keystone (2014.1.3-6) unstable; urgency=medium

  * unmask systemd service before starting the init script / unit file.
  * Removed dbc_upgrade = true check before pkgos_dbc_postinst and
    db_sync calls (Closes: #767715).

 -- Thomas Goirand <zigo@debian.org>  Thu, 08 Jan 2015 23:05:48 +0000

keystone (2014.1.3-5) unstable; urgency=medium

  * Fix cron job to not error after package removal (Closes: #773494).
  * Rebuild against openstack-pkg-tools >= 21~ to fix sysv-rc script.

 -- Thomas Goirand <zigo@debian.org>  Tue, 06 Jan 2015 20:23:24 +0000

keystone (2014.1.3-4) unstable; urgency=medium

  * Manually activates keystone.service since we're not using #DEBHELPER#.
  * Now requires version >= 20~ of openstack-pkg-tools to build
    (Closes: #770706).
  * Added missing debian/keystone.cron.hourly to flush the token table
    periodically, otherwise the table can grow up to gigabytes and Keystone
    becomes unusable.
  * Removed python-bashate build-depends.
  * Only run pkgos_dbc_postinst if asked by user.
  * Do not run 'tests\.(?!.*KcMaster.*)' unit tests which are failing because
    they are adapted for a newer version of keystoneclient with
    oslo.serialization which isn't in Jessie.

 -- Thomas Goirand <zigo@debian.org>  Mon, 15 Dec 2014 14:12:57 +0800

keystone (2014.1.3-2) unstable; urgency=medium

  * Mangling upstream rc and beta versions in watch file.
  * Updated nl.po thanks to Frans Spiesschaert (Closes: #764205).
  * Using templated init, upstart and systemd scripts from
    openstack-pkg-tools >= 13.
  * Removed all debian/*.logrotate, using only one in the -common package.
  * Standards-Version is now 3.9.6 (no change).

 -- Thomas Goirand <zigo@debian.org>  Sun, 05 Oct 2014 14:36:23 +0800

keystone (2014.1.3-1) unstable; urgency=medium

  * New upstream release.

 -- Thomas Goirand <zigo@debian.org>  Fri, 03 Oct 2014 15:31:21 +0800

keystone (2014.1.2.1-2) unstable; urgency=medium

  * Updated pt_BR.po thanks to Adriano Rafael Gomes (Closes: #762471).

 -- Thomas Goirand <zigo@debian.org>  Mon, 29 Sep 2014 08:42:45 +0000

keystone (2014.1.2.1-1) unstable; urgency=medium

  * Corrected new upstream point release (was wrong tag).

 -- Thomas Goirand <zigo@debian.org>  Sat, 09 Aug 2014 09:50:26 +0800

keystone (2014.1.2-1) unstable; urgency=medium

  * New upstream point release.
  * Removes patches applied upstream:
    - cve-2014-3476-Block-delegation-escalation-of-privilege.patch
    - cve-2014-3520-Ensure_that_in_v2_auth_tenant_id_matches_trust.patch
  * Refresh patches.
  * Reviewed (build-)depends for this release.
  * Added PYTHONPATH=. when building doc with sphinx.

 -- Thomas Goirand <zigo@debian.org>  Fri, 08 Aug 2014 17:44:10 +0800

keystone (2014.1.1-3) unstable; urgency=high

  * CVE-2014-3520: Keystone V2 trusts privilege escalation through user
    supplied. Added upstream patch:
    cve2014-3520-Ensure_that_in_v2_auth_tenant_id_matches_trust.patch
    (Closes: #753511).

 -- Thomas Goirand <zigo@debian.org>  Thu, 03 Jul 2014 00:32:37 +0800

keystone (2014.1.1-2) unstable; urgency=high

  * CVE-2014-3476: privilege escalation through trust chained delegation.
    Applied upstream patch. (Closes: #751454).

 -- Thomas Goirand <zigo@debian.org>  Fri, 13 Jun 2014 17:30:08 +0800

keystone (2014.1.1-1) unstable; urgency=medium

  * New upstream release.
  * Remove cve-2014-0204-stable-icehouse.patch applied upstream.
  * Removed sql_migration_ensure_using_innodb_utf8_for_assignment_table.patch
    applied upstream.
  * Now (build-)depends on python-six >= 1.6.0.

 -- Thomas Goirand <zigo@debian.org>  Mon, 09 Jun 2014 23:22:20 +0800

keystone (2014.1-6) unstable; urgency=medium

  * Now build-depends on openstack-pkg-tools >= 12~.

 -- Thomas Goirand <zigo@debian.org>  Thu, 05 Jun 2014 09:09:54 +0000

keystone (2014.1-5) unstable; urgency=medium

  * Updates cve-2014-0204-stable-icehouse.patch with latest version from
    upstream (Closes: #749026).

 -- Thomas Goirand <zigo@debian.org>  Fri, 30 May 2014 23:09:45 +0800

keystone (2014.1-4) unstable; urgency=medium

  * Switched from restarting keystone to copytruncate in logrotate.

 -- Thomas Goirand <zigo@debian.org>  Thu, 29 May 2014 14:19:42 +0800

keystone (2014.1-3) unstable; urgency=medium

  * Added sql migration: ensure using innodb utf8 for assignment table which
    fixes upgrade path from Havana.
  * Fixed cs.po.
  * Added cve-2014-0204-stable-icehouse.patch.
  * Standards-Version: is now 3.9.5

 -- Thomas Goirand <zigo@debian.org>  Tue, 20 May 2014 23:26:00 +0800

keystone (2014.1-2) unstable; urgency=medium

  * Fixed debian/watch to use github tags.
  * Now using "service X restart" to restart keystone after logrotate, and stop
    using dpkg-dev (Closes: #747890).

 -- Thomas Goirand <zigo@debian.org>  Sat, 17 May 2014 01:54:29 +0800

keystone (2014.1-1) unstable; urgency=medium

  * New upstream release.
  * Uploading to unstable.
  * Fixed config file handling (DEFAULT/connection vs database/connection).
    (Closes: #744761).

 -- Thomas Goirand <zigo@debian.org>  Tue, 15 Apr 2014 15:30:07 +0800

keystone (2014.1~rc2-1) experimental; urgency=low

  * New upstream pre-release.
  * Removed broken patch: defines-gettext-function-to-avoid-ftbfs.patch

 -- Thomas Goirand <zigo@debian.org>  Wed, 09 Apr 2014 23:17:06 +0800

keystone (2014.1~rc1-1) experimental; urgency=low

  * New upstream release.
  * Fixed new upsteram (build-)dependencies.
  * Drops now useless fix-sqla-version-in-requirements patch.

 -- Thomas Goirand <zigo@debian.org>  Fri, 28 Mar 2014 14:39:11 +0800

keystone (2014.1~b3-1) experimental; urgency=low

  * New upstream release (Icehouse beta 3).
  * Refresh patches.
  * Reviewed (build-)dependencies.
  * Fixed sphinx build for docs and man pages.

 -- Thomas Goirand <zigo@debian.org>  Mon, 17 Feb 2014 15:27:56 +0800

keystone (2013.2.2-1) unstable; urgency=medium

  * New upstream point release.
  * Refreshed patches.
  * Remove patches applied upstream:

Limit_calls_to_memcache_backend_as_user_token_index_increases_in_size.patch

 -- Thomas Goirand <zigo@debian.org>  Fri, 14 Feb 2014 09:57:43 +0800

keystone (2013.2.1-2) unstable; urgency=medium

  * Adds a cut -d" " -f1 when detecting the local interface connected to the
    default gateway, so that it works with more than one default gateway.
  * Updated es.po debconf translation thanks to Matias A. Bellone
    <matiasbellone+debian@gmail.com> (Closes: #732538).
  * Backported patch to replace oauth2 by oauthlib.
  * Changed dependency from oauth2 to oauthlib.

  [gustavo panizzo]
  * Patch to improve performance (lp: #1251123).

 -- Thomas Goirand <zigo@debian.org>  Fri, 20 Dec 2013 22:00:34 +0800

keystone (2013.2.1-1) unstable; urgency=high

  * New upstream release (Closes: #731981) This fixes CVE-2013-6391.
  * Refreshed sql_conn.patch.
  * Removed CVE-2013-4477-havana.patch now applied upstream.
  * (build-)depends on python-iso8601 >= 0.1.8 instead of 0.1.4.

 -- Thomas Goirand <zigo@debian.org>  Mon, 16 Dec 2013 16:46:48 +0800

keystone (2013.2-4) unstable; urgency=low

  * Fixes restart of keystone in logrotate script. (Closes: #731495).

 -- Thomas Goirand <zigo@debian.org>  Fri, 06 Dec 2013 15:18:07 +0800

keystone (2013.2-3) unstable; urgency=medium

  * Updated German debconf templates, thanks: Chris Leick <c.leick@vollbio.de>
    (Closes: #730454).

 -- Thomas Goirand <zigo@debian.org>  Wed, 04 Dec 2013 16:32:51 +0800

keystone (2013.2-2) unstable; urgency=low

  * Moved python-memcache to Depends: instead of Recommends:.
  * Added missing python-babel depends.
  * Fixes a failed install if the target computer doesn't have a default route
    (lp: #1247342).
  * CVE-2013-4477: remove role assignment adds role using LDAP assignment
    (Closes: #728233).

 -- Thomas Goirand <zigo@debian.org>  Sun, 03 Nov 2013 16:02:42 +0800

keystone (2013.2-1) unstable; urgency=low

  * New upstream release.
  * Uploading to unstable.

 -- Thomas Goirand <zigo@debian.org>  Fri, 18 Oct 2013 00:18:57 +0800

keystone (2013.2~rc3-1) experimental; urgency=low

  * New upstream release.

 -- Thomas Goirand <zigo@debian.org>  Sat, 29 Jun 2013 22:31:32 +0800

keystone (2013.1.2-1) unstable; urgency=low

  [ Thomas Goirand ]
  * Ran wrap-and-sort.
  * New upstream release.

  [ gustavo panizzo <gfa@zumbi.com.ar> ]
  * Add support for TLS when using LDAP.
  * CVE-2013-2157: Authentication bypass when using LDAP backend. 
    [OSSA 2013-015]

 -- Thomas Goirand <zigo@debian.org>  Thu, 30 May 2013 11:25:11 +0800

keystone (2013.1.1-2) unstable; urgency=low

  * Uploading to unstable.
  * New upstream release:
    - Fixes CVE-2013-2059: Keystone tokens not immediately invalidated when
    user is deleted [OSSA 2013-011] (Closes: #707598).
  * Also installs httpd/keystone.py.

 -- Thomas Goirand <zigo@debian.org>  Fri, 10 May 2013 10:22:18 +0800

keystone (2013.1-1) experimental; urgency=low

  * New upstream release.

 -- Thomas Goirand <zigo@debian.org>  Wed, 30 Jan 2013 20:12:55 +0800

keystone (2012.2.3-2) experimental; urgency=low

  * CVE-2013-1865: Online validation of Keystone PKI tokens bypasses
    revocation check.

 -- Thomas Goirand <zigo@debian.org>  Thu, 21 Mar 2013 00:52:02 +0800

keystone (2012.2.3-1) experimental; urgency=low

  * New upstream release.
  * CVE-2013-0247: Keystone denial of service through invalid token requests.
  * CVE-2013-0282 Keystone EC2-style authentication accepts disabled
    user/tenants (Closes: #700947).
  * CVE-2013-1664 & CVE-2013-1665: Information leak and Denial of Service using XML entities
    (Closes: #700948)

 -- Thomas Goirand <zigo@debian.org>  Sun, 03 Feb 2013 11:05:36 +0800

keystone (2012.2.1-1) experimental; urgency=low

  * New upstream version. 
  * Rewrite of the maintainer scripts using the pkgos scripts.
  * Fixes etc/default_catalog.templates to include Quantum config and
  to use regionOne and not RegionOne by default.
  * Increased compat level to 9 (and debhelper build-dep).
  * Fixes build-dep git-core -> git.

 -- Thomas Goirand <zigo@debian.org>  Sun, 02 Dec 2012 13:08:38 +0000

keystone (2012.2~rc1-1) experimental; urgency=low

  * New snapshot release
  * Refresh patches
  * Remove CVE-2012-3542 incorporated upstream

 -- Mehdi Abaakouk <sileht@sileht.net>  Mon, 24 Sep 2012 10:37:31 +0200

keystone (2012.2~e3-1) experimental; urgency=low

  [ Mehdi Abaakouk ]
  * New upstream version.

  [ Thomas Goirand ]
  * Fixed build-dependencies correctly.
  * Made the package compatible with Ubuntu.
  * Now using xz level 9 compression.

 -- Mehdi Abaakouk <sileht@sileht.net>  Mon, 10 Sep 2012 17:56:09 +0200

keystone (2012.1.1-13+wheezy1) wheezy-proposed-updates; urgency=low

  * CVE-2013-2059: Keystone tokens not immediately invalidated when user is
    deleted [OSSA 2013-011]. Added backported to Essex patch which I picked-up
    from Launchpad. Thanks to the Canonical security team (Closes: #707598).

 -- Thomas Goirand <zigo@debian.org>  Fri, 10 May 2013 10:09:14 +0800

keystone (2012.1.1-13) unstable; urgency=high

  * CVE-2013-0282: Ensure EC2 users and tenant are enabled (Closes: #700947).
  * CVE-2013-1664 & CVE-2013-1665: Information leak and Denial of Service using
    XML entities (Closes: #700948).

 -- Thomas Goirand <zigo@debian.org>  Tue, 19 Feb 2013 12:56:42 +0800

keystone (2012.1.1-12) unstable; urgency=low

  * CVE-2013-0247: Keystone denial of service through invalid token requests
    (Closes: #699835).

 -- Thomas Goirand <zigo@debian.org>  Wed, 06 Feb 2013 09:52:07 +0800

keystone (2012.1.1-11) unstable; urgency=high

  * Applies security patch from upstream: Ensures User is member of tenant in
  ec2 validation (Closes: #694433).
  * Added Japanese debconf template translation, thanks to victory
  <victory.deb@gmail.com> (Closes: #693056).

 -- Thomas Goirand <zigo@debian.org>  Mon, 26 Nov 2012 14:05:33 +0000

keystone (2012.1.1-10) unstable; urgency=low

  * Fixes keystone.config which wasn't starting dbconfig-common at first
  setup.
  * Do not use override_dh_fixperms:, sets the permissions of keystone.conf in
  the postinst using "install -m" instead of cp -auxf.
  * The default db is now sqlite:///var/lib/keystone/keystonedb, since that's
  what we run with Folsom, and that it might cause problems as
  "keystone.sqlite" isn't a valid MySQL db name. Changed debian/keystone.config
  accordingly.

 -- Thomas Goirand <zigo@debian.org>  Wed, 10 Oct 2012 15:46:14 +0000

keystone (2012.1.1-9) unstable; urgency=high

  * Fixes sometimes failing keystone.postrm (db_get in some conditions can
  return false), and fixed non-consistant indenting.
  * Uses /usr/share/keystone/keystone.conf instead of /usr/share/doc/keystone
  /keystone.conf.sample for temporary storing the conf file (this was a policy
  violation, as the doc folder should never be required).
  * Fixes CVE-2012-4457: fails to raise Unauthorized user error for disabled,
  CVE-2012-4456: fails to validate tokens in Admin API (Closes: #689210).

 -- Thomas Goirand <zigo@debian.org>  Mon, 01 Oct 2012 05:52:23 +0000

keystone (2012.1.1-8) unstable; urgency=low

  * Fixes parsing of the SQL connection in keystone.config.

 -- Thomas Goirand <zigo@debian.org>  Sun, 30 Sep 2012 01:48:50 +0000

keystone (2012.1.1-7) unstable; urgency=low

  * Fixes band handling (eg: policy violation) of keystone.conf which was
  conffiles, but changed in the posinst (Closes: #687311).

 -- Thomas Goirand <zigo@debian.org>  Wed, 12 Sep 2012 17:09:47 +0000

keystone (2012.1.1-6) unstable; urgency=high

  * CVE-2012-4413: Revoking a role does not affect existing tokens
  (Closes: #687428).

 -- Thomas Goirand <zigo@debian.org>  Sun, 09 Sep 2012 02:21:11 +0000

keystone (2012.1.1-5) unstable; urgency=low

  * CVE-2012-3542: Fixes lack of authorization for adding users to tenants
  (Closes: #686265)
  * Added Chinese debconf translation thanks to ben <duyujie.dyj@gmail.com>.
  * Really adds the nl debconf translation this time (Closes: #685671).

 -- Thomas Goirand <zigo@debian.org>  Mon, 27 Aug 2012 11:45:44 +0000

keystone (2012.1.1-4) unstable; urgency=low

  * Updated debian/keystone.templates, debian/control after review from
  the internationalization team (Closes: #683414, #679295).
  * Updated debconf translations with thanks to:
  - de: Pfannenstein Erik <epfannenstein@gmx.de> (Closes: #684877)
  - cs: Michal Šimůnek <michal.simunek@gmail.com> (Closes: #685434)
  - pl: Michał Kułach <michalkulach@gmail.com> (Closes: #685431)
  - fr: David Prévot <taffit@debian.org> (Closes: #685325)
  - sv: Martin Bagge <brother@bsnet.se> (Closes: #684942)
  - sk: helix84 <helix84@centrum.sk> (Closes: #684606)
  - ru: Yuri Kozlov <yuray@komyakino.ru> (Closes: #684590)
  - da: Joe Dalton <joedalton2@yahoo.dk> (Closes: #684565)
  - pt: Pedro Ribeiro <p.m42.ribeiro@gmail.com> (Closes: #682438)
  - es: SM Baby Siabef <siabef.debian@gmail.com> (Closes: #685435)
  - it: Beatrice Torracca <beatricet@libero.it> (Closes: #685623)
  * Added debconf translations with thanks to:
  - pt_BR: Adriano Rafael Gomes <adrianorg@gmail.com> (Closes: #685405)
  - nl: Jeroen Schot <schot@A-Eskwadraat.nl> (Closes: #685671)

 -- Thomas Goirand <zigo@debian.org>  Tue, 21 Aug 2012 08:06:07 +0000

keystone (2012.1.1-3) unstable; urgency=low

  * Re-added Debconf template which has been removed by the patch of 2012.1.1-2
  from Bubulle (Closes: #683337).
  * Removed one occurence of a dependency declared twice: python-sqlalchemy.

 -- Thomas Goirand <zigo@debian.org>  Tue, 31 Jul 2012 12:37:24 +0000

keystone (2012.1.1-2) unstable; urgency=low

  * Debconf templates and debian/control reviewed by the debian-l10n-
    english team as part of the Smith review project. Closes: #679295
  * [Debconf translation updates]
  * Recycle translations from nova for several languages. Additionnally:
  * Danish (Joe Hansen).  Closes: #680082
  * Swedish (Martin Bagge / brother).  Closes: #680847
  * Spanish; (SM Baby Siabef).  Closes: #681003
  * Italian (Beatrice Torracca).  Closes: #681249
  * Slovak (Ivan Masár). Closes: #682784
  * Fixed the get-vcs-source target in debian/rules.

 -- Thomas Goirand <zigo@debian.org>  Thu, 19 Jul 2012 06:21:30 +0000

keystone (2012.1.1-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Fri, 22 Jun 2012 09:41:24 +0200

keystone (2012.1-3) unstable; urgency=low

  * Add logrotate for keystone.log. Closes: #663717

 -- Mehdi Abaakouk <sileht@sileht.net>  Tue, 22 May 2012 14:48:56 +0200

keystone (2012.1-2) unstable; urgency=low

  * Fixed python version requisites on webob and pam. Closes: #665804

 -- Ghe Rivero <ghe.rivero@stackops.com>  Wed, 02 May 2012 10:17:35 +0200

keystone (2012.1-1) unstable; urgency=low

  * New upstream release

 -- Ghe Rivero <ghe.rivero@stackops.com>  Mon, 09 Apr 2012 09:06:22 +0200

keystone (2012.1~rc2-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Wed, 04 Apr 2012 10:09:36 +0200

keystone (2012.1~rc1-2) unstable; urgency=low

  * Removed check timeout from keystone.postinst. Closes: #665739

 -- Ghe Rivero <ghe@debian.org>  Tue, 27 Mar 2012 13:12:01 +0200

keystone (2012.1~rc1-1) unstable; urgency=low

  * New upstream release.

 -- Ghe Rivero <ghe.rivero@stackops.com>  Sat, 24 Mar 2012 09:14:50 +0100

keystone (2012.1~e4+git35-g4e4f793-1) UNRELEASED; urgency=low

  [ Julien Danjou ]
  * Install egg-info
  This is needed at least for Swift.

  [ Ghe Rivero ]
  * Added keystone/auth-token question. Closes: #662458

 -- Julien Danjou <acid@debian.org>  Fri, 02 Mar 2012 10:34:30 +0100

keystone (2012.1~e4-1) unstable; urgency=low

  *  New upstream release

 -- Ghe Rivero <ghe@debian.org>  Fri, 02 Mar 2012 08:38:43 +0100

keystone (2012.1~e3+git772-g6919b05-1) UNRELEASED; urgency=low

  [ Julien Danjou ]
  * Fix permissions /etc/keystone
  * Add projectmanager role on initial database creation
  * Do not run dbconfig by default
    That fixes LP#931236 until #607171 is fixed in dbconfig-common.
    Patch based on:
    http://bazaar.launchpad.net/~ubuntu-server-dev/keystone/essex/revision/83

 -- Julien Danjou <acid@debian.org>  Mon, 06 Feb 2012 10:35:52 +0100
  
keystone (2012.1~e3-4) unstable; urgency=low

  * Add missing python-migrate, python-prettytable, python-mox in
    build deps (Closes: #658592)
  * Deactivate tests because they fails (upstream problem)

 -- Julien Danjou <acid@debian.org>  Mon, 06 Feb 2012 10:35:52 +0100

keystone (2012.1~e3-3) unstable; urgency=low

  * Add missing dependency on python-dateutil

 -- Julien Danjou <acid@debian.org>  Tue, 31 Jan 2012 12:37:35 +0100

keystone (2012.1~e3-2) unstable; urgency=low

  * Add dbconfig prerm

 -- Julien Danjou <acid@debian.org>  Fri, 27 Jan 2012 16:13:48 +0100

keystone (2012.1~e3-1) unstable; urgency=low

  * New upstream release.
  * Use dbconfig to configure database

 -- Julien Danjou <acid@debian.org>  Thu, 26 Jan 2012 17:03:10 +0100

keystone (2012.1~e2-4) unstable; urgency=low

  * Fix default location of keystone db file

 -- Ghe Rivero <ghe@debian.org>  Tue, 24 Jan 2012 09:43:15 +0100

keystone (2012.1~e2-3) unstable; urgency=low

  * Add missing build depends on python-nose (Closes: #652805)
  * Remove useless python fields in control

 -- Julien Danjou <acid@debian.org>  Tue, 27 Dec 2011 11:40:18 +0100

keystone (2012.1~e2-2) unstable; urgency=low

  * Fix init script

 -- Julien Danjou <acid@debian.org>  Mon, 19 Dec 2011 17:16:48 +0100

keystone (2012.1~e2-1) unstable; urgency=low

  * New upstream release.
  * Disable doc building because it's currently failing.

 -- Julien Danjou <acid@debian.org>  Fri, 16 Dec 2011 11:12:44 +0100

keystone (2012.1~e1-2) unstable; urgency=low

  * Fix python-keystone installation file by including only keystone lib
    (Closes: #649907).
  * Add missing manpages.

 -- Julien Danjou <acid@debian.org>  Fri, 25 Nov 2011 10:43:59 +0100

keystone (2012.1~e1-1) unstable; urgency=low

  * New upstream release.
  * Cherry-pick 33c1c9390331b3bacd3791b537b6a1147715925c from upstream to
    fix documentation building.

 -- Julien Danjou <acid@debian.org>  Thu, 24 Nov 2011 16:21:50 +0100

keystone (2011.3-1) unstable; urgency=low

  * Initial release (Closes: #647611)

 -- Julien Danjou <acid@debian.org>  Tue, 15 Nov 2011 11:29:13 +0100
