keystone (2012.1.1-13+wheezy1) wheezy-proposed-updates; urgency=low

  * CVE-2013-2059: Keystone tokens not immediately invalidated when user is
    deleted [OSSA 2013-011]. Added backported to Essex patch which I picked-up
    from Launchpad. Thanks to the Canonical security team (Closes: #707598).

 -- Thomas Goirand <zigo@debian.org>  Fri, 10 May 2013 10:09:14 +0800

keystone (2012.1.1-13) unstable; urgency=high

  * CVE-2013-0282: Ensure EC2 users and tenant are enabled (Closes: #700947).
  * CVE-2013-1664 & CVE-2013-1665: Information leak and Denial of Service using
    XML entities (Closes: #700948).

 -- Thomas Goirand <zigo@debian.org>  Tue, 19 Feb 2013 12:56:42 +0800

keystone (2012.1.1-12) unstable; urgency=low

  * CVE-2013-0247: Keystone denial of service through invalid token requests
    (Closes: #699835).

 -- Thomas Goirand <zigo@debian.org>  Wed, 06 Feb 2013 09:52:07 +0800

keystone (2012.1.1-11) unstable; urgency=high

  * Applies security patch from upstream: Ensures User is member of tenant in
  ec2 validation (Closes: #694433).
  * Added Japanese debconf template translation, thanks to victory
  <victory.deb@gmail.com> (Closes: #693056).

 -- Thomas Goirand <zigo@debian.org>  Mon, 26 Nov 2012 14:05:33 +0000

keystone (2012.1.1-10) unstable; urgency=low

  * Fixes keystone.config which wasn't starting dbconfig-common at first
  setup.
  * Do not use override_dh_fixperms:, sets the permissions of keystone.conf in
  the postinst using "install -m" instead of cp -auxf.
  * The default db is now sqlite:///var/lib/keystone/keystonedb, since that's
  what we run with Folsom, and that it might cause problems as
  "keystone.sqlite" isn't a valid MySQL db name. Changed debian/keystone.config
  accordingly.

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Oct 2012 15:46:14 +0000

keystone (2012.1.1-9) unstable; urgency=high

  * Fixes sometimes failing keystone.postrm (db_get in some conditions can
  return false), and fixed non-consistant indenting.
  * Uses /usr/share/keystone/keystone.conf instead of /usr/share/doc/keystone
  /keystone.conf.sample for temporary storing the conf file (this was a policy
  violation, as the doc folder should never be required).
  * Fixes CVE-2012-4457: fails to raise Unauthorized user error for disabled,
  CVE-2012-4456: fails to validate tokens in Admin API (Closes: #689210).

 -- Thomas Goirand <zigo@debian.org>  Mon, 01 Oct 2012 05:52:23 +0000

keystone (2012.1.1-8) unstable; urgency=low

  * Fixes parsing of the SQL connection in keystone.config.

 -- Thomas Goirand <zigo@debian.org>  Sun, 30 Sep 2012 01:48:50 +0000

keystone (2012.1.1-7) unstable; urgency=low

  * Fixes band handling (eg: policy violation) of keystone.conf which was
  conffiles, but changed in the posinst (Closes: #687311).

 -- Thomas Goirand <zigo@debian.org>  Wed, 12 Sep 2012 17:09:47 +0000

keystone (2012.1.1-6) unstable; urgency=high

  * CVE-2012-4413: Revoking a role does not affect existing tokens
  (Closes: #687428).

 -- Thomas Goirand <zigo@debian.org>  Sun, 09 Sep 2012 02:21:11 +0000

keystone (2012.1.1-5) unstable; urgency=low

  * CVE-2012-3542: Fixes lack of authorization for adding users to tenants
  (Closes: #686265)
  * Added Chinese debconf translation thanks to ben <duyujie.dyj@gmail.com>.
  * Really adds the nl debconf translation this time (Closes: #685671).

 -- Thomas Goirand <zigo@debian.org>  Mon, 27 Aug 2012 11:45:44 +0000

keystone (2012.1.1-4) unstable; urgency=low

  * Updated debian/keystone.templates, debian/control after review from
  the internationalization team (Closes: #683414, #679295).
  * Updated debconf translations with thanks to:
  - de: Pfannenstein Erik <epfannenstein@gmx.de> (Closes: #684877)
  - cs: Michal Šimůnek <michal.simunek@gmail.com> (Closes: #685434)
  - pl: Michał Kułach <michalkulach@gmail.com> (Closes: #685431)
  - fr: David Prévot <taffit@debian.org> (Closes: #685325)
  - sv: Martin Bagge <brother@bsnet.se> (Closes: #684942)
  - sk: helix84 <helix84@centrum.sk> (Closes: #684606)
  - ru: Yuri Kozlov <yuray@komyakino.ru> (Closes: #684590)
  - da: Joe Dalton <joedalton2@yahoo.dk> (Closes: #684565)
  - pt: Pedro Ribeiro <p.m42.ribeiro@gmail.com> (Closes: #682438)
  - es: SM Baby Siabef <siabef.debian@gmail.com> (Closes: #685435)
  - it: Beatrice Torracca <beatricet@libero.it> (Closes: #685623)
  * Added debconf translations with thanks to:
  - pt_BR: Adriano Rafael Gomes <adrianorg@gmail.com> (Closes: #685405)
  - nl: Jeroen Schot <schot@A-Eskwadraat.nl> (Closes: #685671)

 -- Thomas Goirand <zigo@debian.org>  Tue, 21 Aug 2012 08:06:07 +0000

keystone (2012.1.1-3) unstable; urgency=low

  * Re-added Debconf template which has been removed by the patch of 2012.1.1-2
  from Bubulle (Closes: #683337).
  * Removed one occurence of a dependency declared twice: python-sqlalchemy.

 -- Thomas Goirand <zigo@debian.org>  Tue, 31 Jul 2012 12:37:24 +0000

keystone (2012.1.1-2) unstable; urgency=low

  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #679295
  * [Debconf translation updates]
  * Recycle translations from nova for several languages. Additionnally:
  * Danish (Joe Hansen).  Closes: #680082
  * Swedish (Martin Bagge / brother).  Closes: #680847
  * Spanish; (SM Baby Siabef).  Closes: #681003
  * Italian (Beatrice Torracca).  Closes: #681249
  * Slovak (Ivan Masár). Closes: #682784
  * Fixed the get-vcs-source target in debian/rules.

 -- Thomas Goirand <zigo@debian.org>  Thu, 19 Jul 2012 06:21:30 +0000

keystone (2012.1.1-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Fri, 22 Jun 2012 09:41:24 +0200

keystone (2012.1-3) unstable; urgency=low

  * Add logrotate for keystone.log. Closes: #663717

 -- Mehdi Abaakouk <sileht@sileht.net>  Tue, 22 May 2012 14:48:56 +0200

keystone (2012.1-2) unstable; urgency=low

  * Fixed python version requisites on webob and pam. Closes: #665804

 -- Ghe Rivero <ghe.rivero@stackops.com>  Wed, 02 May 2012 10:17:35 +0200

keystone (2012.1-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe.rivero@stackops.com>  Mon, 09 Apr 2012 09:06:22 +0200

keystone (2012.1~rc2-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Wed, 04 Apr 2012 10:09:36 +0200

keystone (2012.1~rc1-2) unstable; urgency=low

  * Removed check timeout from keystone.postinst. Closes: #665739

 -- Ghe Rivero <ghe@debian.org>  Tue, 27 Mar 2012 13:12:01 +0200

keystone (2012.1~rc1-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Sat, 24 Mar 2012 09:14:50 +0100

keystone (2012.1~e4+git35-g4e4f793-1) UNRELEASED; urgency=low

  [ Julien Danjou ]
  * Install egg-info
  This is needed at least for Swift.

  [ Ghe Rivero ]
  * Added keystone/auth-token question. Closes: #662458

 -- Julien Danjou <acid@debian.org>  Fri, 02 Mar 2012 10:34:30 +0100

keystone (2012.1~e4-1) unstable; urgency=low

  *  New upstream release

 -- Ghe Rivero <ghe@debian.org>  Fri, 02 Mar 2012 08:38:43 +0100

keystone (2012.1~e3+git772-g6919b05-1) UNRELEASED; urgency=low

  [ Julien Danjou ]
  * Fix permissions /etc/keystone
  * Add projectmanager role on initial database creation
  * Do not run dbconfig by default
    That fixes LP#931236 until #607171 is fixed in dbconfig-common.
    Patch based on:
    http://bazaar.launchpad.net/~ubuntu-server-dev/keystone/essex/revision/83

 -- Julien Danjou <acid@debian.org>  Mon, 06 Feb 2012 10:35:52 +0100
  
keystone (2012.1~e3-4) unstable; urgency=low

  * Add missing python-migrate, python-prettytable, python-mox in
    build deps (Closes: #658592)
  * Deactivate tests because they fails (upstream problem)

 -- Julien Danjou <acid@debian.org>  Mon, 06 Feb 2012 10:35:52 +0100

keystone (2012.1~e3-3) unstable; urgency=low

  * Add missing dependency on python-dateutil

 -- Julien Danjou <acid@debian.org>  Tue, 31 Jan 2012 12:37:35 +0100

keystone (2012.1~e3-2) unstable; urgency=low

  * Add dbconfig prerm

 -- Julien Danjou <acid@debian.org>  Fri, 27 Jan 2012 16:13:48 +0100

keystone (2012.1~e3-1) unstable; urgency=low

  * New upstream release.
  * Use dbconfig to configure database

 -- Julien Danjou <acid@debian.org>  Thu, 26 Jan 2012 17:03:10 +0100

keystone (2012.1~e2-4) unstable; urgency=low

  * Fix default location of keystone db file

 -- Ghe Rivero <ghe@debian.org>  Tue, 24 Jan 2012 09:43:15 +0100

keystone (2012.1~e2-3) unstable; urgency=low

  * Add missing build depends on python-nose (Closes: #652805)
  * Remove useless python fields in control

 -- Julien Danjou <acid@debian.org>  Tue, 27 Dec 2011 11:40:18 +0100

keystone (2012.1~e2-2) unstable; urgency=low

  * Fix init script

 -- Julien Danjou <acid@debian.org>  Mon, 19 Dec 2011 17:16:48 +0100

keystone (2012.1~e2-1) unstable; urgency=low

  * New upstream release.
  * Disable doc building because it's currently failing.

 -- Julien Danjou <acid@debian.org>  Fri, 16 Dec 2011 11:12:44 +0100

keystone (2012.1~e1-2) unstable; urgency=low

  * Fix python-keystone installation file by including only keystone lib
    (Closes: #649907).
  * Add missing manpages.

 -- Julien Danjou <acid@debian.org>  Fri, 25 Nov 2011 10:43:59 +0100

keystone (2012.1~e1-1) unstable; urgency=low

  * New upstream release.
  * Cherry-pick 33c1c9390331b3bacd3791b537b6a1147715925c from upstream to
    fix documentation building.

 -- Julien Danjou <acid@debian.org>  Thu, 24 Nov 2011 16:21:50 +0100

keystone (2011.3-1) unstable; urgency=low

  * Initial release (Closes: #647611)

 -- Julien Danjou <acid@debian.org>  Tue, 15 Nov 2011 11:29:13 +0100
