5 files changed, 51 insertions, 276 deletions

diff --git a/sys-auth/keystone/ChangeLog b/sys-auth/keystone/ChangeLog
index e3bf365b2837..2e6184d8ffcb 100644
--- a/sys-auth/keystone/ChangeLog
+++ b/sys-auth/keystone/ChangeLog
@@ -1,6 +1,13 @@
 # ChangeLog for sys-auth/keystone
 # Copyright 1999-2013 Gentoo Foundation; Distributed under the GPL v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.50 2013/12/13 17:31:29 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/ChangeLog,v 1.51 2013/12/19 04:16:52 prometheanfire Exp $
+
+*keystone-2013.2.1 (19 Dec 2013)
+
+  19 Dec 2013; Matthew Thode <prometheanfire@gentoo.org>
+  +keystone-2013.2.1.ebuild, -files/2013.2-CVE-2013-4477.patch,
+  -files/cve-2013-6391_2013.2.patch, -keystone-2013.2-r2.ebuild:
+  2013.2.1 and cleaner deps
 
   13 Dec 2013; Matthew Thode <prometheanfire@gentoo.org>
   +files/keystone.initd.havana, -files/2012.2.4-upstream-1181157.patch,
diff --git a/sys-auth/keystone/Manifest b/sys-auth/keystone/Manifest
index 0000ac4624a4..2b2198cb106b 100644
--- a/sys-auth/keystone/Manifest
+++ b/sys-auth/keystone/Manifest
@@ -3,8 +3,6 @@ Hash: SHA256
 
 AUX 2012.2.4-CVE-2013-4222.patch 4815 SHA256 3a5018cf7788fb0498ac50cb022d4ecf7803fa8e311b8c48114495fcc9604a9a SHA512 cc6d8bd63d183ca49c21c4d5dc0fa08ff87a77695dadc444306a45abb3e060e2814c303f6ba3c004adb33b8981f4c1f4c17e11ea4c241f626106d870ca952246 WHIRLPOOL b0e411aba193bbc5c5a45441c1a52680ddd006426f3aa2030840131b905d8c87beb880ad77b1a612c3a7c77853583c7de642b47533876ff709b01fe93ee80a18
 AUX 2013.1.4-CVE-2013-4477.patch 3344 SHA256 6b4ff925ec1451eefb869ed85911f23fd90220f9394c482ee133feddd10eae32 SHA512 8a8a610603f05a27b2986637f9822389ef61e92c02d1837f13f30e56ce90de3733a2f8c5517179bbd3d1e4b0c69e8307262bbfba3fbd088b526c3c909d9d0a11 WHIRLPOOL 3e11c0ccd401ffedfc9549255e2843f3a9e0807bd37bb292adbe6e6a0beb736465ca126aff2022ea5d19fab59836aa51106d26d5e998b870a61cc42cd2378537
-AUX 2013.2-CVE-2013-4477.patch 3157 SHA256 c18b629cb0fabf89a51ad751cf5ddc64863938cd84ce31438de9b3623a56f7d6 SHA512 a681a02847d5da041303fcdb96414930f78e47cb677fb40f271dbf048f5e9e77126a5517f53e190a264b8865bc664e1f06383d604058e507b9fb674a3703a885 WHIRLPOOL 67f50bb07e549413528ce98a77cd7aea83466e41fd07d21437f88bba3117d03df8b46700951388548f296031b53ccd0d928167b9f079c090c0f9390e00e04975
-AUX cve-2013-6391_2013.2.patch 6944 SHA256 6f6c759ace5b4051ce0736f3852e083fd762e472ab7bea422ab32cb840024bec SHA512 4efb882a12c646626838539e5d0951aa9da7addfbeb68372a31607b296dd5cc12455cb42348967aca4f99f2ad9911644c433b9e7b282a93e8d1505e3bc0894e3 WHIRLPOOL f0f699bbb4c5e4977ed27435c620d5a9c3f8551bc8ab402e94f59d74012486fe979aa12677c7ef5338ef0c11c3d4f76102e3802b5071b8d1aaac23f926dd65ca
 AUX keystone-cve-2013-4294-folsom.patch 5662 SHA256 69b07e87cf021b21168fe40fedd2dabd492991e0b4192f86fad378e24ef0429c SHA512 502cca91cfd71bd43f1a0dd0ada718cc9020071e41b13abd7310de175a794453bdb529e1ffb641e60e199fef9a2226aa44395f32eb3b0af8dc0b56dbf739b307 WHIRLPOOL 58f95de485b6351f78a680a65531bee8bcc2d725329aefa21116443a8a5ad6759a32d0ff39aa97a5226fa32fdcf0ac689bab1e7730207677334d1559f8c8d790
 AUX keystone-grizzly-2-CVE-2013-2157.patch 3371 SHA256 7f4e10e1c559dc8f3ece1a42115f17dc069d86140b4e4ecd6309eae5b787d341 SHA512 a9245c718548da6cd60b29e7cf6c0bd61b18a94cead8200b74d657342b5ef68ad4b4a0e1104121eb32359f960f96ad3840fec285a1d72b26b9729845ae4a8ac7 WHIRLPOOL a8494a2d6f4b5151780e6bcd1a21c409ca8921a4907aca529b72473745fd895c75dfcf926889a1a00f6d3d7446d849e44ce88c25dcfbdd74fdf96421ff78f1eb
 AUX keystone.confd 107 SHA256 b26daf41539aff7f69aff9f8416b8b503282f10e61752f5221f01e132001d623 SHA512 9209798fba236bbf1850e20ee085fe3ba08a3f5c6927f99a2207afe27020e74f7a185e5029bdc79bbcc2a2530f694e815018b0137b2887f1c69a501c122b14e2 WHIRLPOOL 5ea1fe2f04d4ca48479d7c075842686afd2f4bffba18fff35f984575ce1bd8ffc9c34e55a5fc03ddff14066e1042806c84fc734ad6689d5e5b965d891222de83
@@ -12,28 +10,28 @@ AUX keystone.initd 1259 SHA256 cc96eb421fc4c0c04d391507a713aa5b4f426815404317d24
 AUX keystone.initd.havana 1286 SHA256 0218d7abf00fe62cde4bfc1fdcdec9cd0784dad4c75cf7c34e1a90beece88f20 SHA512 1052b2bb3bedcd2b24ea7fc0cd28a09284419867339745fd94e5d13addbf33c88f1c1146e427f307383912d5624e3b86e8deb6c5747f1c10d59ba8fe1c3ed6ca WHIRLPOOL 093a488f6ae3e98914a43fa79ad833659e17940f950ed12ad57e46c699f0e70f1226bd69ca5595cba7293191ee410e473e8dc9be098cb48d5ddea88f3f7a7466
 AUX no_admin_token_auth-paste.ini 2646 SHA256 f98d9151f222d2143820bdc98727ce0cf3f4450a4dbdc54f1fb6e36bb63bf2df SHA512 c855dd2bb05e765c6594359f55b76f7f6e0649c8e8f4517b274c7432f136e51c408168ec24e0074f4ebc49eb641d658acfda205aef97fe68fe8fc016be4cb08d WHIRLPOOL faad0f98d0684cf206e2f2afb5fba6c6aab73f97bcf63e38038be49a2ae1303e8cb5434d8fab34492888c666462dcd751c678c04cd0039d9024fd42ddde30646
 DIST keystone-2013.1.4.tar.gz 799682 SHA256 3673f5d7c1c19fca7529934308e2d9a6efa55bf7d100d20de1aa85e431d259b2 SHA512 7b1d9d9ae0fc6b1cadef8eb0d85f6a71fcfab754f8908076d38b14c14c3eb46d2d3c6266ec7482a60d7ae8cf54d54ba604c4d903dde65ec1243f862423060c14 WHIRLPOOL dea8adbb504ee9e3cda416f6e5a12cb0e606b88db7c0fe9b83fb8487e6f18e313e7d53041fcdaab408ae4201e355b72324cf35585b113c8769f51daf1c3f4ea4
-DIST keystone-2013.2.tar.gz 1404658 SHA256 f0e037cc6e40cb8a703755eee52bcabb1c61d80e94d8d6ffaef5378cbe256b05 SHA512 4faa49c0e93a4a2285ed22e80e6bc4ef0faeeb1026c2ca22aeb9f17e5d458efd7d08d3b84c570850edefff3801fb96ade5d78f0b2f3cb999f8f07fbe22e68ca1 WHIRLPOOL 73a3e4d150b9894668d28648031f1ea3baf0986d9727a2c9edd96ca46571a171ebc0e689e2bbc62cac1ad28cc25edb14d57d9546a050d2d2450a321c6d5c7d69
+DIST keystone-2013.2.1.tar.gz 1404077 SHA256 1e52362557e5641e0dad580a68654d7813ad11f7761ad42af15e4786aaad34da SHA512 f65e153d847ca897f54cedabdfb0f9baee60791927132486d2a9a371724a0282a851dacbfde7629430c26c50763199ee06c92909b66e2880d0010ec46fd21c86 WHIRLPOOL cc6f9e2eb7be7ffeb210f35b4ab4c5bbcd666a6363941b9774dc9733231748beab18d08a24ef1042afc984c4f40acb160b14e60adcdccf332f16327e602db220
 EBUILD keystone-2013.1.4-r1.ebuild 3153 SHA256 0a1ef5d65647f17dc70700d058d20cffc1379ca39f2a43d816ba9e260f9e686d SHA512 7b8288d4f205d2cd201ef6135aa1da527220d2b72896d24e0a99804091978adf88ca4a6a4d22f00acd3b199ffde73aa9ea259c253a582ccdfe0869c64a9151a9 WHIRLPOOL 94da411739945062ec72bb58cb78e718b673b7363e7999bd4be88f476aeedc9d0e66ab87fa6d8a116382c4e3bc8471defb5f7db4d389036bea56a78df2207839
 EBUILD keystone-2013.1.9999.ebuild 3101 SHA256 58a93657711e2bd7fdd7a54f4e641ee87ad29f39211fea04a4bdbcd18fda8807 SHA512 d2ab9ab6aad68f468eb2606a7a439d77f39ea85d9f2e69eb6308439a6824e76845b52ba6eb4df19205635b730a0233998ed3c9a75f28d1c20eb11018f56b22df WHIRLPOOL 5bdadbaca00e25e8b8f595fa23a10bdce18c764d9f960f7ba5bc45d791bfc4567eeee7d65c51e25a6119cb4505316b18f1de8b65d5f4f22bcae3d1b181bd6715
-EBUILD keystone-2013.2-r2.ebuild 4556 SHA256 8e14b109ac4c0006393116200b603079dbcb80b6d9069f22bb4c339ec0670f8b SHA512 badc300a84a0e4440bd97b78f9134f8faeacbe4cbc0269bc521dda38be90172dfbb5d75d27d07cb8b5999d34128aa2e20765649bbf0876c0e4e16bc06610fec4 WHIRLPOOL 6c9d65e2e90a1222e3d5f8621064956444731c204bf2f9a935934d91f82de5d12a80a6b2a80806f641c39f7376f153a4d04e3b8f27c90a7b85299f77695a8026
+EBUILD keystone-2013.2.1.ebuild 4899 SHA256 db1e4c5509983cd4bc7b548dcc3da423f78ad7f552b9da0823047b5692df8939 SHA512 2b24a7d9463b010266715f21c5449a38b5011c5e5d08d7e35b5023902d046cee50cedbbb1342636c9cea772399b6074d498fdea38eaba2ba69a3bc20d12adeca WHIRLPOOL bcfeae3ebfc415a1afbd4219f2a07661ce282d576d52f45bee2325c1e53149e7eb03b38c014f8bc298cc46a28f088d2095adc44cb257b3c862b797ce78515f2e
 EBUILD keystone-2013.2.9999.ebuild 4578 SHA256 2c99fbd1b22554ffcf072ba2424004f09e3c180be8d6cc16dccb17c4acc84ab2 SHA512 851f68217e40f0d114959505da8436737ef030f7a1398b7cdf9860e11745f5a9383018b4ebaec32359c356127e7cb82f72dd88e89f2fb6cfc93ff4789ecba06d WHIRLPOOL ea09beff2cf49b8484e08643d0cc4e5d682eaff4d2cacf1c926d5811c620d7ff0015e8203fedfe439023eb35939ea34974b100a5d6c8ecbe03c0c512df60165a
 EBUILD keystone-9999.ebuild 3057 SHA256 935d2e365eed7feb2e33d644c6e3c9cd2987286bdba757a62e0295213b521245 SHA512 dcbb6315d118186b2e41ca83957aa11d72c2f264f96d6d7e82df6097a3c54388440ed4b4e38ca340b10c5f56a7f4a5385995a52e7cafe665512408144963a3bc WHIRLPOOL d5809a8a54d41d01b0ca93ba24407a65375ac34a93242d2278b4d056eb4f916442b6f7d54f193c5a907d0b957a7c17c237e83abb7d24210f11d57f3e6c73616b
-MISC ChangeLog 11103 SHA256 af46b3f9508f582592627d29119bf3a79ed9286b7b4a0b768199293fdfe83563 SHA512 3f4545da1b5c7024794f8b9d6debf3cc5a1fc9490db76e2b1c758b37d15e468990e5ac93e80db045a37fb359e6ac30be40c453d3f0f94f0eb8fa9b35d2cec751 WHIRLPOOL 559ea3c8149850f5af0da453a99bc967a02fa2504ebb1c4d0e837c032e683bf0d7dcf5cf6a7d931941db00c79a80dccb81434bef4134517f3e27e4bca195e5f4
+MISC ChangeLog 11352 SHA256 b64167ba43d6b196d88240e4d78d65cbe54f24736ecd655975d31e7a16b2ac2f SHA512 60fa42e653c0c66ea768655ad4d362253502261f1920b3f20d9600685e93246bdb51c00b5e813e95442660c629573dfcf89e839eb692abc7ef956adbe386bbce WHIRLPOOL ec99d08b7bb0299fde57992e4bef16e0588abc1021fca1c8981489e911440f0044edf1d3bccc43778245ab48857f1e6651f7bb77dcfbfecd4d4c0f4576b2167f
 MISC metadata.xml 424 SHA256 c89c0232e90df5d811d17941c1594e4c4c45db48c2b6240a3c62b232caad4e84 SHA512 9d7fcca89a6f35a93f1a57790103249cdc25424cbdb374bf26b691e81b27182dc3380a8ff67b77e7aabf4ce944e4a813d619838d4bc97086b4208e5312d76f11 WHIRLPOOL 4ec9d4c5ff5c484c341b06fe77fcac8e6fdd0e0b651dbd58b6f2d5aecd05db5bf70218b94733eb749ced7436f9df5ba5c93496bae06c0ff9a62b91ecb53ab77a
 -----BEGIN PGP SIGNATURE-----
 Version: GnuPG v2.0.22 (GNU/Linux)
 
-iQIcBAEBCAAGBQJSq0SCAAoJECRx6z5ArFrDP1UP/RPANKbFUDWw7LAe4snZ8usg
-vk1wqarcgJaUdcWaZVgfjSaVIjZO82gAScLkhdv9VOmHNaQusGy8KV9mvTJ91DbY
-D5pGsB134DC4441SN3Nqz0x2ecpf69PpLE6XaVZlPk/i/0hdfUJdTrnQ0KQczNLv
-qy0lFxAkJ9X8ymUTnxOmS/g4huUDQa13lRKwSmzNYhW79JNiEqd8VlcYvL3tcRE0
-DfnoC8h+Zl+rq+jDG43tTP8HKdEAFKQBwmkcPipuSryQc2XI2L+y5lJYKMYlQwHQ
-79Q77wErz6LSiLIHQK3dDYAzeJ71fjysoZ1wG8MUP1bbNBFLIYbsYr8h6GJREOGc
-i+0reRrX6lu1xm288E1r9KmPJVBqOr1oqdbA+7KhXjoP0e3SwEEdvYHHx7V9QmJl
-eAOAxxA4Zew1klpKlwjwQ42NWcIynXEr8PPBeyJKJ3lI37b/DXr17L2SZ3QYz+mI
-OZBhUnPB4RxZ32n4ygfogBYu1fUA80DshiO1RSvY4oAhcKF/PudHUd18MInUpSV4
-9OGd9O0gmJ3r5ntoUdk/D7ZzZILbsgmeSnG+9Mp1KJJU1Nd8FpwN1qHDx+k8dpd1
-BgSPF6eCltfk1p/LObCkk15PFAbE4HMDEuiOx6kjrfcLsfxoo4cwhnnEO9VmKCoS
-tMfVPHwJou/2amZMzfjt
-=StG+
+iQIcBAEBCAAGBQJSsnNWAAoJECRx6z5ArFrDOQsP/jvChnwjG3Wo9ZxllLWLg7tR
++7KOst6muaJkqq2zvLfH6niJ+6nVMT5WpbPUoTuV8hypnALBEKdzq5API38gqqg5
+pC7jC8YgdWLCodz+e+AsG7IzFXs29dWrsx68Hy42hjP6pQg/YLTD/wJeLKRv9eL8
+QOXv9k8t/eEIdX1DxsDRvNVpWs1wpAAVq4/2tF6lfuVbl1MfqjEM5Zhoy+RNf/HC
+RV2XmDqYWp2qh/hYJ3LOZK4nWn3CT4u3afCtUkOooRmXbhxocymEqM/EHs3Rj9kF
+BQeAXOBnQgviuoJT6Ui33Ews2yD2flFJ8vKYYh2Y0hxIZDf743tUF98WJJ/tYFbS
+TJAfPdFHPpiq/i+u0kGo5mhY7AtD4GzYmihU50jnJBmxqOhLE4tOKIIXqWXlffHo
+QZ/CrRF2shcLU3hEpPS+dMXTybOq3+PBfjOm+42btCjRgBhuTraCZqoNRU3jlDXn
+eP/es3VN9VIvGXd9dVHFVT49G+GFYD3/RxAJ4v26WTCWMWSOKJsin6oscQTLmCAv
+e2tfZBPHly+LKJHwhYJxC6Og7rA3ohybKobbAg4RiHTsrONSszY/9h2vWb7bCWYW
+WsEv4KS2Hy9NGMLDdt/35n4Dot0cuu+wazqgUtMQfu2ueSS+vIL8WIycFXTD2gSk
+bR2kCe2ugRDFaa78qwoA
+=nXLg
 -----END PGP SIGNATURE-----
diff --git a/sys-auth/keystone/files/2013.2-CVE-2013-4477.patch b/sys-auth/keystone/files/2013.2-CVE-2013-4477.patch
deleted file mode 100644
index 3f9a640a08d9..000000000000
--- a/sys-auth/keystone/files/2013.2-CVE-2013-4477.patch
+++ /dev/null
@@ -1,74 +0,0 @@
-From 4221b6020e6b0b42325d8904d7b8a22577a6acc0 Mon Sep 17 00:00:00 2001
-From: Brant Knudson <bknudson@us.ibm.com>
-Date: Mon, 21 Oct 2013 15:21:12 -0500
-Subject: [PATCH] Fix remove role assignment adds role using LDAP assignment
-
-When using the LDAP assignment backend, attempting to remove a
-role assignment when the role hadn't been used before would
-actually add the role assignment and would not return a
-404 Not Found like the SQL backend.
-
-This change makes it so that when attempt to remove a role that
-wasn't assigned then 404 Not Found is returned.
-
-Closes-Bug: #1242855
-Change-Id: I28ccd26cc4bb1a241d0363d0ab52d2c11410e8b3
-(cherry picked from commit c6800ca1ac984c879e75826df6694d6199444ea0)
-(cherry picked from commit b17e7bec768bd53d3977352486378698a3db3cfa)
----
- keystone/assignment/backends/ldap.py | 18 ++++--------------
- keystone/tests/test_backend.py       |  9 +++++++++
- 2 files changed, 13 insertions(+), 14 deletions(-)
-
-diff --git a/keystone/assignment/backends/ldap.py b/keystone/assignment/backends/ldap.py
-index 851f9ec..ecf4adb 100644
---- a/keystone/assignment/backends/ldap.py
-+++ b/keystone/assignment/backends/ldap.py
-@@ -426,20 +426,10 @@ def delete_user(self, role_dn, user_dn, tenant_dn,
-         try:
-             conn.modify_s(role_dn, [(ldap.MOD_DELETE,
-                                      self.member_attribute, user_dn)])
--        except ldap.NO_SUCH_OBJECT:
--            if tenant_dn is None:
--                raise exception.RoleNotFound(role_id=role_id)
--            attrs = [('objectClass', [self.object_class]),
--                     (self.member_attribute, [user_dn])]
--
--            if self.use_dumb_member:
--                attrs[1][1].append(self.dumb_member)
--            try:
--                conn.add_s(role_dn, attrs)
--            except Exception as inst:
--                raise inst
--        except ldap.NO_SUCH_ATTRIBUTE:
--            raise exception.UserNotFound(user_id=user_id)
-+        except (ldap.NO_SUCH_OBJECT, ldap.NO_SUCH_ATTRIBUTE):
-+            raise exception.RoleNotFound(message=_(
-+                'Cannot remove role that has not been granted, %s') %
-+                role_id)
-         finally:
-             conn.unbind_s()
- 
-diff --git a/keystone/tests/test_backend.py b/keystone/tests/test_backend.py
-index 7dd3477..e0e81ca 100644
---- a/keystone/tests/test_backend.py
-+++ b/keystone/tests/test_backend.py
-@@ -61,6 +61,15 @@ def test_project_add_and_remove_user_role(self):
-             self.tenant_bar['id'])
-         self.assertNotIn(self.user_two['id'], user_ids)
- 
-+    def test_remove_user_role_not_assigned(self):
-+        # Expect failure if attempt to remove a role that was never assigned to
-+        # the user.
-+        self.assertRaises(exception.RoleNotFound,
-+                          self.identity_api.remove_role_from_user_and_project,
-+                          tenant_id=self.tenant_bar['id'],
-+                          user_id=self.user_two['id'],
-+                          role_id=self.role_other['id'])
-+
-     def test_authenticate_bad_user(self):
-         self.assertRaises(AssertionError,
-                           self.identity_api.authenticate,
--- 
-1.8.4
-
diff --git a/sys-auth/keystone/files/cve-2013-6391_2013.2.patch b/sys-auth/keystone/files/cve-2013-6391_2013.2.patch
deleted file mode 100644
index 52d13c4b0e51..000000000000
--- a/sys-auth/keystone/files/cve-2013-6391_2013.2.patch
+++ /dev/null
@@ -1,153 +0,0 @@
-From 2756f2ff0c49b25e17b4f833610bd5c4f16309bd Mon Sep 17 00:00:00 2001
-From: Steven Hardy <shardy@redhat.com>
-Date: Mon, 21 Oct 2013 19:49:01 +0100
-Subject: [PATCH] Fix issues handling trust tokens via ec2tokens API
-
-Trust scoped tokens are handled incorectly when making requests
-via the ec2tokens API, meaning that the restrictions enforced
-by trust-scoped tokens are not respected when obtaining a token
-via ec2token signature validation.
-
-Storing the trust_id in the blob associated with the ec2 keypair,
-and passing that id in the metadata when requesting a v2 token
-solves the issue.
-
-Change-Id: I52566384d7813ef0e2f20fb94a5076386457ff02
-Closes-Bug: #1242597
----
- keystone/contrib/ec2/controllers.py       | 19 ++++++++++--
- keystone/tests/test_keystoneclient_sql.py | 50 ++++++++++++++++++++++++++++---
- 2 files changed, 63 insertions(+), 6 deletions(-)
-
-diff --git a/keystone/contrib/ec2/controllers.py b/keystone/contrib/ec2/controllers.py
-index 94b7430..262cbe5 100644
---- a/keystone/contrib/ec2/controllers.py
-+++ b/keystone/contrib/ec2/controllers.py
-@@ -106,6 +106,11 @@ class Ec2Controller(controller.V2Controller):
-             self.identity_api.get_roles_for_user_and_project(
-                 user_ref['id'], tenant_ref['id']))
- 
-+        trust_id = creds_ref.get('trust_id')
-+        if trust_id:
-+            metadata_ref['trust_id'] = trust_id
-+            metadata_ref['trustee_user_id'] = user_ref['id']
-+
-         # Validate that the auth info is valid and nothing is disabled
-         token.validate_auth_info(self, user_ref, tenant_ref)
- 
-@@ -146,8 +151,10 @@ class Ec2Controller(controller.V2Controller):
- 
-         self._assert_valid_user_id(user_id)
-         self._assert_valid_project_id(tenant_id)
-+        trust_id = self._context_trust_id(context)
-         blob = {'access': uuid.uuid4().hex,
--                'secret': uuid.uuid4().hex}
-+                'secret': uuid.uuid4().hex,
-+                'trust_id': trust_id}
-         credential_id = utils.hash_access_key(blob['access'])
-         cred_ref = {'user_id': user_id,
-                     'project_id': tenant_id,
-@@ -213,7 +220,8 @@ class Ec2Controller(controller.V2Controller):
-         return {'user_id': credential.get('user_id'),
-                 'tenant_id': credential.get('project_id'),
-                 'access': blob.get('access'),
--                'secret': blob.get('secret')}
-+                'secret': blob.get('secret'),
-+                'trust_id': blob.get('trust_id')}
- 
-     def _get_credentials(self, credential_id):
-         """Return credentials from an ID.
-@@ -244,6 +252,13 @@ class Ec2Controller(controller.V2Controller):
-         if token_ref['user'].get('id') != user_id:
-             raise exception.Forbidden(_('Token belongs to another user'))
- 
-+    def _context_trust_id(self, context):
-+        try:
-+            token_ref = self.token_api.get_token(context['token_id'])
-+        except exception.TokenNotFound as e:
-+            raise exception.Unauthorized(e)
-+        return token_ref.get('trust_id')
-+
-     def _is_admin(self, context):
-         """Wrap admin assertion error return statement.
- 
-diff --git a/keystone/tests/test_keystoneclient_sql.py b/keystone/tests/test_keystoneclient_sql.py
-index 5ddc33e..bd83803 100644
---- a/keystone/tests/test_keystoneclient_sql.py
-+++ b/keystone/tests/test_keystoneclient_sql.py
-@@ -88,9 +88,11 @@ class KcMasterSqlTestCase(test_keystoneclient.KcMasterTestCase, sql.Base):
-         self.assertRaises(client_exceptions.NotFound, client.endpoints.delete,
-                           id=endpoint.id)
- 
--    def _send_ec2_auth_request(self, credentials):
-+    def _send_ec2_auth_request(self, credentials, client=None):
-+        if not client:
-+            client = self.default_client
-         url = '%s/ec2tokens' % self.default_client.auth_url
--        (resp, token) = self.default_client.request(
-+        (resp, token) = client.request(
-             url=url, method='POST',
-             body={'credentials': credentials})
-         return resp, token
-@@ -99,9 +101,12 @@ class KcMasterSqlTestCase(test_keystoneclient.KcMasterTestCase, sql.Base):
-         cred = self. default_client.ec2.create(
-             user_id=self.user_foo['id'],
-             tenant_id=self.tenant_bar['id'])
--        signer = ec2_utils.Ec2Signer(cred.secret)
-+        return self._generate_user_ec2_credentials(cred.access, cred.secret)
-+
-+    def _generate_user_ec2_credentials(self, access, secret):
-+        signer = ec2_utils.Ec2Signer(secret)
-         credentials = {'params': {'SignatureVersion': '2'},
--                       'access': cred.access,
-+                       'access': access,
-                        'verb': 'GET',
-                        'host': 'localhost',
-                        'path': '/service/cloud'}
-@@ -115,6 +120,43 @@ class KcMasterSqlTestCase(test_keystoneclient.KcMasterTestCase, sql.Base):
-         self.assertEqual(resp.status_code, 200)
-         self.assertIn('access', token)
- 
-+    def test_ec2_auth_success_trust(self):
-+        # Add "other" role user_foo and create trust delegating it to user_two
-+        self.identity_api.add_role_to_user_and_project(
-+            self.user_foo['id'],
-+            self.tenant_bar['id'],
-+            self.role_other['id'])
-+        trust_id = 'atrust123'
-+        trust = {'trustor_user_id': self.user_foo['id'],
-+                 'trustee_user_id': self.user_two['id'],
-+                 'project_id': self.tenant_bar['id'],
-+                 'impersonation': True}
-+        roles = [self.role_other]
-+        self.trust_api.create_trust(trust_id, trust, roles)
-+
-+        # Create a client for user_two, scoped to the trust
-+        client = self.get_client(self.user_two)
-+        ret = client.authenticate(trust_id=trust_id,
-+                                  tenant_id=self.tenant_bar['id'])
-+        self.assertTrue(ret)
-+        self.assertTrue(client.auth_ref.trust_scoped)
-+        self.assertEqual(trust_id, client.auth_ref.trust_id)
-+
-+        # Create an ec2 keypair using the trust client impersonating user_foo
-+        cred = client.ec2.create(user_id=self.user_foo['id'],
-+                                 tenant_id=self.tenant_bar['id'])
-+        credentials, signature = self._generate_user_ec2_credentials(
-+            cred.access, cred.secret)
-+        credentials['signature'] = signature
-+        resp, token = self._send_ec2_auth_request(credentials)
-+        self.assertEqual(resp.status_code, 200)
-+        self.assertEqual(trust_id, token['access']['trust']['id'])
-+        #TODO(shardy) we really want to check the roles and trustee
-+        # but because of where the stubbing happens we don't seem to
-+        # hit the necessary code in controllers.py _authenticate_token
-+        # so although all is OK via a real request, it incorrect in
-+        # this test..
-+
-     def test_ec2_auth_failure(self):
-         from keystoneclient import exceptions as client_exceptions
- 
--- 
-1.8.3.1
-
diff --git a/sys-auth/keystone/keystone-2013.2-r2.ebuild b/sys-auth/keystone/keystone-2013.2.1.ebuild
index 71d256b4eefe..75e236c3e3dd 100644
--- a/sys-auth/keystone/keystone-2013.2-r2.ebuild
+++ b/sys-auth/keystone/keystone-2013.2.1.ebuild
@@ -1,6 +1,6 @@
 # Copyright 1999-2013 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2-r2.ebuild,v 1.2 2013/12/13 17:31:29 prometheanfire Exp $
+# $Header: /var/cvsroot/gentoo-x86/sys-auth/keystone/keystone-2013.2.1.ebuild,v 1.1 2013/12/19 04:16:52 prometheanfire Exp $
 
 EAPI=5
 
@@ -20,31 +20,6 @@ IUSE="+sqlite mysql postgres ldap test"
 REQUIRED_USE="|| ( mysql postgres sqlite )"
 
 #todo, seperate out rdepend via use flags
-DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
-	test? ( dev-python/Babel
-			dev-python/decorator
-			dev-python/eventlet
-			dev-python/greenlet
-			dev-python/httplib2
-			dev-python/iso8601
-			dev-python/lxml
-			dev-python/netifaces
-			dev-python/nose
-			dev-python/nosexcover
-			dev-python/passlib
-			dev-python/paste
-			dev-python/pastedeploy
-			dev-python/python-pam
-			dev-python/repoze-lru
-			dev-python/routes
-			dev-python/sphinx
-			>=dev-python/sqlalchemy-migrate-0.7
-			dev-python/tempita
-			>=dev-python/webob-1.0.8
-			dev-python/webtest
-			dev-python/python-memcached )
-	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
-	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
 RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
 	>=dev-python/webob-1.2.3-r1[${PYTHON_USEDEP}]
 	<dev-python/webob-1.3[${PYTHON_USEDEP}]
@@ -63,10 +38,10 @@ RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
 	>=dev-python/sqlalchemy-migrate-0.7.2[${PYTHON_USEDEP}]
 	dev-python/passlib[${PYTHON_USEDEP}]
 	>=dev-python/lxml-2.3[${PYTHON_USEDEP}]
-	>=dev-python/iso8601-0.1.4[${PYTHON_USEDEP}]
+	>=dev-python/iso8601-0.1.8[${PYTHON_USEDEP}]
 	>=dev-python/python-keystoneclient-0.3.2[${PYTHON_USEDEP}]
 	>=dev-python/oslo-config-1.2.0[${PYTHON_USEDEP}]
-	>=dev-python/Babel-0.9.6[${PYTHON_USEDEP}]
+	>=dev-python/Babel-1.3[${PYTHON_USEDEP}]
 	dev-python/oauth2[${PYTHON_USEDEP}]
 	>=dev-python/dogpile-cache-0.5.0[${PYTHON_USEDEP}]
 	dev-python/python-daemon[${PYTHON_USEDEP}]
@@ -74,10 +49,32 @@ RDEPEND=">=dev-python/python-pam-0.1.4[${PYTHON_USEDEP}]
 	ldap? ( dev-python/python-ldap[${PYTHON_USEDEP}] )
 	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
 	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
+DEPEND="dev-python/setuptools[${PYTHON_USEDEP}]
+	test? ( ${RDEPEND}
+			>=dev-python/coverage-3.6[${PYTHON_USEDEP}]
+			>=dev-python/hacking-0.5.6[${PYTHON_USEDEP}]
+			<dev-python/hacking-0.8[${PYTHON_USEDEP}]
+			dev-python/httplib2[${PYTHON_USEDEP}]
+			>=dev-python/keyring-1.6.1[${PYTHON_USEDEP}]
+			<dev-python/keyring-2.0[${PYTHON_USEDEP}]
+			>=dev-python/mox-0.5.3[${PYTHON_USEDEP}]
+			>=dev-python/netifaces-0.5[${PYTHON_USEDEP}]
+			dev-python/nose[${PYTHON_USEDEP}]
+			dev-python/nosexcover[${PYTHON_USEDEP}]
+			>=dev-python/nosehtmloutput-0.0.3[${PYTHON_USEDEP}]
+			>=dev-python/openstack-nose-plugin-0.7[${PYTHON_USEDEP}]
+			dev-python/oslo-sphinx[${PYTHON_USEDEP}]
+			>=dev-python/requests-1.1[${PYTHON_USEDEP}]
+			>=dev-python/sphinx-1.1.2[${PYTHON_USEDEP}]
+			<dev-python/sphinx-1.2[${PYTHON_USEDEP}]
+			>=dev-python/testtools-0.9.32[${PYTHON_USEDEP}]
+			>=dev-python/webtest-2.0[${PYTHON_USEDEP}]
+			>=dev-python/python-memcached-1.48[${PYTHON_USEDEP}]
+			ldap? ( ~dev-python/python-ldap-2.3.13 ) )
+	>=dev-python/pbr-0.5.21[${PYTHON_USEDEP}]
+	<dev-python/pbr-1.0[${PYTHON_USEDEP}]"
 
 PATCHES=(
-	"${FILESDIR}/2013.2-CVE-2013-4477.patch"
-	"${FILESDIR}/cve-2013-6391_2013.2.patch"
 )
 
 pkg_setup() {