Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2020.0902
SUSE Security update for ardana-cinder, ardana-cobbler, ardana-designate,
ardana-extensions-example, ardana-extensions-nsx, ardana-glance,
ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone,
ardana-logging, ardana-monasca, ardana-monasca-transform
12 March 2020
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: ardana
Publisher: SUSE
Operating System: SUSE
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Modify Arbitrary Files -- Existing Account
Denial of Service -- Remote/Unauthenticated
Access Confidential Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2020-7595 CVE-2020-2574 CVE-2019-18901
CVE-2019-16770 CVE-2019-13117 CVE-2019-2974
CVE-2019-2938 CVE-2019-2805 CVE-2019-2758
CVE-2019-2740 CVE-2019-2739 CVE-2019-2737
CVE-2018-17954 CVE-2017-1002201
Reference: ESB-2020.0713
ESB-2019.2784
ESB-2019.2660
Original Bulletin:
https://www.suse.com/support/update/announcement/2020/suse-su-20200640-1.html
https://www.suse.com/support/update/announcement/2020/suse-su-20200642-1.html
Comment: This bulletin contains two (2) SUSE security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
SUSE Security Update: Security update for ardana-cinder, ardana-cobbler,
ardana-designate, ardana-extensions-example, ardana-extensions-nsx,
ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone,
ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq,
ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest,
crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb,
openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE,
openstack-heat, openstack-heat-templates,
openstack-horizon-plugin-designate-ui,
openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic,
openstack-keystone, openstack-monasca-agent, openstack-neutron,
openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova,
openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents,
openstack-sahara, openstack-trove, python-cinderlm, python-congressclient,
python-designateclient, python-ironic-lib, python-networking-cisco,
python-osc-lib, python-oslo.context, python-oslo.rootwrap,
python-oslo.serialization, python-oslo.service, python-stevedore,
python-taskflow, rubygem-crowbar-client, rubygem-p
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0640-1
Rating: important
References: #1077717 #1117080 #1117840 #1123191 #1148158 #1152007
#1154235 #1155089 #1155942 #1156305 #1156669 #1156914
#1157028 #1157206 #1157482 #1158675 #1160048 #1160878
#1160883 #1160895 #1160912 #1161351 #1161517 #1162388
Cross-References: CVE-2017-1002201 CVE-2018-17954 CVE-2019-13117
CVE-2019-16770 CVE-2019-18901 CVE-2019-2737 CVE-2019-2739
CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938
CVE-2019-2974 CVE-2020-2574 CVE-2020-7595
Affected Products:
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud 8
HPE Helion Openstack 8
______________________________________________________________________________
umavenv-openstack-swift
An update that solves 14 vulnerabilities and has 10 fixes is now available.
Description:
This update for ardana-cinder, ardana-cobbler, ardana-designate,
ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat,
ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging,
ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron,
ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core,
crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb,
openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE,
openstack-heat, openstack-heat-templates,
openstack-horizon-plugin-designate-ui,
openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic,
openstack-keystone, openstack-monasca-agent, openstack-neutron,
openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova,
openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents,
openstack-sahara, openstack-trove, python-cinderlm, python-congressclient,
python-designateclient, python-ironic-lib, python-networking-cisco,
python-osc-lib, python-oslo.context, python-oslo.rootwrap,
python-oslo.serialization, python-oslo.service, python-stevedore,
python-taskflow, rubygem-crowbar-client, rubygem-puma, venv-openstack-swift
fixes the following issues: Security issues fixed:
The update of rubygem-crowbar-client, rubygem-puma fixes the following security
issues:
o CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin
passwords to all nodes (bsc#1117080).
o CVE-2019-16770: Fixed a denial-of-service vulnerability that was
exploitable by clients sending extraneous keepalive requests (bsc#1158675).
The update of mariadb to 10.2.29 fixes several security issues:
o CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an
attacker to crash the client (bsc#1162388).
o CVE-2019-18901: Fixed a difficult to exploit vulnerability that allowed an
attacker to crash the client (bsc#1162388).
o CVE-2017-1002201: Fixed an issue where special characters did not escpae
properly (bsc#1155089)
o CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805,
CVE-2019-2938, CVE-2019-2974: Fixed an issue where could lead a remote
attacker to cause denial of service (bsc#1156669)
Non-security issues fixed:
Changes in ardana-cinder:
o Update to version 8.0+git.1579279939.ee7da88: * Add option to flatten
snapshots when using SES (SOC-11054)
o Update to version 8.0+git.1571846011.1a2f62b: * SCRD-4764 move v2.0
endpoints to v3 (SOC-9753)
Changes in ardana-cobbler:
o Update to version 8.0+git.1575037115.0326803: * Set root device on SLES
autoyast templates (SOC-7365)
Changes in ardana-designate:
o Update to version 8.0+git.1573597788.15b7984: * Update gerrit location
(SOC-9140)
Changes in ardana-extensions-example:
o Switch to new Gerrit Server
o Update to version 8.0+git.1534266307.db1ec28: * SCPL-409 Fix .gitreview for
stable/pike
Changes in ardana-extensions-nsx:
o Update to version 8.0+git.1567529036.a41a037: * Update policy json
templates for vmware-nsx (SOC-10254)
o Switch to new Gerrit Server
Changes in ardana-glance:
o Update to version 8.0+git.1571846045.ab9e3ea: * SCRD-4764 move v2.0
endpoints to v3 (SOC-9753)
Changes in ardana-heat:
o Update to version 8.0+git.1571777596.14dce6a: * SCRD-4764 remove V2.0 auth
end points (SOC-9753)
Changes in ardana-input-model:
o Update to version 8.0+git.1582147997.b9ed134: * Enable port security
extension neutron (SOC-11027)
o Update to version 8.0+git.1573658751.38e822a: * Move manila share to
controller (SOC-10938)
Changes in ardana-ironic:
o Update to version 8.0+git.1571845225.006843d: * SCRD-4764 remove V2.0 auth
end points (SOC-9753)
Changes in ardana-keystone:
o Update to version 8.0+git.1573147067.09e3ea0: * enable debug and
insecure_debug on demand (SOC-10934)
Changes in ardana-logging:
o Update to version 8.0+git.1572452293.e65d714: * use correct Keystone v3
params bsc#1117840 (SOC-9753)
Changes in ardana-monasca:
o Update to version 8.0+git.1572527728.9b34bdf: * use correct Keystone v3
params bsc#1117840 (SOC-9753) * SCRD-4764 remove V2.0 auth end points
(SOC-9753)
Changes in ardana-monasca-transform:
o Update to version 8.0+git.1571845965.97714fb: * SCRD-4764 remove V2.0 auth
end points (SOC-9753)
Changes in ardana-mq:
o Update to version 8.0+git.1581024906.fbf0be3: * Ensure HA queue sync wait
fails (SOC-11083) * Fix HA policy setting comments (SOC-10317, SOC-11082)
o Update to version 8.0+git.1580853688.4e72fc1: * Set HA policy accordingly
(SOC-10317, SOC-11082)
o Update to version 8.0+git.1579014733.a855e3a: * Change the HA policy mirror
(SOC-10317)
Changes in ardana-neutron:
o Update to version 8.0+git.1573050365.ff6fa06: * Kill dhclient before
restarting neutron-openvswitch-agent (SOC-9230)
o Update to version 8.0+git.1571846086.19cb7eb: * SCRD-4764 move v2.0
endpoints to v3 (SOC-9753)
Changes in ardana-nova:
o Update to version 8.0+git.1571846125.584d988: * SCRD-4764 remove V2.0 auth
end points (SOC-9753)
Changes in ardana-octavia:
o Update to version 8.0+git.1575642049.1f321d0: * Change
event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig:
o Update to version 8.0+git.1581015942.2d21e63: * Adjust
'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
o Update to version 8.0+git.1580469528.0ac2a8b: * Start OVS services before
wicked service at boot (SOC-11067)
Changes in ardana-tempest:
o Update to version 8.0+git.1579261264.7dd213a: * Create network resources
needed by some heat tests (SOC-7028)
o Update to version 8.0+git.1573571182.8fa9823: * Restrore designate test
(SOC-9753)
o Update to version 8.0+git.1571846164.6279bc0: * SCRD-4764 remove V2.0 auth
end points (SOC-9753)
Changes in crowbar-core:
o Update to version 5.0+git.1582968668.1a55c77c5: * Ignore CVE-2020-7595 in
CI (bsc#1161517)
o Update to version 5.0+git.1582543433.f71d39544: * Fix deployment queue
display (SOC-10741)
o Update to version 5.0+git.1580209640.80f2ba3d9: * network: start OVS before
wickedd (SOC-11067)
o Update to version 5.0+git.1579705862.220974047: * dns: add checks to
designate migration (SOC-11047)
o Update to version 5.0+git.1579271614.eac1c490c: * upgrade: Add the upgrade
menu entry (SOC-11053) * upgrade: Fix upgrade link (SOC-11053)
o Update to version 5.0+git.1578989446.a2d23b7e1: * Do not log an error for a
case that is correct (trivial)
o Update to version 5.0+git.1578472131.b88a31055: * apache2: Restart after
enabling SSL flag (SOC-11029)
o Update to version 5.0+git.1578295229.96952deab: * Avoid nil crash when
provisioner attributes are not set (bsc#1160048)
o Update to version 5.0+git.1578063264.d0223905b: * Ignore CVE-2019-16770
(SOC-10999)
o Update to version 5.0+git.1576053049.a2f4c9820: * upgrade: Remove DRBD
specific code from the preparation parts (SOC-10985)
o Update to version 5.0+git.1575020613.fc167f4dc: * List XEN nodes when
failing precheck (trivial)
o Update to version 5.0+git.1574763025.0a6957f37: * Disable installation
repository (bsc#1152007) * Disable automatic repo services (bsc#1152007) *
Designate: Don't add the admin node to the public network (SOC-10658)
o Update to version 5.0+git.1574715523.ee8e58f4b: * upgrade: Check the result
after commiting proposal (noref) * upgrade: Do not try to disable services
that might not exist (noref)
o Update to version 5.0+git.1574667034.76644f658: * [upgrade] Remove existing
upgrade directories from nodes (SOC-10956)
o Update to version 5.0+git.1574348992.88de970a6: * [upgrade] Wait for
keystone to be ready after start (bsc#1157206)
o Update to version 5.0+git.1574270784.294f0e830: * upgrade: Ignore Cloud
repository during repocheck (bsc#1152007)
o Update to version 5.0+git.1574165163.52870c62e: * [upgrade] Call
finalize_nodes_upgrade at the very end (bsc#1155942)
o Update to version 5.0+git.1574103089.1fbb5a51d: * Ignore CVE-2019-13117 in
CI builds (bsc#1157028) * upgrade: Make the time before next upgrade
configurable (SOC-10955) * upgrade: Make sure cinder-volume is really
stopped (bsc#1156305)
o Update to version 5.0+git.1573110008.449237f0d: * Allow pacemaker remotes
for upgrade (SOC-10133) * upgrade: Precheck for unsaved proposals
(SOC-10912)
o Update to version 5.0+git.1572880575.4a6efa3a1: * upgrade: Add a precheck
for XEN compute nodes presence (SOC-10495) * upgrade: Reload repo config in
repochecks (SOC-10718)
o Update to version 5.0+git.1572097431.519baa552: * Ignore CVE-2017-1002201
in CI builds (bsc#1155089)
o Update to version 5.0+git.1571210032.8648ab99c: * Revert "Use
block-migration when needed" (SOC-10133)
Changes in crowbar-ha:
o Update to version 5.0+git.1574286229.e0364c3: * Drop g-haproxy location
before group deletion (bsc#1156914)
Changes in crowbar-openstack:
o Update to version 5.0+git.1582911795.5081ef1da: * designate: Mark as user
managed (SOC-10233) * Designate: make sure dns-server is active on a
non-admin node (SOC-10636)
o Update to version 5.0+git.1580549331.ba1e1a0a3: * [5.0] ec2-api: run
keystone_register on cluster founder only (SOC-11079)
o Update to version 5.0+git.1579182968.f54cfa8f5: * tempest: tempest run
filters as templates (SOC-11052)
o Update to version 5.0+git.1578515319.fdab3a0b2: * Install openstack client
for neutron recipes (SOC-11039)
o Update to version 5.0+git.1576764142.8efe58655: * Do not read data from
barclamp that has not been saved (SOC-11028)
o Update to version 5.0+git.1576666547.b7a0b8814: * Revert "Octavia: Hide UI
until complete (SOC-10550)"
o Update to version 5.0+git.1576250115.67b80cbca: * [5.0] tempest: Update
default image on schema (SOC-11023)
o Update to version 5.0+git.1576078873.ecc798ffe: * neutron: Revert remove
.openrc creation from neutron cookbooks (SOC-10378) * keystone: Add
OS_INTERFACE env var to .openrc (SOC-11006)
o Update to version 5.0+git.1574927541.694ac3863: * designate: move keystone
resource lookup to convergence (SOC-10887)
o Update to version 5.0+git.1574769056.07a7c373e: * designate: declare all
mdns servers as master on pool config (SOC-10952) * designate: add support
for SSL (SOC-10877) * designate: change default configuration (SOC-10899)
o Update to version 5.0+git.1574421761.ace345683: * Add tempest filter for
designate (SOC-10288)
o Update to version 5.0+git.1574359417.113b616b2: * horizon: install lbaas
horizon dashboard (SOC-10883)
o Update to version 5.0+git.1572937880.ffb86e88b: * Make sure the input file
with ssh key exists (SOC-10133)
o Update to version 5.0+git.1571764038.ad48726d6: * mysql: fix WSREP sync
race (SOC-10717) * mysql: stop service for mysql_install_db (SOC-10717) *
Do not use obsoleted --endpoint-type option with CLI
o Update to version 5.0+git.1571323259.7402ef5eb: * [5.0] Tempest: blacklist
test_volume_boot_pattern (SOC-10874)
o Update to version 5.0+git.1571241534.f4af21325: * rabbitmq: fix migration
200 (SOC-10623) * Fix Cloud 8 no-op migrations (SOC-10623) * neutron-lbaas:
remove loadbalancer/pool limit * [5.0] Configurable timeout for Galera
pre-sync
o Update to version 5.0+git.1571138324.edb9e8b56: * horizon: tighten check
for existence of monasca while deploying grafana * monasca: improve
detection if monasca-server is available * monasca: install agent before
run setup monitors in server * Monasca: Handle node reinstall (jsc#
SOC-10440, bsc#1148158 )
o Update to version 5.0+git.1570618886.06022a6ef: * glance: Set barbican auth
endpoint (bsc#1123191, SOC-10844) * tempest: Add barbican run_filters from
ardana (SOC-10844) * Fix nova tempest tests (SOC-9298, SOC-10844)
o Update to version 5.0+git.1570505588.4bdc5aa6f: * No rndc key if no public
DNS server (SOC-10835)
Changes in crowbar-ui:
o Update to version 1.2.0+git.1575896697.a01a3a08: * upgrade: Added missing
error title * travis: Stop testing against nodejs4
o Update to version 1.2.0+git.1572871359.50fc6087: * Add title for XEN
compute nodes precheck (SOC-10495)
Changes in keepalived:
o update to 2.0.19
o new BR pkgconfig(libnftnl) to fix nftables support
o add nftables to the BR
o added patch * linux-4.15.patch
o add buildrequires for file-devel - used in the checker to verify scripts
o enable json stats and config dump support new BR: pkgconfig(json-c)
o enable http regexp support: new BR pcre2-devel
o disable dbus instance creation support as it is marked as dangerous
o Add BFD build option to keepalived.spec rpm file Issue #1114 identified
that the keepalived.spec file was not being generated to build BFD support
even if keepalived had been configured to support it.
o full changelog https://keepalived.org/changelog.html
Changes in mariadb:
o update to 10.2.31 GA [bsc#1162388] * Fixes for the following security
vulnerabilities: * 10.2.31: CVE-2020-2574 * 10.2.30: none * release notes
and changelog: https://mariadb.com/kb/en/library/
mariadb-10231-release-notes https://mariadb.com/kb/en/library/
mariadb-10231-changelog https://mariadb.com/kb/en/library/
mariadb-10230-release-notes https://mariadb.com/kb/en/library/
mariadb-10230-changelog
o refresh mariadb-10.1.12-deharcode-libdir.patch
o remove mariadb-10.2.29-bufferoverflowstrncat.patch (upstreamed)
o pack pam_user_map.so module in the /%{_lib}/security directory and
user_map.conf configuration file in the /etc/security directory
o fix race condition with mysql_upgrade_info status file by moving it to the
location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895]
o move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/
misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink
attack [bsc#1160912]
o on BTRFS systems /var/lib/mysql is created as a subvolume with 755
permissions during the system installaion. Fix it to 700 as
mysql_install_db doesn't do it [bsc#1077717]
o add important options to mariadb.service and mariadb@.service
(ProtectSystem, ProtectHome and UMask) [bsc#1160878]
o mysql-systemd-helper: use systemd-tmpfiles instead of shell script
operations for a cleaner and safer creating of /run/mysql [bsc#1160883]
o update to 10.2.29 GA * Fixes for the following security vulnerabilities: *
10.2.29: none * 10.2.28: CVE-2019-2974, CVE-2019-2938 * 10.2.27: none *
10.2.26: CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737,
CVE-2019-2758 * release notes and changelog: https://mariadb.com/kb/en/
library/mariadb-10229-release-notes https://mariadb.com/kb/en/library/
mariadb-10229-changelog https://mariadb.com/kb/en/library/
mariadb-10228-release-notes https://mariadb.com/kb/en/library/
mariadb-10228-changelog https://mariadb.com/kb/en/library/
mariadb-10227-release-notes https://mariadb.com/kb/en/library/
mariadb-10227-changelog https://mariadb.com/kb/en/library/
mariadb-10226-release-notes https://mariadb.com/kb/en/library/
mariadb-10226-changelog
o refresh mariadb-10.0.15-logrotate-su.patch mariadb-10.2.4-logrotate.patch
o add mariadb-10.2.29-bufferoverflowstrncat.patch to fix "Statement might be
overflowing a buffer in strncat" error
o tracker bug [bsc#1156669]
o add main.gis_notembedded to the skipped tests (fails when latin1 is not
set)
Changes in openstack-cinder:
o Update to version cinder-11.2.3.dev23: * Fix handling of 'cinder\
_encryption\_key\_id' image metadata
o Update to version cinder-11.2.3.dev21: * Add retry to LVM deactivation
o Update to version cinder-11.2.3.dev19: * Fix ceph: only close rbd image
after snapshot iteration is finished
o Update to version cinder-11.2.3.dev17: * Exclude disabled API versions from
listing
Changes in openstack-cinder:
o Update to version cinder-11.2.3.dev23: * Fix handling of 'cinder\
_encryption\_key\_id' image metadata
o Update to version cinder-11.2.3.dev21: * Add retry to LVM deactivation
o Update to version cinder-11.2.3.dev19: * Fix ceph: only close rbd image
after snapshot iteration is finished
o Update to version cinder-11.2.3.dev17: * Exclude disabled API versions from
listing
Changes in openstack-dashboard:
o Update to version horizon-12.0.5.dev2: * Use python 2.7 as the default
interpreter in tox * OpenDev Migration Patch 12.0.4
Changes in openstack-dashboard-theme-SUSE:
o Update to version 2017.2+git.1573629528.6b21fa5: * SCRD-7984 fixed help
links
Changes in openstack-heat:
o Update to version heat-9.0.8.dev22: * Do deepcopy when copying templates
o Update to version heat-9.0.8.dev21: * Set stack.thread\_group\_mgr for
cancel\_update * Eliminate client race condition in convergence delete *
Delete snapshots using contemporary resources
o Update to version heat-9.0.8.dev15: * Unskip StackSnapshotRestoreTest
o Update to version heat-9.0.8.dev14: * Fix translate tenants in flavor
Changes in openstack-heat:
o Update to version heat-9.0.8.dev22: * Do deepcopy when copying templates
o Update to version heat-9.0.8.dev21: * Set stack.thread\_group\_mgr for
cancel\_update * Eliminate client race condition in convergence delete *
Delete snapshots using contemporary resources
o Update to version heat-9.0.8.dev15: * Unskip StackSnapshotRestoreTest
o Update to version heat-9.0.8.dev14: * Fix translate tenants in flavor
Changes in openstack-heat-templates:
o Update to version 0.0.0+git.1560033670.e3b5a52: * Add example for running
Zun container * OpenDev Migration Patch * Replace openstack.org git:// URLs
with https:// * Remove docs, deprecated hooks, tests * Update the bugs link
to storyboard * Use octavia resources for autoscaling example * Fix the
incorrect cirros default password
Changes in openstack-horizon-plugin-designate-ui:
o Update to version designate-dashboard-5.0.3.dev2: * Fix list zones updated
at same time * OpenDev Migration Patch 5.0.2
Changes in openstack-horizon-plugin-neutron-lbaas-ui:
o Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883)
The .pyc file needs to be removed when the package is uninstalled,
otherwise the panel will remain enabled in the dashboard and cause errors.
Changes in openstack-ironic:
o Update to version ironic-9.1.8.dev8: * Place upper bound on
python-dracclient version
Changes in openstack-ironic:
o Update to version ironic-9.1.8.dev8: * Place upper bound on
python-dracclient version
Changes in openstack-keystone:
o Update to version keystone-12.0.4.dev5: * Import LDAP job into project
Changes in openstack-keystone:
o Update to version keystone-12.0.4.dev5: * Import LDAP job into project
Changes in openstack-monasca-agent:
o Added dependency: * fdupes * pwdutils and shadow-utils for useradd/groupadd
o added 0001-add-X.509-certificate-check-plugin.patch
Changes in openstack-neutron:
o Update to version neutron-11.0.9.dev60: * Set DB retry for quota\
_enforcement pecan\_wsgi hook
o Update to version neutron-11.0.9.dev58: * don't clear skb mark when ovs is
hw-offload enabled
o Update to version neutron-11.0.9.dev57: * doc: add known limitation about
attaching SR-IOV ports
o Update to version neutron-11.0.9.dev56: * raise priority of dead vlan drop
o Update to version neutron-11.0.9.dev54: * [Unit tests] Skip TestWSGIServer
with IPv6 if no IPv6 enabled
o Update to version neutron-11.0.9.dev52: * Initialize phys bridges before
setup\_rpc
Changes in openstack-neutron:
o Update neutron-ha-tool to latest version: * Add DHCP agent evacuation
(SOC-11046)
o Update to version neutron-11.0.9.dev60: * Set DB retry for quota\
_enforcement pecan\_wsgi hook
o Update to version neutron-11.0.9.dev58: * don't clear skb mark when ovs is
hw-offload enabled
o neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of
https://review.opendev.org/#/c/695867/
o Update to version neutron-11.0.9.dev57: * doc: add known limitation about
attaching SR-IOV ports
o Update to version neutron-11.0.9.dev56: * raise priority of dead vlan drop
o Update to version neutron-11.0.9.dev54: * [Unit tests] Skip TestWSGIServer
with IPv6 if no IPv6 enabled
o Update to version neutron-11.0.9.dev52: * Initialize phys bridges before
setup\_rpc
Changes in openstack-neutron-gbp:
o Update to version group-based-policy-7.3.1.dev72: * Refactor static path
code
o Update to version group-based-policy-7.3.1.dev71: * Support named ip
protocols for SecurityGroupRules
o Update to version group-based-policy-7.3.1.dev70: * Allow both FIP and SNAT
on a single port
o Update to version group-based-policy-7.3.1.dev69: * Fix active-active AAP
RPC query
o Update to version group-based-policy-7.3.1.dev67: * [AIM] Add extra
provided/consumed contracts to network extension
o Update to version group-based-policy-7.3.1.dev66: * Active active AAP
feature
o Update to version group-based-policy-7.3.1.dev64: * Support cache option
for legacy GBP driver
o Update to version group-based-policy-7.3.1.dev63: * Fix host ID length in
VM names table
o Update to version group-based-policy-7.3.1.dev62: * Update\_proj\_descr in
apic when project description is updated in os
o Update to version group-based-policy-7.3.1.dev61: * Send port notifications
when host\_route is getting updated * Provide a control knob to use the
internal EP interface
o Update to version group-based-policy-7.3.1.dev57: * Fix pep8 failures seen
on submitted patches
Changes in openstack-neutron-vsphere:
o Update to version networking-vsphere-2.0.1.dev133: * Update to use Agent
model from neutron.db.models * Fix neutron-dvs-agent startup errors *
OpenDev Migration Patch
o Remove 0001-fix-dvs-agent-config.patch as changes had been backported to
stable/pike - See https://review.opendev.org/#/c/682482
Changes in openstack-nova:
o Update to version nova-16.1.9.dev49: * Use stable constraint for Tempest
pinned stable branches
o Update to version nova-16.1.9.dev48: * Avoid redundant initialize\
_connection on source post live migration * Error out interrupted builds *
Skip checking of target\_dev for vhostuser * Functional reproduce for bug
1833581 * Prevent init\_host test to interfere with other tests * Add
functional test for resize crash compute restart revert * Move restart\
_compute\_service to a common place * lxc: make use of filter python3
compatible * cleanup evacuated instances not on hypervisor * Delete
resource providers for all nodes when deleting compute service
o Update to version nova-16.1.9.dev30: * Explicitly fail if trying to attach
SR-IOV port * Stabilize unshelve notification sample tests
o Update to version nova-16.1.9.dev26: * Fix listing deleted servers with a
marker * Add functional regression test for bug 1849409
o Update to version nova-16.1.9.dev22: * Hook resource\_tracker to remove
stale node information
o Update to version nova-16.1.9.dev20: * Workaround missing
RequestSpec.instance\_group.uuid * Add regression recreate test for bug
1830747
o Update to version nova-16.1.9.dev16: * Changing scheduler sync event from
INFO to DEBUG
o Update to version nova-16.1.9.dev14: * Only nil az during shelve offload *
Delete instance\_id\_mappings record in instance\_destroy
o Update to version nova-16.1.9.dev11: * Revert "openstack server create" to
"nova boot" in nova docs * doc: fix and clarify --block-device usage in
user docs
o Update to version nova-16.1.9.dev8: * Functional reproduce for bug 1852207
Changes in openstack-nova:
o Update to version nova-16.1.9.dev49: * Use stable constraint for Tempest
pinned stable branches
o Update to version nova-16.1.9.dev48: * Avoid redundant initialize\
_connection on source post live migration * Error out interrupted builds *
Skip checking of target\_dev for vhostuser * Functional reproduce for bug
1833581 * Prevent init\_host test to interfere with other tests * Add
functional test for resize crash compute restart revert * Move restart\
_compute\_service to a common place * lxc: make use of filter python3
compatible * cleanup evacuated instances not on hypervisor * Delete
resource providers for all nodes when deleting compute service
o Update to version nova-16.1.9.dev30: * Explicitly fail if trying to attach
SR-IOV port * Stabilize unshelve notification sample tests
o Update to version nova-16.1.9.dev26: * Fix listing deleted servers with a
marker * Add functional regression test for bug 1849409
o Update to version nova-16.1.9.dev22: * Hook resource\_tracker to remove
stale node information
o Update to version nova-16.1.9.dev20: * Workaround missing
RequestSpec.instance\_group.uuid * Add regression recreate test for bug
1830747
o Update to version nova-16.1.9.dev16: * Changing scheduler sync event from
INFO to DEBUG
o Update to version nova-16.1.9.dev14: * Only nil az during shelve offload *
Delete instance\_id\_mappings record in instance\_destroy
o Update to version nova-16.1.9.dev11: * Revert "openstack server create" to
"nova boot" in nova docs * doc: fix and clarify --block-device usage in
user docs
o Update to version nova-16.1.9.dev8: * Functional reproduce for bug 1852207
Changes in openstack-octavia:
o Update to version octavia-1.0.6.dev3: * Fix urgent amphora two-way auth
security bug
Changes in openstack-octavia-amphora-image:
o Update image to 0.1.2 to include udated keepalived 2.0.19
o Update image to 0.1.1 to include latest changes
o Add keepalived service Changes in openstack-resource-agents:
o Update to version 1.0+git.1569436425.8b9c49f: * Add a configurable delay to
Nova Evacuate calls * OpenDev Migration Patch * NovaEvacuate: fix a syntax
error * NovaEvacuate: Support the new split-out IHA fence agents with
backwards compatibility * NovaEvacuate: Correctly handle stopped
hypervisors * neutron-ha-tool: do not replicate dhcp * NovaCompute: Support
parsing host option from /etc/nova/nova.conf.d * NovaCompute: Use variable
to avoid calling crudini a second time * NovaEvacuate: Allow debug logging
to be turned on easily
Changes in openstack-sahara:
o Update to version sahara-7.0.5.dev4: * Run sahara-scenario using Python 3 *
Enforce python 2 for documentation build * Fix requirements(bandit) *
OpenDev Migration Patch 7.0.4
Changes in openstack-sahara:
o Update to version sahara-7.0.5.dev4: * Run sahara-scenario using Python 3 *
Enforce python 2 for documentation build * Fix requirements (bandit) *
OpenDev Migration Patch 7.0.4
Changes in openstack-trove:
o Update to version trove-8.0.2.dev2: * Add local bindep.txt * OpenDev
Migration Patch 8.0.1
Changes in openstack-trove:
o Update to version trove-8.0.2.dev2: * Add local bindep.txt * OpenDev
Migration Patch 8.0.1
Changes in python-cinderlm:
o Update to version 0.0.2+git.1571845893.27f0b7b: * SCRD-4764 remove V2.0
auth end points (SOC-9753)
Changes in python-congressclient:
o update to version 1.8.1 - Update .gitreview for stable/pike - Update
UPPER_CONSTRAINTS_FILE for stable/pike - import zuul job settings from
project-config - Updated from global requirements
Changes in python-designateclient:
o update to version 2.7.1 - Update .gitreview for stable/pike - Updated from
global requirements - import zuul job settings from project-config - Update
UPPER_CONSTRAINTS_FILE for stable/pike - server-get/update show wrong
values about 'id' and 'update_at'
Changes in python-ironic-lib:
o update to version 2.10.2 - Replace openstack.org git:// URLs with https://
- Make search for config drive partition case insensitive - Revert "Use dd
conv=sparse when writing images to nodes" - Check GPT table with sgdisk
insread of partprobe - Avoid tox_install.sh for constraints support - Fix
GPT bug with whole disk images - import zuul job settings from
project-config
Changes in python-networking-cisco:
o Update to version networking-cisco-6.1.1.dev65: * Nexus: Add CA Bundle path
to https doc * Improve Nexus Ironic related doc and logs * Upgrade release
notes to include Tripleo/puppet * Fix socket not closed errors in unit test
logs * Add release note about adding support for Rocky OpenStack * Update
publish-openstack-python-branch-tarball job * Remove MultiConfigParser from
SAF application * More fixes for networking\_cisco rocky support * Remove
MultiConfigParser from the device manger config loader * Ensure CFG agent
is started after neutron config is written * Removed older version of
python added 3.5 * Begin process of supporting neutron Rocky * Typo in tar
command in doc install guide * Add cisco providernet extension to Nexus doc
* Add missing policy to fix stable/queens unit tests * Pin stestr version
(1.1.0) for Mitaka * Fix places in ucsm network driver using .ucsm instead
of .ucsms * Fix doc build under python3 * Fix mitaka bug with NeutronWorker
missing parameter * Eliminate 30 sec delay for Nexus replay thread * Fix
foreign key constraint violation while creating primary key with subnet\_id
* Put upper constraint on ncclient version to prevent breakages *
Improvements to the networking-cisco zuul jobs * Remove deprecated host/
interface map config * Include device manager configuration file when
starting config agent * Fix pep8 and other tox environments locally * Add
rocky to CI * Add bandit to tox and resolve Nexus SA errors * Deprecate old
ML2 Nexus/UCSM documentation file * Secure Nexus https certificates by
default
o Add tempest_plugin subpackage
Changes in python-osc-lib:
o update to version 1.7.1 - import zuul job settings from project-config -
Update UPPER_CONSTRAINTS_FILE for stable/pike - Updated from global
requirements - Update .gitreview for stable/pike - Avoid tox_install.sh for
constraints support
Changes iython-oslo.context:
o update to version 2.17.2 - Fix sphinx-docs job for stable branch - import
zuul job settings from project-config
Changes in python-oslo.rootwrap:
o update to version 5.9.3 - Avoid tox_install.sh for constraints support -
Follow the new PTI for document build - import zuul job settings from
project-config
Changes in python-oslo.serialization:
o update to version 2.20.3 - import zuul job settings from project-config -
Fix sphinx-docs job for stable branch
Changes in python-oslo.service:
o update to version 1.25.2 - import zuul job settings from project-config -
Fix sphinx-docs job for stable branch
Changes in python-stevedore:
o update to version 1.25.2 - move doc requirements to doc/requirements.txt -
Use stable branch for upper-constraints - remove duplicate sphinx
dependency - Avoid tox_install.sh for constraints support - import zuul job
settings from project-config
Changes in python-taskflow:
o update to version 2.14.2 - don't let tox_install.sh error if there is
nothing to do - import zuul job settings from project-config - Updated from
global requirements - Use doc/requirements.txt
Changes in rubygem-crowbar-client:
o Update to 3.9.1 - Fix repocheck table output (SOC-10718) - Enable
restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)
Changes in rubygem-puma:
o Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This
patch fixes a DoS vulnerability a malicious client could use to block a
large amount of threads.
Changes in venv-openstack-swift:
o Fix lower version numver after inheriting the version from main component
(SCRD-8523)
o Revert: "Inherit version number of venv from main component (SCRD-8523)" as
zypper reports the new version number as older than what is released
o Inherit version number of venv from main component (SCRD-8523)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 8:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-640=1
o SUSE OpenStack Cloud 8:
zypper in -t patch SUSE-OpenStack-Cloud-8-2020-640=1
o HPE Helion Openstack 8:
zypper in -t patch HPE-Helion-OpenStack-8-2020-640=1
Package List:
o SUSE OpenStack Cloud Crowbar 8 (x86_64):
crowbar-core-5.0+git.1582968668.1a55c77c5-3.35.4
crowbar-core-branding-upstream-5.0+git.1582968668.1a55c77c5-3.35.4
keepalived-2.0.19-3.6.3
keepalived-debuginfo-2.0.19-3.6.3
keepalived-debugsource-2.0.19-3.6.3
mariadb-10.2.31-4.17.3
mariadb-client-10.2.31-4.17.3
mariadb-client-debuginfo-10.2.31-4.17.3
mariadb-debuginfo-10.2.31-4.17.3
mariadb-debugsource-10.2.31-4.17.3
mariadb-galera-10.2.31-4.17.3
mariadb-tools-10.2.31-4.17.3
mariadb-tools-debuginfo-10.2.31-4.17.3
ruby2.1-rubygem-crowbar-client-3.9.1-3.9.3
ruby2.1-rubygem-puma-2.16.0-3.3.3
ruby2.1-rubygem-puma-debuginfo-2.16.0-3.3.3
rubygem-puma-debugsource-2.16.0-3.3.3
o SUSE OpenStack Cloud Crowbar 8 (noarch):
crowbar-ha-5.0+git.1574286229.e0364c3-3.29.3
crowbar-openstack-5.0+git.1582911795.5081ef1da-4.34.3
crowbar-ui-1.2.0+git.1575896697.a01a3a08-3.15.3
mariadb-errormessages-10.2.31-4.17.3
openstack-cinder-11.2.3~dev23-3.24.4
openstack-cinder-api-11.2.3~dev23-3.24.4
openstack-cinder-backup-11.2.3~dev23-3.24.4
openstack-cinder-doc-11.2.3~dev23-3.24.3
openstack-cinder-scheduler-11.2.3~dev23-3.24.4
openstack-cinder-volume-11.2.3~dev23-3.24.4
openstack-dashboard-12.0.5~dev2-3.23.4
openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3
openstack-heat-9.0.8~dev22-3.27.4
openstack-heat-api-9.0.8~dev22-3.27.4
openstack-heat-api-cfn-9.0.8~dev22-3.27.4
openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
openstack-heat-doc-9.0.8~dev22-3.27.3
openstack-heat-engine-9.0.8~dev22-3.27.4
openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
openstack-heat-test-9.0.8~dev22-3.27.4
openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
openstack-ironic-9.1.8~dev8-3.24.4
openstack-ironic-api-9.1.8~dev8-3.24.4
openstack-ironic-conductor-9.1.8~dev8-3.24.4
openstack-ironic-doc-9.1.8~dev8-3.24.3
openstack-keystone-12.0.4~dev5-5.30.4
openstack-keystone-doc-12.0.4~dev5-5.30.3
openstack-monasca-agent-2.2.5~dev5-3.15.2
openstack-neutron-11.0.9~dev60-3.27.4
openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
openstack-neutron-doc-11.0.9~dev60-3.27.3
openstack-neutron-gbp-7.3.1~dev72-3.12.3
openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
openstack-neutron-server-11.0.9~dev60-3.27.4
openstack-neutron-vsphere-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
openstack-nova-16.1.9~dev49-3.32.4
openstack-nova-api-16.1.9~dev49-3.32.4
openstack-nova-cells-16.1.9~dev49-3.32.4
openstack-nova-compute-16.1.9~dev49-3.32.4
openstack-nova-conductor-16.1.9~dev49-3.32.4
openstack-nova-console-16.1.9~dev49-3.32.4
openstack-nova-consoleauth-16.1.9~dev49-3.32.4
openstack-nova-doc-16.1.9~dev49-3.32.3
openstack-nova-novncproxy-16.1.9~dev49-3.32.4
openstack-nova-placement-api-16.1.9~dev49-3.32.4
openstack-nova-scheduler-16.1.9~dev49-3.32.4
openstack-nova-serialproxy-16.1.9~dev49-3.32.4
openstack-nova-vncproxy-16.1.9~dev49-3.32.4
openstack-octavia-1.0.6~dev3-4.21.3
openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
openstack-octavia-api-1.0.6~dev3-4.21.3
openstack-octavia-health-manager-1.0.6~dev3-4.21.3
openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
openstack-octavia-worker-1.0.6~dev3-4.21.3
openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
openstack-sahara-7.0.5~dev4-3.12.4
openstack-sahara-api-7.0.5~dev4-3.12.4
openstack-sahara-doc-7.0.5~dev4-3.12.3
openstack-sahara-engine-7.0.5~dev4-3.12.4
openstack-trove-8.0.2~dev2-3.12.3
openstack-trove-api-8.0.2~dev2-3.12.3
openstack-trove-conductor-8.0.2~dev2-3.12.3
openstack-trove-doc-8.0.2~dev2-3.12.3
openstack-trove-guestagent-8.0.2~dev2-3.12.3
openstack-trove-taskmanager-8.0.2~dev2-3.12.3
python-cinder-11.2.3~dev23-3.24.4
python-congressclient-1.8.1-3.3.4
python-designateclient-2.7.1-3.3.4
python-designateclient-doc-2.7.1-3.3.4
python-freezegun-0.3.9-1.3.3
python-heat-9.0.8~dev22-3.27.4
python-horizon-12.0.5~dev2-3.23.4
python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
python-ironic-9.1.8~dev8-3.24.4
python-ironic-lib-2.10.2-3.3.3
python-keystone-12.0.4~dev5-5.30.4
python-monasca-agent-2.2.5~dev5-3.15.2
python-networking-cisco-6.1.1~dev65-3.3.3
python-networking-vsphere-2.0.1~dev133-3.12.3
python-neutron-11.0.9~dev60-3.27.4
python-neutron-gbp-7.3.1~dev72-3.12.3
python-nova-16.1.9~dev49-3.32.4
python-octavia-1.0.6~dev3-4.21.3
python-osc-lib-1.7.1-3.3.3
python-oslo.context-2.17.2-3.3.3
python-oslo.rootwrap-5.9.3-3.3.3
python-oslo.serialization-2.20.3-3.3.3
python-oslo.service-1.25.2-3.3.3
python-sahara-7.0.5~dev4-3.12.4
python-stevedore-1.25.2-3.3.3
python-taskflow-2.14.2-3.3.3
python-trove-8.0.2~dev2-3.12.3
o SUSE OpenStack Cloud 8 (x86_64):
keepalived-2.0.19-3.6.3
keepalived-debuginfo-2.0.19-3.6.3
keepalived-debugsource-2.0.19-3.6.3
mariadb-10.2.31-4.17.3
mariadb-client-10.2.31-4.17.3
mariadb-client-debuginfo-10.2.31-4.17.3
mariadb-debuginfo-10.2.31-4.17.3
mariadb-debugsource-10.2.31-4.17.3
mariadb-galera-10.2.31-4.17.3
mariadb-tools-10.2.31-4.17.3
mariadb-tools-debuginfo-10.2.31-4.17.3
o SUSE OpenStack Cloud 8 (noarch):
ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3
ardana-cobbler-8.0+git.1575037115.0326803-3.41.3
ardana-designate-8.0+git.1573597788.15b7984-3.17.3
ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3
ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4
ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3
ardana-heat-8.0+git.1571777596.14dce6a-3.15.3
ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3
ardana-ironic-8.0+git.1571845225.006843d-3.9.3
ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3
ardana-logging-8.0+git.1572452293.e65d714-3.21.3
ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3
ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3
ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3
ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3
ardana-nova-8.0+git.1571846125.584d988-3.38.3
ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3
ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3
ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3
mariadb-errormessages-10.2.31-4.17.3
openstack-cinder-11.2.3~dev23-3.24.4
openstack-cinder-api-11.2.3~dev23-3.24.4
openstack-cinder-backup-11.2.3~dev23-3.24.4
openstack-cinder-doc-11.2.3~dev23-3.24.3
openstack-cinder-scheduler-11.2.3~dev23-3.24.4
openstack-cinder-volume-11.2.3~dev23-3.24.4
openstack-dashboard-12.0.5~dev2-3.23.4
openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3
openstack-heat-9.0.8~dev22-3.27.4
openstack-heat-api-9.0.8~dev22-3.27.4
openstack-heat-api-cfn-9.0.8~dev22-3.27.4
openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
openstack-heat-doc-9.0.8~dev22-3.27.3
openstack-heat-engine-9.0.8~dev22-3.27.4
openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
openstack-heat-test-9.0.8~dev22-3.27.4
openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
openstack-ironic-9.1.8~dev8-3.24.4
openstack-ironic-api-9.1.8~dev8-3.24.4
openstack-ironic-conductor-9.1.8~dev8-3.24.4
openstack-ironic-doc-9.1.8~dev8-3.24.3
openstack-keystone-12.0.4~dev5-5.30.4
openstack-keystone-doc-12.0.4~dev5-5.30.3
openstack-monasca-agent-2.2.5~dev5-3.15.2
openstack-neutron-11.0.9~dev60-3.27.4
openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
openstack-neutron-doc-11.0.9~dev60-3.27.3
openstack-neutron-gbp-7.3.1~dev72-3.12.3
openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
openstack-neutron-server-11.0.9~dev60-3.27.4
openstack-neutron-vsphere-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
openstack-nova-16.1.9~dev49-3.32.4
openstack-nova-api-16.1.9~dev49-3.32.4
openstack-nova-cells-16.1.9~dev49-3.32.4
openstack-nova-compute-16.1.9~dev49-3.32.4
openstack-nova-conductor-16.1.9~dev49-3.32.4
openstack-nova-console-16.1.9~dev49-3.32.4
openstack-nova-consoleauth-16.1.9~dev49-3.32.4
openstack-nova-doc-16.1.9~dev49-3.32.3
openstack-nova-novncproxy-16.1.9~dev49-3.32.4
openstack-nova-placement-api-16.1.9~dev49-3.32.4
openstack-nova-scheduler-16.1.9~dev49-3.32.4
openstack-nova-serialproxy-16.1.9~dev49-3.32.4
openstack-nova-vncproxy-16.1.9~dev49-3.32.4
openstack-octavia-1.0.6~dev3-4.21.3
openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
openstack-octavia-api-1.0.6~dev3-4.21.3
openstack-octavia-health-manager-1.0.6~dev3-4.21.3
openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
openstack-octavia-worker-1.0.6~dev3-4.21.3
openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
openstack-sahara-7.0.5~dev4-3.12.4
openstack-sahara-api-7.0.5~dev4-3.12.4
openstack-sahara-doc-7.0.5~dev4-3.12.3
openstack-sahara-engine-7.0.5~dev4-3.12.4
openstack-trove-8.0.2~dev2-3.12.3
openstack-trove-api-8.0.2~dev2-3.12.3
openstack-trove-conductor-8.0.2~dev2-3.12.3
openstack-trove-doc-8.0.2~dev2-3.12.3
openstack-trove-guestagent-8.0.2~dev2-3.12.3
openstack-trove-taskmanager-8.0.2~dev2-3.12.3
python-cinder-11.2.3~dev23-3.24.4
python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3
python-congressclient-1.8.1-3.3.4
python-designateclient-2.7.1-3.3.4
python-designateclient-doc-2.7.1-3.3.4
python-freezegun-0.3.9-1.3.3
python-heat-9.0.8~dev22-3.27.4
python-horizon-12.0.5~dev2-3.23.4
python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
python-ironic-9.1.8~dev8-3.24.4
python-ironic-lib-2.10.2-3.3.3
python-keystone-12.0.4~dev5-5.30.4
python-monasca-agent-2.2.5~dev5-3.15.2
python-networking-cisco-6.1.1~dev65-3.3.3
python-networking-vsphere-2.0.1~dev133-3.12.3
python-neutron-11.0.9~dev60-3.27.4
python-neutron-gbp-7.3.1~dev72-3.12.3
python-nova-16.1.9~dev49-3.32.4
python-octavia-1.0.6~dev3-4.21.3
python-osc-lib-1.7.1-3.3.3
python-oslo.context-2.17.2-3.3.3
python-oslo.rootwrap-5.9.3-3.3.3
python-oslo.serialization-2.20.3-3.3.3
python-oslo.service-1.25.2-3.3.3
python-sahara-7.0.5~dev4-3.12.4
python-stevedore-1.25.2-3.3.3
python-taskflow-2.14.2-3.3.3
python-trove-8.0.2~dev2-3.12.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2
venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2
venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2
venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2
venv-openstack-horizon-x86_64-12.0.5~dev2-14.28.2
venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2
venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2
venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2
venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2
venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2
venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2
venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2
venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2
venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2
venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3
venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2
o HPE Helion Openstack 8 (noarch):
ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3
ardana-cobbler-8.0+git.1575037115.0326803-3.41.3
ardana-designate-8.0+git.1573597788.15b7984-3.17.3
ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3
ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4
ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3
ardana-heat-8.0+git.1571777596.14dce6a-3.15.3
ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3
ardana-ironic-8.0+git.1571845225.006843d-3.9.3
ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3
ardana-logging-8.0+git.1572452293.e65d714-3.21.3
ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3
ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3
ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3
ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3
ardana-nova-8.0+git.1571846125.584d988-3.38.3
ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3
ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3
ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3
mariadb-errormessages-10.2.31-4.17.3
openstack-cinder-11.2.3~dev23-3.24.4
openstack-cinder-api-11.2.3~dev23-3.24.4
openstack-cinder-backup-11.2.3~dev23-3.24.4
openstack-cinder-doc-11.2.3~dev23-3.24.3
openstack-cinder-scheduler-11.2.3~dev23-3.24.4
openstack-cinder-volume-11.2.3~dev23-3.24.4
openstack-dashboard-12.0.5~dev2-3.23.4
openstack-heat-9.0.8~dev22-3.27.4
openstack-heat-api-9.0.8~dev22-3.27.4
openstack-heat-api-cfn-9.0.8~dev22-3.27.4
openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4
openstack-heat-doc-9.0.8~dev22-3.27.3
openstack-heat-engine-9.0.8~dev22-3.27.4
openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4
openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3
openstack-heat-test-9.0.8~dev22-3.27.4
openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
openstack-ironic-9.1.8~dev8-3.24.4
openstack-ironic-api-9.1.8~dev8-3.24.4
openstack-ironic-conductor-9.1.8~dev8-3.24.4
openstack-ironic-doc-9.1.8~dev8-3.24.3
openstack-keystone-12.0.4~dev5-5.30.4
openstack-keystone-doc-12.0.4~dev5-5.30.3
openstack-monasca-agent-2.2.5~dev5-3.15.2
openstack-neutron-11.0.9~dev60-3.27.4
openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4
openstack-neutron-doc-11.0.9~dev60-3.27.3
openstack-neutron-gbp-7.3.1~dev72-3.12.3
openstack-neutron-ha-tool-11.0.9~dev60-3.27.4
openstack-neutron-l3-agent-11.0.9~dev60-3.27.4
openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4
openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4
openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4
openstack-neutron-metering-agent-11.0.9~dev60-3.27.4
openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4
openstack-neutron-server-11.0.9~dev60-3.27.4
openstack-neutron-vsphere-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3
openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3
openstack-nova-16.1.9~dev49-3.32.4
openstack-nova-api-16.1.9~dev49-3.32.4
openstack-nova-cells-16.1.9~dev49-3.32.4
openstack-nova-compute-16.1.9~dev49-3.32.4
openstack-nova-conductor-16.1.9~dev49-3.32.4
openstack-nova-console-16.1.9~dev49-3.32.4
openstack-nova-consoleauth-16.1.9~dev49-3.32.4
openstack-nova-doc-16.1.9~dev49-3.32.3
openstack-nova-novncproxy-16.1.9~dev49-3.32.4
openstack-nova-placement-api-16.1.9~dev49-3.32.4
openstack-nova-scheduler-16.1.9~dev49-3.32.4
openstack-nova-serialproxy-16.1.9~dev49-3.32.4
openstack-nova-vncproxy-16.1.9~dev49-3.32.4
openstack-octavia-1.0.6~dev3-4.21.3
openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3
openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3
openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3
openstack-octavia-api-1.0.6~dev3-4.21.3
openstack-octavia-health-manager-1.0.6~dev3-4.21.3
openstack-octavia-housekeeping-1.0.6~dev3-4.21.3
openstack-octavia-worker-1.0.6~dev3-4.21.3
openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3
openstack-sahara-7.0.5~dev4-3.12.4
openstack-sahara-api-7.0.5~dev4-3.12.4
openstack-sahara-doc-7.0.5~dev4-3.12.3
openstack-sahara-engine-7.0.5~dev4-3.12.4
openstack-trove-8.0.2~dev2-3.12.3
openstack-trove-api-8.0.2~dev2-3.12.3
openstack-trove-conductor-8.0.2~dev2-3.12.3
openstack-trove-doc-8.0.2~dev2-3.12.3
openstack-trove-guestagent-8.0.2~dev2-3.12.3
openstack-trove-taskmanager-8.0.2~dev2-3.12.3
python-cinder-11.2.3~dev23-3.24.4
python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3
python-congressclient-1.8.1-3.3.4
python-designateclient-2.7.1-3.3.4
python-designateclient-doc-2.7.1-3.3.4
python-heat-9.0.8~dev22-3.27.4
python-horizon-12.0.5~dev2-3.23.4
python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3
python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3
python-ironic-9.1.8~dev8-3.24.4
python-ironic-lib-2.10.2-3.3.3
python-keystone-12.0.4~dev5-5.30.4
python-monasca-agent-2.2.5~dev5-3.15.2
python-networking-cisco-6.1.1~dev65-3.3.3
python-networking-vsphere-2.0.1~dev133-3.12.3
python-neutron-11.0.9~dev60-3.27.4
python-neutron-gbp-7.3.1~dev72-3.12.3
python-nova-16.1.9~dev49-3.32.4
python-octavia-1.0.6~dev3-4.21.3
python-osc-lib-1.7.1-3.3.3
python-oslo.context-2.17.2-3.3.3
python-oslo.rootwrap-5.9.3-3.3.3
python-oslo.serialization-2.20.3-3.3.3
python-oslo.service-1.25.2-3.3.3
python-sahara-7.0.5~dev4-3.12.4
python-stevedore-1.25.2-3.3.3
python-taskflow-2.14.2-3.3.3
python-trove-8.0.2~dev2-3.12.3
venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2
venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2
venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2
venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2
venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2
venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2
venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2
venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2
venv-openstack-horizon-hpe-x86_64-12.0.5~dev2-14.28.2
venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2
venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2
venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2
venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2
venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2
venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2
venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2
venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2
venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2
venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2
venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2
venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3
venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2
o HPE Helion Openstack 8 (x86_64):
keepalived-2.0.19-3.6.3
keepalived-debuginfo-2.0.19-3.6.3
keepalived-debugsource-2.0.19-3.6.3
mariadb-10.2.31-4.17.3
mariadb-client-10.2.31-4.17.3
mariadb-client-debuginfo-10.2.31-4.17.3
mariadb-debuginfo-10.2.31-4.17.3
mariadb-debugsource-10.2.31-4.17.3
mariadb-galera-10.2.31-4.17.3
mariadb-tools-10.2.31-4.17.3
mariadb-tools-debuginfo-10.2.31-4.17.3
References:
o https://www.suse.com/security/cve/CVE-2017-1002201.html
o https://www.suse.com/security/cve/CVE-2018-17954.html
o https://www.suse.com/security/cve/CVE-2019-13117.html
o https://www.suse.com/security/cve/CVE-2019-16770.html
o https://www.suse.com/security/cve/CVE-2019-18901.html
o https://www.suse.com/security/cve/CVE-2019-2737.html
o https://www.suse.com/security/cve/CVE-2019-2739.html
o https://www.suse.com/security/cve/CVE-2019-2740.html
o https://www.suse.com/security/cve/CVE-2019-2758.html
o https://www.suse.com/security/cve/CVE-2019-2805.html
o https://www.suse.com/security/cve/CVE-2019-2938.html
o https://www.suse.com/security/cve/CVE-2019-2974.html
o https://www.suse.com/security/cve/CVE-2020-2574.html
o https://www.suse.com/security/cve/CVE-2020-7595.html
o https://bugzilla.suse.com/1077717
o https://bugzilla.suse.com/1117080
o https://bugzilla.suse.com/1117840
o https://bugzilla.suse.com/1123191
o https://bugzilla.suse.com/1148158
o https://bugzilla.suse.com/1152007
o https://bugzilla.suse.com/1154235
o https://bugzilla.suse.com/1155089
o https://bugzilla.suse.com/1155942
o https://bugzilla.suse.com/1156305
o https://bugzilla.suse.com/1156669
o https://bugzilla.suse.com/1156914
o https://bugzilla.suse.com/1157028
o https://bugzilla.suse.com/1157206
o https://bugzilla.suse.com/1157482
o https://bugzilla.suse.com/1158675
o https://bugzilla.suse.com/1160048
o https://bugzilla.suse.com/1160878
o https://bugzilla.suse.com/1160883
o https://bugzilla.suse.com/1160895
o https://bugzilla.suse.com/1160912
o https://bugzilla.suse.com/1161351
o https://bugzilla.suse.com/1161517
o https://bugzilla.suse.com/1162388
- --------------------------------------------------------------------------------
SUSE Security Update: Security update for ardana-ansible, ardana-cinder,
ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca,
ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest,
ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui,
keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder,
openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate,
openstack-heat, openstack-horizon-plugin-designate-ui,
openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui,
openstack-horizon-plugin-octavia-ui, openstack-ironic,
openstack-ironic-python-agent, openstack-keystone, openstack-magnum,
openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas,
openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova,
openstack-octavia, openstack-octavia-amphora-image, openstack-sahara,
openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1,
python-keystoneclient, python-keystonemiddleware, python-ovs,
supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma,
______________________________________________________________________________
Announcement ID: SUSE-SU-2020:0642-1
Rating: important
References: #1117080 #1152007 #1154235 #1156305 #1156914 #1157028
#1157206 #1157482 #1158581 #1158675 #1161351 #1161721
Cross-References: CVE-2018-17954 CVE-2019-13117 CVE-2019-16770
Affected Products:
SUSE OpenStack Cloud Crowbar 9
SUSE OpenStack Cloud 9
______________________________________________________________________________
venv-openstack-horizon
An update that solves three vulnerabilities and has 9 fixes is now available.
Description:
This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db,
ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova,
ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core,
crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican,
openstack-ceilometer, openstack-cinder, openstack-dashboard,
openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat,
openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui,
openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui,
openstack-ironic, openstack-ironic-python-agent, openstack-keystone,
openstack-magnum, openstack-monasca-agent, openstack-neutron,
openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas,
openstack-nova, openstack-octavia, openstack-octavia-amphora-image,
openstack-sahara, openstack-swift, python-amqp, python-ironic-lib,
python-keystoneauth1, python-keystoneclient, python-keystonemiddleware,
python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client,
rubygem-puma, venv-openstack-horizon fixes the following issues:
Security issues fixed:
o CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080).
o CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to
block a large amount of threads (bsc#1158675).
Non-security issues fixed:
Changes in ardana-ansible:
o Update to version 9.0+git.1581611758.f694f7d: * Don't run
deprecated-vhost-removal on localhost (SOC-11098)
o Update to version 9.0+git.1580906085.40eb430: * simplify glance image
upload (SOC-11089)
o Update to version 9.0+git.1580220034.3236aa5: * Ensure rabbitmq-server
started after packages updated (SOC-11070)
o Update to version 9.0+git.1576060554.bdd84e6: * Fix grep for image details
on service-guest-image (SOC-11012)
Changes in ardana-cinder:
o Update to version 9.0+git.1579256229.c8b4b38: * Add option to flatten
snapshots when using SES (SOC-11054)
o Update to version 9.0+git.1574694613.04a8b74: * Ensure nfs-client installed
for NetApp support (SOC-9005)
o Update to version 9.0+git.1574359983.c198cc9: * Add option for nfs_share
configuration (SOC-9005)
Changes in ardana-cobbler:
o Update to version 9.0+git.1574950066.a3c4be4: * Set root device on SLES
autoyast templates (SOC-7365)
o Update to version 9.0+git.1573845154.3545efd: * Change install_recommended
to true (SOC-9005)
Changes in ardana-db:
o Update to version 9.0+git.1578936438.b9a9b95: * Switch to using override
file in my.cnf.d (SOC-11043)
o Update to version 9.0+git.1578595169.57c5911: * account for pre-update
nodes (SOC-11037)
Changes in ardana-horizon:
o Update to version 9.0+git.1575562864.8ed5e10: * Generate policy for Octavia
dashboard (SOC-10883)
o Update to version 9.0+git.1575562860.2ce2851: * Fix policy configuration
generation (SOC-10883)
Changes in ardana-input-model:
o Update to version 9.0+git.1580403439.d425462: * Enable port security
extension neutron (SOC-11027)
o Update to version 9.0+git.1574953363.60cf58f: * octavia: use lbaasv2-proxy
service plugin (SOC-10987)
Changes in ardana-monasca:
o Update to version 9.0+git.1579273481.4b8c46f: * Leverage schema conversion
script for upgrade (SOC-10277)
o Update to version 9.0+git.1575919721.5c42222: * align Monasca DB schema
with upstream prior to upgrade (SOC-10277)
Changes in ardana-mq:
o Update to version 9.0+git.1581024903.8e74867: * Ensure HA queue sync wait
fails (SOC-11083)
o Update to version 9.0+git.1580934283.230ff8b: * Fix HA policy setting
comments (SOC-10317, SOC-11082)
o Update to version 9.0+git.1580746285.da922ce: * Set HA policy accordingly
(SOC-10317, SOC-11082)
o Update to version 9.0+git.1575405552.d84f662: * Change the HA policy mirror
(SOC-10317)
Changes in ardana-nova:
o Update to version 9.0+git.1580304673.6c668eb: * Set notification_format to
unversioned in nova.conf (bsc#1161721)
o Update to version 9.0+git.1575481165.9d3826f: * Remove duplicate entries
for alias configuration for GPU (SOC-10837)
o Update to version 9.0+git.1573764498.ed4098d: * Pass through gpu device
info. (SOC-10837)
Changes in ardana-octavia:
o Update to version 9.0+git.1576074489.62de7e2: * Add load-balancer roles
(SOC-8743)
o Update to version 9.0+git.1575366951.e0216b4: * Add policy.json to match
the neutron lbaasv2 policy (SOC-10987)
o Update to version 9.0+git.1574358661.c976583: * Change
event_streamer_driver to noop (bsc#1154235)
Changes in ardana-osconfig:
o Update to version 9.0+git.1580235830.0dca223: * Start OVS services before
wicked service at boot (SOC-11067)
o Update to version 9.0+git.1579790275.8afb314: * Adjust
'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351)
Changes in ardana-tempest:
o Update to version 9.0+git.1578932816.e299c08: * Revert to using cirros
image for heat tests (SOC-7028)
o Update to version 9.0+git.1578413400.0614192: * Create network resources
needed by some heat tests (SOC-7028)
o Update to version 9.0+git.1576611974.d17e4df: * Enable octavia tempest
plugin test cases (SOC-8743)
o Update to version 9.0+git.1574955714.5bae846: * Update lbaas tempest filter
for octavia (SOC-10987)
Changes in ardana-tls:
o Update to version 9.0+git.1575296665.3fdfe45: * Make sure VNC CA file
contain our internal CAs (SOC-10968)
o Update to version 9.0+git.1574280348.a306396: * default the certificate
validity to 5 years for the VNC cert (SOC-10973)
Changes in crowbar-core:
o Update to version 6.0+git.1582892022.cbd70e833: * upgrade: Run DHCP
evacuation (SOC-11046)
o Update to version 6.0+git.1582200015.08264d8f9: * Fix deployment queue
display (SOC-10741)
o Update to version 6.0+git.1580144807.7d068caf0: * network: start OVS before
wickedd (SOC-11067)
o Update to version 6.0+git.1578997967.4591670f0: * dns: add checks to
designate migration (SOC-11047)
o Update to version 6.0+git.1578935422.01edb0a9b: * Do not log an error for a
case that is correct (trivial)
o Update to version 6.0+git.1578563578.68beda299: * Upgrade neutron agent
together with nova-compute package (SOC-11031)
o Update to version 6.0+git.1578402096.90d9332d9: * apache2: Restart after
enabling SSL flag (SOC-11029) * crowbar: add crowbar-pacemaker dependency
(SOC-10986)
o Update to version 6.0+git.1576756414.ca49a781d: * bind9: Add legacy
public.foo DNS entries (SOC-11006)
o Update to version 6.0+git.1576662075.88de27567: * upgrade: Make a check for
SLES product version (SOC-3089)
o Update to version 6.0+git.1576493114.5e9534f13: * upgrade: Stop if
nova-compute upgrade fails (SOC-10378) * upgrade: Fix typo in log message
(typo)
o Update to version 6.0+git.1576149781.1ac02ef0d: * upgrade: add missing exit
to Monasca DB dump (trivial)
o Update to version 6.0+git.1576072790.23b58b4a2: * upgrade: Fix systemd unit
listing (trivial) * Make sure the crowbar migrations are OK (SOC-6849)
o Update to version 6.0+git.1575980638.3cad5a333: * Ignore CVE-2019-16770
(SOC-10999) * upgrade: Make cluster health check at the start of services
step (SOC-6849) * upgrade: Remove DRBD specific code from the continuation
parts (SOC-10985)
o Update to version 6.0+git.1575628097.5a7475686: * upgrade: Do not stop and
reload nova services in normal mode (SOC-10995)
o Update to version 6.0+git.1574763248.ad958e68c: * Disable installation
repository (bsc#1152007) * Disable automatic repo services (bsc#1152007)
o Update to version 6.0+git.1574431193.3f5c69937: * [upgrade] Wait for
keystone to be ready after start (bsc#1157206)
o Update to version 6.0+git.1574363439.bc4d86c9b: * upgrade: Make sure
cinder-volume is really stopped (bsc#1156305)
o Update to version 6.0+git.1574270808.e4344109b: * upgrade: Ignore Cloud
repository during repocheck (bsc#1152007)
o Update to version 6.0+git.1574102328.13f0b12bf: * Ignore CVE-2019-13117 in
CI builds (bsc#1157028)
Changes in crowbar-ha:
o Update to version 6.0+git.1574286261.6fd1a34: * Drop g-haproxy removal code
(bsc#1156914)
Changes in crowbar-openstack:
o Update to version 6.0+git.1580922461.67fb3c087: * Designate: make sure
dns-server is active on a non-admin node (SOC-10636) * Revert rabbitmq:
sync startup definitions.json with recipe (SOC-11082)
o Update to version 6.0+git.1580480133.d27bf75d0: * ec2-api: run
keystone_register on cluster founder only (SOC-11079)
o Update to version 6.0+git.1580308069.558c6dd8a: * rabbitmq: sync startup
definitions.json with recipe (SOC-11077)
o Update to version 6.0+git.1579097055.cf15ef22e: * tempest: enable
multiattach for NetApp + LVM (SCPM-97) * tempest: tempest run filters as
templates (SOC-11052)
o Update to version 6.0+git.1578491103.ca03b990c: * Install openstack client
for neutron recipes (SOC-11039)
o Update to version 6.0+git.1576859278.871ed9151: * octavia: Add topology
setting (SOC-10876)
o Update to version 6.0+git.1576769055.cae3ecf9a: * octavia: Add
anti-affinity settings (SOC-11026) * designate: Fix the migrations of ssl
values (SOC-11030) * octavia: Also delete unused amphora images (SOC-11024)
* octavia: Delete old amphora images (SOC-11024) * octavia: Install amphora
image always (SOC-11024)
o Update to version 6.0+git.1576688912.0cfb42201: * Do not read data from
barclamp that has not been saved (SOC-11028) * octavia: Add ssh key to
health manager (SOC-11025)
o Update to version 6.0+git.1576513513.8456a08f8: * designate: Mark as user
managed (SOC-10233)
o Update to version 6.0+git.1576331976.c068cbe15: * octavia: Update
configuration parameters (SOC-10904)
o Update to version 6.0+git.1576245850.2d50399b5: * tempest: Update default
image on schema (SOC-11023)
o Update to version 6.0+git.1576145909.ec2c5f746: * octavia: enable octavia
tempest plugin test cases (SOC-8743)
o Update to version 6.0+git.1576091112.c802654e0: * keystone: Add
OS_INTERFACE env var to .openrc (SOC-11006) * horizon: add Octavia horizon
dashboard (SOC-10833)
o Update to version 6.0+git.1575917420.9a9d1b024: * Add Crowbar UI options
for mgmt net (SOC-10904) * octavia: configure barbican auth (SOC-10989) *
octavia: fix deprecated config options (SOC-10990)
o Update to version 6.0+git.1574850023.d4c2337fc: * tempest: create
lbaas-octavia filter (SOC-10965) * octavia: switch to noop event streamer
(SOC-10868) * tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service
plugin (SOC-10907)
o Update to version 6.0+git.1574685608.1c9818d53: * horizon: fix keystone
node lookup (SOC-10978)
o Update to version 6.0+git.1574428771.9bd63ba0d: * designate: declare all
mdns servers as master on pool config (SOC-10952)
o Update to version 6.0+git.1574334452.15e0db044: * designate: add support
for SSL (SOC-10877) * horizon: install lbaas horizon dashboard (SOC-10883)
o Update to version 6.0+git.1574270038.651a48486: * octavia: add SSL section
to the UI (SOC-10906)
o Update to version 6.0+git.1574094012.3c62b569f: * octavia: Add
memcached_servers for token caching (SOC-10905)
Changes in crowbar-ui:
o Update to version 1.3.0+git.1575896697.a01a3a08: * upgrade: Added missing
error title * travis: Stop testing against nodejs4
Changes in keepalived:
o update to 2.0.19
o new BR pkgconfig(libnftnl) to fix nftables support
o add nftables to the BR
o added patch * linux-4.15.patch
o add buildrequires for file-devel - used in the checker to verify scripts
o enable json stats and config dump support new BR: pkgconfig(json-c)
o enable http regexp support: new BR pcre2-devel
o disable dbus instance creation support as it is marked as dangerous
o Add BFD build option to keepalived.spec rpm file Issue #1114 identified
that the keepalived.spec file was not being generated to build BFD support
even if keepalived had been configured to support it.
o full changelog https://keepalived.org/changelog.html
Changes in openstack-barbican:
o Update to version barbican-7.0.1.dev24: * Fix the barbicanclient
installation not from source
o Update to version barbican-7.0.1.dev23: * Don't use branch matching * Make
broken fedora\_latest job n-v
Changes in openstack-barbican:
o Update to version barbican-7.0.1.dev24: * Fix the barbicanclient
installation not from source
o Update to version barbican-7.0.1.dev23: * Don't use branch matching * Make
broken fedora\_latest job n-v
Changes in openstack-ceilometer:
o Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo
branch * Run Grenade job under Python 2 for compatibility
o Update to version ceilometer-11.0.2.dev19: * [stable-only] Cap msgpack
o Update to version ceilometer-11.0.2.dev18: * Add note for loadbalancer
resource type support
o Update to version ceilometer-11.0.2.dev17: * Fix samples with dots in
sample name
o Update to version ceilometer-11.0.2.dev15: * Add loadbalancer resource type
Changes in openstack-ceilometer:
o Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo
branch * Run Grenade job under Python 2 for compatibility
o Update to version ceilometer-11.0.2.dev19: * [stable-only] Cap msgpack
o Update to version ceilometer-11.0.2.dev18: * Add note for loadbalancer
resource type support
o Update to version ceilometer-11.0.2.dev17: * Fix samples with dots in
sample name
o Update to version ceilometer-11.0.2.dev15: * Add loadbalancer resource type
Changes in openstack-cinder:
o Update to version cinder-13.0.9.dev11: * Cinder backup export broken
o Update to version cinder-13.0.9.dev10: * Support Incremental Backup
Completion In RBD
o Update to version cinder-13.0.9.dev8: * Fix: Create new cache entry when
xtremio reaches snap limit * Tell reno to ignore the kilo branch
o Update to version cinder-13.0.9.dev5: * Make volume soft delete more
thorough
o Update to version cinder-13.0.9.dev4: * Cap sphinx for py2 to match global
reqs 13.0.8
o Update to version cinder-13.0.8.dev12: * Add 'volume\_attachment' to volume
expected attributes * Fix service\_uuid migration for volumes with no host
o Update to version cinder-13.0.8.dev9: * Increase cpu limit for image
conversion
Changes in openstack-cinder:
o Update to version cinder-13.0.9.dev11: * Cinder backup export broken
o Update to version cinder-13.0.9.dev10: * Support Incremental Backup
Completion In RBD
o Update to version cinder-13.0.9.dev8: * Fix: Create new cache entry when
xtremio reaches snap limit * Tell reno to ignore the kilo branch
o Update to version cinder-13.0.9.dev5: * Make volume soft delete more
thorough
o Update to version cinder-13.0.9.dev4: * Cap sphinx for py2 to match global
reqs 13.0.8
o Update to version cinder-13.0.8.dev12: * Add 'volume\_attachment' to volume
expected attributes * Fix service\_uuid migration for volumes with no host
o Update to version cinder-13.0.8.dev9: * Increase cpu limit for image
conversion
Changes in openstack-dashboard:
o Update to version horizon-14.1.1.dev1: 14.1.0 * Ensure python versions
o Update to version horizon-14.0.5.dev9: * Fix typo in publicize\_image
policy name
o Update to version horizon-14.0.5.dev8: * Fix "prev" link pagination for
instances with identical timestamps
o Update to version horizon-14.0.5.dev7: * Fix deleting port from port
details page * Fix tenant floating\_ip\_allocation call in neutron rest api
o Update to version horizon-14.0.5.dev3: * Add "prev" link to instance page
list pagination
o horizon: Obsolete python-django_openstack_auth (SOC-10228) port of https://
review.opendev.org/#/c/685224
o Update to version horizon-14.0.5.dev2: * Call Glance list with certain
image ids
Changes in openstack-dashboard-theme-SUSE:
o Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883)
Changes in openstack-designate:
o Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env
Changes in openstack-designate:
o Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env
Changes in openstack-heat:
o Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref
for test jobs
o Update to version openstack-heat-11.0.3.dev29: * Docs: use extrefs to link
to other projects' docs
o Update to version openstack-heat-11.0.3.dev28: * Use stable constraint for
Tempest pinned stable branches
o Update to version openstack-heat-11.0.3.dev27: * Correct BRANCH\_OVERRIDE
for stable/rocky * Correct availability\_zone to be non-mandatory in heat
o Update to version openstack-heat-11.0.3.dev24: * Fix the wrong time unit
for OS::Octavia::HealthMonitor
Changes in openstack-heat:
o Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref
for test jobs
o Update to version openstack-heat-11.0.3.dev29: * Docs: use extrefs to link
to other projects' docs
o Update to version openstack-heat-11.0.3.dev28: * Use stable constraint for
Tempest pinned stable branches
o Update to version openstack-heat-11.0.3.dev27: * Correct BRANCH\_OVERRIDE
for stable/rocky * Correct availability\_zone to be non-mandatory in heat
o Update to version openstack-heat-11.0.3.dev24: * Fix the wrong time unit
for OS::Octavia::HealthMonitor
Changes in openstack-horizon-plugin-designate-ui:
o Update to version designate-dashboard-7.0.1.dev8: * Fix list zones updated
at same time
Changes in openstack-horizon-plugin-ironic-ui:
o Update to version ironic-ui-3.3.1.dev14: * Fix horizon dependency * OpenDev
Migration Patch
Changes in openstack-horizon-plugin-neutron-lbaas-ui:
o Update to version neutron-lbaas-dashboard-5.0.1.dev8: * Fix auth url for
Barbican client
o Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883)
The .pyc file needs to be removed when the package is uninstalled,
otherwise the panel will remain enabled in the dashboard and cause errors.
Changes in openstack-ironic:
o Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for
lower MTUs automatically * Do not ignore 'fields' query parameter when
building next url * Ensure pagination marker is always set
o Update to version ironic-11.1.4.dev17: * grub configuration should use user
kernel and ramdisk
o Update to version ironic-11.1.4.dev16: * Change log level based on node
status
Changes in openstack-ironic:
o Remove rootwrap.d/ironic-lib.filters. This file is included in
python-ironic-lib >= 2.14.2.
o Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for
lower MTUs automatically * Do not ignore 'fields' query parameter when
building next url * Ensure pagination marker is always set
o Update to version ironic-11.1.4.dev17: * grub configuration should use user
kernel and ramdisk
o Update to version ironic-11.1.4.dev16: * Change log level based on node
status
Changes in openstack-ironic-python-agent:
o Update to version ironic-python-agent-3.3.3.dev6: * Fix tox.ini to
correctly test lower-constraints
Changes in openstack-keystone:
o Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo
branch
o Update to version keystone-14.1.1.dev35: * Always have username in CADF
initiator
o Update to version keystone-14.1.1.dev33: * Fix role\_assignments role.id
filter * Ensure bootstrap handles multiple roles with the same name
o Update to version keystone-14.1.1.dev29: * Add the missing packages when
install keystone
Changes in openstack-keystone:
o Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo
branch
o Update to version keystone-14.1.1.dev35: * Always have username in CADF
initiator
o Update to version keystone-14.1.1.dev33: * Fix role\_assignments role.id
filter * Ensure bootstrap handles multiple roles with the same name
o Update to version keystone-14.1.1.dev29: * Add the missing packages when
install keystone
Changes in openstack-magnum:
o Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0
o Update to version magnum-7.1.1.dev38: * k8s\_fedora: Move rp\_filter=1 for
calico up * k8s\_fedora\_atomic: Add PodSecurityPolicy * k8s: Clear cni
configuration * fix: Deploy enable\_service last (rocky only)
o Update to version magnum-7.1.1.dev34: * k8s\_fedora: Label master nodes
with kubectl * k8s: stop introspecting instance name * Fix proportional
autoscaler image * Using Fedora Atomic 29 as default image
Changes in openstack-magnum:
o Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0
o Update to version magnum-7.1.1.dev38: * k8s\_fedora: Move rp\_filter=1 for
calico up * k8s\_fedora\_atomic: Add PodSecurityPolicy * k8s: Clear cni
configuration * fix: Deploy enable\_service last (rocky only)
o Update to version magnum-7.1.1.dev34: * k8s\_fedora: Label master nodes
with kubectl * k8s: stop introspecting instance name * Fix proportional
autoscaler image * Using Fedora Atomic 29 as default image
Changes in openstack-monasca-agent:
o update to version 2.8.1~dev13 - add X.509 certificate check plugin
o update to version 2.8.1~dev12 - Update hacking version to 1.1.x - OpenDev
Migration Patch
Changes in openstack-neutron:
o Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice *
Fix bug: AttributeError arises while sorting with standard attributes
o Update to version neutron-13.0.7.dev44: * ovs agent: signal to plugin if
tunnel refresh needed * Mock check if ipv6 is enabled in L3 agent unit
tests * Fix resource schemas and releated \`get\_sorts\` test cases *
Remove sleep command when retrieving OVS dp
o Update to version neutron-13.0.7.dev36: * Remove Floating IP DNS record
upon associated port deletion * Trigger router update only when gateway
port IP changed * Re-use existing ProcessLauncher from wsgi in RPC workers
o Update to version neutron-13.0.7.dev30: * Check SG members instead of ports
to skip flow update * Ensure driver error preventing trunk port deletion is
logged * [L3] Switch order of processing added and removed router ports
o Update to version neutron-13.0.7.dev24: * dhcp-agent: equalize port create\
_low/update/delete priority * Catch OVSFWTagNotFound in update\_port\
_filter * [OVS] Handle added/removed ports in the same polling iteration *
DVR: Ignore DHCP port during DVR host query * Improve
"OVSFirewallDriver.process\_trusted\_ports" * List SG rules which belongs
to tenant's SG * Fix py3 compatibility
o Update to version neutron-13.0.7.dev10: * Define orm relationships after db
classes * Add retries to update trunk port
o Update to version neutron-13.0.7.dev6: * Allow to kill keepalived state
change monitor process
o Update to version neutron-13.0.7.dev4: * Always set ovs bridge name in
vif:binding-details
o Update to version neutron-13.0.7.dev2: * don't clear skb mark when ovs is
hw-offload enabled
o Update to version neutron-13.0.7.dev1: * Use constraints for docs tox
target and cap hacking 13.0.6
o Update to version neutron-13.0.6.dev21: * Set DB retry for quota\
_enforcement pecan\_wsgi hook
o Update to version neutron-13.0.6.dev20: * [OVS FW] Clean port rules if port
not found in ovsdb * Add more condition to check sg member exist
o Update to version neutron-13.0.6.dev17: * Fix race condition when getting
cmdline
o Update to version neutron-13.0.6.dev15: * Run revision bump operations en
masse
o Update to version neutron-13.0.6.dev13: * Add extra unit test for get\
_cmdline\_from\_pid function
o Update to version neutron-13.0.6.dev11: * Switch to use cast method in dhcp
\_ready\_on\_ports method
o Update to version neutron-13.0.6.dev10: * Handle OVSFWPortNotFound and
OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron:
o Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice *
Fix bug: AttributeError arises while sorting with standard attributes
o Update to version neutron-13.0.7.dev44: * ovs agent: signal to plugin if
tunnel refresh needed * Mock check if ipv6 is enabled in L3 agent unit
tests * Fix resource schemas and releated \`get\_sorts\` test cases *
Remove sleep command when retrieving OVS dp
o Update to version neutron-13.0.7.dev36: * Remove Floating IP DNS record
upon associated port deletion * Trigger router update only when gateway
port IP changed * Re-use existing ProcessLauncher from wsgi in RPC workers
o Update to version neutron-13.0.7.dev30: * Check SG members instead of ports
to skip flow update * Ensure driver error preventing trunk port deletion is
logged * [L3] Switch order of processing added and removed router ports
o Update to version neutron-13.0.7.dev24: * dhcp-agent: equalize port create\
_low/update/delete priority * Catch OVSFWTagNotFound in update\_port\
_filter * [OVS] Handle added/removed ports in the same polling iteration *
DVR: Ignore DHCP port during DVR host query * Improve
"OVSFirewallDriver.process\_trusted\_ports" * List SG rules which belongs
to tenant's SG * Fix py3 compatibility
o Update neutron-ha-tool to latest version: * Add DHCP agent evacuation
(SOC-11046)
o Update to version neutron-13.0.7.dev10: * Define orm relationships after db
classes * Add retries to update trunk port
o Update to version neutron-13.0.7.dev6: * Allow to kill keepalived state
change monitor process
o Update to version neutron-13.0.7.dev4: * Always set ovs bridge name in
vif:binding-details
o Update to version neutron-13.0.7.dev2: * don't clear skb mark when ovs is
hw-offload enabled
o Update to version neutron-13.0.7.dev1: * Use constraints for docs tox
target and cap hacking 13.0.6
o Update to version neutron-13.0.6.dev21: * Set DB retry for quota\
_enforcement pecan\_wsgi hook
o Update to version neutron-13.0.6.dev20: * [OVS FW] Clean port rules if port
not found in ovsdb * Add more condition to check sg member exist
o Update to version neutron-13.0.6.dev17: * Fix racondition when getting
cmdline
o Update to version neutron-13.0.6.dev15: * Run revision bump operations en
masse
o neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of
https://review.opendev.org/#/c/695867/
o Update to version neutron-13.0.6.dev13: * Add extra unit test for get\
_cmdline\_from\_pid function
o Update to version neutron-13.0.6.dev11: * Switch to use cast method in dhcp
\_ready\_on\_ports method
o Update to version neutron-13.0.6.dev10: * Handle OVSFWPortNotFound and
OVSFWTagNotFound in ovs firewall
Changes in openstack-neutron-fwaas:
o Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules
in legacy\_conntrack module
o Update to version neutron-fwaas-13.0.3.dev3: * Fix list\_entries for
netlink\_lib when running on py3
Changes in openstack-neutron-fwaas:
o Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules
in legacy\_conntrack module
o Update to version neutron-fwaas-13.0.3.dev3: * Fix list\_entries for
netlink\_lib when running on py3
Changes in openstack-neutron-gbp:
o Update to version group-based-policy-5.0.1.dev491: * Refactor static path
code
o Update to version group-based-policy-5.0.1.dev490: * Support named ip
protocols for SecurityGroupRules
o Update to version group-based-policy-5.0.1.dev488: * Enable SVI networks
with hosts running opflex agent
o Update to version group-based-policy-5.0.1.dev486: * Allow both FIP and
SNAT on a single port
o Update to version group-based-policy-5.0.1.dev485: * Fix active-active AAP
RPC query
o Update to version group-based-policy-5.0.1.dev484: * [AIM] Add extra
provided/consumed contracts to network extension * Active active AAP
feature
o Update to version group-based-policy-5.0.1.dev481: * Support cache option
for legacy GBP driver
o Update to version group-based-policy-5.0.1.dev480: * Fix host ID length in
VM names table
o Update to version group-based-policy-5.0.1.dev479: * Update\_proj\_descr in
apic when project description is updated in os
o Update to version group-based-policy-5.0.1.dev477: * Fix ambiguity in
mapping to domain in port pair workflow
Changes in openstack-neutron-vpnaas:
o Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter
for functional test
o Update to version neutron-vpnaas-13.0.2.dev5: * Update UPPER\_CONSTRAINTS\
_FILE for stable/rocky
Changes in openstack-neutron-vpnaas:
o Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter
for functional test
o Update to version neutron-vpnaas-13.0.2.dev5: * Update UPPER\_CONSTRAINTS\
_FILE for stable/rocky
Changes in openstack-nova:
o Update to version nova-18.2.4.dev63: * Mask the token used to allow access
to consoles
o Update to version nova-18.2.4.dev61: * Use stable constraint for Tempest
pinned stable branches
o Update to version nova-18.2.4.dev60: * tox: Stop build \*all\* docs in
'docs'
o Update to version nova-18.2.4.dev59: * Block deleting compute services with
in-progress migrations * Cache security group driver * Join migration\
_context and flavor in Migration.instance
o Update to version nova-18.2.4.dev53: * Improve metadata server performance
with large security groups
o Update to version nova-18.2.4.dev51: * Add functional recreate revert
resize test for bug 1852610 * Add functional recreate test for bug 1852610
o Update to version nova-18.2.4.dev47: * Zuul v3: use
devstack-plugin-nfs-tempest-full
o Update to version nova-18.2.4.dev46: * Add BFV wrinkle to
TestNovaManagePlacemenalAllocations * Add --instance option to heal\
_allocations * Add --dry-run option to heal\_allocations CLI
o Update to version nova-18.2.4.dev40: * Add functional recreate test for bug
1829479 and bug 1817833
o Update to version nova-18.2.4.dev38: * Do not update root\_device\_name
during guest config * compute: Use long\_rpc\_timeout in reserve\_block\
_device\_name
o Update to version nova-18.2.4.dev35: * compute: Take an instance.uuid lock
when rebooting
o Update to version nova-18.2.4.dev33: * Replace time.sleep(10) with service
forced\_down in tests
o Update to version nova-18.2.4.dev31: * Nova compute: add in log exception
to help debug failures
o Update to version nova-18.2.4.dev29: * Fix false ERROR message at compute
restart
o Update to version nova-18.2.4.dev27: * Fix listing deleted servers with a
marker
o Update to version nova-18.2.4.dev25: * Add functional regression test for
bug 1849409
o Update to version nova-18.2.4.dev23: * Don't delete compute node, when
deleting service other than nova-compute
Changes in openstack-nova:
o Update to version nova-18.2.4.dev63: * Mask the token used to allow access
to consoles
o Update to version nova-18.2.4.dev61: * Use stable constraint for Tempest
pinned stable branches
o Update to version nova-18.2.4.dev60: * tox: Stop build \*all\* docs in
'docs'
o Update to version nova-18.2.4.dev59: * Block deleting compute services with
in-progress migrations * Cache security group driver * Join migration\
_context and flavor in Migration.instance
o Update to version nova-18.2.4.dev53: * Improve metadata server performance
with large security groups
o Update to version nova-18.2.4.dev51: * Add functional recreate revert
resize test for bug 1852610 * Add functional recreate test for bug 1852610
o Update to version nova-18.2.4.dev47: * Zuul v3: use
devstack-plugin-nfs-tempest-full
o Update to version nova-18.2.4.dev46: * Add BFV wrinkle to
TestNovaManagePlacementHealAllocations * Add --instance option to heal\
_allocations * Add --dry-run option to heal\_allocations CLI
o Update to version nova-18.2.4.dev40: * Add functional recreate test for bug
1829479 and bug 1817833
o Update to version nova-18.2.4.dev38: * Do not update root\_device\_name
during guest config * compute: Use long\_rpc\_timeout in reserve\_block\
_device\_name
o Update to version nova-18.2.4.dev35: * compute: Take an instance.uuid lock
when rebooting
o Update to version nova-18.2.4.dev33: * Replace time.sleep(10) with service
forced\_down in tests
o Update to version nova-18.2.4.dev31: * Nova compute: add in log exception
to help debug failures
o Update to version nova-18.2.4.dev29: * Fix false ERROR message at compute
restart
o Update to version nova-18.2.4.dev27: * Fix listing deleted servers with a
marker
o Update to version nova-18.2.4.dev25: * Add functional regression test for
bug 1849409
o Update to version nova-18.2.4.dev23: * Don't delete compute node, when
deleting service other than nova-compute
Changes in openstack-octavia:
o Update to version octavia-3.2.2.dev8: * Fix uncaught DB exception when
trying to get a spare amphora
o Update to version octavia-3.2.2.dev7: * Fix house keeping graceful shutdown
o Update to version octavia-3.2.2.dev5: * Fix pep8 failures on stable/rocky
branch
o Update to version octavia-3.2.2.dev4: * Use stable upper-constraints.txt in
Amphora builds
o Update to version octavia-3.2.2.dev3: * Add listener and pool protocol
validation
o Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2
3.2.1
o Update to version octavia-3.2.1.dev10: * Accept oslopolicy-policy-generator
path arguments
o Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch
https://review.opendev.org/#/c/698433
o Update to version octavia-3.2.1.dev9: * Fix controller worker graceful
shutdown
o Update to version octavia-3.2.1.dev7: * Fix a potential race condition with
certs-ramfs
o Update to version octavia-3.2.1.dev5: * Fix issues with unavailable secrets
Changes in openstack-octavia-amphora-image:
o Updated updateBuildRequires.pl script for SP4 build
o Update image to 0.1.2 to include latest changes
o Add keepalived service Changes in openstack-sahara:
o Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3
Changes in openstack-sahara:
o Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3
Changes in openstack-swift:
o Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) *
Sharding improvements * The container-replicator now only attempts to fetch
shard ranges
if the remote indicates that it has shard ranges. Further, it does so with a
timeout to prevent the process from hanging in certain cases. * The
container-replicator now correctly enqueues container-reconciler work for
sharded containers. * S3 API improvements * Fixed an issue where v4 signatures
would not be validated against the body of the request, allowing a replay
attack if request headers were captured by a malicious third party. Note that
unsigned payloads still function normally. * CompleteMultipartUpload requests
with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII
object name. * Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API. * Fixed an issue that caused Delete
Multiple Objects requests with large bodies to 400. This was previously fixed
in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not
get mapped to the correct account. This was previously fixed in 2.20.0.
Changes in openstack-swift:
o Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) *
Sharding improvements * The container-replicator now only attempts to fetch
shard ranges
if the remote indicates that it has shard ranges. Further, it does so with a
timeout to prevent the process from hanging in certain cases. * The
container-replicator now correctly enqueues container-reconciler work for
sharded containers. * S3 API improvements * Fixed an issue where v4 signatures
would not be validated against the body of the request, allowing a replay
attack if request headers were captured by a malicious third party. Note that
unsigned payloads still function normally. * CompleteMultipartUpload requests
with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII
object name. * Multipart object segments are now actually deleted when the
multipart object is deleted via the S3 API. * Fixed an issue that caused Delete
Multiple Objects requests with large bodies to 400. This was previously fixed
in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not
get mapped to the correct account. This was previously fixed in 0.0.
Changes in python-amqp:
o Added pyOpenSSL build dependency
o Update to 2.4.2: - Added support for the Cygwin platform - Correct offset
incrementation when parsing bitmaps. - Consequent bitmaps are now parsed
correctly.
o Removed patches that are already included in 2.4.2 -
0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch
o Better call of py.test
o Add versions to dependencies
o Remove python-sasl from build dependencies
o Update to version 2.4.1 * To avoid breaking the API basic_consume() now
returns the consumer tag instead of a tuple when nowait is True. * Fix
crash in basic_publish when broker does not support connection.blocked
capability. * read_frame() is now Python 3 compatible for large payloads. *
Support float read_timeout/write_timeout. * Always treat SSLError timeouts
as socket timeouts. * Treat EWOULDBLOCK as timeout.
o from 2.4.0 * Fix inconsistent frame_handler return value. The function
returned by frame_handler is meant to return True once the complete message
is received and the callback is called, False otherwise. This fixes the
return value for messages with a body split across multiple frames, and
heartbeat frames. * Don't default content_encoding to utf-8 for bytes. This
is not an acceptable default as the content may not be valid utf-8, and
even if it is, the producer likely does not expect the message to be
decoded by the consumer. * Fix encoding of messages with multibyte
characters. Body length was previously calculated using string length,
which may be less than the length of the encoded body when it contains
multibyte sequences. This caused the body of the frame to be truncated. *
Respect content_encoding when encoding messages. Previously the
content_encoding was ignored and messages were always encoded as utf-8.
This caused messages to be incorrectly decoded if content_encoding is
properly respected when decoding. * Fix AMQP protocol header for AMQP
0-9-1. Previously it was set to a different value for unknown reasons. *
Add support for Python 3.7. Change direct SSLSocket instantiation with
wrap_socket. * Add support for field type "x" (byte array). * If there is
an exception raised on Connection.connect or Connection.close, ensure that
the underlying transport socket is closed. Adjust exception message on
connection errors as well. * TCP_USER_TIMEOUT has to be excluded from
KNOWN_TCP_OPTS in BSD platforms. * Handle negative acknowledgments. * Added
integration tests. * Fix basic_consume() with no consumer_tag provided. *
Improved empty AMQPError string representation. * Drain events before
publish. This is needed to capture out of memory messages for clients that
only publish. Otherwise on_blocked is never called. * Don't revive channel
when connection is closing. When connection is closing don't raise error
when Channel.Close method is received.
Changes in python-ironic-lib:
o update to version 2.14.2 - Replace openstack.org git:// URLs with https://
- OpenDev Migration Patch - Include partiton name and flags from parted
output
Changes in python-keystoneauth1:
o switch to tracking stable/rocky tarball
o disable renderspec
o update to version 3.10.1.dev10 * Make tests pass in 2020 * OpenDev
Migration Patch * Revert "Change log hashing to SHA256" * import zuul job
settings from project-config * Change log hashing to SHA256 * Update UPPER\
_CONSTRAINTS\_FILE for stable/rocky * Update .gitreview ftable/rocky
Changes in python-keystoneclient:
o switch to tracking stable/rocky tarball
o disable renderspec
o update to version 3.17.0.dev5 * Make tests pass in 2020 * OpenDev Migration
Patch * import zuul job settings from project-config * Update UPPER\
_CONSTRAINTS\_FILE for stable/rocky * Update .gitreview for stable/rocky
Changes in python-keystonemiddleware:
o Use version_unconverted for documentation build
o Update to version keystonemiddleware-5.2.2.dev3: * Make tests pass in 2022
* Make sure audit middleware use own context
Changes in python-ovs:
o add 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch (bsc#1158581)
Changes in supportutils-plugin-suse-openstack-cloud:
o Update to version 9.0.1574431436.987b47d: * Add services from SOC/HOS8 *
Fix handling of ardana "config" dir and conf files in /opt/stack/service *
Fix more failures of censoring passwords * Include configs and logs for
neutron HA
Changes in rubygem-crowbar-client:
o Update to 3.9.1 - Fix repocheck table output (SOC-10718) - Enable
restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954)
Changes in rubygem-puma:
o Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This
patch fixes a DoS vulnerability a malicious client could use to block a
large amount of threads.
Changes in venv-openstack-horizon:
o replace neutron-lbaas dashboard with octavia dashboard (SOC-10883)
Patch Instructions:
To install this SUSE Security Update use the SUSE recommended installation
methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
o SUSE OpenStack Cloud Crowbar 9:
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-642=1
o SUSE OpenStack Cloud 9:
zypper in -t patch SUSE-OpenStack-Cloud-9-2020-642=1
Package List:
o SUSE OpenStack Cloud Crowbar 9 (x86_64):
crowbar-core-6.0+git.1582892022.cbd70e833-3.19.3
crowbar-core-branding-upstream-6.0+git.1582892022.cbd70e833-3.19.3
keepalived-2.0.19-3.3.1
keepalived-debuginfo-2.0.19-3.3.1
keepalived-debugsource-2.0.19-3.3.1
python-ovs-2.9.0-3.3.1
python-ovs-debuginfo-2.9.0-3.3.1
python-ovs-debugsource-2.9.0-3.3.1
ruby2.1-rubygem-crowbar-client-3.9.1-3.3.1
ruby2.1-rubygem-puma-2.16.0-4.3.1
ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1
rubygem-puma-debugsource-2.16.0-4.3.1
o SUSE OpenStack Cloud Crowbar 9 (noarch):
crowbar-ha-6.0+git.1574286261.6fd1a34-3.13.2
crowbar-openstack-6.0+git.1580922461.67fb3c087-3.19.2
crowbar-ui-1.3.0+git.1575896697.a01a3a08-17.1
openstack-barbican-7.0.1~dev24-3.6.4
openstack-barbican-api-7.0.1~dev24-3.6.4
openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4
openstack-barbican-retry-7.0.1~dev24-3.6.4
openstack-barbican-worker-7.0.1~dev24-3.6.4
openstack-ceilometer-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3
openstack-ceilometer-polling-11.0.2~dev21-3.10.3
openstack-cinder-13.0.9~dev11-3.16.3
openstack-cinder-api-13.0.9~dev11-3.16.3
openstack-cinder-backup-13.0.9~dev11-3.16.3
openstack-cinder-scheduler-13.0.9~dev11-3.16.3
openstack-cinder-volume-13.0.9~dev11-3.16.3
openstack-dashboard-14.1.1~dev1-3.12.2
openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1
openstack-designate-7.0.1~dev23-3.13.3
openstack-designate-agent-7.0.1~dev23-3.13.3
openstack-designate-api-7.0.1~dev23-3.13.3
openstack-designate-central-7.0.1~dev23-3.13.3
openstack-designate-producer-7.0.1~dev23-3.13.3
openstack-designate-sink-7.0.1~dev23-3.13.3
openstack-designate-worker-7.0.1~dev23-3.13.3
openstack-heat-11.0.3~dev31-3.13.3
openstack-heat-api-11.0.3~dev31-3.13.3
openstack-heat-api-cfn-11.0.3~dev31-3.13.3
openstack-heat-engine-11.0.3~dev31-3.13.3
openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3
openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
openstack-ironic-11.1.4~dev22-3.13.2
openstack-ironic-api-11.1.4~dev22-3.13.2
openstack-ironic-conductor-11.1.4~dev22-3.13.2
openstack-ironic-python-agent-3.3.3~dev6-3.13.2
openstack-keystone-14.1.1~dev36-3.19.3
openstack-magnum-7.2.1~dev1-3.10.3
openstack-magnum-api-7.2.1~dev1-3.10.3
openstack-magnum-conductor-7.2.1~dev1-3.10.3
openstack-monasca-agent-2.8.1~dev13-3.6.2
openstack-neutron-13.0.7~dev48-3.19.3
openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3
openstack-neutron-fwaas-13.0.3~dev4-3.9.2
openstack-neutron-gbp-5.0.1~dev491-3.16.1
openstack-neutron-ha-tool-13.0.7~dev48-3.19.3
openstack-neutron-l3-agent-13.0.7~dev48-3.19.3
openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3
openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3
openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3
openstack-neutron-metering-agent-13.0.7~dev48-3.19.3
openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3
openstack-neutron-server-13.0.7~dev48-3.19.3
openstack-neutron-vpnaas-13.0.2~dev6-3.6.2
openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2
openstack-nova-18.2.4~dev63-3.19.3
openstack-nova-api-18.2.4~dev63-3.19.3
openstack-nova-cells-18.2.4~dev63-3.19.3
openstack-nova-compute-18.2.4~dev63-3.19.3
openstack-nova-conductor-18.2.4~dev63-3.19.3
openstack-nova-console-18.2.4~dev63-3.19.3
openstack-nova-novncproxy-18.2.4~dev63-3.19.3
openstack-nova-placement-api-18.2.4~dev63-3.19.3
openstack-nova-scheduler-18.2.4~dev63-3.19.3
openstack-nova-serialproxy-18.2.4~dev63-3.19.3
openstack-nova-vncproxy-18.2.4~dev63-3.19.3
openstack-octavia-3.2.2~dev8-3.19.1
openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1
openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3
openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3
openstack-octavia-api-3.2.2~dev8-3.19.1
openstack-octavia-health-manager-3.2.2~dev8-3.19.1
openstack-octavia-housekeeping-3.2.2~dev8-3.19.1
openstack-octavia-worker-3.2.2~dev8-3.19.1
openstack-sahara-9.0.2~dev15-3.9.2
openstack-sahara-api-9.0.2~dev15-3.9.2
openstack-sahara-engine-9.0.2~dev15-3.9.2
openstack-swift-2.19.2~dev48-3.3.1
openstack-swift-account-2.19.2~dev48-3.3.1
openstack-swift-container-2.19.2~dev48-3.3.1
openstack-swift-object-2.19.2~dev48-3.3.1
openstack-swift-proxy-2.19.2~dev48-3.3.1
python-amqp-2.4.2-4.3.1
python-barbican-7.0.1~dev24-3.6.4
python-ceilometer-11.0.2~dev21-3.10.3
python-cinder-13.0.9~dev11-3.16.3
python-designate-7.0.1~dev23-3.13.3
python-heat-11.0.3~dev31-3.13.3
python-horizon-14.1.1~dev1-3.12.2
python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
python-ironic-11.1.4~dev22-3.13.2
python-ironic-lib-2.14.2-3.3.1
python-keystone-14.1.1~dev36-3.19.3
python-keystoneauth1-3.10.1~dev10-3.3.1
python-keystoneclient-3.17.1~dev5-3.3.1
python-keystoneclient-doc-3.17.1~dev5-3.3.1
python-keystonemiddleware-5.2.2~dev3-14.2
python-magnum-7.2.1~dev1-3.10.3
python-monasca-agent-2.8.1~dev13-3.6.2
python-neutron-13.0.7~dev48-3.19.3
python-neutron-fwaas-13.0.3~dev4-3.9.2
python-neutron-gbp-5.0.1~dev491-3.16.1
python-neutron-vpnaas-13.0.2~dev6-3.6.2
python-nova-18.2.4~dev63-3.19.3
python-octavia-3.2.2~dev8-3.19.1
python-openstack_auth-14.1.1~dev1-3.12.2
python-sahara-9.0.2~dev15-3.9.2
python-swift-2.19.2~dev48-3.3.1
supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1
o SUSE OpenStack Cloud 9 (x86_64):
keepalived-2.0.19-3.3.1
keepalived-debuginfo-2.0.19-3.3.1
keepalived-debugsource-2.0.19-3.3.1
python-ovs-2.9.0-3.3.1
python-ovs-debuginfo-2.9.0-3.3.1
python-ovs-debugsource-2.9.0-3.3.1
o SUSE OpenStack Cloud 9 (noarch):
ardana-ansible-9.0+git.1581611758.f694f7d-3.16.1
ardana-cinder-9.0+git.1579256229.c8b4b38-3.10.1
ardana-cobbler-9.0+git.1574950066.a3c4be4-3.10.1
ardana-db-9.0+git.1578936438.b9a9b95-3.16.1
ardana-horizon-9.0+git.1575562864.8ed5e10-3.13.1
ardana-input-model-9.0+git.1580403439.d425462-3.13.1
ardana-monasca-9.0+git.1579273481.4b8c46f-3.13.1
ardana-mq-9.0+git.1581024903.8e74867-3.10.1
ardana-nova-9.0+git.1580304673.6c668eb-3.16.1
ardana-octavia-9.0+git.1576074489.62de7e2-3.13.1
ardana-osconfig-9.0+git.1580235830.0dca223-3.13.1
ardana-tempest-9.0+git.1578932816.e299c08-3.10.1
ardana-tls-9.0+git.1575296665.3fdfe45-3.9.1
openstack-barbican-7.0.1~dev24-3.6.4
openstack-barbican-api-7.0.1~dev24-3.6.4
openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4
openstack-barbican-retry-7.0.1~dev24-3.6.4
openstack-barbican-worker-7.0.1~dev24-3.6.4
openstack-ceilometer-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3
openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3
openstack-ceilometer-polling-11.0.2~dev21-3.10.3
openstack-cinder-13.0.9~dev11-3.16.3
openstack-cinder-api-13.0.9~dev11-3.16.3
openstack-cinder-backup-13.0.9~dev11-3.16.3
openstack-cinder-scheduler-13.0.9~dev11-3.16.3
openstack-cinder-volume-13.0.9~dev11-3.16.3
openstack-dashboard-14.1.1~dev1-3.12.2
openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1
openstack-designate-7.0.1~dev23-3.13.3
openstack-designate-agent-7.0.1~dev23-3.13.3
openstack-designate-api-7.0.1~dev23-3.13.3
openstack-designate-central-7.0.1~dev23-3.13.3
openstack-designate-producer-7.0.1~dev23-3.13.3
openstack-designate-sink-7.0.1~dev23-3.13.3
openstack-designate-worker-7.0.1~dev23-3.13.3
openstack-heat-11.0.3~dev31-3.13.3
openstack-heat-api-11.0.3~dev31-3.13.3
openstack-heat-api-cfn-11.0.3~dev31-3.13.3
openstack-heat-engine-11.0.3~dev31-3.13.3
openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3
openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
openstack-ironic-11.1.4~dev22-3.13.2
openstack-ironic-api-11.1.4~dev22-3.13.2
openstack-ironic-conductor-11.1.4~dev22-3.13.2
openstack-ironic-python-agent-3.3.3~dev6-3.13.2
openstack-keystone-14.1.1~dev36-3.19.3
openstack-magnum-7.2.1~dev1-3.10.3
openstack-magnum-api-7.2.1~dev1-3.10.3
openstack-magnum-conductor-7.2.1~dev1-3.10.3
openstack-monasca-agent-2.8.1~dev13-3.6.2
openstack-neutron-13.0.7~dev48-3.19.3
openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3
openstack-neutron-fwaas-13.0.3~dev4-3.9.2
openstack-neutron-gbp-5.0.1~dev491-3.16.1
openstack-neutron-ha-tool-13.0.7~dev48-3.19.3
openstack-neutron-l3-agent-13.0.7~dev48-3.19.3
openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3
openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3
openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3
openstack-neutron-metering-agent-13.0.7~dev48-3.19.3
openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3
openstack-neutron-server-13.0.7~dev48-3.19.3
openstack-neutron-vpnaas-13.0.2~dev6-3.6.2
openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2
openstack-nova-18.2.4~dev63-3.19.3
openstack-nova-api-18.2.4~dev63-3.19.3
openstack-nova-cells-18.2.4~dev63-3.19.3
openstack-nova-compute-18.2.4~dev63-3.19.3
openstack-nova-conductor-18.2.4~dev63-3.19.3
openstack-nova-console-18.2.4~dev63-3.19.3
openstack-nova-novncproxy-18.2.4~dev63-3.19.3
openstack-nova-placement-api-18.2.4~dev63-3.19.3
openstack-nova-scheduler-18.2.4~dev63-3.19.3
openstack-nova-serialproxy-18.2.4~dev63-3.19.3
openstack-nova-vncproxy-18.2.4~dev63-3.19.3
openstack-octavia-3.2.2~dev8-3.19.1
openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1
openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3
openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3
openstack-octavia-api-3.2.2~dev8-3.19.1
openstack-octavia-health-manager-3.2.2~dev8-3.19.1
openstack-octavia-housekeeping-3.2.2~dev8-3.19.1
openstack-octavia-worker-3.2.2~dev8-3.19.1
openstack-sahara-9.0.2~dev15-3.9.2
openstack-sahara-api-9.0.2~dev15-3.9.2
openstack-sahara-engine-9.0.2~dev15-3.9.2
openstack-swift-2.19.2~dev48-3.3.1
openstack-swift-account-2.19.2~dev48-3.3.1
openstack-swift-container-2.19.2~dev48-3.3.1
openstack-swift-object-2.19.2~dev48-3.3.1
openstack-swift-proxy-2.19.2~dev48-3.3.1
python-amqp-2.4.2-4.3.1
python-barbican-7.0.1~dev24-3.6.4
python-ceilometer-11.0.2~dev21-3.10.3
python-cinder-13.0.9~dev11-3.16.3
python-designate-7.0.1~dev23-3.13.3
python-heat-11.0.3~dev31-3.13.3
python-horizon-14.1.1~dev1-3.12.2
python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1
python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1
python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1
python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2
python-ironic-11.1.4~dev22-3.13.2
python-ironic-lib-2.14.2-3.3.1
python-keystone-14.1.1~dev36-3.19.3
python-keystoneauth1-3.10.1~dev10-3.3.1
python-keystoneclient-3.17.1~dev5-3.3.1
python-keystoneclient-doc-3.17.1~dev5-3.3.1
python-keystonemiddleware-5.2.2~dev3-14.2
python-magnum-7.2.1~dev1-3.10.3
python-monasca-agent-2.8.1~dev13-3.6.2
python-neutron-13.0.7~dev48-3.19.3
python-neutron-fwaas-13.0.3~dev4-3.9.2
python-neutron-gbp-5.0.1~dev491-3.16.1
python-neutron-vpnaas-13.0.2~dev6-3.6.2
python-nova-18.2.4~dev63-3.19.3
python-octavia-3.2.2~dev8-3.19.1
python-openstack_auth-14.1.1~dev1-3.12.2
python-sahara-9.0.2~dev15-3.9.2
python-swift-2.19.2~dev48-3.3.1
supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1
venv-openstack-barbican-x86_64-7.0.1~dev24-3.15.1
venv-openstack-cinder-x86_64-13.0.9~dev11-3.15.1
venv-openstack-designate-x86_64-7.0.1~dev23-3.15.1
venv-openstack-glance-x86_64-17.0.1~dev30-3.13.1
venv-openstack-heat-x86_64-11.0.3~dev31-3.15.1
venv-openstack-horizon-x86_64-14.1.1~dev1-4.14.2
venv-openstack-ironic-x86_64-11.1.4~dev22-4.11.1
venv-openstack-keystone-x86_64-14.1.1~dev36-3.15.1
venv-openstack-magnum-x86_64-7.2.1~dev1-4.15.1
venv-openstack-manila-x86_64-7.3.1~dev15-3.15.1
venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.15.1
venv-openstack-monasca-x86_64-2.7.1~dev10-3.13.1
venv-openstack-neutron-x86_64-13.0.7~dev48-6.15.1
venv-openstack-nova-x86_64-18.2.4~dev63-3.15.1
venv-openstack-octavia-x86_64-3.2.2~dev8-4.15.1
venv-openstack-sahara-x86_64-9.0.2~dev15-3.15.1
venv-openstack-swift-x86_64-2.19.2~dev48-2.10.1
References:
o https://www.suse.com/security/cve/CVE-2018-17954.html
o https://www.suse.com/security/cve/CVE-2019-13117.html
o https://www.suse.com/security/cve/CVE-2019-16770.html
o https://bugzilla.suse.com/1117080
o https://bugzilla.suse.com/1152007
o https://bugzilla.suse.com/1154235
o https://bugzilla.suse.com/1156305
o https://bugzilla.suse.com/1156914
o https://bugzilla.suse.com/1157028
o https://bugzilla.suse.com/1157206
o https://bugzilla.suse.com/1157482
o https://bugzilla.suse.com/1158581
o https://bugzilla.suse.com/1158675
o https://bugzilla.suse.com/1161351
o https://bugzilla.suse.com/1161721
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBXmnVnWaOgq3Tt24GAQgVGBAAuk75CPgysLFUpWNb6FtC17Q22LiB9Oss
KjjOJ55pfBg7Z1kvI8dZP8OKnAXjeJYzheo/rN7plQtE3aLj9zLyJegjxyLNAYAL
gLFViDClgGOiyaCIACoYCC/tXq2v65da07wvcSzsf+6yaxy/BxV35JKd3AivzBzC
qXGWzyNG8nrRZdjdBbi1Y35zYprxb1x87Owe/xQ46p4+d2oqc7WkQs2YmYnz8bto
L/KAYAr+y0+zmzQ/2AoX6I/sFj2N+YXw7MDMKIp70sbIoTtveH8tyvWdlB2Pluu0
Pxk67CJsF302e0z0S12WZ2S3qJ01n+bovxGVTgyYIJ7FW0X7Hh+CW7Izp0X2ZUbt
C0IDB+zmUkqLI/+xTRuaTGW/THFXjBEQQ0Po8AGIOQKJLGIUQawJhJx4g/5VroWo
DBkn1PJAyl3qiwszsZiiCoVXJ6kLgGB1XS8nGOpKqnDDhHKca0ailH1k7a+neUnx
L0MKR769BQFKCEChqg2/Grzpg2hOXbFpBTtPz+MOg8kNrJ4jmURhuiMWRthZ/tmB
toYojtEYcWGf+2djAWcFvhBXgWszfSGVz4r9PnBJX7NFbBoVqgWAZef0HBqlxJ3P
X3qZwC2PIRQsjnAT5t97ewYnr9BV2et1oGXy9IdC9e5qnJDCVtFdDWy6rYoJHu1/
EKNmuQfd+IQ=
=8fHQ
-----END PGP SIGNATURE-----