keystone (2012.2.1-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
    - LP: #1121494
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665
    - LP: #1100279
    - LP: #1100282

 -- Jamie Strandboge <jamie@ubuntu.com>  Tue, 19 Feb 2013 11:48:27 -0600

keystone (2012.2.1-0ubuntu1.1) quantal-security; urgency=low

  * SECURITY UPDATE: fix token creation error handling 
    - debian/patches/CVE-2013-0247.patch: validate size of user_id, username,
      password, tenant_name, tenant_id and old_token size to help guard
      against a denial of service via large log files filling the disk
    - CVE-2013-0247

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 31 Jan 2013 12:14:43 -0600

keystone (2012.2.1-0ubuntu1) quantal-proposed; urgency=low

  * Ubuntu updates:
    - debian/control: Ensure keystoneclient is upgraded with keystone,
      require python-keystoneclient >= 1:0.1.3. (LP: #1073273)
    - Dropped patches, applied upsteram:
      - debian/patches/CVE-2012-5563.patch
      - debian/patches/CVE-2012-5571.patch
      - debian/patches/fix-ssl-tests-lp1068851.patch
  * Resynchronize with stable/folsom (7869c3ec) (LP: #1085255):
    - [f9d4766] token expires time incorrect for auth by one token
      (LP: #1079216)
    - [80d63c8] keystone throws error when removing user from tenant.
      (LP: #1078497)
    - [37308dd] Removing user from a tenant isn't invalidating user access to
      tenant (LP: #1064914)
    - [bec9b68] Redo part of bp/sql-identiy-pam undone by bug 968519
      (LP: #1068674)
    - [ee645e6] Jenkins jobs fail because of incompatibility between sqlalchemy-
      migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
    - [094c494] Non PKI Tokens longer than 32 characters can never be valid
      (LP: #1060389)
    - [3cd343b] Openssl tests rely on expired certificate (LP: #1068851)
    - [2f9807e] Set defaultbranch in .gitreview to stable/folsom

 -- Adam Gandelman <adamg@ubuntu.com>  Tue, 04 Dec 2012 09:19:41 -0800

keystone (2012.2-0ubuntu1.2) quantal-security; urgency=low

  * SECURITY UPDATE: fix for EC2-style credentials invalidation
    - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
      that the user is in at least one valid role for the tenant
    - CVE-2012-5571
    - LP: #1064914
  * debian/patches/fix-ssl-tests-lp1068851.patch: update certificates for
    SSL tests
  * SECURITY UPDATE: fix for token expiration
    - debian/patches/CVE-2012-5563.patch: ensure token expiration is
      maintained
    - CVE-2012-5563
    - LP: #1079216

 -- Jamie Strandboge <jamie@ubuntu.com>  Wed, 28 Nov 2012 11:29:47 -0600

keystone (2012.2-0ubuntu1) quantal; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Sep 2012 12:22:07 -0500

keystone (2012.2~rc2-0ubuntu1) quantal; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Wed, 26 Sep 2012 13:15:29 -0500

keystone (2012.2~rc1-0ubuntu1) quantal; urgency=low

  * New upstream version.
  * debian/keystone.logrotate: Compress log file when rotated. (LP: #1049309) 

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 17 Sep 2012 09:15:51 -0500

keystone (2012.2~rc1~20120906.2517-0ubuntu2) quantal; urgency=low

  [ Adam Gandelman ]
  * Refreshed patches.

  [ Soren Hansen ]
  * Update debian/watch to account for symbolically named tarballs and
    use newer URL.
  * Fix Launchpad URLs in debian/watch.

  [ Logan Rosen ]
  * Fix control file to suggest python-memcache instead of python-memcached
    (LP: #998991).

  [ Chuck Short ]
  * New upstream version.
  * Dont FTBFS if the testsuite fails.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 07 Sep 2012 13:04:01 -0500

keystone (2012.2~f3-0ubuntu1) quantal; urgency=low

  [ Adam Gandelman ]
  * debian/{keystone.conf, rules, keytone.install}: Install patched
    keystone.conf.sample configured for SQL backends to /etc/keystone,
    no longer maintain our own version in packaging. (LP: #1031012)
  * debian/patches/sql_connection.patch: Refreshed against current
    keystone.conf.sample.
  * debian/rules:  Use debian/tests as HOME to avoid test suite FTFBS.

  [ Sam Morrison ]
  * debian/keystone.logrotate: Sent output of keystone restart in logrotate
    to /dev/null. (LP: #1029766)

  [Chuck Short]
  * New upstream version.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 16 Aug 2012 13:59:29 -0500

keystone (2012.2~f2-0ubuntu1) quantal; urgency=low

  * New upstream version.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 06 Jul 2012 10:37:01 -0400

keystone (2012.2~f2~20120622.2353-0ubuntu1) quantal; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 22 Jun 2012 12:27:50 -0400

keystone (2012.2~f2~20120529.2315-0ubuntu2) quantal; urgency=low

  * debian/keystone.conf: Add a functional default server config.
  * debian/keystone.install: Fix installation locations, install
    our default config alongside sample. 

 -- Adam Gandelman <adamg@canonical.com>  Wed, 06 Jun 2012 10:00:14 -0700

keystone (2012.2~f2~20120529.2315-0ubuntu1) quantal; urgency=low

  * New usptream release. 
  * debian/patches/sql_connection.patch: Refreshed

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 01 Jun 2012 11:01:01 -0400

keystone (2012.2~f1-0ubuntu1) quantal; urgency=low

  * New ustpream release.
  * Prepare for quantal:
    - debian/patches/fix-ubuntu-tests.patch: Refreshed.
    - debian/patches/sql_connection.patch: Refreshed.
  * debian/keystone.install: Install the right configuration files.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 24 May 2012 14:04:20 -0400

keystone (2012.1-0ubuntu1) precise; urgency=low

  * New upstream version.
  * debian/man/keystone.8: Mention that there is a lack of ssl support.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 05 Apr 2012 10:42:24 -0400

keystone (2012.1~rc2-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream version.
  * debian/keystone.install: install tools/{convert_to_sqlite.sh,
    sample_data.sh}

  [Adam Gandelman]
  * debian/patches/fix-ubuntu-tests.patch: Also skip keystoneclient
    essex 3 tests, add patch description
  * debian/keystone.logrotate: Add logrotate config (LP: #962426)

 -- Chuck Short <zulcss@ubuntu.com>  Wed, 04 Apr 2012 07:49:15 -0400

keystone (2012.1~rc1-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New usptream version.
  * debian/control: Add python-iso8601 as a depends.
  * debian/patches/fix-ubuntu-tests.patch: Disable git checkout on some
    of the tests.
  * dropped swift as a depends.

  [Adam Gandelman]
  * debian/patches/sql_connection.patch: Refresh
  * debian/logging.conf: Update and enable file logging (LP: #959610)
  * debian/keystone.prerm: Only attempt to cleanup database if it was
    configured during installation. (LP: #948719)
  * debian/rules: Fix doc builds + clean (LP: #956019)
  * debian/control: Add python-{nova, swift} as Build-Depends, required
    for doc building
  * debian/rules, debian/tests/test_overrides.conf: Setup a proper environment
    for unit testing

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Mar 2012 13:41:45 -0400

keystone (2012.1~rc1~20120316.2145-0ubuntu1) precise; urgency=low

  * New upstream release. 

 -- Adam Gandelman <adamg@canonical.com>  Fri, 16 Mar 2012 11:19:40 -0700

keystone (2012.1~rc1~20120308.2103-0ubuntu1) precise; urgency=low

  [ Adam Gandleman ]
  * debian/patches/keystone-auth.patch: Drop, applied upstream at commit
    29337e66.
  * debian/patches/sql_connection.patch: Refresh

  [ Chuck Short ]
  * New upstream release.
  * debian/patches/sql_connection.patch: Refreshed.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Mar 2012 12:26:12 -0500

keystone (2012.1~e4-0ubuntu2) precise; urgency=low

  * debian/keystone.preinst: Create group before creating user (LP: #945299) 

 -- Adam Gandelman <adamg@canonical.com>  Fri, 02 Mar 2012 17:38:00 -0800

keystone (2012.1~e4-0ubuntu1) precise; urgency=low

  [ Chuck Short ]
  * New upstream release. 
  * debian/keystone.upstart: Update for ksl.
  * debian/control: Add python-keystoneclient as dependency.
  * debian/control: Fix typo.
  * debian/keystone.postinst: Update due to redux branch change.
  * debian/keystone.templates, debian/keystone.preinst, debian/kestone.postinst,
    debian/keystone.config, debian/README.Debian: Make keystone installation 
    less interactive. (LP: #931236)
  * debian/keystone.postinst: Don't create users or run a database sync
    since its not working correctly.
  * debian/control: Dropped python-coverage and python-nosexcover.
  * debian/changelog: Fixed changelog.
  * debian/keystone.templates: Set it to false.
  * debian/control: Fix lintian warnings.
  * debian/patches/keystone-auth.patch: Backport auth token improvements,
    this can be dropped in the next snapshot.
  * debian/control: Add python-memcache as a build dependency.
  * debian/keystone-doc.docs: Fix keystone doc builds.
  * debian/rules: Temporarily disable doc install.
  * debian/control: Add python-ldap and python-lxml.
  
  [ Joseph Heck ]
  * debian/control: Dropped python-cli.

  [ Adam Gandelman ]
  * debian/control: Alphabetize python depends 
  * debian/control: Add python-{eventlet, greenlet, passlib} to keystone
    depends
  * debian/control: Add python-lxml to python-keystone Depends
  * Drop 0001-Fix-keystone-all-failure-to-start.patch
  * debian/logging.conf: Temporarily use old logging.conf until upstream
    ships something usable
  * debain/patches/sql_connection.patch: Switch backends to use SQL backends
  * debian/keystone.preinst: Create directories
  * debian/keystone.postinst: Remove create_users stuff, add call to 'db_sync'
    on install

  [ Dave Walker ]
  * debian/patches/sql_connection.patch: Refreshed and reintroduced DEP-3
    headers.
  * debian/control: Added Vcs-Bzr field.

  [ Andrew Glen-Young ]
  * debian/keystone.preinst: Set the primary group to keystone. (LP: #941905)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Mar 2012 09:55:24 -0500

keystone (2012.1~e4~20120203.1574-0ubuntu2) precise; urgency=low

  [Chuck Short]
  * debian/control: Moved python-prettytable and added 
    python-dateutil as a build dependency.

  [Julien Danjou]
  * Add dbconfig support. (LP: #930139)
  * Update db sync to sync_database in postinst. (LP: #930444)

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 13 Feb 2012 09:14:12 -0500

keystone (2012.1~e4~20120203.1574-0ubuntu1) precise; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 03 Feb 2012 16:35:51 -0500

keystone (2012.1~e3-0ubuntu1) UNRELEASED; urgency=low

  * Fix bad manpage formatting causing missing spaces (LP: #907206)
  * Adding python-prettytable to dependency.  (LP: #922954) 

 -- Daniel Polehn <dpolehn@gmail.com>  Sat, 28 Jan 2012 20:17:33 -0800

keystone (2012.1~e3-0ubuntu1) precise; urgency=low

  * New upstream release.
  * Dropped debian/patches/temp_fix_keystone_manage.patch: No longer needed.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 26 Jan 2012 10:53:46 -0500

keystone (2012.1~e3~20120113.1511-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream version.
  * debian/control: Add python-migrate as a build depenedency. 
    (LP: #909941)
  * debian/keystone.dirs: Add cache directory for PTYHON_EGGS
  * debian/control: Add ssl-cert for ssl certificates.
  * debian/patches/keystone-ssl.patch: Point ssl config to the 
    snakeoil certificates.
  * debian/control: Add python-nose as a build dependency.

  [Adam Gandleman]
  * debian/python-keystone.postinst: Also install *.egg-info (LP: #907518) 
  * debian/patches/temp_fix_keyston_manage.patch: Allow keystone to work 
    with current snapshot.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 13 Jan 2012 10:09:46 +0100

keystone (2012.1~e2-0ubuntu1) precise; urgency=low

  * New upstream version.
  * debian/control: Clean up dependencies. 
  * debian/pydist-overrides: Dont install python-coverage.
  * debian/python-keystone.install: Don't ship examples in python
    packaging. (Debian Bug: #649907)
  * debian/man/*: Add manpages.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 16 Dec 2011 15:38:05 -0500

keystone (2012.1~e2~20111209.1405-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 16:27:35 -0500

keystone (2012.1~e2~20111202.1379-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/control:
    + Fix dependencies. 
  * keystone.postinst:
    + Fix bashism.
    + Remove keystone-manage db sync.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Dec 2011 09:40:35 -0500

keystone (2012.1~e2~20111125.1340-0ubuntu1) precise; urgency=low

  * New upstream release. 
  * debian/control: Dropped dependency on python-pysqlite.
  * debian/rules: Dont fail when building docs.
  * debian/rules: Fix doc build.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 25 Nov 2011 11:19:34 -0500

keystone (2012.1~e2~20111110.1301-0ubuntu2) precise; urgency=low

  * debian/patches/ftbfs_guard_main_call.patch:
    - Fix FTBFS by guarding a main() call to only run when the module is
      run as __main__, not when imported during documentation generation.

 -- Michael Terry <mterry@ubuntu.com>  Mon, 21 Nov 2011 16:43:45 -0500

keystone (2012.1~e2~20111118.1330-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 18 Nov 2011 13:50:20 -0500

keystone (2012.1~e2~20111110.1301-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/control: 
    + Added pep8 for tests.
    + Updated run time dependencies.
  * debian/keystone.postinst:
    + Add keystone group.
    + Setup permissions a bit better.
    + Setup keystone db.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 11 Nov 2011 11:51:27 -0500

keystone (1.0~d4~20111020.1244-0ubuntu1) precise; urgency=low

  * New upstream release.
  * Dropped:
    + add-missing-extension-files.patch
    + foreign_key.patch
  * dh_python2 transition.
  * Update dependencies.
  * Dont fail if tests fail.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Oct 2011 11:06:53 -0400

keystone (1.0~d4~20110909.1108-0ubuntu4) precise; urgency=low

  * debian/patches/sql_connection.patch: Correct keystone.db path, 
    as identified by Atul Jha. (LP: #878282) 

 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com>  Fri, 21 Oct 2011 13:17:51 +0100

keystone (1.0~d4~20110909.1108-0ubuntu3) oneiric; urgency=low

  [Dustin Kirkland]
  * debian/copyright:
    - fix copyright file, replace s/glance/keystone/

  [Juan Negron]
  * Added debian/patches/foreign_key.patch:  Fixed bug which attempted to to
    obtain a service_id by passing an Integer rather than a String to the
    Column function in models.py. (LP: #861682)

  [Brian Thomason]
  * Removed "|| true" from test execution in debian/rules as it was masking a
    failure.  After investigating the failure further, it was found that two
    files were missing from the contrib/extensions/service/raxkey dir that were
    a part of trunk at the time. (LP: #861813)
    - added keystone/contrib/extensions/service/raxkey/extension.xml
    - added keystone/contrib/extensions/service/raxkey/extension.json

 -- Brian Thomason <brian.thomason@canonical.com>  Wed, 28 Sep 2011 15:30:19 -0400

keystone (1.0~d4~20110909.1108-0ubuntu2) oneiric; urgency=low

  [Chuck Short]
  * Install configuration files. 
  * debian/patches/sql_connection.patch: 
    Specify a path for the sqlite database.
  * debian/rules: Add get-origs-source.

  [Juan L. Negron]
  * debian/control, debian/keystone.install:
    + Update dependencies for python-keystone.
    + Reanamed logging config file to match upstream.
      (LP: #860778)

  [Monty Taylor]
  * Added a conditional on dh_python2 so that the package works on lucid.

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 27 Sep 2011 15:36:35 -0400

keystone (1.0~d4~20110909.1108-0ubuntu1) UNRELEASED; urgency=low

  * debian/rules:
    + Add get-orig-source. 
  * debian/keystone.install:
    + Ship configuration files.
  + debian/copyright:
    + Change glance to keystone.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Oct 2011 10:02:39 -0400

keystone (1.0~d4~20110909.1108-0ubuntu2) oneiric; urgency=low

  * Added a conditional on dh_python2 so that the package works on lucid.
  * Added python-passlib build-depend. (LP: #862576)

 -- Monty Taylor <mordred@inaugust.com>  Thu, 29 Sep 2011 11:56:36 -0700

keystone (1.0~d4~20110909.1108-0ubuntu1) oneiric; urgency=low

  [Chuck Short]
  * New upstream release.
  * debian/control:
    + Bump standards to 3.9.2.
    + Fix lintian warnings.
    + Update maintainer.
  * debian/rules: Dont fail to build if tests fail.
  
  [Dan Prince]
  * Fix debian/rules file so it works with nodoc.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Sep 2011 16:25:30 -0400

keystone (1.0~d4~20110823.1078-0ubuntu0) UNRELEASED; urgency=low

  * Add python-mox as a build depend.

 -- Monty Taylor <mordred@inaugust.com>  Fri, 09 Sep 2011 11:00:27 -0700

keystone (1.0~d4~20110819.1045-0ubuntu1) UNRELEASED; urgency=low

  * New upstream release.
  * Removed fix_tests patch (don't need it any more)
  * Fixed debian/watch file.
  * Use root level run_tests now.
  * We need a special version of webob.
  * Added adduser depend.
  * Added python-sphinx build depend.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 24 Aug 2011 09:05:05 -0700

keystone (1.0~20110713.1-0ubuntu1~ppa1) UNRELEASED; urgency=low

  * Add keystone-docs package.

 -- Soren Hansen <soren@ubuntu.com>  Thu, 14 Jul 2011 10:47:13 +0200

keystone (1.0~20110711.1-0ubuntu1~ppa1) oneiric; urgency=low

  * Initial upload.

 -- Soren Hansen <soren@ubuntu.com>  Wed, 25 May 2011 15:57:15 +0200

