barbican (1:6.0.1-0ubuntu1.2) bionic-security; urgency=medium * SECURITY UPDATE: access policy bypass via query string injection - debian/patches/CVE-2022-3100.patch: don't use contents of query string in barbican/api/controllers/__init__.py. - CVE-2022-3100 -- Marc Deslauriers Wed, 05 Oct 2022 09:35:33 -0400 barbican (1:6.0.1-0ubuntu1.1) bionic-security; urgency=medium * SECURITY UPDATE: Access restrictions bypass - debian/patches/CVE-2022-23451.patch: Change access policies to secret metadata in barbican/common/policies/secretmeta.py. Add a new role in barbican/common/policies/base.py and make use of these changes in barbican/api/controllers/__init__.py, barbican/api/controllers/secretmeta.py and barbican/api/controllers/secrets.py. - debian/patches/CVE-2022-23451-post.patch: Change secret policies in barbican/common/policies/secrets.py, add tests in barbican/tests/api/test_resources_policy.py and functionaltests/api/v1/functional/test_secrets_rbac.py and update api guide in api-guide/source/acls.rst. - CVE-2022-23451 * SECURITY UPDATE: Ownership bypass - debian/patches/CVE-2022-23452.patch: Update container secret policies in barbican/common/policies/containers.py and add a new role in barbican/common/policies/base.py. - CVE-2022-23452 -- Rodrigo Figueiredo Zaiden Thu, 21 Apr 2022 10:52:20 -0300 barbican (1:6.0.1-0ubuntu1) bionic; urgency=medium * d/gbp.conf: Create stable/queens branch. * New stable point release for OpenStack Queens (LP: #1806043). -- Corey Bryant Mon, 03 Dec 2018 09:15:09 -0500 barbican (1:6.0.0-0ubuntu1) bionic; urgency=medium * New upstream release for OpenStack Queens. -- Corey Bryant Wed, 28 Feb 2018 12:55:17 -0500 barbican (1:6.0.0~rc1-0ubuntu1) bionic; urgency=medium * New upstream milestone for OpenStack Queens. * d/control: Align (Build-)Depends with upstream. * d/control: Switch to python3-sphinx. * d/barbican-common.install: Drop install of policy file. -- James Page Wed, 14 Feb 2018 17:05:50 +0000 barbican (1:6.0.0~b3-0ubuntu1) bionic; urgency=medium [ James Page ] * New snapshot. * d/p/*: Rebase. [ Corey Bryant ] * New upstream milestone for OpenStack Queens. * d/control: Align (Build-)Depends with upstream. -- Corey Bryant Fri, 26 Jan 2018 08:10:20 -0500 barbican (1:6.0.0~b2-0ubuntu1) bionic; urgency=medium * d/watch: Scope to 6.x series. * New upstream milestone for OpenStack Queens. * d/control: Align (Build-)Depends with upstream. * d/*: wrap-and-sort -bast. * d/control,compat: Bump debhelper compat to 10, drop BD on dh- systemd. * d/control: Bumped Standards-Version to 4.1.2. -- James Page Mon, 11 Dec 2017 12:19:49 +0000 barbican (1:6.0.0~b1-0ubuntu2) bionic; urgency=medium * d/rules: Don't run functional tests as they require barbican and keystone services to be running. -- Corey Bryant Wed, 22 Nov 2017 15:18:08 -0500 barbican (1:6.0.0~b1-0ubuntu1) bionic; urgency=medium * New upstream milestone for OpenStack Queens. * d/control: Align (Build-)Depends with upstream. * d/p/drop-openstackdoctheme.patch: Dropped. No longer needed. * d/p/ldap3-to-ldap.patch: Rebased. -- Corey Bryant Tue, 14 Nov 2017 12:44:34 -0500 barbican (1:5.0.0-0ubuntu1) artful; urgency=medium * New upstream release for OpenStack Pike. -- Corey Bryant Wed, 30 Aug 2017 09:03:51 -0400 barbican (1:5.0.0~rc1-0ubuntu1) artful; urgency=medium * New upstream release candidate for OpenStack Pike. * d/control: Align (Build-)Depends with upstream. * d/p/ldap3-to-ldap.patch: Rebased. -- Corey Bryant Thu, 17 Aug 2017 09:35:03 -0400 barbican (1:5.0.0~b3-0ubuntu2) artful; urgency=medium * d/control: Set min python-requests to 2.14.2. -- Corey Bryant Thu, 03 Aug 2017 15:13:48 -0400 barbican (1:5.0.0~b3-0ubuntu1) artful; urgency=medium * New upstream milestone for OpenStack Pike. * d/control: Align (Build-)Depends with upstream. * d/barbican-common.install: Install barbican-wsgi-api. * d/p/drop-openstackdoctheme.patch: Temporarily drop openstackdocstheme sphinx extension until sphinx>=1.6.2 is available. -- Corey Bryant Fri, 28 Jul 2017 10:04:49 -0400 barbican (1:5.0.0~b2-0ubuntu1) artful; urgency=medium * New upstream milestone for OpenStack Pike. * d/control: Add (Build-)Depends on python-oslo.db. * d/control: Align (Build-)Depends with upstream. -- James Page Tue, 13 Jun 2017 13:05:46 +0100 barbican (1:5.0.0~b1-0ubuntu2) artful; urgency=medium * No-change rebuild for sqlalchemy 1.1.x. -- James Page Fri, 28 Apr 2017 10:03:54 +0100 barbican (1:5.0.0~b1-0ubuntu1) artful; urgency=medium [ Chuck Short ] * d/patches/ldap3-to-ldap.patch: Refreshed. * d/rules: Autogenerate the /etc/barbican/barbican.conf. [ James Page ] * New upstream milestone for OpenStack Pike. * Align (Build-)Depends with upstream milestone. * d/rules: Write generated config file to etc/barbican/barbican.conf, and tidy on clean. -- James Page Wed, 26 Apr 2017 11:22:30 +0100 barbican (1:4.0.0-0ubuntu1) zesty; urgency=medium * debian/control: Cleanup dependencies. * debian/control, debian/tests: Add dep8 tests. * New upstream release for Openstack Ocata. -- Chuck Short Wed, 22 Feb 2017 09:13:30 -0500 barbican (1:4.0.0~rc1-0ubuntu1) zesty; urgency=medium * New upstream milestone for Ocata. * debian/patches/ldap3-to-ldap.patch: Refreshed. -- Chuck Short Mon, 06 Feb 2017 11:23:33 -0500 barbican (1:4.0.0~b3-0ubuntu1) zesty; urgency=medium * d/p/ldap3-to-ldap.patch: Refreshed. * New upstream release. * d/control: Align (Build-)Depends with upstream. -- Chuck Short Thu, 26 Jan 2017 09:58:09 -0500 barbican (1:4.0.0~b2-0ubuntu2) zesty; urgency=medium * d/p/ldap3-to-ldap.patch, d/control: Use python-ldap, instead of python-pyldap which is not in main. -- Corey Bryant Tue, 03 Jan 2017 10:28:38 -0500 barbican (1:4.0.0~b2-0ubuntu1) zesty; urgency=medium [ Chuck Short ] * New upstream version. * Use python-pyldap instead of python-ldap: - debian/control - debian/patches/use-pyldap.patch [ Corey Bryant ] * d/p/use-pyldap.patch: Dropped. Dup of ldap3-to-ldap.patch. * d/p/ldap3-to-ldap.patch: Restored with pyldap update. * New upstream version. * d/rules: Add PBR_VERSION to set correct distro version for package build. * d/control: Add python-pep8 to BDs. * New upstream milestone for OpenStack Ocata. * d/control: Align (Build-)Depends with upstream. -- Corey Bryant Fri, 16 Dec 2016 11:57:55 -0500 barbican (1:3.0.0-0ubuntu1) yakkety; urgency=medium * New upstream release for OpenStack Newton. -- Corey Bryant Thu, 06 Oct 2016 10:01:18 -0400 barbican (1:3.0.0~rc1-0ubuntu2) yakkety; urgency=medium [ Corey Bryant ] * d/control: oslo.log min version level in global-requirements is too low, so set min version to upper-constraints level (LP: #1628883). [ Chuck Short] * d/control: Move pykmip to Suggests -- Chuck Short Wed, 05 Oct 2016 13:43:38 -0400 barbican (1:3.0.0~rc1-0ubuntu1) yakkety; urgency=medium * New upstream milestone for OpenStack Newton. * d/p/ldap3-to-ldap.patch: Rebased. -- David Della Vecchia Mon, 19 Sep 2016 15:38:42 +0100 barbican (1:3.0.0~b3-0ubuntu1) yakkety; urgency=medium [ David Della Vecchia ] * New upstream version. * d/p/ldap3-to-ldap.patch: Rebased. [ James Page ] * d/control: Add pykmip to Recommends. * d/barbican-common.postinst: Tidy, use explicit 'set -e' to avoid lintian warning. * d/barbican-doc.doc-base: Add documentation registration for barbican docs. * d/control,rules: Use ostestr to execute unit tests. * d/p/add-RNG-seed.patch: Dropped, included upstream. * New upstream release. * Align (Build-)Depends with upstream. -- James Page Wed, 07 Sep 2016 14:45:31 +0100 barbican (1:3.0.0~b2-0ubuntu2) yakkety; urgency=medium * d/p/add-RNG-seed.patch: Cherry-picked from master to seed RNG for soft HSM. -- Corey Bryant Thu, 04 Aug 2016 14:43:40 -0400 barbican (1:3.0.0~b2-0ubuntu1) yakkety; urgency=medium [ James Page ] * New upstream snapshot. * Update (Build-)Depends inline with upstream. [ Corey Bryant ] * d/p/ldap3-to-ldap.patch: Rebased. [ Corey Bryant ] * New upstream milestone for OpenStack Newton. * d/control: Align (Build-)Depends with upstream. -- Corey Bryant Thu, 14 Jul 2016 15:43:37 -0400 barbican (1:2.0.0-0ubuntu1) xenial; urgency=medium [ David Della Vecchia ] * d/man/*, d/barbican-common.manpages: Add manpage stubs. * d/control: Remove dependency for python-pysqlite2, removed upstream. * d/control: Use python-ldap instead of python-ldap3 for better main support. * d/p/ldap3-to-ldap.patch: Patch out ldap3 in favor of ldap. [ Corey Bryant ] * New upstream release for OpenStack Mitaka. -- Corey Bryant Thu, 07 Apr 2016 12:00:06 -0400 barbican (1:2.0.0~rc1-0ubuntu1) xenial; urgency=medium [ Corey Bryant ] * d/control, d/rules, d/barbican-api.*: Run barbican-api under apache2 with mod_wsgi instead of uwsgi. [ David Della Vecchia ] * New upstream milestone for OpenStack Mitaka. -- David Della Vecchia Fri, 01 Apr 2016 15:05:40 +0100 barbican (1:2.0.0~b3-0ubuntu1) xenial; urgency=medium * New upstream milestone for OpenStack Mitaka. * d/control: Align (Build-)Depends with upstream. * d/barbican-common.install: Install barbican-manage utility. -- Corey Bryant Wed, 09 Mar 2016 14:06:53 -0500 barbican (1:2.0.0~b2-0ubuntu3) xenial; urgency=medium * d/barbican-common.install: Install inidividual /usr/bin/ files. * d/barbican-common.postinst: Add post install user/group/dir/perm config. * d/barbican-common.dirs: New file added to create required dirs. -- Corey Bryant Thu, 18 Feb 2016 09:25:24 -0500 barbican (1:2.0.0~b2-0ubuntu2) xenial; urgency=medium [ David Della Vecchia ] * d/*: Remove debconf and dbconfig support. -- Corey Bryant Wed, 10 Feb 2016 16:14:30 -0500 barbican (1:2.0.0~b2-0ubuntu1) xenial; urgency=medium * New upstream milestone for OpenStack Mitaka. * d/control: Align (build-)depends with upstream. -- David Della Vecchia Thu, 04 Feb 2016 08:03:10 -0500 barbican (1:2.0.0~b1-0ubuntu1) xenial; urgency=medium [ Corey Bryant ] * New upstream milestone for OpenStack Mitaka. * d/control: Align (build-)depends with upstream. [ James Page ] * d/barbican-api.install: Install missing policy.json (LP: #1526655). * d/control: Add Recommends on python-pymysql (LP: #1526659). * d/control: Add missing runtime dependency on uwsgi-plugin-python (LP: #1526654). * d/barbican-api.upstart.in: Provide full upstart configuration as generation using openstack-pkg-tools is not supported for uwsgi applications (LP: #1526654). * d/barbican-{api,common}.install,control: Move configuration files to common package to support use across all barbican packages and with Apache WSGI. -- Corey Bryant Tue, 15 Dec 2015 09:57:35 -0500 barbican (1:1.0.0-0ubuntu1) wily; urgency=medium * New upstream release for OpenStack Liberty. -- Corey Bryant Thu, 15 Oct 2015 12:27:40 -0400 barbican (1:1.0.0~rc2-0ubuntu1) wily; urgency=medium * New upstream release candidate for OpenStack Liberty. -- Corey Bryant Tue, 06 Oct 2015 11:43:43 -0400 barbican (1:1.0.0~rc1-0ubuntu1) wily; urgency=medium * d/watch: Update for upstream rc versioning. * New upstream milestone for OpenStack Liberty. * d/control: Align (build-)depends with upstream. -- James Page Mon, 28 Sep 2015 10:22:50 +0100 barbican (1:1.0.0~b3-0ubuntu1) wily; urgency=medium * New upstream milestone for OpenStack Liberty. * d/control: Align (build-)depends with upstream. -- Corey Bryant Tue, 08 Sep 2015 15:47:48 -0400 barbican (1:1.0.0~b2-0ubuntu2) wily; urgency=medium * d/barbican-api.install: barbican-api.conf renamed to barbican.conf. * d/rules: No need to rename /usr/bin files since upstream now defines console_scripts in entry_points section of setup.cfg. -- Corey Bryant Mon, 24 Aug 2015 21:47:33 -0400 barbican (1:1.0.0~b2-0ubuntu1) wily; urgency=medium * New upstream milestone for OpenStack Liberty. * d/control: Align (build-)depends with upstream. * d/rules: Remove .eggs directory in override_dh_auto_clean. * d/rules: Drop OSLO_PACKAGE_VERSION from rules file, not required as we always use upstream release tarballs. -- Corey Bryant Wed, 19 Aug 2015 15:40:58 -0400 barbican (1:1.0.0~b1-0ubuntu2) wily; urgency=medium * No change rebuild with SQLAlchemy 1.0.6. -- James Page Fri, 24 Jul 2015 09:23:29 +0100 barbican (1:1.0.0~b1-0ubuntu1) wily; urgency=medium [ Corey Bryant ] * Merge from Debian unstable. Remaining changes: - d/watch: Use tarballs.openstack.org for upstream releases. * New upstream milestone for OpenStack Liberty: - d/control: Align (build-)depends with upstream. [ James Page ] * Version BD on python-pykmip >= 0.3.3, resolving FTBFS with older versions. * d/barbican-api.install: Drop barbican-admin conf and ini files from install. -- Corey Bryant Fri, 03 Jul 2015 09:46:47 +0100 barbican (2015.1.0-5) unstable; urgency=medium * Ran debconf-updatepo (Closes: #788675). -- Thomas Goirand Sun, 14 Jun 2015 09:23:03 +0000 barbican (2015.1.0-4) unstable; urgency=medium * Fixes templates so that they don't reference Cinder (Closes: #787702). * Added pt.po debconf templates translations thanks to Américo Monteiro (Closes: #788039). -- Thomas Goirand Thu, 11 Jun 2015 23:27:36 +0200 barbican (2015.1.0-3) unstable; urgency=medium * Added dbconfig-common as dependency of barbican-common (Closes: #787507). * Added debian/po/POTFILES.in and ran debconf-updatepo. -- Thomas Goirand Tue, 02 Jun 2015 15:58:30 +0200 barbican (2015.1.0-2) unstable; urgency=medium * Added uwsgi-core as Depends: for barbican-api. * Fixed barbican-api init scripts. * Added missing binaries from /usr/bin/*. -- Thomas Goirand Wed, 13 May 2015 09:10:01 +0000 barbican (2015.1.0-1) unstable; urgency=medium * Initial release (Closes: #784055). -- Thomas Goirand Mon, 23 Mar 2015 17:46:24 +0100