Hello community,

here is the log from the commit of package python-keystoneclient.1785 for 
openSUSE:12.3:Update checked in at 2013-06-27 16:18:54
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:12.3:Update/python-keystoneclient.1785 (Old)
 and      /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "python-keystoneclient.1785"

Changes:
--------
New Changes file:

--- /dev/null   2013-06-25 18:53:24.372030255 +0200
+++ 
/work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes
        2013-06-27 16:18:56.000000000 +0200
@@ -0,0 +1,221 @@
+-------------------------------------------------------------------
+Mon Jun 17 09:04:14 UTC 2013 - vu...@suse.com
+
+- Add CVE-2013-2013.patch: allow secure user password update
+  (CVE-2013-2013, bnc#817415).
+
+-------------------------------------------------------------------
+Mon Mar 11 10:01:24 UTC 2013 - vu...@suse.com
+
+- Update 12.3 packages to Folsom as of March 5th. This comes with·
+  security fixes and bug fixes that we need to have OpenStack work
+  nicely. Fix bnc#802278.
+
+-------------------------------------------------------------------
+Wed Mar  6 14:01:15 UTC 2013 - vu...@suse.com
+
+- Add compat-newer-requests.patch: take patches from upstream to
+  allow working with newer versions of python-requests.
+
+-------------------------------------------------------------------
+Thu Jan 10 11:55:04 UTC 2013 - sasc...@suse.de
+
+- Recommend python-keyring
+
+-------------------------------------------------------------------
+Wed Jan  9 13:52:31 UTC 2013 - vu...@suse.com
+
+- Add missing Requires on python-requests: without it, the keystone
+  executable won't even start.
+
+-------------------------------------------------------------------
+Mon Jan  7 12:44:14 UTC 2013 - sasc...@suse.de
+
+- Fix PKI example certs location for testsuite
+
+--------------------------------------------------------------------
+Mon Jan  7 08:27:30 UTC 2013 - sasc...@suse.de
+
+- Update to version 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb:
+  + Add support for user groups
+  + Make it possible to debug by running module.
+  + remove unused import
+  + Bug 1052674: added support for Swift cache
+  + Add file 'ChangeLog' to MANIFEST.in
+  + Use requests module for HTTP/HTTPS
+  + Print to stderr when keyring module is missing.
+  + Prevent an uncaught exception from being rasied.
+  + modify ca-certificate default value
+  + URL-encode user-supplied tokens (bug 974319)
+  + Fix middleware logging for swift
+  + Fix keystoneclient user-list output order
+  + Misspelling error in README.rst
+  + Rename --no_cache to --os_cache.
+  + Make use_keyring False by default.
+  + bug-1040361: use keyring to store tokens
+  + Don't try to split a list of memcache servers
+  + Drop hashlib/hmac from pip-requires.
+  + Add --version CLI opt and __version__ module attr
+  + Add Ec2Signer utility class to keystoneclient
+  + Add command to allow users to change their own password
+  + updating PEP8 to 1.3.3
+  + Correct a misspelled in comments
+  + Remove Policy.endpoint_id reference
+  + Fix scoped auth for non-admins (bug 1081192)
+  + Throw validation response into the environment
+  + fixes auth_ref initialization error
+  + Update README and CLI help
+  + Add auth-token code to keystoneclient, along with supporting files
+  + Make initial structural changes to keystoneclient in preparation
+- Use --install-data=%{python_sitelib} to install novaclient/versioninfo
+  into the correct location (instead of %{_prefix})
+
+-------------------------------------------------------------------
+Wed Dec  5 09:30:38 UTC 2012 - sasc...@suse.de
+
+- Use @PARENT_TAG@ in _service file to automate versioning
+
+-------------------------------------------------------------------
+Thu Nov 15 09:17:10 UTC 2012 - sasc...@suse.de
+
+- Use openstack-macros
+- Run fdupes on HTML documentation
+
+-------------------------------------------------------------------
+Fri Nov  9 14:28:05 UTC 2012 - sasc...@suse.de
+
+- Downgrade version to new upstream scheme: 0.1.3 (bnc#787387)
+
+-------------------------------------------------------------------
+Thu Nov  8 10:39:13 UTC 2012 - sasc...@suse.de
+
+- Drop from_vcs build flag
+
+-------------------------------------------------------------------
+Tue Oct 30 10:14:40 UTC 2012 - sasc...@suse.de
+
+- Add Provides/Obsoletes for openSUSE-12.2 package name
+  (openstack-keystoneclient and python-python-keystoneclient)
+
+-------------------------------------------------------------------
+Fri Oct 12 13:26:06 UTC 2012 - vu...@suse.com
+
+- Update to version 2012.2 (Folsom), which is really 0.1.3:
+  + See https://github.com/openstack/python-keystoneclient/commits/0.1.3
+- Install bash completion for 'keystone' binary
+- Buildrequire python-base instead of python-devel:
+  + Sufficient for Python-only modules (containing no C/C++ code)
+- Additional Buildrequires for documentation
+
+-------------------------------------------------------------------
+Mon Oct  1 09:28:18 UTC 2012 - jenk...@suse.de
+
+- Update to latest git (6c127df):
+  + Fix PEP8 issues.
+  + fixing pep8 formatting for 1.0.1+ pep8
+  + Fixed httplib2 mocking (bug 1050091, bug 1050097)
+  + Require httplib2 version 0.7 or higher.
+  + removing deprecated commandline options
+  + Handle "503 Service Unavailable" exception.
+  + Fixes setup compatibility issue on Windows
+  + switching options to match authentication paths
+  + Add wrap option to keystone token-get for humans
+  + Allow empty description for tenants.
+  + pep8 1.3.1 cleanup
+
+-------------------------------------------------------------------
+Fri Aug 24 19:00:18 UTC 2012 - jenk...@suse.de
+
+- Update to latest git (b391319):
+  + Add nosehtmloutput as a test dependency.
+
+-------------------------------------------------------------------
+Thu Aug 23 22:05:51 UTC 2012 - jenk...@suse.de
+
+- Update to latest git (ad9dee5):
+  + Change underscores in new cert options to dashes
+  + splitting http req and resp logging also some pep8 cleanup in shell.py
+
+-------------------------------------------------------------------
+Thu Aug  2 16:27:37 UTC 2012 - rha...@suse.de
+
+- Fixed dependencies, package required python-simplejson
+
+-------------------------------------------------------------------
+Sat Jul 28 08:32:28 UTC 2012 - cth...@suse.com
+
+- add BuildRequires to python-httplib2, to fix documentation building 
+
+-------------------------------------------------------------------
+Sat Jul 28 08:30:58 UTC 2012 - jenk...@suse.de
+
+- Update to latest git (dec8f77):
+  + Add '--insecure' commandline argument
+
+-------------------------------------------------------------------
+Sat Jul 28 08:29:09 UTC 2012 - cth...@suse.com
+
+- remove insecure-commandline-argument.patch which has been merged upstream:
+  https://review.openstack.org/#/c/9582/ 
+
+-------------------------------------------------------------------
+Fri Jul 27 08:13:20 UTC 2012 - cth...@suse.com
+
+- rebase insecure-commandline-argument.patch to master 
+- adapt doc paths for building from master
+
+-------------------------------------------------------------------
+Thu Jul 26 10:38:47 UTC 2012 - sasc...@suse.de
+
+- Require python-distribute, /usr/bin/keystone needs it
+
+-------------------------------------------------------------------
+Tue Jul 10 09:54:26 UTC 2012 - sasc...@suse.de
+
+- Add '--insecure' commandline argument to ignore (amongst others)
+  self-signed certificate errors
+
+-------------------------------------------------------------------
+Wed Jun 27 10:02:48 UTC 2012 - sasc...@suse.de
+
+- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV
+- Simplify from_vcs macros
+
+-------------------------------------------------------------------
+Tue Jun 26 11:43:43 UTC 2012 - sasc...@suse.de
+
+- Consistent package summaries
+- Macro cleanup:
+  + Package is noarch except for SLE-11
+- Added rpmlintrc for non-issues
+- Use correct upstream URL
+- Remove empty %check section
+- The doc package should require the base package
+
+-------------------------------------------------------------------
+Thu May 24 11:03:22 MDT 2012 - jfeh...@suse.com
+
++++ 24 more lines (skipped)
++++ between /dev/null
++++ and 
/work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes

New:
----
  CVE-2013-2013.patch
  _service
  compat-newer-requests.patch
  openstack-keystone.sh
  python-keystoneclient-master.tar.gz
  python-keystoneclient.changes
  python-keystoneclient.spec
  rpmlintrc

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ python-keystoneclient.spec ++++++
#
# spec file for package python-keystoneclient
#
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


%define component keystoneclient

Name:           python-%{component}
Version:        0.2.1.3.gd37a3fb+git.1357543650.d37a3fb
Release:        0
Summary:        Openstack Identity (Keystone) API Client
License:        Apache-2.0
Group:          Development/Languages/Python
Url:            http://launchpad.net/python-keystoneclient
Source:         python-keystoneclient-master.tar.gz
Source2:        openstack-keystone.sh
# PATCH-FIX-UPSTREAM compat-newer-requests.patch vu...@suse.com -- Add patches 
from git to work with more recent versions of python-requests
Patch0:         compat-newer-requests.patch
# PATCH-FIX-UPSTREAM CVE-2013-2013.patch -- allow secure user password update
Patch1:         CVE-2013-2013.patch
BuildRequires:  fdupes
BuildRequires:  openstack-macros
BuildRequires:  python-base
BuildRequires:  python-distribute
# Packages below are only needed for documentation build
BuildRequires:  python-Sphinx
BuildRequires:  python-WebOb
BuildRequires:  python-argparse
BuildRequires:  python-httplib2
BuildRequires:  python-iso8601
BuildRequires:  python-prettytable
BuildRequires:  python-requests
Requires:       python >= 2.6.8
# /usr/bin/keystone uses pkg_resources, thus:
Requires:       python-distribute
Requires:       python-httplib2
Requires:       python-prettytable
Requires:       python-requests
Requires:       python-simplejson
Recommends:     python-keyring
BuildRoot:      %{_tmppath}/%{name}-%{version}-build
%if 0%{?suse_version} && 0%{?suse_version} <= 1110
%{!?python_sitelib: %global python_sitelib %(python -c "from 
distutils.sysconfig import get_python_lib; print get_python_lib()")}
%else
BuildArch:      noarch
%endif
# Provides/Obsoletes for openSUSE-12.2 package names:
Provides:       openstack-%{component} = %{version}
Obsoletes:      openstack-%{component} < %{version}
Provides:       python-python-%{component} = %{version}
Obsoletes:      python-python-%{component} < %{version}

%description
This is a client for the OpenStack Keystone API. There's a Python API
(the keystoneclient module), and a command-line tool (keystone).

%package doc
Summary:        Openstack Identity (Keystone) API Client - Documentation
Group:          Documentation/HTML
Requires:       %{name} = %{version}

%description doc
This package contains documentation files for %{name}.

%package test
Summary:        Openstack Identity (Keystone) API Client - Testsuite
Group:          System/Management
Requires:       %{name} = %{version}
Requires:       python-coverage
Requires:       python-mock
Requires:       python-mox
Requires:       python-nose
Requires:       python-nose-exclude
#openstack.nose_plugin
Requires:       python-nosehtmloutput
Requires:       python-pep8
Requires:       python-unittest2

%description test
This package contains testsuite files for %{name}.

%prep
%setup -q -n python-keystoneclient-0.2.1.3.gd37a3fb
# Fix example PKI certs location for testsuite:
sed -i "s|python-keystoneclient/examples|python-keystoneclient-test/examples|" 
tests/test_auth_token_middleware.py
%patch0 -p1
%patch1 -p1
%openstack_cleanup_prep

%build
python setup.py build
python setup.py build_sphinx
# Currently no man pages:
#python setup.py build_sphinx -b man

%install
python setup.py install --prefix=%{_prefix} --root=%{buildroot} 
--install-data=%{python_sitelib}

rm -rf doc/build/html/{.buildinfo,.doctrees}
%fdupes doc

### bash-completion
install -p -D -m 644 %{SOURCE2} 
%{buildroot}%{_sysconfdir}/bash_completion.d/openstack-keystone.sh

### test subpackage
%openstack_test_package_install

%files
%defattr(-,root,root,-)
%doc LICENSE README.rst
%{_sysconfdir}/bash_completion.d/openstack-keystone.sh
%{_bindir}/keystone
%{python_sitelib}/%{component}/
%{python_sitelib}/python_%{component}-*.egg-info

%files doc
%defattr(-,root,root,-)
%doc LICENSE doc/build/html

%files test
%defattr(-,root,root,-)
%{_localstatedir}/lib/%{name}-test/

%changelog
++++++ CVE-2013-2013.patch ++++++
(patch manually tweaked to apply)

>From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001
From: Pradeep Kilambi <pkila...@cisco.com>
Date: Thu, 9 May 2013 09:29:02 -0700
Subject: [PATCH] Allow secure user password update.

This patch allows the ability for user password to be updated via
a command prompt so the password doesnt show up in the bash history.
The prompted password is asked twice to verify the match.
If user cntl-D's the prompt a message appears suggesting user to use
either of the options to update the password.

Fixes: bug#938315

Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
---
 keystoneclient/utils.py      | 23 ++++++++++++++++++++++-
 keystoneclient/v2_0/shell.py | 10 ++++++++--
 2 files changed, 30 insertions(+), 3 deletions(-)

diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py
index 3d708ca..f45ec34 100644
--- a/keystoneclient/utils.py
+++ b/keystoneclient/utils.py
@@ -1,5 +1,7 @@
-import uuid
+import getpass
 import hashlib
+import sys
+import uuid
 
 import prettytable
 
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
     hash_ = hashlib.md5()
     hash_.update(signed_text)
     return hash_.hexdigest()
+
+
+def prompt_for_password():
+    """
+     Prompt user for password if not provided so the password
+     doesn't show up in the bash history.
+    """
+    if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
+        # nothing to do
+        return
+
+    while True:
+        try:
+            new_passwd = getpass.getpass('New Password: ')
+            rep_passwd = getpass.getpass('Repeat New Password: ')
+            if new_passwd == rep_passwd:
+                return new_passwd
+        except EOFError:
+            return
diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
index 4c53cf7..0c7c233 100755
--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -17,6 +17,7 @@
 
 import argparse
 import getpass
+import sys
 
 from keystoneclient.v2_0 import client
 from keystoneclient import utils
@@ -103,12 +104,17 @@ def do_user_update(kc, args):
         print 'Unable to update user: %s' % e
 
 
-@utils.arg('--pass', metavar='<password>', dest='passwd', required=True,
+@utils.arg('--pass', metavar='<password>', dest='passwd', required=False,
            help='Desired new password')
 @utils.arg('id', metavar='<user-id>', help='User ID to update')
 def do_user_password_update(kc, args):
     """Update user password"""
-    kc.users.update_password(args.id, args.passwd)
+    new_passwd = args.passwd or utils.prompt_for_password()
+    if new_passwd is None:
+        msg = ("\nPlease specify password using the --pass option "
+               "or using the prompt")
+        sys.exit(msg)
+    kc.users.update_password(args.id, new_passwd)
 
 
 @utils.arg('--current-password', metavar='<current-password>',
-- 
1.8.1.4

++++++ _service ++++++
<services>
  <service name="git_tarballs" mode="disabled">
    <param 
name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-master.tar.gz</param>
    <param name="email">cloud-de...@suse.de</param>
  </service>
</services>
++++++ compat-newer-requests.patch ++++++
Based on the following commits (but tweaked to apply to this tarball):

commit dd24bcf15c5e690c56619e92b11fd4a340572fb5
Author: Yaguang Tang <yaguang.t...@canonical.com>
Date:   Mon Dec 31 00:31:50 2012 +0800

    Pin requests to >=0.8.8.
    
    requests add SSL CERT VERIFICATION support since 0.8.8.
    fix bug #1094699
    
    Change-Id: I7974983087f7483283438906d738bec7cba84ed2

commit b998ff92527cf542f7e8db127cd65bfc7ccceb1a
Author: Chuck Short <chuck.sh...@canonical.com>
Date:   Wed Feb 6 09:36:51 2013 -0600

    Allow requests up to 0.8 and greater
    
    The requests module dropped all configuration with the 1.0.0 release.
    There's no danger_mode and no 'verbose'' mode. The former
    shouldn't be necessary anymore and the latter can be done by setting
    a different log handler for the request.logging root logger.
    
    Change-Id: I41bfaf2574f6d7fc21f86e0124ceae7df6481eee
    Signed-off-by: Chuck Short <chuck.sh...@canonical.com>

diff --git a/tools/pip-requires b/tools/pip-requires
index fab4830..0019f6c 100644
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -1,4 +1,4 @@
 argparse
 prettytable
-requests<1.0
+requests>=0.8.8,<1.0
 simplejson
diff --git a/keystoneclient/client.py b/keystoneclient/client.py
index 0233aeb..14c38b0 100644
--- a/keystoneclient/client.py
+++ b/keystoneclient/client.py
@@ -50,10 +50,6 @@ class HTTPClient(object):
 
     USER_AGENT = 'python-keystoneclient'
 
-    requests_config = {
-        'danger_mode': False,
-    }
-
     def __init__(self, username=None, tenant_id=None, tenant_name=None,
                  password=None, auth_url=None, region_name=None, timeout=None,
                  endpoint=None, token=None, cacert=None, key=None,
@@ -121,7 +117,8 @@ class HTTPClient(object):
             ch = logging.StreamHandler()
             _logger.setLevel(logging.DEBUG)
             _logger.addHandler(ch)
-            self.requests_config['verbose'] = sys.stderr
+            if hasattr(requests, logging):
+                requests.logging.getLogger(requests.__name__).addHandler(ch)
 
         # keyring setup
         self.use_keyring = use_keyring and keyring_available
@@ -336,7 +333,6 @@ class HTTPClient(object):
             method,
             url,
             verify=self.verify_cert,
-            config=self.requests_config,
             **request_kwargs)
 
         self.http_log_resp(resp)
diff --git a/tests/utils.py b/tests/utils.py
index 6e8dbaf..9d9bf8d 100644
--- a/tests/utils.py
+++ b/tests/utils.py
@@ -17,7 +17,6 @@ class TestCase(testtools.TestCase):
     TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
     TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0')
     TEST_REQUEST_BASE = {
-        'config': {'danger_mode': False},
         'verify': True,
     }
 
@@ -94,7 +93,6 @@ class UnauthenticatedTestCase(testtools.TestCase):
     TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
     TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v2.0')
     TEST_REQUEST_BASE = {
-        'config': {'danger_mode': False},
         'verify': True,
     }
 
diff --git a/tests/v3/utils.py b/tests/v3/utils.py
index e2a1412..bfb3861 100644
--- a/tests/v3/utils.py
+++ b/tests/v3/utils.py
@@ -40,7 +40,6 @@ class TestCase(testtools.TestCase):
     TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
     TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3')
     TEST_REQUEST_BASE = {
-        'config': {'danger_mode': False},
         'verify': True,
     }
 
@@ -70,7 +69,6 @@ class UnauthenticatedTestCase(testtools.TestCase):
     TEST_ROOT_ADMIN_URL = 'http://127.0.0.1:35357/'
     TEST_ADMIN_URL = '%s%s' % (TEST_ROOT_ADMIN_URL, 'v3')
     TEST_REQUEST_BASE = {
-        'config': {'danger_mode': False},
         'verify': True,
     }
 
diff --git a/tools/pip-requires b/tools/pip-requires
index f93089e..81d0663 100644
--- a/tools/pip-requires
+++ b/tools/pip-requires
@@ -1,4 +1,4 @@
 argparse
 prettytable
-requests>=0.8.8,<1.0
+requests>=0.8.8
 simplejson
++++++ openstack-keystone.sh ++++++
# bash completion for openstack keystone
# by Dominik Heidler <dheidler suse.de>

_keystone_opts="" # lazy init
_keystone_opts_exp="" # lazy init
_keystone()
{
        local cur prev
        COMPREPLY=()
        cur="${COMP_WORDS[COMP_CWORD]}"
        prev="${COMP_WORDS[COMP_CWORD-1]}"

        if [ "x$_keystone_opts" == "x" ] ; then
                _keystone_opts="`keystone bash-completion 2>&1 | tail -n1 | sed 
-e "s/^.*(choose from //" -e "s/)$//" -e "s/,//g" -e "s/'//g"`"
                _keystone_opts_exp="`echo $_keystone_opts | sed -e "s/\s/|/g"`"
        fi

        if [[ ! " ${COMP_WORDS[@]} " =~ " "($_keystone_opts_exp)" " || "$prev" 
== "help" ]] ; then
                COMPREPLY=($(compgen -W "${_keystone_opts}" -- ${cur}))
        fi
        return 0
}
complete -F _keystone keystone
++++++ rpmlintrc ++++++
# Bash completion files reside in /etc but are not meant to be configurable:
addFilter("non-conffile-in-etc /etc/bash_completion.d/openstack-keystone.sh")
# This symling is for the -test package and can be ignored:
addFilter("dangling-symlink /var/lib/python-keystoneclient-test/keystoneclient")
-- 
To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org
For additional commands, e-mail: opensuse-commit+h...@opensuse.org

Reply via email to