| Revision Date: | 2019-09-18 | Version: | 1 | | Title: | Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar (Moderate) | | Description: |
This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues:
- Update to version 9.0+git.1566374020.301191f: * Use raw image format when using SES backend on Nova (SOC-9285)
- Update to version 9.0+git.1563375514.31fa9a7: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1563192450.30e8f16: * Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840)
- Update to version 9.0+git.1566251498.be02ca4: * adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565678764.c3a9b9f: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1562898832.1731f25: * FIX broken symlink for policy.yaml.j2. (SOC-0000)
- Update to version 9.0+git.1559333871.40508f7: * Allow system to bind to non local ipv6 addresses (SOC-9330)
- Update to version 9.0+git.1566336494.93967dd: * Using python netaddr for ipv6 address comparison (SOC-9940)
- Update to version 9.0+git.1564409964.b7e4fc3: * Don't use 'latest' with 'zypper' (SOC-9997)
- Update to version 9.0+git.1562182567.aef23e0: * Format curl commands for ipv6 (SOC-9369)
- Update to version 9.0+git.1565680593.df7a432: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566213657.69862ab: * Add missing service plugin for l2gw (SOC-5837)
- Update to version 9.0+git.1563904379.31ff1e9: * Add the NSX-T L2-Gateway Service definition (SOC-5837)
- Switch to new Gerrit Server
- Update to version 9.0+git.1566375806.f0b2333: * Configure glance image_direct_url/multiple_locations (SOC-9285)
- Update to version 9.0+git.1565720518.c7fdca2: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1564491141.602fdf9: * Default glance_default_store to rbd if SES enabled (SOC-8749)
- Update to version 9.0+git.1565721273.f44b8d7: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891518.2a545a1: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565655129.ab3a58c: * Removed None condition from rule (SOC-10003)
- Update to version 9.0+git.1564609155.033a963: * Updated heat_policy.json permission to be 664 (SOC-9872)
- Update to version 9.0+git.1562848565.91e75b2: * Include memcached in the minimal ardana-ci model (SOC-9800)
- Update to version 9.0+git.1566255088.3443670: * Add server state column (SOC-9957)
- Update to version 9.0+git.1565218199.868c5d1: * Add ipv6 support (SOC-9677) (#357)
- Update to version 9.0+git.1563912815.7090c20: * Only show ses config upload option when ses is not configured (SOC-8555) (#356)
- Update to version 9.0+git.1565721987.ddc59c8: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565891593.cad6d1a: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1563911975.a7ed208: * Ensure Member role is created during upgrade (SOC-9923)
- Update to version 9.0+git.1565761582.2dc823a: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565762005.016032a: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1566332665.ad894c0: * adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565691188.2309798: * Use systemd for monasca-thresh (SOC-10145)
- Update to version 9.0+git.1565115025.148d092: * Enable ipv6 on rabbitmq-server (SOC-9745)
- Update to version 9.0+git.1566251310.3a1e8f9: * adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1563989391.dfe3688: * Let SDN services configure VPN and Firewall service providers (SOC-9935)
- Update to version 9.0+git.1561563389.90bfb06: * Add dependent services to neutron services (SOC-8746)
- Update to version 9.0+git.1566332515.e232568: * adds ipv6 format to http/https urls (SOC-10063)
- Update to version 9.0+git.1565946239.023aefe: * Set diskcachemode and disk discard when using RBD (SOC-10182)
- Update to version 9.0+git.1565715522.3fe67c6: * fix Ironic endpoint override (SOC-10130)
- Update to version 9.0+git.1565366126.4993583: * Make default/rpc_response_timeout configurable (SOC-9285)
- Update to version 9.0+git.1562762205.ce51d30: * Resolves nova-novncproxy random status failures (SOC-9574)
- Update to version 9.0+git.1566206502.6c87b41: * Use default values for amphora connection retries/timeout (SOC-9285)
- Update to version 9.0+git.1566251377.b1caeaa: * adds ipv6 format to http/https urls (SOC-10063)
- Add ipaddr bower dependency (SOC-9679)
- Update to version 9.0+git.1565764394.545b573: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565380193.f006466: * Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)
- Update to version 9.0+git.1565265803.6a720d0: * Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
- Update to version 9.0+git.1565150548.c475cb8: * Configured logrotate user for ovs as 'root' (SOC-8139)
- Update to version 9.0+git.1563894224.943cbc2: * Make the example repo url entry totally fictitious (SOC-6800)
- Update to version 9.0+git.1563383124.1d585e4: * Add an global_filter entry to lvm.conf (bsc#1140512)
- Update to version 9.0+git.1562782235.67538c9: * Configure ovs user for logrotate (SOC-8139)
- Update to version 9.0+git.1562371586.24a698a: * Allow for use of --check in iptables command (SOC-9349)
- Update to version 9.0+git.1562170979.edc53b6: * Don't set datapath-ids on ovs-bridges anymore (SOC-9239)
- Update to version 9.0+git.1564706915.edd44c4: * Add ipv6 support (SOC-9677)
- Update to version 9.0+git.1563468620.5035cf8: * Add support for ses integration (SOC-8555)
- Update to version 9.0+git.1563461311.16ea2df: * Change url of upper-constraints file (SOC-9863)
- Update to version 9.0+git.1565962617.523149b: * Add ses-status playbook (SOC-9902)
- Update to version 9.0+git.1565704258.123de3f: * Update Swift endpoint during deploy (SOC-9303)
- Update to version 9.0+git.1565891872.73fc3c7: * adds ipv6 format to urls (SOC-10063)
- Update to version 9.0+git.1565644472.644d5f6: * Cloud 8 to 9 upgrade enhancements (SOC-10146)
- Update to version 9.0+git.1566471752.a3c5c9c: * Delete existing run filter before deploying it (SOC-10287)
- Update to version 9.0+git.1565366961.33ad009: * Run loadbalancer tests in parallel (SOC-9285)
- Update to version 9.0+git.1563203769.49124de: * Blacklist failing shelve tests (SOC-9775)
- Update to version 9.0+git.1562783575.7e02c70: * Blacklist failing shelve tests (SOC-9775)
- Update to version 6.0+git.1566321308.1de18b9a4: * ohai: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566303970.2c7d83971: * upgrade: restart nova services after upgrade
- Update to version 6.0+git.1565859218.525130340: * upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164)
- Update to version 6.0+git.1565256572.49359f57b: * ovs-pre-up: remove controller for admin bridge (SOC-10073)
- Update to version 6.0+git.1564996068.e7ccb0bae: * batch: Fix get_proposal_json (SOC-9954)
- Update to version 6.0+git.1564738819.232375c6f: * batch: Format crowbar batch error output (SOC-9954) * repochecks errors for ses5-pool on SOC9 * dns: fix migration for designate
- Update to version 6.0+git.1564480387.a4b8c2ff7: * batch: Format crowbar batch error output (SOC-9954)
- Update to version 6.0+git.1564406710.9273d5a17: * travis: Whitelist CVE-2015-3448 (SOC-9911) * travis: Use env variable for commit range (SOC-9911)
- Update to version 6.0+git.1564131651.98f426eae: * monasca: add cleanup before upgrade (SOC-9482) * bind9: Fix spelling error in template
- Update to version 6.0+git.1563950117.f6123bd8f: * Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1562772809.4a470bec0: * upgrade: update file names for 8 -> 9 (SOC-9029)
- Update to version 6.0+git.1562733958.204289d65: * ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098)
- Update to version 6.0+git.1566406179.7549de2: * corosync: Hardcode ruby version for package installation (SOC-10010)
- Update to version 6.0+git.1566404979.41279a88e: * Designate: Update DB pools configuration (SOC-9767) * horizon: Install designate plugin when configured (SOC-9695)
- Update to version 6.0+git.1566211690.54dcd56ba: * ceilometer: Remove old ceilometer-api vhosts (SOC-9483)
- Update to version 6.0+git.1565968769.ae650697c: * Octavia: Barclamp (SOC-6100)
- Update to version 6.0+git.1565739445.3fc6ef5e8: * designate: Configure resource settings (SOC-9633)
- Update to version 6.0+git.1565713423.0dd3fbb3e: * tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029)
- Update to version 6.0+git.1565081581.1e2cf5bd0: * nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
- Update to version 6.0+git.1564586397.a7203dba7: * Add tempest filters based on services (SOC-9298) * upgrade: Fix HA detection for keystone db_sync (SOC-9981)
- Update to version 6.0+git.1564498339.07f14a985: * Fix magnum tempest tests (SOC-9298) * Fix nova tempest tests (SOC-9298)
- Update to version 6.0+git.1564435128.cef47cc21: * neutron: raise validation error if domain names dont end with a dot(.)
- Update to version 6.0+git.1564412715.c969e1e11: * Fix barbican SSL support (SOC-9298)
- Update to version 6.0+git.1564039130.9ad11f213: * designate: Use server node for VIP look ups (SOC-9631)
- add cirros-0.4.0-x86_64-disk.img (SOC-9298) * the disk img is required to run the barbican tempest test
- Update to version 6.0+git.1563891318.d41ce2e75: * Cleanup clone_stateless_services leftovers (SOC-9842)
- Update to version 6.0+git.1563439849.5c507bcdb: * Fix tempest config for cinder using ceph as backenid (SOC-9298)
- Update to version 6.0+git.1562841293.9768602a2: * swift: Sync HA nodes (SOC-9683)
- Update to version 6.0+git.1562684470.f5d361077: * designate: Fix spelling error inside comments (SOC-6361)
- Update to version 6.0+git.1562599436.b4c63fc56: * case-insensitive when lookup by name (SOC-9339)
- Update to version 6.0+git.1562319309.98a52a0a3: * monasca: move Grafana DB creation
- Update to version 1.3.0+git.1563181545.65360af5: * upgrade: Update repocheck keys * Update texts for 8-9 upgrade (SOC-9689)
- Update to version 1.3.0+git.1562579063.5690a1bc: * Pin gulp-angular-templatecache version
- Bumped package version to 1.3 to differentiate it from 8-9 version
- Udate to version 2.11.1.dev4 * Add Cassandra db support * Bump the pom version to 1.3.0 * Remove cassandra.patch (merged upstream)
- Fix license
- Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common
- Update to version ceilometer-11.0.2.dev14: * Fixing broken links
- Update to version ceilometer-11.0.2.dev14: * Fixing broken links
- Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16: * Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue
- Update to version cinder-13.0.7.dev3: * Prevent double-attachment race in attachment\_reserve
- Update to version cinder-13.0.7.dev1: 13.0.6 * Add OS-SCH-HNT in extensions list
- Update to version cinder-13.0.6.dev16: * Revert 'Declare multiattach support for HPE MSA'
- Update to version cinder-13.0.6.dev14: * Remove Sheepdog tests from zuul config
- Update to version cinder-13.0.6.dev13: * [VNX] Fix test case issue
* nimble: Fix missing ssl support (bsc#1027315) - Update to version designate-7.0.1.dev21: * Improve log message for better understanding
- Update to version designate-7.0.1.dev21: * Improve log message for better understanding
- Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create()
- Update to version openstack-heat-11.0.3.dev19: * Fix allowed address pair validation
- Update to version openstack-heat-11.0.3.dev18: * Show an engine as down if service record is not updated twice * Allow update of previously-replaced resources * Do not perform the tenant stack limit check for admin user
- Update to version openstack-heat-11.0.3.dev12: * Add entry\_point for oslo policy scripts
- Update to version openstack-heat-11.0.3.dev10: * Don't resolve properties for OS::Heat::None resource
- Update to version openstack-heat-11.0.3.dev8: * Add local bindep.txt and limit bandit version * Retry on DB deadlock in event\_create()
- Do not exclude python bytecode files (see https://review.opendev.org/#/c/666611 for details)
- Update to version neutron-lbaas-dashboard-5.0.1.dev7: * Update tox.ini for new upper constraints strategy * OpenDev Migration Patch
- Update to latest spec from rpm-packaging * Don't exclude python bytecode files in dashboards
- Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master
- Update to version ironic-11.1.4.dev9: * Filter security group list on the ID's we expect * Ansible module: fix deployment for private and/or shared images
- Update to version ironic-11.1.4.dev5: * Ansible driver: fix deployment with serial specified as root device hint * CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev4: * CI: stop using pyghmi from git master
- Update to version ironic-python-agent-3.3.3.dev3: * Correct formatting of a warning when lshw cannot be run
- Update to version ironic-python-agent-3.3.3.dev1: * Stop logging lshw output, collect it with other logs instead 3.3.2
- Update to version keystone-14.1.1.dev8: * Revert 'Blacklist bandit 1.6.0'
- Update to version keystone-14.1.1.dev8: * Revert 'Blacklist bandit 1.6.0'
- Update to version magnum-7.1.1.dev28: * Revert 'support http/https proxy for discovery url' * Use rocky heat-container-agent for stable/rocky
- Update to version magnum-7.1.1.dev28: * Revert 'support http/https proxy for discovery url' * Use rocky heat-container-agent for stable/rocky
- Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor
- Update to version manila-7.3.1.dev3: * Remove the redunant table from windows' editor
- update to version 1.14.2~dev1 - [GateFix] Ignore false positive bandit B105 test failure
- update to version 1.12.1~dev9 - Update all columns in metrics on an update to refresh TTL
- update to version 1.12.1~dev7 - Widen exception catch for point parse failure
- update to version 1.12.1~dev6 - some points unable to parse - OpenDev Migration Patch
- Rebased patches: + 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream)
- Update to version monasca-persister-1.12.1.dev9: * Update all columns in metrics on an update to refresh TTL * OpenDev Migration Patch
- Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
- Update to version monasca-persister-1.12.1.dev4 * Java persister config: defaults and robustness * Add Cassandra db support - Remove java-persister-defaults.patch (merged upstream) - Remove cassandra.patch (merged upstream) - Add missing URLs for patches
- Updated to kit tarball built from 1.12.1.dev4 - Updated README.updating for current version
- Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug
- Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6: * Ignore first local port update notification
- Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4
- Update to version neutron-13.0.5.dev22: * Clear skb mark on encapsulating packets * Stop OVS agent before starting it again * Fix sort issue in test\_dhcp\_agent\_scheduler.test\_filter\_bindings * fix update port bug
- Update to version neutron-13.0.5.dev15: * Check for agent restarted after checking for DVR port
- Update to version neutron-13.0.5.dev14: * Retry trunk status updates failing with StaleDataError
- Update to version neutron-13.0.5.dev13: * Don't crash ovs agent during reconfigure of phys bridges
- Update to version neutron-13.0.5.dev12: * Use --bind-dynamic with dnsmasq instead of --bind-interfaces * Yield control to other greenthreads while processing trusted ports * Limit max ports per rpc for dhcp\_ready\_on\_ports()
- Update to version neutron-13.0.5.dev6: * Ignore first local port update notification
- Update to version neutron-13.0.5.dev5: * Add custom ethertype processing 13.0.4
* When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729) - Update to version group-based-policy-5.0.1.dev459: * Tempest Scenario test for Connection Tracking
- Update to version group-based-policy-5.0.1.dev457: * Adding icmp\_code and icmp\_type for SG rule * A VM could be associated with multiple ports * Optimize the extend\_router\_dict() call
- Update to version group-based-policy-5.0.1.dev451: * [AIM] Enhance gbp-validate to detect routed subnet overlap
- Update to version group-based-policy-5.0.1.dev450: * [AIM] Prevent overlapping CIDRs in routed VRF * Disallow external subnets as router interfaces
- Update to version group-based-policy-5.0.1.dev448: * Fix issues on sync\_state display on neutron based on AIM status
- Update to version group-based-policy-5.0.1.dev446: * Send the port updates for the SNAT use case if needed * Make DHCP provisioning blocks conditional
- Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky
- add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch
- Update to version neutron-lbaas-13.0.1.dev14: * Update tox.ini for new upper constraints strategy * Remove the release notes job from stable/rocky
* Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051) - Update to version octavia-3.1.2.dev8: * Add octavia-v2-dsvm jobs to the gate queue
- Update to version octavia-3.1.2.dev7: * Fix for utils LB DM transformation function
- Update to version octavia-3.1.2.dev5: * Update amphora-agent to report UDP listener health
- Update to version octavia-3.1.2.dev3: * Update tox.ini for new upper constraints strategy
- Add patches fixing tempest cleanup removing all networks https://bugs.launchpad.net/tempest/+bug/1812660 * 0001-Remove-deprecated-services-from-cleanup.patch * 0002-Fix-tempest-cleanup.patch * 0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch
- Update to version 9.0+git.1566405927.c5c03d4: * Adds ipv6 support to baremetal ServersValidator (SOC-9940)
- Update to version 9.0+git.1565384645.8fcf5db: * Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939)
- Update to version 9.0+git.1564587526.5db9d5d: * Flag forward:NORMAL on MANAGEMENT network group (SOC-9939)
- Update to version 9.0+git.1563384666.4c1a3e5: * Bracketed ipv6 addresses for endpoint urls (SOC-9357)
- added 0001-Fix-volume-revert-to-snapshot-tests.patch
- update to version 2.5.3 - Do not try to use /v1/v1 when endpoint_override is used - OpenDev Migration Patch
- added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch
- added 0001-Use-unicode-literals-in-test_metrics.patch
- update to version 3.16.2 (bsc#1144027, bsc#1144026) - update to version 0.17.3 - OpenDev Migration Patch - Replace openstack.org git:// URLs with https:// - Fixes for Unicode characters in python 2 requests - Fix functional tests on stable/rocky - Correct updating baremetal nodes by name or ID - Support bare metal service error messages - import zuul job settings from project-config - Correct update operations for baremetal - Add simple create/show/delete functional tests for all baremetal resources - Add a simple baremetal functional job - Pass microversion info through from Profile
- update to 2.8.4 (SOC-9280) * Adding fix for nic\_capacity calculation
- Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676) * python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server
- Switch to new Gerrit Server
- Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - Updated to 13.0.1~dev146 (d307746a5) * NSX|V3 adminUtils: detect and clean orphaned section rules * OpenDev Migration Patch * Delete SG rules when deleting their remote group * NSX|V3: Limit number of subnet static routes per backend * NSX|V: Restrict creating conflicting address_pair in the same network * NSX|V3: Add verification of num defined address pairs * constrain rocky dependencies * Update rocky .gitreview branch * Handle multiple default SG creation in all plugins * update tox for stable branch * NSX|V3: remove redundent code in get_port/s * NSX|V3: Change status code of SG failure * NSX|V: enable allow_address_pairs upon request * Revert 'NSX|V3: Simplify LBaaS implementation' * NSX|V3: Fix LBaaS loadbalancer creation * NSX|V: Init FWaaS callbacks only if enabled * NSX|V3: Simplify LBaaS implementation * Complete the init of the Neutron main process * NSX|V3: Respect default keyword for physical_net * NSX|V admin utils: Find and fix spoofguard policies mismatches * TVD: Add start_rpc_listeners to the plugin * Upgrade appdirs lower constraints * NSX|V+V3: relax FWaaS validation * Revert 'NSX|V3: Init FWaaS before spawn' * NSX|V3: prevent user from changing the NSX internal SG * Fix provider security group exception call * NSX|V3+V: Handle fwaas policy removal * NSX|V3: Create port bindings for dhcp ports * NSX|V3: Fix LB error handling * Fix security group broken code & tests * [NSX-V] Ensure binding exists before assigning lswitch_id * NSX|V: Fix update section header * NSX|V3: Validate FWaaS cidrs * Devstack: Delete old project before deciding how to get the new code * NSX|V3: Init FWaaS before spawn * Devstack: Fix failed of ml2 directory creation * Devstack: Fix failed of ml2 directory creation * Fix cffi lower constraints * NSX|V3: Do not allow external subnets overlapping with uplink cidr * Devstack: Fix ml2 config file creation for FWaaS-V2 * NSX|V3 Support expected codes for LB HM * NSX|V3: Fix ipam to check subnets carefully * NSX|V3 Fix provider nsx-net create * NSX-T: Delete subnet in case of dhcp error * Fix Octavia devstack instructions * NSX|V3: Fix LB statistics getter * NSX|V3: Add L2GW connection validation * Devstack: Create ml2 config file for FWaaS-V2 * NSX|V3: Configure tier0 transit networks * Use upper-constraints from stable/rocky * fix lower constraints * TVD: Add missing VPN driver api * NSX|V3: FWaaS translate 0.0.0.0 to Any ip * NSX|V use context reader for router driver * NSX|V Fix AdminUtils get apis to use the right context * TVD LBaaS: fix operational status api * Use tenant context to get router GW network * NSX-v3: Fix listener for pool not fetched anymore * NSX-v3: Prevent comparison with None * NSXv: use admin context for metadata port config * NSX-v3: Fix LB HTTP/HTTPS monitor impl * NSX|V Fix orphaned networks and bindings * NSX|V3 Fix dhcp binding rollback * NSX|V3: Fix FW(v2) status when deleting an illegal port * Ensure NSX VS is always associated with NSX LBS * NSX|V3: validate LBaaS NSX stats fields * TVD verify loadbalancer project match the LB object project * TVD: Do not crash in case the project is not found * NSX|V3: Fix member fip error message * NSX|V3: Restrict update of LB port with fixed IP * NSX|V3 Add NO-NAT rules only for routers with enabled SNAT * NSXv: Metadata should complete init * TVD: Add LBaaS get_operating_status support * NSX|V Fill VIF data for upgraded ports * Devstack plugin: fetch Neutron only when needed * NSX|V: Improve SG rule service creation * NSX|V fix LBaaS operation status function params * NSX|V3: Add LB status calls validations * NSX|V3 remove lbaas import to allow the plugin to work without lbaas * NSX|V Allow updating port security and mac learning together * NSX|V3: Change external provider network error message * NSX|V+V3: Prevent adding different projects routers to fwaas-V1 * NSX|V: Fix BGP plugin get operations * NSX|V: Validate DVS Id when creating flat/vlan network * NSX|V: Fix devstack cleanup for python 3 * NSX|V3: Check specific exception when deleting dhcp port * NSX|V3 Validate rate-limit value in admin utilitiy * NSX|V3 adminUtils: Use nsx plugin to get ports * NSX|V3: Fail on unsupported QoS rules * NSX|V3: VPN connection status update * NSX-V3| Fix port MAC learning flag handling * NSX|V3 update port revision on update_port response * NSX|V: Avoid updating the default section at init * NSX|V3: LBaaS operating status support * NSX|V3: Fix external LB member create * Devstack: Use the right python version in cleanup * NSX|V: Fix host groups for DRS HA for AZ * NSX|V Fix policy security group update * NSX|V+V3 QoS rbac support * NSX|V3 update port binding for callbacks notifications * NSX|V3: Support new icmp codes and types * NSX|V3: Make sure LB member is connected to the LB router * NSX|V3: Prevent adding an external net as a router interface * NSX|V: Shorten the L2 bridge edge name * NSX|V3: Fix port binding update on new ports
- update to version 13.0.1~dev146
- Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log. - update to version 13.0.1~dev24 (ebaacab) * updates for stable branch * NSX|V3+P: Change max allowed host routes * Adding the option to configure disabled mac profile * OpenDev Migration Patch * NSX|T: Backend parameter for max subnet static routes * NSX|T: Add NSX limit of IP address association to port * Fix nsgroup update to access the logging field safely * Retry http requests on timeouts * Added retries if API call fails due to MP cluster reconfig * Fix check_manager_status to support older NSX versions * Improve Cluster validation checks * Add apis to get tier0 uplink cidrs and not just ips * Support response status codes for LB HM * Add manager status validation to validate connection * Handle get_default_headers errors * Update the max NS groups criteria tags number dynamically * Fix multi-cluster connectivity * Amend allowed ICMP types and codes in strict mode * Fix cluster connectivity * Fix the revision needed for security rules version * New api for getting VPN session status * New api for getting the LB virtual servers status * NSX|V3: Support new icmp codes and types list-
- update to version 13.0.1~dev24
- Fix the Requires: format in spec file (bsc#1134232) - 3.4.2
| | Family: | unix | Class: | patch | | Status: | | Reference(s): | 1027315
1129729
1133719
1134232
1140512
1141676
1144026
1144027
CVE-2015-3448
CVE-2017-17051
CVE-2019-11236
CVE-2019-11324
CVE-2019-13611
CVE-2019-7164
CVE-2019-7548
CVE-2019-9735
CVE-2019-9740
SUSE-SU-2019:2267-1
| | Platform(s): | SUSE OpenStack Cloud Crowbar 9
| Product(s): | | | Definition Synopsis | | SUSE OpenStack Cloud Crowbar 9 is installed AND Package Information
crowbar-core-6.0+git.1566321308.1de18b9a4-3.7.2 is installed
OR crowbar-core-branding-upstream-6.0+git.1566321308.1de18b9a4-3.7.2 is installed
OR crowbar-ha-6.0+git.1566406179.7549de2-3.7.2 is installed
OR crowbar-openstack-6.0+git.1566404979.41279a88e-3.7.2 is installed
OR crowbar-ui-1.3.0+git.1563181545.65360af5-8.1 is installed
OR openstack-ceilometer-11.0.2~dev14-3.7.2 is installed
OR openstack-ceilometer-agent-central-11.0.2~dev14-3.7.2 is installed
OR openstack-ceilometer-agent-compute-11.0.2~dev14-3.7.2 is installed
OR openstack-ceilometer-agent-ipmi-11.0.2~dev14-3.7.2 is installed
OR openstack-ceilometer-agent-notification-11.0.2~dev14-3.7.2 is installed
OR openstack-ceilometer-polling-11.0.2~dev14-3.7.2 is installed
OR openstack-cinder-13.0.7~dev3-3.7.2 is installed
OR openstack-cinder-api-13.0.7~dev3-3.7.2 is installed
OR openstack-cinder-backup-13.0.7~dev3-3.7.2 is installed
OR openstack-cinder-scheduler-13.0.7~dev3-3.7.2 is installed
OR openstack-cinder-volume-13.0.7~dev3-3.7.2 is installed
OR openstack-designate-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-agent-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-api-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-central-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-producer-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-sink-7.0.1~dev21-3.7.2 is installed
OR openstack-designate-worker-7.0.1~dev21-3.7.2 is installed
OR openstack-heat-11.0.3~dev19-3.7.2 is installed
OR openstack-heat-api-11.0.3~dev19-3.7.2 is installed
OR openstack-heat-api-cfn-11.0.3~dev19-3.7.2 is installed
OR openstack-heat-engine-11.0.3~dev19-3.7.2 is installed
OR openstack-heat-plugin-heat_docker-11.0.3~dev19-3.7.2 is installed
OR openstack-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8.1 is installed
OR openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8.1 is installed
OR openstack-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8.1 is installed
OR openstack-ironic-11.1.4~dev9-3.7.2 is installed
OR openstack-ironic-api-11.1.4~dev9-3.7.2 is installed
OR openstack-ironic-conductor-11.1.4~dev9-3.7.2 is installed
OR openstack-ironic-python-agent-3.3.3~dev4-3.7.2 is installed
OR openstack-keystone-14.1.1~dev8-3.7.2 is installed
OR openstack-magnum-7.1.1~dev28-3.7.2 is installed
OR openstack-magnum-api-7.1.1~dev28-3.7.2 is installed
OR openstack-magnum-conductor-7.1.1~dev28-3.7.2 is installed
OR openstack-manila-7.3.1~dev3-4.7.2 is installed
OR openstack-manila-api-7.3.1~dev3-4.7.2 is installed
OR openstack-manila-data-7.3.1~dev3-4.7.2 is installed
OR openstack-manila-scheduler-7.3.1~dev3-4.7.2 is installed
OR openstack-manila-share-7.3.1~dev3-4.7.2 is installed
OR openstack-monasca-notification-1.14.2~dev1-6.7.2 is installed
OR openstack-monasca-persister-1.12.1~dev9-9.1 is installed
OR openstack-monasca-persister-java-1.12.1~dev9-9.1 is installed
OR openstack-neutron-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-dhcp-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-gbp-5.0.1~dev459-3.7.2 is installed
OR openstack-neutron-ha-tool-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-l3-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-lbaas-13.0.1~dev14-3.7.2 is installed
OR openstack-neutron-lbaas-agent-13.0.1~dev14-3.7.2 is installed
OR openstack-neutron-linuxbridge-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-macvtap-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-metadata-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-metering-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-openvswitch-agent-13.0.5~dev22-3.7.2 is installed
OR openstack-neutron-server-13.0.5~dev22-3.7.2 is installed
OR openstack-nova-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-api-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-cells-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-compute-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-conductor-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-console-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-novncproxy-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-placement-api-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-scheduler-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-serialproxy-18.2.2~dev9-3.7.2 is installed
OR openstack-nova-vncproxy-18.2.2~dev9-3.7.2 is installed
OR openstack-octavia-3.1.2~dev8-3.7.2 is installed
OR openstack-octavia-amphora-agent-3.1.2~dev8-3.7.2 is installed
OR openstack-octavia-api-3.1.2~dev8-3.7.2 is installed
OR openstack-octavia-health-manager-3.1.2~dev8-3.7.2 is installed
OR openstack-octavia-housekeeping-3.1.2~dev8-3.7.2 is installed
OR openstack-octavia-worker-3.1.2~dev8-3.7.2 is installed
OR openstack-tempest-19.0.0-12.1 is installed
OR openstack-tempest-test-19.0.0-12.1 is installed
OR python-ceilometer-11.0.2~dev14-3.7.2 is installed
OR python-cinder-13.0.7~dev3-3.7.2 is installed
OR python-cinder-tempest-plugin-0.1.0-8.1 is installed
OR python-designate-7.0.1~dev21-3.7.2 is installed
OR python-heat-11.0.3~dev19-3.7.2 is installed
OR python-horizon-plugin-neutron-fwaas-ui-1.5.1~dev6-8.1 is installed
OR python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev7-8.1 is installed
OR python-horizon-plugin-neutron-vpnaas-ui-1.4.1~dev7-8.1 is installed
OR python-ironic-11.1.4~dev9-3.7.2 is installed
OR python-ironicclient-2.5.3-4.7.2 is installed
OR python-ironicclient-doc-2.5.3-4.7.2 is installed
OR python-keystone-14.1.1~dev8-3.7.2 is installed
OR python-keystonemiddleware-5.2.0-8.1 is installed
OR python-magnum-7.1.1~dev28-3.7.2 is installed
OR python-manila-7.3.1~dev3-4.7.2 is installed
OR python-monasca-notification-1.14.2~dev1-6.7.2 is installed
OR python-monasca-persister-1.12.1~dev9-9.1 is installed
OR python-monasca-tempest-plugin-0.3.0-8.1 is installed
OR python-neutron-13.0.5~dev22-3.7.2 is installed
OR python-neutron-gbp-5.0.1~dev459-3.7.2 is installed
OR python-neutron-lbaas-13.0.1~dev14-3.7.2 is installed
OR python-nova-18.2.2~dev9-3.7.2 is installed
OR python-octavia-3.1.2~dev8-3.7.2 is installed
OR python-openstackclient-3.16.2-8.1 is installed
OR python-openstacksdk-0.17.3-8.1 is installed
OR python-proliantutils-2.8.4-8.1 is installed
OR python-tempest-19.0.0-12.1 is installed
OR python-vmware-nsx-13.0.1~dev146-9.1 is installed
OR python-vmware-nsxlib-13.0.1~dev24-8.1 is installed
OR yast2-crowbar-3.4.2-8.1 is installed
|
|