commit python-keystoneclient.1785 for openSUSE:12.3:Update
![](https://seccdn.libravatar.org/avatar/e2145bc5cf53dda95c308a3c75e8fef3.jpg?s=120&d=mm&r=g)
Hello community, here is the log from the commit of package python-keystoneclient.1785 for openSUSE:12.3:Update checked in at 2013-06-27 16:18:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:12.3:Update/python-keystoneclient.1785 (Old) and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "python-keystoneclient.1785" Changes: -------- New Changes file: --- /dev/null 2013-06-25 18:53:24.372030255 +0200 +++ /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes 2013-06-27 16:18:56.000000000 +0200 @@ -0,0 +1,221 @@ +------------------------------------------------------------------- +Mon Jun 17 09:04:14 UTC 2013 - vuntz@suse.com + +- Add CVE-2013-2013.patch: allow secure user password update + (CVE-2013-2013, bnc#817415). + +------------------------------------------------------------------- +Mon Mar 11 10:01:24 UTC 2013 - vuntz@suse.com + +- Update 12.3 packages to Folsom as of March 5th. This comes with· + security fixes and bug fixes that we need to have OpenStack work + nicely. Fix bnc#802278. + +------------------------------------------------------------------- +Wed Mar 6 14:01:15 UTC 2013 - vuntz@suse.com + +- Add compat-newer-requests.patch: take patches from upstream to + allow working with newer versions of python-requests. + +------------------------------------------------------------------- +Thu Jan 10 11:55:04 UTC 2013 - saschpe@suse.de + +- Recommend python-keyring + +------------------------------------------------------------------- +Wed Jan 9 13:52:31 UTC 2013 - vuntz@suse.com + +- Add missing Requires on python-requests: without it, the keystone + executable won't even start. + +------------------------------------------------------------------- +Mon Jan 7 12:44:14 UTC 2013 - saschpe@suse.de + +- Fix PKI example certs location for testsuite + +-------------------------------------------------------------------- +Mon Jan 7 08:27:30 UTC 2013 - saschpe@suse.de + +- Update to version 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb: + + Add support for user groups + + Make it possible to debug by running module. + + remove unused import + + Bug 1052674: added support for Swift cache + + Add file 'ChangeLog' to MANIFEST.in + + Use requests module for HTTP/HTTPS + + Print to stderr when keyring module is missing. + + Prevent an uncaught exception from being rasied. + + modify ca-certificate default value + + URL-encode user-supplied tokens (bug 974319) + + Fix middleware logging for swift + + Fix keystoneclient user-list output order + + Misspelling error in README.rst + + Rename --no_cache to --os_cache. + + Make use_keyring False by default. + + bug-1040361: use keyring to store tokens + + Don't try to split a list of memcache servers + + Drop hashlib/hmac from pip-requires. + + Add --version CLI opt and __version__ module attr + + Add Ec2Signer utility class to keystoneclient + + Add command to allow users to change their own password + + updating PEP8 to 1.3.3 + + Correct a misspelled in comments + + Remove Policy.endpoint_id reference + + Fix scoped auth for non-admins (bug 1081192) + + Throw validation response into the environment + + fixes auth_ref initialization error + + Update README and CLI help + + Add auth-token code to keystoneclient, along with supporting files + + Make initial structural changes to keystoneclient in preparation +- Use --install-data=%{python_sitelib} to install novaclient/versioninfo + into the correct location (instead of %{_prefix}) + +------------------------------------------------------------------- +Wed Dec 5 09:30:38 UTC 2012 - saschpe@suse.de + +- Use @PARENT_TAG@ in _service file to automate versioning + +------------------------------------------------------------------- +Thu Nov 15 09:17:10 UTC 2012 - saschpe@suse.de + +- Use openstack-macros +- Run fdupes on HTML documentation + +------------------------------------------------------------------- +Fri Nov 9 14:28:05 UTC 2012 - saschpe@suse.de + +- Downgrade version to new upstream scheme: 0.1.3 (bnc#787387) + +------------------------------------------------------------------- +Thu Nov 8 10:39:13 UTC 2012 - saschpe@suse.de + +- Drop from_vcs build flag + +------------------------------------------------------------------- +Tue Oct 30 10:14:40 UTC 2012 - saschpe@suse.de + +- Add Provides/Obsoletes for openSUSE-12.2 package name + (openstack-keystoneclient and python-python-keystoneclient) + +------------------------------------------------------------------- +Fri Oct 12 13:26:06 UTC 2012 - vuntz@suse.com + +- Update to version 2012.2 (Folsom), which is really 0.1.3: + + See https://github.com/openstack/python-keystoneclient/commits/0.1.3 +- Install bash completion for 'keystone' binary +- Buildrequire python-base instead of python-devel: + + Sufficient for Python-only modules (containing no C/C++ code) +- Additional Buildrequires for documentation + +------------------------------------------------------------------- +Mon Oct 1 09:28:18 UTC 2012 - jenkins@suse.de + +- Update to latest git (6c127df): + + Fix PEP8 issues. + + fixing pep8 formatting for 1.0.1+ pep8 + + Fixed httplib2 mocking (bug 1050091, bug 1050097) + + Require httplib2 version 0.7 or higher. + + removing deprecated commandline options + + Handle "503 Service Unavailable" exception. + + Fixes setup compatibility issue on Windows + + switching options to match authentication paths + + Add wrap option to keystone token-get for humans + + Allow empty description for tenants. + + pep8 1.3.1 cleanup + +------------------------------------------------------------------- +Fri Aug 24 19:00:18 UTC 2012 - jenkins@suse.de + +- Update to latest git (b391319): + + Add nosehtmloutput as a test dependency. + +------------------------------------------------------------------- +Thu Aug 23 22:05:51 UTC 2012 - jenkins@suse.de + +- Update to latest git (ad9dee5): + + Change underscores in new cert options to dashes + + splitting http req and resp logging also some pep8 cleanup in shell.py + +------------------------------------------------------------------- +Thu Aug 2 16:27:37 UTC 2012 - rhafer@suse.de + +- Fixed dependencies, package required python-simplejson + +------------------------------------------------------------------- +Sat Jul 28 08:32:28 UTC 2012 - cthiel@suse.com + +- add BuildRequires to python-httplib2, to fix documentation building + +------------------------------------------------------------------- +Sat Jul 28 08:30:58 UTC 2012 - jenkins@suse.de + +- Update to latest git (dec8f77): + + Add '--insecure' commandline argument + +------------------------------------------------------------------- +Sat Jul 28 08:29:09 UTC 2012 - cthiel@suse.com + +- remove insecure-commandline-argument.patch which has been merged upstream: + https://review.openstack.org/#/c/9582/ + +------------------------------------------------------------------- +Fri Jul 27 08:13:20 UTC 2012 - cthiel@suse.com + +- rebase insecure-commandline-argument.patch to master +- adapt doc paths for building from master + +------------------------------------------------------------------- +Thu Jul 26 10:38:47 UTC 2012 - saschpe@suse.de + +- Require python-distribute, /usr/bin/keystone needs it + +------------------------------------------------------------------- +Tue Jul 10 09:54:26 UTC 2012 - saschpe@suse.de + +- Add '--insecure' commandline argument to ignore (amongst others) + self-signed certificate errors + +------------------------------------------------------------------- +Wed Jun 27 10:02:48 UTC 2012 - saschpe@suse.de + +- Change versioning scheme to $release+git.$AUTHORDATE.$COMMITREV +- Simplify from_vcs macros + +------------------------------------------------------------------- +Tue Jun 26 11:43:43 UTC 2012 - saschpe@suse.de + +- Consistent package summaries +- Macro cleanup: + + Package is noarch except for SLE-11 +- Added rpmlintrc for non-issues +- Use correct upstream URL +- Remove empty %check section +- The doc package should require the base package + +------------------------------------------------------------------- +Thu May 24 11:03:22 MDT 2012 - jfehlig@suse.com + ++++ 24 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:12.3:Update/.python-keystoneclient.1785.new/python-keystoneclient.changes New: ---- CVE-2013-2013.patch _service compat-newer-requests.patch openstack-keystone.sh python-keystoneclient-master.tar.gz python-keystoneclient.changes python-keystoneclient.spec rpmlintrc ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ python-keystoneclient.spec ++++++ # # spec file for package python-keystoneclient # # Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # %define component keystoneclient Name: python-%{component} Version: 0.2.1.3.gd37a3fb+git.1357543650.d37a3fb Release: 0 Summary: Openstack Identity (Keystone) API Client License: Apache-2.0 Group: Development/Languages/Python Url: http://launchpad.net/python-keystoneclient Source: python-keystoneclient-master.tar.gz Source2: openstack-keystone.sh # PATCH-FIX-UPSTREAM compat-newer-requests.patch vuntz@suse.com -- Add patches from git to work with more recent versions of python-requests Patch0: compat-newer-requests.patch # PATCH-FIX-UPSTREAM CVE-2013-2013.patch -- allow secure user password update Patch1: CVE-2013-2013.patch BuildRequires: fdupes BuildRequires: openstack-macros BuildRequires: python-base BuildRequires: python-distribute # Packages below are only needed for documentation build BuildRequires: python-Sphinx BuildRequires: python-WebOb BuildRequires: python-argparse BuildRequires: python-httplib2 BuildRequires: python-iso8601 BuildRequires: python-prettytable BuildRequires: python-requests Requires: python >= 2.6.8 # /usr/bin/keystone uses pkg_resources, thus: Requires: python-distribute Requires: python-httplib2 Requires: python-prettytable Requires: python-requests Requires: python-simplejson Recommends: python-keyring BuildRoot: %{_tmppath}/%{name}-%{version}-build %if 0%{?suse_version} && 0%{?suse_version} <= 1110 %{!?python_sitelib: %global python_sitelib %(python -c "from distutils.sysconfig import get_python_lib; print get_python_lib()")} %else BuildArch: noarch %endif # Provides/Obsoletes for openSUSE-12.2 package names: Provides: openstack-%{component} = %{version} Obsoletes: openstack-%{component} < %{version} Provides: python-python-%{component} = %{version} Obsoletes: python-python-%{component} < %{version} %description This is a client for the OpenStack Keystone API. There's a Python API (the keystoneclient module), and a command-line tool (keystone). %package doc Summary: Openstack Identity (Keystone) API Client - Documentation Group: Documentation/HTML Requires: %{name} = %{version} %description doc This package contains documentation files for %{name}. %package test Summary: Openstack Identity (Keystone) API Client - Testsuite Group: System/Management Requires: %{name} = %{version} Requires: python-coverage Requires: python-mock Requires: python-mox Requires: python-nose Requires: python-nose-exclude #openstack.nose_plugin Requires: python-nosehtmloutput Requires: python-pep8 Requires: python-unittest2 %description test This package contains testsuite files for %{name}. %prep %setup -q -n python-keystoneclient-0.2.1.3.gd37a3fb # Fix example PKI certs location for testsuite: sed -i "s|python-keystoneclient/examples|python-keystoneclient-test/examples|" tests/test_auth_token_middleware.py %patch0 -p1 %patch1 -p1 %openstack_cleanup_prep %build python setup.py build python setup.py build_sphinx # Currently no man pages: #python setup.py build_sphinx -b man %install python setup.py install --prefix=%{_prefix} --root=%{buildroot} --install-data=%{python_sitelib} rm -rf doc/build/html/{.buildinfo,.doctrees} %fdupes doc ### bash-completion install -p -D -m 644 %{SOURCE2} %{buildroot}%{_sysconfdir}/bash_completion.d/openstack-keystone.sh ### test subpackage %openstack_test_package_install %files %defattr(-,root,root,-) %doc LICENSE README.rst %{_sysconfdir}/bash_completion.d/openstack-keystone.sh %{_bindir}/keystone %{python_sitelib}/%{component}/ %{python_sitelib}/python_%{component}-*.egg-info %files doc %defattr(-,root,root,-) %doc LICENSE doc/build/html %files test %defattr(-,root,root,-) %{_localstatedir}/lib/%{name}-test/ %changelog ++++++ CVE-2013-2013.patch ++++++ (patch manually tweaked to apply)
From f2e0818bc97bfbeba83f6abbb07909a8debcad77 Mon Sep 17 00:00:00 2001 From: Pradeep Kilambi
Date: Thu, 9 May 2013 09:29:02 -0700 Subject: [PATCH] Allow secure user password update.
This patch allows the ability for user password to be updated via
a command prompt so the password doesnt show up in the bash history.
The prompted password is asked twice to verify the match.
If user cntl-D's the prompt a message appears suggesting user to use
either of the options to update the password.
Fixes: bug#938315
Change-Id: I4271ae569b922f33c34f9b015a7ee6f760414e39
---
keystoneclient/utils.py | 23 ++++++++++++++++++++++-
keystoneclient/v2_0/shell.py | 10 ++++++++--
2 files changed, 30 insertions(+), 3 deletions(-)
diff --git a/keystoneclient/utils.py b/keystoneclient/utils.py
index 3d708ca..f45ec34 100644
--- a/keystoneclient/utils.py
+++ b/keystoneclient/utils.py
@@ -1,5 +1,7 @@
-import uuid
+import getpass
import hashlib
+import sys
+import uuid
import prettytable
@@ -128,3 +130,22 @@ def hash_signed_token(signed_text):
hash_ = hashlib.md5()
hash_.update(signed_text)
return hash_.hexdigest()
+
+
+def prompt_for_password():
+ """
+ Prompt user for password if not provided so the password
+ doesn't show up in the bash history.
+ """
+ if not (hasattr(sys.stdin, 'isatty') and sys.stdin.isatty()):
+ # nothing to do
+ return
+
+ while True:
+ try:
+ new_passwd = getpass.getpass('New Password: ')
+ rep_passwd = getpass.getpass('Repeat New Password: ')
+ if new_passwd == rep_passwd:
+ return new_passwd
+ except EOFError:
+ return
diff --git a/keystoneclient/v2_0/shell.py b/keystoneclient/v2_0/shell.py
index 4c53cf7..0c7c233 100755
--- a/keystoneclient/v2_0/shell.py
+++ b/keystoneclient/v2_0/shell.py
@@ -17,6 +17,7 @@
import argparse
import getpass
+import sys
from keystoneclient.v2_0 import client
from keystoneclient import utils
@@ -103,12 +104,17 @@ def do_user_update(kc, args):
print 'Unable to update user: %s' % e
-@utils.arg('--pass', metavar='<password>', dest='passwd', required=True,
+@utils.arg('--pass', metavar='<password>', dest='passwd', required=False,
help='Desired new password')
@utils.arg('id', metavar='<user-id>', help='User ID to update')
def do_user_password_update(kc, args):
"""Update user password"""
- kc.users.update_password(args.id, args.passwd)
+ new_passwd = args.passwd or utils.prompt_for_password()
+ if new_passwd is None:
+ msg = ("\nPlease specify password using the --pass option "
+ "or using the prompt")
+ sys.exit(msg)
+ kc.users.update_password(args.id, new_passwd)
@utils.arg('--current-password', metavar='<current-password>',
--
1.8.1.4
++++++ _service ++++++
<services>
<service name="git_tarballs" mode="disabled">
<param name="url">http://tarballs.openstack.org/python-keystoneclient/python-keystoneclient-ma...</param>
<param name="email">cloud-devel@suse.de</param>
</service>
</services>
++++++ compat-newer-requests.patch ++++++
Based on the following commits (but tweaked to apply to this tarball):
commit dd24bcf15c5e690c56619e92b11fd4a340572fb5
Author: Yaguang Tang
participants (1)
-
root@hilbert.suse.de