keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.4) precise-security; urgency=low

  * SECURITY UPDATE: fix token creation error handling 
    - debian/patches/CVE-2013-0247.patch: validate size of user_id, username,
      password, tenant_name, tenant_id and token size to help guard against a
      denial of service via large log files filling the disk
    - CVE-2013-0247

 -- Jamie Strandboge <jamie@ubuntu.com>  Thu, 31 Jan 2013 12:22:43 -0600

keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.3) precise-security; urgency=low

  * SECURITY UPDATE: fix for EC2-style credentials invalidation
    - debian/patches/CVE-2012-5571.patch: adjust contrib/ec2/core.py to verify
      that the user is in at least one valid role for the tenant
    - CVE-2012-5571
    - LP: #1064914

 -- Jamie Strandboge <jamie@ubuntu.com>  Mon, 26 Nov 2012 14:07:34 -0600

keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.2) precise-security; urgency=low

  * SECURITY UPDATE: Pre-existing tokens continue to be valid after
    granting or revoking a user's access (LP: #1041396)
    - debian/patches/keystone-CVE-2012-4413.patch: invalidate all user
      tokens upon role grant/revoke
    - CVE-2012-4413

 -- Steve Beattie <sbeattie@ubuntu.com>  Wed, 12 Sep 2012 09:47:55 -0700

keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2.1) precise-security; urgency=low

  * SECURITY UPDATE: tenants are able to be added to users without
    authorization (LP: #1040626)
    - debian/patches/keystone-CVE-2012-3542: require authz to update a
      user's tenant.
    - CVE-2012-3542

 -- Steve Beattie <sbeattie@ubuntu.com>  Thu, 30 Aug 2012 15:10:26 -0700

keystone (2012.1+stable~20120824-a16a0ab9-0ubuntu2) precise-proposed; urgency=low

  * New upstream release (LP: #1041120):
    - debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch:
      Dropped.
  * Resynchronize with stable/essex:
    - authenticate in ldap backend doesn't return a list of roles
      (LP: #1035428)
    - LDAP should not check username on "sn" field (LP: #997700)
    - Admin API doesn't valid token. (LP: #1006815, #1006822)
    - Memcache token backend eventually stops working. (LP: #1012381)
    - EC2 credentials not migrated from legacy (diablo) database. (LP: #1016056)
    - Deleting tenants or users does not cleanup metadata. (LP: #973243)
    - Deleting tenants does not cleanup its user associations. (LP: #974199)
    - TokenNotFound not raised in testsuite beacuse of timezone issues. (LP: #983800)
    - Token authentication for a user in a disabled tenant does not raise
      Unauthorized error. (LP: #988920)
    - export_legacy_catalog doesn't convert url names correctly. (LP: #994936)
    - Following a password compromise and subsequent password change,
      tokens remain valid. (LP: #996595)
    - Tokens remain valid after a user account is disabled. (LP: #997194)

 -- Adam Gandelman <adamg@canonical.com>  Fri, 24 Aug 2012 03:34:59 -0400

keystone (2012.1+stable~20120608-aff45d6-0ubuntu1) precise-proposed; urgency=low

  * New usptream snapshot. (LP: #1010473)
  * Resynchronize with stable/essex:
    - aff45d6 - Make import_nova_auth only create roles which don't already exist
      (LP: #959294)
  * debian/patches/0013-Flush-tenant-membership-deletion-before-user.patch: Backported
    fix for "Flush tenant membership deletion before user." (LP: #998137)

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 05 Jun 2012 11:24:02 -0400

keystone (2012.1-0ubuntu1) precise; urgency=low

  * New upstream version.
  * debian/man/keystone.8: Mention that there is a lack of ssl support.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 05 Apr 2012 10:42:24 -0400

keystone (2012.1~rc2-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream version.
  * debian/keystone.install: install tools/{convert_to_sqlite.sh,
    sample_data.sh}

  [Adam Gandelman]
  * debian/patches/fix-ubuntu-tests.patch: Also skip keystoneclient
    essex 3 tests, add patch description
  * debian/keystone.logrotate: Add logrotate config (LP: #962426)

 -- Chuck Short <zulcss@ubuntu.com>  Wed, 04 Apr 2012 07:49:15 -0400

keystone (2012.1~rc1-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New usptream version.
  * debian/control: Add python-iso8601 as a depends.
  * debian/patches/fix-ubuntu-tests.patch: Disable git checkout on some
    of the tests.
  * dropped swift as a depends.

  [Adam Gandelman]
  * debian/patches/sql_connection.patch: Refresh
  * debian/logging.conf: Update and enable file logging (LP: #959610)
  * debian/keystone.prerm: Only attempt to cleanup database if it was
    configured during installation. (LP: #948719)
  * debian/rules: Fix doc builds + clean (LP: #956019)
  * debian/control: Add python-{nova, swift} as Build-Depends, required
    for doc building
  * debian/rules, debian/tests/test_overrides.conf: Setup a proper environment
    for unit testing

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 26 Mar 2012 13:41:45 -0400

keystone (2012.1~rc1~20120316.2145-0ubuntu1) precise; urgency=low

  * New upstream release. 

 -- Adam Gandelman <adamg@canonical.com>  Fri, 16 Mar 2012 11:19:40 -0700

keystone (2012.1~rc1~20120308.2103-0ubuntu1) precise; urgency=low

  [ Adam Gandleman ]
  * debian/patches/keystone-auth.patch: Drop, applied upstream at commit
    29337e66.
  * debian/patches/sql_connection.patch: Refresh

  [ Chuck Short ]
  * New upstream release.
  * debian/patches/sql_connection.patch: Refreshed.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Mar 2012 12:26:12 -0500

keystone (2012.1~e4-0ubuntu2) precise; urgency=low

  * debian/keystone.preinst: Create group before creating user (LP: #945299) 

 -- Adam Gandelman <adamg@canonical.com>  Fri, 02 Mar 2012 17:38:00 -0800

keystone (2012.1~e4-0ubuntu1) precise; urgency=low

  [ Chuck Short ]
  * New upstream release. 
  * debian/keystone.upstart: Update for ksl.
  * debian/control: Add python-keystoneclient as dependency.
  * debian/control: Fix typo.
  * debian/keystone.postinst: Update due to redux branch change.
  * debian/keystone.templates, debian/keystone.preinst, debian/kestone.postinst,
    debian/keystone.config, debian/README.Debian: Make keystone installation 
    less interactive. (LP: #931236)
  * debian/keystone.postinst: Don't create users or run a database sync
    since its not working correctly.
  * debian/control: Dropped python-coverage and python-nosexcover.
  * debian/changelog: Fixed changelog.
  * debian/keystone.templates: Set it to false.
  * debian/control: Fix lintian warnings.
  * debian/patches/keystone-auth.patch: Backport auth token improvements,
    this can be dropped in the next snapshot.
  * debian/control: Add python-memcache as a build dependency.
  * debian/keystone-doc.docs: Fix keystone doc builds.
  * debian/rules: Temporarily disable doc install.
  * debian/control: Add python-ldap and python-lxml.
  
  [ Joseph Heck ]
  * debian/control: Dropped python-cli.

  [ Adam Gandelman ]
  * debian/control: Alphabetize python depends 
  * debian/control: Add python-{eventlet, greenlet, passlib} to keystone
    depends
  * debian/control: Add python-lxml to python-keystone Depends
  * Drop 0001-Fix-keystone-all-failure-to-start.patch
  * debian/logging.conf: Temporarily use old logging.conf until upstream
    ships something usable
  * debain/patches/sql_connection.patch: Switch backends to use SQL backends
  * debian/keystone.preinst: Create directories
  * debian/keystone.postinst: Remove create_users stuff, add call to 'db_sync'
    on install

  [ Dave Walker ]
  * debian/patches/sql_connection.patch: Refreshed and reintroduced DEP-3
    headers.
  * debian/control: Added Vcs-Bzr field.

  [ Andrew Glen-Young ]
  * debian/keystone.preinst: Set the primary group to keystone. (LP: #941905)

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Mar 2012 09:55:24 -0500

keystone (2012.1~e4~20120203.1574-0ubuntu2) precise; urgency=low

  [Chuck Short]
  * debian/control: Moved python-prettytable and added 
    python-dateutil as a build dependency.

  [Julien Danjou]
  * Add dbconfig support. (LP: #930139)
  * Update db sync to sync_database in postinst. (LP: #930444)

 -- Chuck Short <zulcss@ubuntu.com>  Mon, 13 Feb 2012 09:14:12 -0500

keystone (2012.1~e4~20120203.1574-0ubuntu1) precise; urgency=low

  * New upstream release. 

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 03 Feb 2012 16:35:51 -0500

keystone (2012.1~e3-0ubuntu1) UNRELEASED; urgency=low

  * Fix bad manpage formatting causing missing spaces (LP: #907206)
  * Adding python-prettytable to dependency.  (LP: #922954) 

 -- Daniel Polehn <dpolehn@gmail.com>  Sat, 28 Jan 2012 20:17:33 -0800

keystone (2012.1~e3-0ubuntu1) precise; urgency=low

  * New upstream release.
  * Dropped debian/patches/temp_fix_keystone_manage.patch: No longer needed.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 26 Jan 2012 10:53:46 -0500

keystone (2012.1~e3~20120113.1511-0ubuntu1) precise; urgency=low

  [Chuck Short]
  * New upstream version.
  * debian/control: Add python-migrate as a build depenedency. 
    (LP: #909941)
  * debian/keystone.dirs: Add cache directory for PTYHON_EGGS
  * debian/control: Add ssl-cert for ssl certificates.
  * debian/patches/keystone-ssl.patch: Point ssl config to the 
    snakeoil certificates.
  * debian/control: Add python-nose as a build dependency.

  [Adam Gandleman]
  * debian/python-keystone.postinst: Also install *.egg-info (LP: #907518) 
  * debian/patches/temp_fix_keyston_manage.patch: Allow keystone to work 
    with current snapshot.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 13 Jan 2012 10:09:46 +0100

keystone (2012.1~e2-0ubuntu1) precise; urgency=low

  * New upstream version.
  * debian/control: Clean up dependencies. 
  * debian/pydist-overrides: Dont install python-coverage.
  * debian/python-keystone.install: Don't ship examples in python
    packaging. (Debian Bug: #649907)
  * debian/man/*: Add manpages.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 16 Dec 2011 15:38:05 -0500


keystone (2012.1~e2~20111209.1405-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Dec 2011 16:27:35 -0500

keystone (2012.1~e2~20111202.1379-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/control:
    + Fix dependencies. 
  * keystone.postinst:
    + Fix bashism.
    + Remove keystone-manage db sync.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 02 Dec 2011 09:40:35 -0500

keystone (2012.1~e2~20111125.1340-0ubuntu1) precise; urgency=low

  * New upstream release. 
  * debian/control: Dropped dependency on python-pysqlite.
  * debian/rules: Dont fail when building docs.
  * debian/rules: Fix doc build.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 25 Nov 2011 11:19:34 -0500

keystone (2012.1~e2~20111110.1301-0ubuntu2) precise; urgency=low

  * debian/patches/ftbfs_guard_main_call.patch:
    - Fix FTBFS by guarding a main() call to only run when the module is
      run as __main__, not when imported during documentation generation.

 -- Michael Terry <mterry@ubuntu.com>  Mon, 21 Nov 2011 16:43:45 -0500

keystone (2012.1~e2~20111118.1330-0ubuntu1) precise; urgency=low

  * New upstream release.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 18 Nov 2011 13:50:20 -0500

keystone (2012.1~e2~20111110.1301-0ubuntu1) precise; urgency=low

  * New upstream release.
  * debian/control: 
    + Added pep8 for tests.
    + Updated run time dependencies.
  * debian/keystone.postinst:
    + Add keystone group.
    + Setup permissions a bit better.
    + Setup keystone db.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 11 Nov 2011 11:51:27 -0500

keystone (1.0~d4~20111020.1244-0ubuntu1) precise; urgency=low

  * New upstream release.
  * Dropped:
    + add-missing-extension-files.patch
    + foreign_key.patch
  * dh_python2 transition.
  * Update dependencies.
  * Dont fail if tests fail.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Oct 2011 11:06:53 -0400

keystone (1.0~d4~20110909.1108-0ubuntu4) precise; urgency=low

  * debian/patches/sql_connection.patch: Correct keystone.db path, 
    as identified by Atul Jha. (LP: #878282) 

 -- Dave Walker (Daviey) <DaveWalker@ubuntu.com>  Fri, 21 Oct 2011 13:17:51 +0100

keystone (1.0~d4~20110909.1108-0ubuntu3) oneiric; urgency=low

  [Dustin Kirkland]
  * debian/copyright:
    - fix copyright file, replace s/glance/keystone/

  [Juan Negron]
  * Added debian/patches/foreign_key.patch:  Fixed bug which attempted to to
    obtain a service_id by passing an Integer rather than a String to the
    Column function in models.py. (LP: #861682)

  [Brian Thomason]
  * Removed "|| true" from test execution in debian/rules as it was masking a
    failure.  After investigating the failure further, it was found that two
    files were missing from the contrib/extensions/service/raxkey dir that were
    a part of trunk at the time. (LP: #861813)
    - added keystone/contrib/extensions/service/raxkey/extension.xml
    - added keystone/contrib/extensions/service/raxkey/extension.json

 -- Brian Thomason <brian.thomason@canonical.com>  Wed, 28 Sep 2011 15:30:19 -0400

keystone (1.0~d4~20110909.1108-0ubuntu2) oneiric; urgency=low

  [Chuck Short]
  * Install configuration files. 
  * debian/patches/sql_connection.patch: 
    Specify a path for the sqlite database.
  * debian/rules: Add get-origs-source.

  [Juan L. Negron]
  * debian/control, debian/keystone.install:
    + Update dependencies for python-keystone.
    + Reanamed logging config file to match upstream.
      (LP: #860778)

  [Monty Taylor]
  * Added a conditional on dh_python2 so that the package works on lucid.

 -- Chuck Short <zulcss@ubuntu.com>  Tue, 27 Sep 2011 15:36:35 -0400

keystone (1.0~d4~20110909.1108-0ubuntu1) UNRELEASED; urgency=low

  * debian/rules:
    + Add get-orig-source. 
  * debian/keystone.install:
    + Ship configuration files.
  + debian/copyright:
    + Change glance to keystone.

 -- Chuck Short <zulcss@ubuntu.com>  Thu, 27 Oct 2011 10:02:39 -0400

keystone (1.0~d4~20110909.1108-0ubuntu2) oneiric; urgency=low

  * Added a conditional on dh_python2 so that the package works on lucid.
  * Added python-passlib build-depend. (LP: #862576)

 -- Monty Taylor <mordred@inaugust.com>  Thu, 29 Sep 2011 11:56:36 -0700

keystone (1.0~d4~20110909.1108-0ubuntu1) oneiric; urgency=low

  [Chuck Short]
  * New upstream release.
  * debian/control:
    + Bump standards to 3.9.2.
    + Fix lintian warnings.
    + Update maintainer.
  * debian/rules: Dont fail to build if tests fail.
  
  [Dan Prince]
  * Fix debian/rules file so it works with nodoc.

 -- Chuck Short <zulcss@ubuntu.com>  Fri, 09 Sep 2011 16:25:30 -0400

keystone (1.0~d4~20110823.1078-0ubuntu0) UNRELEASED; urgency=low

  * Add python-mox as a build depend.

 -- Monty Taylor <mordred@inaugust.com>  Fri, 09 Sep 2011 11:00:27 -0700

keystone (1.0~d4~20110819.1045-0ubuntu1) UNRELEASED; urgency=low

  * New upstream release.
  * Removed fix_tests patch (don't need it any more)
  * Fixed debian/watch file.
  * Use root level run_tests now.
  * We need a special version of webob.
  * Added adduser depend.
  * Added python-sphinx build depend.

 -- Monty Taylor <mordred@inaugust.com>  Wed, 24 Aug 2011 09:05:05 -0700

keystone (1.0~20110713.1-0ubuntu1~ppa1) UNRELEASED; urgency=low

  * Add keystone-docs package.

 -- Soren Hansen <soren@ubuntu.com>  Thu, 14 Jul 2011 10:47:13 +0200

keystone (1.0~20110711.1-0ubuntu1~ppa1) oneiric; urgency=low

  * Initial upload.

 -- Soren Hansen <soren@ubuntu.com>  Wed, 25 May 2011 15:57:15 +0200

