Hello community, here is the log from the commit of package python-keystoneclient.1785 for openSUSE:12.3:Update checked in at 2013-06-27 16:18:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/python-keystoneclient.1785 (Old) and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "python-keystoneclient.1785" Changes: -------- New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes 2013-06-27 16:18:56.000000000 +0200 @@ -0,0 +1,221 @@ +------------------------------------------------------------------- +Mon Jun 17 09:04:14 UTC 2013 - vu...@suse.com + +- Add CVE-2013-2013.patch: allow secure user password update + (CVE-2013-2013, bnc#817415). + +------------------------------------------------------------------- +Mon Mar 11 10:01:24 UTC 2013 - vu...@suse.com + +- Update 12.3 packages to Folsom as of March 5th. This comes with· + security fixes and bug fixes that we need to have OpenStack work + nicely. Fix bnc#802278. + +------------------------------------------------------------------- +Wed Mar 6 14:01:15 UTC 2013 - vu...@suse.com + +- Add compat-newer-requests.patch: take patches from upstream to + allow working with newer versions of python-requests. + +------------------------------------------------------------------- +Thu Jan 10 11:55:04 UTC 2013 - sasc...@suse.de + +- Recommend python-keyring + +------------------------------------------------------------------- +Wed Jan 9 13:52:31 UTC 2013 - vu...@suse.com + +- Add missing Requires on python-requests: without it, the keystone + executable won't even start. + +------------------------------------------------------------------- +Mon Jan 7 12:44:14 UTC 2013 - sasc...@suse.de + +- Fix PKI example certs location for testsuite + +-------------------------------------------------------------------- +Mon Jan 7 08:27:30 UTC 2013 - sasc...@suse.de + +- Update to version 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb: + + Add support for user groups + + Make it possible to debug by running module. + + remove unused import + + Bug 1052674: added support for Swift cache + + Add file 'ChangeLog' to MANIFEST.in + + Use requests module for HTTP/HTTPS + + Print to stderr when keyring module is missing. + + Prevent an uncaught exception from being rasied. + + modify ca-certificate default value + + URL-encode user-supplied tokens (bug 974319) + + Fix middleware logging for swift + + Fix keystoneclient user-list output order + + Misspelling error in README.rst + + Rename --no_cache to --os_cache. + + Make use_keyring False by default. + + bug-1040361: use keyring to store tokens + + Don't try to split a list of memcache servers + + Drop hashlib/hmac from pip-requires. + + Add --version CLI opt and __version__ module attr + + Add Ec2Signer utility class to keystoneclient + + Add command to allow users to change their own password + + updating PEP8 to 1.3.3 + + Correct a misspelled in comments + + Remove Policy.endpoint_id reference + + Fix scoped auth for non-admins (bug 1081192) + + Throw validation response into the environment + + fixes auth_ref initialization error + + Update README and CLI help + + Add auth-token code to keystoneclient, along with supporting files + + Make initial structural changes to keystoneclient in preparation +- Use --install-data=%{python_sitelib} to install novaclient/versioninfo + into the correct location (instead of %{_prefix}) + +------------------------------------------------------------------- +Wed Dec 5 09:30:38 UTC 2012 - sasc...@suse.de + +- Use @PARENT_TAG@ in _service file to automate versioning + +------------------------------------------------------------------- +Thu Nov 15 09:17:10 UTC 2012 - sasc...@suse.de + +- Use openstack-macros +- Run fdupes on HTML documentation + +------------------------------------------------------------------- +Fri Nov 9 14:28:05 UTC 2012 - sasc...@suse.de + +- Downgrade version to new upstream scheme: 0.1.3 (bnc#787387) + +------------------------------------------------------------------- +Thu Nov 8 10:39:13 UTC 2012 - sasc...@suse.de + +- Drop from_vcs build flag + +------------------------------------------------------------------- +Tue Oct 30 10:14:40 UTC 2012 - sasc...@suse.de + +- Add Provides/Obsoletes for openSUSE-12.2 package name + (openstack-keystoneclient and python-python-keystoneclient) + +------------------------------------------------------------------- +Fri Oct 12 13:26:06 UTC 2012 - vu...@suse.com + +- Update to version 2012.2 (Folsom), which is really 0.1.3: + + See https://github.com/openstack/python-keystoneclient/commits/0.1.3 +- Install bash completion for 'keystone' binary +- Buildrequire python-base instead of python-devel: + + Sufficient for Python-only modules (containing no C/C++ code) +- Additional Buildrequires for documentation + +------------------------------------------------------------------- +Mon Oct 1 09:28:18 UTC 2012 - jenk...@suse.de + +- Update to latest git (6c127df): + + Fix PEP8 issues. + + fixing pep8 formatting for 1.0.1+ pep8 + + Fixed httplib2 mocking (bug 1050091, bug 1050097) + + Require httplib2 version 0.7 or higher. + + removing deprecated commandline options + + Handle "503 Service Unavailable" exception. + + Fixes setup compatibility issue on Windows + + switching options to match authentication paths + + Add wrap option to keystone token-get for humans + + Allow empty description for tenants. + + pep8 1.3.1 cleanup + +------------------------------------------------------------------- +Fri Aug 24 19:00:18 UTC 2012 - jenk...@suse.de + +- Update to latest git (b391319): + + Add nosehtmloutput as a test dependency. + +------------------------------------------------------------------- +Thu Aug 23 22:05:51 UTC 2012 - jenk...@suse.de + +- Update to latest git (ad9dee5): + + Change underscores in new cert options to dashes + + splitting http req and resp logging also some pep8 cleanup in shell.py + +------------------------------------------------------------------- +Thu Aug 2 16:27:37 UTC 2012 - rha...@suse.de + +- Fixed dependencies, package required python-simplejson + +------------------------------------------------------------------- +Sat Jul 28 08:32:28 UTC 2012 - cth...@suse.com + +- add BuildRequires to python-httplib2, to fix documentation building + +------------------------------------------------------------------- +Sat Jul 28 08:30:58 UTC 2012 - jenk...@suse.de + +- Update to latest git (dec8f77): + + Add '--insecure' commandline argument + +------------------------------------------------------------------- +Sat Jul 28 08:29:09 UTC 2012 - cth...@suse.com + +- remove insecure-commandline-argument.patch which has been merged upstream: + https://review.openstack.org/#/c/9582/ + +------------------------------------------------------------------- +Fri Jul 27 08:13:20 UTC 2012 - cth...@suse.com + +- rebase insecure-commandline-argument.patch to master +- adapt doc paths for building from master + +------------------------------------------------------------------- +Thu Jul 26 10:38:47 UTC 2012 - sasc...@suse.de + +- Require python-distribute, /usr/bin/keystone needs it + +------------------------------------------------------------------- +Tue Jul 10 09:54:26 UTC 2012 - sasc...@suse.de + +- Add '--insecure' commandline argument to ignore (amongst others) + self-signed certificate errors + +------------------------------------------------------------------- +Wed Jun 27 10:02:48 UTC 2012 - sasc...@suse.de + +- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV +- Simplify from_vcs macros + +------------------------------------------------------------------- +Tue Jun 26 11:43:43 UTC 2012 - sasc...@suse.de + +- Consistent package summaries +- Macro cleanup: + + Package is noarch except for SLE-11 +- Added rpmlintrc for non-issues +- Use correct upstream URL +- Remove empty %check section +- The doc package should require the base package + +------------------------------------------------------------------- +Thu May 24 11:03:22 MDT 2012 - jfeh...@suse.com + ++++ 24 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes New: ---- CVE-2013-2013.patch _service compat-newer-requests.patch openstack-keystone.sh python-keystoneclient-master.tar.gz python-keystoneclient.changes python-keystoneclient.spec rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-keystoneclient.spec ++++++ # # spec file for package python-keystoneclient # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component keystoneclient Name: python-%{component} Version: 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb Release: 0 Summary: Openstack Identity (Keystone) API Client License: Apache-2.0 Group: Development/Languages/Python Url: http://launchpad.net/python-keystoneclient Source: python-keystoneclient-master.tar.gz Source2: openstack-keystone.sh # PATCH-FIX-UPSTREAM compat-newer-requests.patch vu...@suse.com -- Add patches from git to work with more recent versions of python-requests Patch0: compat-newer-requests.patch # PATCH-FIX-UPSTREAM CVE-2013-2013.patch -- allow secure user password update Patch1: CVE-2013-2013.patch BuildRequires: fdupes BuildRequires: openstack-macros BuildRequires: python-base BuildRequires: python-distribute # Packages below are only needed for documentation build BuildRequires: python-Sphinx BuildRequires: python-WebOb BuildRequires: python-argparse BuildRequires: python-httplib2 BuildRequires: python-iso8601 BuildRequires: python-prettytable BuildRequires: python-requests Requires: python >= 2.6.8 # /usr/bin/keystone uses pkg_resources, thus: Requires: python-distribute Requires: python-httplib2 Requires: python-prettytable Requires: python-requests Requires: python-simplejson Recommends: python-keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif # Provides/Obsoletes for openSUSE-12.2 package names: Provides: openstack-%{component} = %{version} Obsoletes: openstack-%{component} < %{version} Provides: python-python-%{component} = %{version} Obsoletes: python-python-%{component} < %{version} %description This is a client for the OpenStack Keystone API. There's a Python API (the keystoneclient module), and a command-line tool (keystone). %package doc Summary: Openstack Identity (Keystone) API Client - Documentation Group: Documentation/HTML Requires: %{name} = %{version} %description doc This package contains documentation files for %{name}. %package test Summary: Openstack Identity (Keystone) API Client - Testsuite Group: System/Management Requires: %{name} = %{version} Requires: python-coverage Requires: python-mock Requires: python-mox Requires: python-nose Requires: python-nose-exclude #openstack.nose_plugin Requires: python-nosehtmloutput Requires: python-pep8 Requires: python-unittest2 %description test This package contains testsuite files for %{name}. %prep %setup -q -n python-keystoneclient-0.2.1.3.gd37a3fb # Fix example PKI certs location for testsuite: sed -i "s|python-keystoneclient/examples|python-keystoneclient-test/examples|" tests/test_auth_token_middleware.py %patch0 -p1 %patch1 -p1 %openstack_cleanup_prep %build python setup.py build python setup.py build_sphinx # Currently no man pages: #python setup.py build_sphinx -b man %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} --install-data=%{python_sitelib} rm -rf doc/build/html/{.buildinfo,.doctrees} %fdupes doc ### bash-completion install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/bash_completion.d/openstack-keystone.sh ### test subpackage %openstack_test_package_install %files %defattr(-,root,root,-) %doc LICENSE README.rst %{_sysconfdir}/bash_completion.d/openstack-keystone.sh %{_bindir}/keystone %{python_sitelib}/%{component}/ %{python_sitelib}/python_%{component}-*.egg-info %files doc %defattr(-,root,root,-) %doc LICENSE doc/build/html %files test %defattr(-,root,root,-) %{_localstatedir}/lib/%{name}-test/ %changelog ++++++ CVE-2013-2013.patch ++++++ (patch manually tweaked to apply) >From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001 From: Pradeep Kilambi <pkila...@cisco.com> Date: Thu, 9 May 2013 09:29:02 -0700 Subject: [PATCH] Allow secure user password update. This patch allows the ability for user password to be updated via a command prompt so the password doesnt show up in the bash history. The prompted password is asked twice to verify the match. If user cntl-D's the prompt a message appears suggesting user to use either of the options to update the password. Fixes: bug#938315 Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39 --- keystoneclient/utils.py | 23 ++++++++++++++++++++++- keystoneclient/v2_0/shell.py | 10 ++++++++-- 2 files changed, 30 insertions(+), 3 deletions(-) diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py index 3d708ca..f45ec34 100644 --- a/keystoneclient/utils.py +++ b/keystoneclient/utils.py @@ -1,5 +1,7 @@ -import uuid +import getpass import hashlib +import sys +import uuid import prettytable @@ -128,3 +130,22 @@ def hash_signed_token(signed_text): hash_ = hashlib.md5() hash_.update(signed_text) return hash_.hexdigest() + + +def prompt_for_password(): + """ + Prompt user for password if not provided so the password + doesn't show up in the bash history. + """ + if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()): + # nothing to do + return + + while True: + try: + new_passwd = getpass.getpass('New Password: ') + rep_passwd = getpass.getpass('Repeat New Password: ') + if new_passwd == rep_passwd: + return new_passwd + except EOFError: + return diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py index 4c53cf7..0c7c233 100755 --- a/keystoneclient/v2_0/shell.py +++ b/keystoneclient/v2_0/shell.py @@ -17,6 +17,7 @@ import argparse import getpass +import sys from keystoneclient.v2_0 import client from keystoneclient import utils @@ -103,12 +104,17 @@ def do_user_update(kc, args): print 'Unable to update user: %s' % e -@utils.arg('--pass', metavar='<password>', dest='passwd', required=True, +@utils.arg('--pass', metavar='<password>', dest='passwd', required=False, help='Desired new password') @utils.arg('id', metavar='<user-id>', help='User ID to update') def do_user_password_update(kc, args): """Update user password""" - kc.users.update_password(args.id, args.passwd) + new_passwd = args.passwd or utils.prompt_for_password() + if new_passwd is None: + msg = ("\nPlease specify password using the --pass option " + "or using the prompt") + sys.exit(msg) + kc.users.update_password(args.id, new_passwd) @utils.arg('--current-password', metavar='<current-password>', -- 1.8.1.4 ++++++ _service ++++++ <services> <service name="git_tarballs" mode="disabled"> <param name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-master.tar.gz</param> <param name="email">cloud-de...@suse.de</param> </service> </services> ++++++ compat-newer-requests.patch ++++++ Based on the following commits (but tweaked to apply to this tarball): commit dd24bcf15c5e690c56619e92b11fd4a340572fb5 Author: Yaguang Tang <yaguang.t...@canonical.com> Date: Mon Dec 31 00:31:50 2012 +0800 Pin requests to >=0.8.8. requests add SSL CERT VERIFICATION support since 0.8.8. fix bug #1094699 Change-Id: I7974983087f7483283438906d738bec7cba84ed2 commit b998ff92527cf542f7e8db127cd65bfc7ccceb1a Author: Chuck Short <chuck.sh...@canonical.com> Date: Wed Feb 6 09:36:51 2013 -0600 Allow requests up to 0.8 and greater The requests module dropped all configuration with the 1.0.0 release. There's no danger_mode and no 'verbose'' mode. The former shouldn't be necessary anymore and the latter can be done by setting a different log handler for the request.logging root logger. Change-Id: I41bfaf2574f6d7fc21f86e0124ceae7df6481eee Signed-off-by: Chuck Short <chuck.sh...@canonical.com> diff --git a/tools/pip-requires b/tools/pip-requires index fab4830..0019f6c 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -1,4 +1,4 @@ argparse prettytable -requests<1.0 +requests>=0.8.8,<1.0 simplejson diff --git a/keystoneclient/client.py b/keystoneclient/client.py index 0233aeb..14c38b0 100644 --- a/keystoneclient/client.py +++ b/keystoneclient/client.py @@ -50,10 +50,6 @@ class HTTPClient(object): USER_AGENT = 'python-keystoneclient' - requests_config = { - 'danger_mode': False, - } - def __init__(self, username=None, tenant_id=None, tenant_name=None, password=None, auth_url=None, region_name=None, timeout=None, endpoint=None, token=None, cacert=None, key=None, @@ -121,7 +117,8 @@ class HTTPClient(object): ch = logging.StreamHandler() _logger.setLevel(logging.DEBUG) _logger.addHandler(ch) - self.requests_config['verbose'] = sys.stderr + if hasattr(requests, logging): + requests.logging.getLogger(requests.__name__).addHandler(ch) # keyring setup self.use_keyring = use_keyring and keyring_available @@ -336,7 +333,6 @@ class HTTPClient(object): method, url, verify=self.verify_cert, - config=self.requests_config, **request_kwargs) self.http_log_resp(resp) diff --git a/tests/utils.py b/tests/utils.py index 6e8dbaf..9d9bf8d 100644 --- a/tests/utils.py +++ b/tests/utils.py @@ -17,7 +17,6 @@ class TestCase(testtools.TestCase): TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/' TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0') TEST_REQUEST_BASE = { - 'config': {'danger_mode': False}, 'verify': True, } @@ -94,7 +93,6 @@ class UnauthenticatedTestCase(testtools.TestCase): TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/' TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0') TEST_REQUEST_BASE = { - 'config': {'danger_mode': False}, 'verify': True, } diff --git a/tests/v3/utils.py b/tests/v3/utils.py index e2a1412..bfb3861 100644 --- a/tests/v3/utils.py +++ b/tests/v3/utils.py @@ -40,7 +40,6 @@ class TestCase(testtools.TestCase): TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/' TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3') TEST_REQUEST_BASE = { - 'config': {'danger_mode': False}, 'verify': True, } @@ -70,7 +69,6 @@ class UnauthenticatedTestCase(testtools.TestCase): TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/' TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3') TEST_REQUEST_BASE = { - 'config': {'danger_mode': False}, 'verify': True, } diff --git a/tools/pip-requires b/tools/pip-requires index f93089e..81d0663 100644 --- a/tools/pip-requires +++ b/tools/pip-requires @@ -1,4 +1,4 @@ argparse prettytable -requests>=0.8.8,<1.0 +requests>=0.8.8 simplejson ++++++ openstack-keystone.sh ++++++ # bash completion for openstack keystone # by Dominik Heidler <dheidler suse.de> _keystone_opts="" # lazy init _keystone_opts_exp="" # lazy init _keystone() { local cur prev COMPREPLY=() cur="${COMP_WORDS[COMP_CWORD]}" prev="${COMP_WORDS[COMP_CWORD-1]}" if [ "x$_keystone_opts" == "x" ] ; then _keystone_opts="`keystone bash-completion 2>&1 | tail -n1 | sed -e "s/^.*(choose from //" -e "s/)$//" -e "s/,//g" -e "s/'//g"`" _keystone_opts_exp="`echo $_keystone_opts | sed -e "s/\s/|/g"`" fi if [[ ! " ${COMP_WORDS[@]} " =~ " "($_keystone_opts_exp)" " || "$prev" == "help" ]] ; then COMPREPLY=($(compgen -W "${_keystone_opts}" -- ${cur})) fi return 0 } complete -F _keystone keystone ++++++ rpmlintrc ++++++ # Bash completion files reside in /etc but are not meant to be configurable: addFilter("non-conffile-in-etc /etc/bash_completion.d/openstack-keystone.sh") # This symling is for the -test package and can be ignored: addFilter("dangling-symlink /var/lib/python-keystoneclient-test/keystoneclient") -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org