Add python-{nova, swift} as Build-Depends, required
  for doc building
* debian/rules, debian/tests/test_overrides.conf: Setup a proper environment
  for unit testing

22. By Adam Gandelman on 2012-03-16

New upstream release.

21. By Chuck Short on 2012-03-09

[ Adam Gandleman ]
* debian/patches/keystone-auth.patch: Drop, applied upstream at commit
* debian/patches/sql_connection.patch: Refresh

[ Chuck Short ]
* New upstream release.
* debian/patches/sql_connection.patch: Refreshed.

Branch metadata

Branch format:
Branch format 7
Repository format:
Bazaar repository format 2a (needs bzr 1.16 or later)
Stacked on:
This branch contains Public information 
Everyone can see this information.