[Bug 2018564] Re: [SRU] python-os-brick stable point releases

Launchpad Bug Tracker 2018564 at bugs.launchpad.net
Thu May 11 18:30:56 UTC 2023 

This bug was fixed in the package python-os-brick - 5.2.2-0ubuntu1

---------------
python-os-brick (5.2.2-0ubuntu1) jammy-security; urgency=medium

  * d/gbp.conf: Create stable/yoga branch.
  * New stable point release for OpenStack Yoga (LP: #2018564).
  * SECURITY UPDATE: Unauthorized File Access
    - debian/patches/CVE-2023-2088.patch: Support force disconnect for
      fibre channel.
    - CVE-2023-2088

 -- Corey Bryant <corey.bryant at canonical.com>  Fri, 05 May 2023 11:52:27
+0200

** Changed in: python-os-brick (Ubuntu Jammy)
       Status: Triaged => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-2088

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-os-brick in Ubuntu.
https://bugs.launchpad.net/bugs/2018564

Title:
  [SRU] python-os-brick stable point releases

Status in Ubuntu Cloud Archive:
  Invalid
Status in Ubuntu Cloud Archive xena series:
  Fix Committed
Status in Ubuntu Cloud Archive yoga series:
  Triaged
Status in python-os-brick package in Ubuntu:
  Invalid
Status in python-os-brick source package in Jammy:
  Fix Released

Bug description:
  [Impact]
  This release sports mostly bug-fixes and we would like to make sure all of our users have access to these improvements.

  While python-os-brick is not covered under the OpenStack stable
  release exception I would like to see if these would be covered by the
  Ubuntu SRU "New upstream microrelease" exception.

  The update contains the following package updates:

     * python-os-brick 5.2.2 (Yoga/Jammy)
     * python-os-brick 5.0.3 (Xena)

  [Test Case]
  The following SRU process was followed:
  https://wiki.ubuntu.com/OpenStack/StableReleaseUpdates

  In order to avoid regression of existing consumers, the OpenStack team
  will run their continuous integration test against the packages that
  are in -proposed. A successful run of all available tests will be
  required before the proposed packages can be let into -updates.

  The OpenStack team will be in charge of attaching the output summary
  of the executed tests. The OpenStack team members will not mark
  ‘verification-done’ until this has happened.

  [Regression Potential]
  In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug.

  [Discussion]
  Thew new versions of os-brick are defined by opentack's upper-constraints which are the versions that get tested by the upstream gate: https://github.com/openstack/requirements/blob/master/upper-constraints.txt

  Following are the delta of fixes between the current versions in
  Ubuntu/UCA and the new versions that we would like to pick up:

  # Yoga (Jammy)
  os-brick$ git-pretty 5.2.0..5.2.2
   - [743002c] RBD: Fix disconnect_volume for encrypted volumes
   - [0bd5dc9] Fix encryption symlink issues
   - [0f6b3d4] Update TOX_CONSTRAINTS_FILE for stable/yoga
   - [008c8e6] Update .gitreview for stable/yoga

  # Xena
  os-brick$ git-pretty 5.0.2..5.0.3
   - [3aa5d29] RBD: Fix disconnect_volume for encrypted volumes
   - [b31b109] Fix encryption symlink issues

  
  [Discussion]
  It is important to note that upstream has:

  1) a reliable and credible test suite for assuring the quality of every commit or release,
  2) the tests are covering both functionality and API/ABI stability

  The upstream policy for testing is described a bit here: https://docs.openstack.org/cinder/latest/contributor/contributing.html#getting-your-patch-merged
  (specifically see the paragraphs starting with "Patches lacking unit tests are unlikely to be approved." and "If your patch has a -1 from Zuul.."). Pep8, unit, and functional (tempest) tests are run during the gate for each patch. For example, looking at the following upstream review: https://review.opendev.org/c/openstack/os-brick/+/822025 we can see that zuul tests must vote +1 in order for the patch to be merged. It is also important to note the upstream openstack stable branch policy noted at https://docs.openstack.org/project-team-guide/stable-branches.html#review-guidelines.

  It is also import to note that the ubuntu package has:

  1) unit tests run during package build to cover all architectures

  Additionally, the OpenStack team will run their continuous integration
  test against the packages that are in -proposed (a juju deployed
  openstack with tempest functional tests executed to validate the
  cloud). A successful run of all available tests will be required
  before the proposed packages can be let into -updates.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2018564/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list