[ubuntu/trusty-security] neutron 1:2014.1.2-0ubuntu1.1 (Accepted)

Jamie Strandboge jamie at ubuntu.com
Thu Aug 21 19:23:28 UTC 2014 

neutron (1:2014.1.2-0ubuntu1.1) trusty-security; urgency=medium

  * No change rebuild for security:
    - [0324965] remove token from notifier middleware
      + CVE-2014-4615
      + LP: #1321080
    - [2c4828e] no quota for allowed address pair
      + CVE-2014-3555
      + LP: #1336207

neutron (1:2014.1.2-0ubuntu1) trusty; urgency=medium

  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (5db494d) (LP: #1354159):
    - [1d4a3e3] Add dsvm-functional tox env to fix functional job
    - [c19633d] Fix deprecated opt in haproxy driver
    - [2c762be] Add configurable http_timeout parameter for Cisco N1K
    - [9c94d96] Avoid notifying while inside transaction opened in delete_port()
    - [f9379ef] BSN: Remove db lock and add missing contexts
    - [bea1e2d] Set python hash seed to 0 in tox.ini
    - [f427754] Big Switch: Remove consistency hash on full sync
    - [3ad288d] Add -s option for neutron metering rules
    - [231010b] Do not mark device as processed if it wasn't
    - [72edc13] Big Switch: Lock consistency table for REST calls
    - [b65c036] NSX: fix router ports port_security_enabled=False
    - [9dcc476] NSX: Remove unneed call to _ensure_default_security_group
    - [2ce59ec] Added support for NOS version 4.1.0, 5.0.0 and greater
    - [2c4828e] no quota for allowed address pair
    - [46a37e2] NSX: neutron router-interface-add should clear security-groups
    - [5d0d72b] Control update, delete for cisco-network-profile
    - [0459a6a] NSX: return 400 if dscp set for trusted queue
    - [d880134] Fix typo in ml2 configuration file
    - [fb40f65] Register LBaaS resources to quotas engine
    - [0cb4aaa] Make plugin deallocation check optional
    - [478f487] Ensure core plugin deallocation after every test
    - [ea5ecf9] OVS agent: Correct bridge setup ordering
    - [98ef1bc] Fixed dhcp & gateway ip conflict in PLUMgrid plugin
    - [38bf2be] Exit rpc_loop when SIGTERM is recieved in ovs-agent
    - [67ef62d] NSX sync cache: add a flag to skip item deletion
    - [d2c11e5] OFAgent: Avoid processing ports which are not yet ready
    - [c02763a] OFAgent: Fixing lost vlan ids on interfaces
    - [8d56f44] OFAgent: Improve handling of security group updates
    - [63d3a54] OFAgent: Avoid re-wiring ports unnecessarily
    - [8131a2e] Synced jsonutils from oslo-incubator
    - [33992c8] Brocade mechanism driver depends on the brocade plugin templates
    - [1da7abd] ofagent: Fix VLAN usage for TYPE_FLAT and TYPE_VLAN
    - [2a79749] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
    - [45281bb] Brocade mechanism driver should be derived from ML2 plugin base class
    - [3eeda2c] Add missing keyword raise to get_profile_binding function
    - [e517da2] Big Switch: Remove unnecessary initialization code
    - [2f65656] ovs-agent: Ensure integration bridge is created
    - [0324965] remove token from notifier middleware
    - [6d62c91] Big Switch: Add missing data to topology sync
    - [fac71fe] Added missing core_plugins symbolic names
    - [505f902] Big Switch: Catch exceptions in watchdog thread
    - [ac90f9b] Segregate the VSM calls from database calls in N1kv plugin
    - [86e4b80] Fix network profile subtype validation in N1kv plugin
    - [24f2460] ofagent: Add a missing push_vlan action
    - [50408e6] OFA agent: use hexadecimal IP address in tunnel port name
    - [f0af041] Big Switch: Call correct method in watchdog
    - [71097a0] Check DB scheme prior to migration to Ml2
    - [db7f8a7] ofa_neutron_agent: Fix _phys_br_block_untranslated_traffic
    - [d5d345b] Fix race condition with firewall deletion
    - [ce712b2] Metadata agent caches networks for routers
    - [cac3aa8] Ensure routing key is specified in the address for a direct producer
    - [5e0ea72] Default to setting secure mode on the integration bridge
    - [77d8da1] OVS and OF Agents: Create updated_ports attribute before setup_rpc
    - [9268ea6] OFAgent: Process port_update notifications in the main agent loop
    - [9124db5] Remove RPC to plugin when dhcp sets default route
    - [6fd5a20] Improve iptables_manager _modify_rules() method
    - [5285164] Big Switch: fix capabilities retrieval code
    - [ca7ed8f] OVS Agent: limit veth names to 15 chars
    - [7d76335] NSX: Fix request_id in api_client to increment
    - [583db13] NSX: fix tenant_id passed as security_profile_id
    - [066760e] LBaaS add missing rootwrap filter for route
    - [cd7a622] Do not defer IPTables apply in firewall path
    - [315319c] BSN: Set hash header to empty instead of False
    - [5d9a034] Remove function replacement with mock patch
    - [a4b467d] NSX: fix bug for flat provider network
    - [96e580d] Wrong key router.interface reported by ceilometer
    - [9ce5ef3] Common decorator for caching methods
    - [f3fa89f] Fixes Hyper-V agent security groups disabling
    - [6fe2596] Fixes Hyper-V agent security group ICMP rules
    - [5db494d] Add support for multiple RPC workers under Metaplugin
  * d/p/disable-failing-metaplugin-tests.patch: Dropped.
  * d/p/skip-lb-test.patch: Dropped.

  [ James Page ]
  * d/watch: Point to tarballs.openstack.org for release artifacts.

neutron (1:2014.1.1-0ubuntu2) trusty-proposed; urgency=medium

  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (54ac82b) (LP: #1328134):
    - [2b42dd3] Handle errors from run_ofctl() when dumping flows
    - [d00446b] Reprogram flows when ovs-vswitchd restarts
    - [8d3026b] Added missing plugin .ini files to setup.cfg
    - [072bbc0] NEC plugin: Bump L3RPC callback version to 1.1
    - [47a4954] Remove List events API from Cisco N1kv Neutron
    - [28a26db] Install SNAT rules for ipv4 only
    - [5bdea2d] Use os.uname() instead of calling uname in subprocess
    - [48bc7db] Replace loopingcall in notifier with a delayed send
    - [66eeda2] Explicitly import state_path opt in tests.base
    - [f1b0607] NSX: allow net-migration only in combined mode
    - [8abb05c] NSX: do not raise on missing router during migration step
    - [4c945dd] NSX: fix error when creating VM ports on subnets without dhcp
    - [efa4f28] OVS lib defer apply doesn't handle concurrency
    - [bc30b52] NSX: ensure that no LSN is created on external networks
    - [2bcc7bf] NSX: pass the right argument during metadata setup
    - [26a591a] Big Switch: Check source_address attribute exists
    - [74a9365] L3 RPC loop could delete a router on concurrent update
    - [2a7164a] Optimize querying for security groups
    - [bac4389] set api.extensions logging to ERROR in unit tests
    - [d1ab56d] Make default nova_url use a version
    - [2c56e14] NSX: fix API payloads for dhcp/metadata setup
    - [f217479] NSX: fix migration for networks without a subnet
    - [bf281cd] NSX: change api mapping for Service Cluster to Edge Cluster
    - [7225e2b] NSX: add nsx switch lookup to dhcp and metadata operations
    - [b922aa7] Fixed floating IP logic in PLUMgrid plugin
    - [84650f8] IBM: set secret=True on passwd config field
    - [c5040b4] Update ensure()/reconnect() to catch MessagingError
    - [e0deffc] NSX: Fix fake_api_client to raise NotFound
    - [42a8539] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
    - [68a24e5] Validate CIDR given as ip-prefix in security-group-rule-create
    - [8991aa6] gw_port should be set as lazy='join'
    - [54ac82b] NSX: ensure dhcp port is setup on metadata network

  [ Jamie Strandboge ]
  * SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
    neutron-rootwrap
    - CVE-2013-6433 (LP: #1185019)

Date: 2014-08-21 17:11:12.466492+00:00
Changed-By: Jamie Strandboge <jamie at ubuntu.com>
https://launchpad.net/ubuntu/trusty/+source/neutron/1:2014.1.2-0ubuntu1.1
-------------- next part --------------
Sorry, changesfile not available.

More information about the Trusty-changes mailing list