| Title: | Security update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron (Moderate) |
| Description: |
This update for ardana-ansible, ardana-db, ardana-freezer, ardana-glance, ardana-input-model, ardana-nova, ardana-osconfig, ardana-tempest, caasp-openstack-heat-templates, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, documentation-suse-openstack-cloud, galera-python-clustercheck, openstack-cinder, openstack-glance, openstack-heat, openstack-horizon-plugin-monasca-ui, openstack-horizon-plugin-neutron-fwaas-ui, openstack-ironic, openstack-keystone, openstack-manila, openstack-monasca-agent, openstack-monasca-api, openstack-monasca-persister, openstack-monasca-persister-java, openstack-murano, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, python-Beaver, python-oslo.db, python-osprofiler, python-swiftlm, venv-openstack-magnum, venv-openstack-monasca, venv-openstack-monasca-ceilometer, venv-openstack-murano, venv-openstack-neutron fixes the following issues:
- Update to version 8.0+git.1560208949.67048e3: * Adds repository list parameter (bsc#1122825)
- Update to version 8.0+git.1564410318.f0cca2c: * Don't use 'latest' with 'zypper' (SOC-9997)
- Update to version 8.0+git.1564164977.ef9baeb: * Freezer Config file is mixed case (SOC-9700)
- Update to version 8.0+git.1564491709.349d78e: * Default glance_default_store to rbd if SES enabled (SOC-8749)
- Update to version 8.0+git.1562848601.c3daff0: * Include memcached in the minimal ardana-ci model (SOC-9800)
- Update to version 8.0+git.1565388406.c6abb8d: * Make default/rpc_response_timeout configurable (SOC-9285)
- Update to version 8.0+git.1562943864.e04a92f: * Resolves nova-novncproxy random status failures (SOC-9574)
- Update to version 8.0+git.1560180700.bd26898: * Adding support for qemu-ovmf to ardana (SOC-8985)
- Update to version 8.0+git.1563383198.c7fd9b4: * Add an global_filter entry to lvm.conf (bsc#1140512)
- Update to version 8.0+git.1559761021.5605746: * Enable FCOE for SUSE platform family (SCRD-8562)
- Update to version 8.0+git.1562849010.73bc517: * Fix Keystone only deployment tempest testing (SOC-9800)
- Update to version 8.0+git.1560764545.6c8d2dc: * Install manila tempest tests package (SOC-7496)
- Update to version 8.0+git.1560330843.b7d807c: * Add configuration for manila-tempest-plugin (SOC-7496)
- Update to version 1.0+git.1560518045.ad7dc6d: * Patching node before bootstraping
- Update to version 5.0+git.1565280360.01fed6905: * batch: Fix get_proposal_json (SOC-9954) * batch: Format crowbar batch error output (SOC-9954) * batch: Format crowbar batch error output (SOC-9954)
- Update to version 5.0+git.1564657662.75174c965: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911) * Use proper names for the Travis Tests (SOC-9565) * Replace Danger with Gitlint (SOC-9565) * Switch from Travis dist from Trusty to Xenial (SOC-9565)
- Update to version 5.0+git.1563983933.03880f1c8: * dns: fix migration for designate
- Update to version 5.0+git.1562080799.f2dd7d0dd: * network: Don't set datapath-ids on ovs-bridges anymore * crowbar: Save sync_mark attributes in databag
- Update to version 5.0+git.1561648142.b6be652e9: * dns: forwards dns queries to dns-master when using desingate * dns: write admin network in ip/mask notation for bind9 * dns: skip installing designate-rndc-key on non-master nodes * dns: fix designate migration * dns: allow using dns-server as designate target * bind: Allow new zones configured via rndc * bind: Disable listening on IPv6 addresses for now
- Update to version 5.0+git.1561465092.4dc67a7fa: * travis: pin sexp_processor to 4.12.0
- Update to version 5.0+git.1561380950.b4e37c0e2: * deployer: Use dhcp on crowbar_register only when enable_pxe is set (bsc#1132654) * network: Allow locking down the network config for nodes (bsc#1120657)
- Update to version 5.0+git.1562069707.e2de18c: * Add timeout multiplier * Make default sync_mark timeout configurable
- Update to version 5.0+git.1565270683.ea6e63d87: * designate: Use server node for VIP look ups (SOC-9631)
- Update to version 5.0+git.1565081678.e15f2c9a9: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
- Update to version 5.0+git.1562911219.f22efd5c2: * designate: allow worker on cluster (SOC-9632) * swift: Sync HA nodes (SOC-9683)
- Update to version 5.0+git.1562731577.aefaf8a6d: * Improve Mnesia IO performances
- Update to version 5.0+git.1562650331.0e86ce8ba: * cinder: Set cinder pool to exclusive by default when using embedded ceph
- Update to version 5.0+git.1561984197.a675e8c50: * designate: do not install the keystone_authtoken on worker nodes * neutron: enable designate integration * designate: rely on dns-master entirely * designate: Fix variables initialization in mdns * designate: start and run the mdns service * designate: Finish rename of role to designate-worker * designate: address most hound comments. * designate: update monasca monitoring. * neutron: add floating_dns_domain setting * designate: Add initial designate barclamp
- Update to version 5.0+git.1559857295.d68afb38f: * rabbitmq: Fix ACL of SSL key after uid/gid change
- Update to version 5.0+git.1559536094.a9cc7f312: * nova: Don't retry creating existing flavors
- Update to version 1.2.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689)
- Update to version 1.2.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version
- Update to version 8.20190805: * DC files: Align profiling, throw out unnecessary attributes * Rename DCs: 'hos-imported' to 'clm-all' & '-all' to 'crowbar-all' * Fix styleroot of Helion set * add ardana prompt, add ardana-init step (bsc#1143310) * New ID format (noref) - Update packaging to deal with new IDs
- Update to version 8.20190729: * add image-volume cache instructions for SES (bsc#1140663)
- Update to version 8.20190725: * warning about .j2 file comments (bsc#1142521) * MANAGEMENT network group name cannot be changed (bsc#1142686)
- Update to version 8.20190724: * replace SUSE ca-certificate instructions for Crowbar (bsc#1136569) * replace SUSE ca-certificate instructions (bsc#1136569)
- Update to version 8.20190723: * update MariaDB manually with CLI (bsc#1132852, SOC-9022) * clarify No Maintenance Mode (bsc#1108818) * replace empty ESX compatibility guide (noref) * delete cache volume before trying to use source volume (bsc#1142032) * delete cache volume when source volume is changed (bsc#1142032) * replace empty ESX compatibility guide (noref)
- Update to version 8.20190719: * add hostnamectl to ardana-update-pkgs process (bsc#1138967)
- Update to version 8.20190718: * correct repo URL (bsc#1134589) * remove duplicate content (bsc#1138489)
- Update to version 8.20190717: * corrections from Scott Wulf (bsc#1128453) * replace SLES 12 SP2 with SLES 12 SP3 (bsc#1128382) * add information about image-volume-cache (bsc#1140663) * remove deprecated parameters (bsc#1138124) * correct file reference (bsc#1137377) * change SES URL (bsc#1137817) * manually set br-int(bsc#1139750) * update MariaDB manually with CLI (bsc#1132852, SOC-9022)
- Update to version 8.20190717: * Fix DC file
- Update to version 8.20190621: * minor grammar fixups * add external reference to Deploy Keystone * add LDAP integration troubleshooting (bsc#1134495) * clarify LDAP manual vs GUI (bsc#1134495) * address requested changes * SOC8 alarm table restructure ((SCRD-7710, bsc#1124170)
- Update to version 8.20190620: * Update installation-installation-ses_integration.xml * Adding copy-on-write cloning backport - BSC#1138187 * move fernet token to supported Keystone feature * Remove obsolete DC/DEF file * Fix title * CLM - update MariaDB manually (bsc#1132852, SOC-9022) * update MariaDB manually (bsc#1132852, SOC-9022) * Fix command to create external network * Remove sudo from commands in 'Setting Up Multiple External Networks' * address requested changes * SOC8 alarm table restructure ((SCRD-7710, bsc#1124170) * add scottwulf content * address recommended changes * change PTF deploy instructions (bsc#1128453)
- Update to version 8.20190613: * Update installation-installation-ses_integration.xml * Adding copy-on-write cloning backport - BSC#1138187
- Update to version 8.20190605: * move fernet token to supported Keystone feature
- Add 0001-Use-strings-when-setting-X-Cache-header.patch Fixes a problem with Twisted versions where headers values must be strings, not bools.
- Update to version 0.0+git.1562242499.36b8b64 (bsc#1122053): * Add optional systemd ready and watchdog support * Drop unneeded check for 'conn' * Reset last_query_response when the cache needs to be updated * Drop unneeded 'conn' var initialization * Move respone header generation to own function * Use None as default result * Drop opts.being_updated variable * Use contextmanager for DB connection * Refactor DB method to get WSREP local state * Refactor method to get readonly DB status * pep8: Fix E712 comparison to False should be 'if cond is False:' * pep8: Fix E305 expected 2 blank lines after class or function def * pep8: Fix E124 closing bracket does not match visual indentation * pep8: Fix E251 unexpected spaces around keyword / parameter equals * pep8: Fix E262 inline comment should start with '# ' * pep8: Fix E261 at least two spaces before inline comment * pep8: Fix F841 local variable is assigned to but never used * pep8: Fix E302 expected 2 blank lines, found 1 * pep8: Fix E265 block comment should start with '# ' * pep8: Fix E231 missing whitespace after ',' * pep8: Fix E999 SyntaxError: invalid syntax * pep8: Fix F821 undefined name * pep8: Fix E225 missing whitespace around operator * pep8: Fix E221 multiple spaces before operator * pep8: Fix F401 module imported but unused * Add clustercheck to console_scripts * Add basic test infrastructure and a first pep8 job * Fix exception handling for pymysql exception * Readd argparse usage * Fix installation requirements * Add read timeout to prevent connection hanging forever * Exclude benchmark/ directory when creating sdist tarball * Use argparse instead of optparse * Add basic logging infrastructure * Add a standard setup.py file * Catch all query exceptions * Switch to PyMySQL - Drop pymysql.patch and readtimeout.patch. Both merged upstream. - Use systemd service type=notify which is now supported upstream - Use systemd watchdog which is now supported upstream
- Update to version cinder-11.2.3.dev7: * [VNX] Fix test case issue
- Update to version cinder-11.2.3.dev6: * VMAX Pike docs - clarifying supported software in Pike
- Update to version cinder-11.2.3.dev7: * [VNX] Fix test case issue
- Update to version cinder-11.2.3.dev6: * VMAX Pike docs - clarifying supported software in Pike
- Update to version glance-15.0.3.dev2: * Add a local bindep.txt override * OpenDev Migration Patch 15.0.2
- Update to version glance-15.0.3.dev2: * Add a local bindep.txt override * OpenDev Migration Patch 15.0.2
- Update to version heat-9.0.8.dev11: * Retry on DB deadlock in event\_create()
- Update to version heat-9.0.8.dev10: * Add local bindep.txt and limit bandit version
- Update to version heat-9.0.8.dev9: * Fix regression with SW deployments when region not configured * Return None for attributes of sd with no actions * Fix multi region issue for software deployment
- Update to version heat-9.0.8.dev4: * Blacklist bandit 1.6.0 and cap Sphinx on Python2
- Update to version heat-9.0.8.dev11: * Retry on DB deadlock in event\_create()
- Update to version heat-9.0.8.dev10: * Add local bindep.txt and limit bandit version
- Update to version heat-9.0.8.dev9: * Fix regression with SW deployments when region not configured * Return None for attributes of sd with no actions * Fix multi region issue for software deployment
- Update to version heat-9.0.8.dev4: * Blacklist bandit 1.6.0 and cap Sphinx on Python2
- update to version 1.8.1~dev39 - Convert README.md to ReStructuredText format - OpenDev Migration Patch
- don't exclude *pyc files to fix update/upgrade (SOC-9339)
- Update to version ironic-9.1.8.dev7: * Add bindep.txt
- Update to version ironic-9.1.8.dev6: * Update sphinx requirements
- Update to version ironic-9.1.8.dev7: * Add bindep.txt
- Update to version ironic-9.1.8.dev6: * Update sphinx requirements
- 0001-Allow-domain-admin-to-list-projest-assignments.patch * bsc#1118159 * forward-port from SOC 7
- Update to version manila-5.1.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 5.1.0
- Update to version manila-5.1.1.dev2: * [CI] Add bindep.txt * OpenDev Migration Patch 5.1.0
- update to version 2.2.5~dev5 - Convert README to reStructuredText - OpenDev Migration Patch
- update to version 2.2.2~dev1 - OpenDev Migration Patch - Fix test_metrics tempest-test encoding - Convert README.md to ReStructuredText format
- update to version 1.7.1~dev10 - OpenDev Migration Patch - Convert README.md to ReStructuredTest format
- Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch (bsc#1128783)
- Add java-persister-defaults.patch - Update to version murano-4.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 4.0.1
- Update to version murano-4.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 4.0.1
- Update to version neutron-11.0.9.dev42: * Yield control to other greenthreads while processing trusted ports
- Update to version neutron-11.0.9.dev41: * DVR: on new port only send router update on port's host
- Update to version neutron-11.0.9.dev40: * Reset MAC on unbinding direct-physical port
- Update to version neutron-11.0.9.dev38: * SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-11.0.9.dev36: * Make OVS controller inactivity\_probe configurable
- Update to version neutron-11.0.9.dev34: * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway
- Update to version neutron-11.0.9.dev30: * improve dvr port update under large scale deployment
- Update to version neutron-11.0.9.dev29: * cap bandit in test-requirements.txt
- Update to version neutron-11.0.9.dev42: * Yield control to other greenthreads while processing trusted ports
- Update to version neutron-11.0.9.dev41: * DVR: on new port only send router update on port's host
- Update to version neutron-11.0.9.dev40: * Reset MAC on unbinding direct-physical port
- Update to version neutron-11.0.9.dev38: * SRIOV agent: wait VFs initialization on embedded switch create
- Update to version neutron-11.0.9.dev36: * Make OVS controller inactivity\_probe configurable
- Update to version neutron-11.0.9.dev34: * Packets getting lost during SNAT with too many connections * [DVR] Block ARP to dvr router's port instead of subnet's gateway
- Update to version neutron-11.0.9.dev30: * improve dvr port update under large scale deployment
- Update to version neutron-11.0.9.dev29: * cap bandit in test-requirements.txt
* When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) - Update to version group-based-policy-7.3.1.dev45: * Adding icmp\_code and icmp\_type for SG rule
- Update to version group-based-policy-7.3.1.dev43: * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call
- Update to version group-based-policy-7.3.1.dev40: * [AIM] Enhance gbp-validate to detect routed subnet overlap * [AIM] Prevent overlapping CIDRs in routed VRF
- Update to version group-based-policy-7.3.1.dev37: * Disallow external subnets as router interfaces * Make DHCP provisioning blocks conditional
- Update to version group-based-policy-7.3.1.dev34: * Fix issues on sync\_state display on neutron based on AIM status * Send the port updates for the SNAT case if needed
- Update to version group-based-policy-7.3.1.dev32: * Pull the upper constraint file also from the opendev.org site
- Update to version group-based-policy-7.3.1.dev31: * Fix the thread concurrency issue while calling gbp purge
- Update to version group-based-policy-7.3.1.dev30: * [AIM] Fix handling of missing PortSecurityBinding
- Update to version group-based-policy-7.3.1.dev29: * [AIM] Don't override loading of SG rules when validating
- add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch and 0001-Fix-memory-leak-in-the-haproxy-provider-driver.patch
- Update to version nova-16.1.9.dev4: * Implement power\_off/power\_on for the FakeDriver
- Update to version nova-16.1.9.dev4: * Implement power\_off/power\_on for the FakeDriver
* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#1070500) - Update to version octavia-1.0.6.dev2: * Add bindep.txt and ignore sha1 warning * OpenDev Migration Patch 1.0.5
- Switch to new Gerrit Server
- added 0001-exc_filters-fix-deadlock-detection-for-MariaDB-Galer.patch
- added 0001-Add-sqlalchemy-collector.patch - added 0001-Don-t-fail-if-sqlalchemy-driver-fails-to-initialize.patch - update to version 1.11.1 - Update .gitreview for stable/pike - import zuul job settings from project-config
- Switch to new Gerrit Server
- Fix lower version numver after inheriting the version from main component (SCRD-8523)
- Do not relocate shebang in make-cert.py (SCRD-8594)
- Inherit version number of venv from main component (SCRD-8523)
- Inherit version number of venv from main component (SCRD-8523)
- Fix lower version numver after inheriting the version from main component (SCRD-8523)
- Inherit version number of venv from main component (SCRD-8523)
- Inherit version number of venv from main component (SCRD-8523)
- Remove openstack-neutron-opflex-agent, python-aci-integration-module, python-acitoolkit, python-apicapi and python-networking-cisco as they pull in new requirements into the product
- Inherit version number of venv from main component (SCRD-8523)
- Added to the neutron virtual environment: * python-aci-integration-module * python-acitoolkit * python-apicapi * python-networking-cisco * openstack-neutron-gbp * openstack-neutron-opflex-agent
- Inherit version number of venv from main component (SCRD-8523)
|