[Bug 1688557] Re: [SRU] newton stable releases

[Corey Bryant]

Hi Brian,

> I feel like the CVE referenced in the nova upload,[CVE-2017-7214] Failed notification payload is > dumped in logs with auth secrets, should be called out in the changelog and the Launchpad bug
> should have an Ubuntu yakkety task.

I've uploaded a new version with the changelog updated to call out the
CVE fix and I've also updated the CVE bug to target the corresponding
ubuntu and cloud archive releases. Note, It looks like we need to get
this uploaded for Ocata too.

>
> I'm not sure I've seen an SRU with a CVE fix in it though, is this normally done?

I think this is normal. Upstream cuts stable releases per project
whenever the project thinks it's needed (until EOL which tends to be
approx one year for upstream openstack). And with the CVE being the last
2 commits prior to the 14.0.5 release, it looks like they did the right
thing in getting it out the door when they did.

Corey

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to ceilometer in Ubuntu.
https://bugs.launchpad.net/bugs/1688557

Title:
  [SRU] newton stable releases

Status in Ubuntu Cloud Archive:
  New
Status in aodh package in Ubuntu:
  Invalid
Status in ceilometer package in Ubuntu:
  Invalid
Status in cinder package in Ubuntu:
  Invalid
Status in designate package in Ubuntu:
  Invalid
Status in heat package in Ubuntu:
  Invalid
Status in horizon package in Ubuntu:
  Invalid
Status in neutron package in Ubuntu:
  Invalid
Status in neutron-fwaas package in Ubuntu:
  Invalid
Status in neutron-lbaas package in Ubuntu:
  Invalid
Status in nova package in Ubuntu:
  Invalid
Status in aodh source package in Yakkety:
  Fix Committed
Status in ceilometer source package in Yakkety:
  Fix Committed
Status in cinder source package in Yakkety:
  Fix Committed
Status in designate source package in Yakkety:
  New
Status in heat source package in Yakkety:
  Fix Committed
Status in horizon source package in Yakkety:
  Fix Committed
Status in neutron source package in Yakkety:
  New
Status in neutron-fwaas source package in Yakkety:
  Fix Committed
Status in neutron-lbaas source package in Yakkety:
  New
Status in nova source package in Yakkety:
  Incomplete

Bug description:
  [Description]

  Stable release updates for the following packages for OpenStack
  Newton:

  aodh 3.0.2
  ceilometer 7.0.3
  cinder 9.1.4
  designate 3.0.1
  heat 7.0.3
  horizon 10.0.3
  neutron 9.3.1
  neutron-fwaas 9.0.1
  neutron-lbaas 9.2.0
  nova 14.0.5

  [Test Case]

  Upstream QA process for stable releases is documented here:

  https://docs.openstack.org/project-team-guide/stable-branches.html

  For all stable point releases, we perform regression testing by juju
  deploying two openstack clouds, one against -proposed and one against
  -updates, and we then run tempest integration smoke tests[1] to verify
  those deployed clouds, and evaluate any differences in results.

  [1] https://github.com/openstack/tempest/blob/master/README.rst

  [Regression Potential]

  Regression potential is low as as these are stable point releases that
  are released and tested by upstream openstack and tested in distro.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1688557/+subscriptions