[Bug 2018564] Re: [SRU] python-os-brick stable point releases
Corey Bryant
2018564 at bugs.launchpad.net
Tue May 16 13:30:28 UTC 2023
This bug was fixed in the package python-os-brick - 5.0.3-0ubuntu1~cloud0
---------------
python-os-brick (5.0.3-0ubuntu1~cloud0) focal-xena; urgency=medium
.
* New stable point release for OpenStack Xena (LP: #2018564).
* SECURITY UPDATE: Unauthorized File Access
- debian/patches/CVE-2023-2088.patch: Support force disconnect for
fibre channel.
- CVE-2023-2088
** Changed in: cloud-archive/xena
Status: Fix Committed => Fix Released
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to python-os-brick in Ubuntu.
https://bugs.launchpad.net/bugs/2018564
Title:
[SRU] python-os-brick stable point releases
Status in Ubuntu Cloud Archive:
Invalid
Status in Ubuntu Cloud Archive xena series:
Fix Released
Status in Ubuntu Cloud Archive yoga series:
Fix Released
Status in python-os-brick package in Ubuntu:
Invalid
Status in python-os-brick source package in Jammy:
Fix Released
Bug description:
[Impact]
This release sports mostly bug-fixes and we would like to make sure all of our users have access to these improvements.
While python-os-brick is not covered under the OpenStack stable
release exception I would like to see if these would be covered by the
Ubuntu SRU "New upstream microrelease" exception.
The update contains the following package updates:
* python-os-brick 5.2.2 (Yoga/Jammy)
* python-os-brick 5.0.3 (Xena)
[Test Case]
The following SRU process was followed:
https://wiki.ubuntu.com/OpenStack/StableReleaseUpdates
In order to avoid regression of existing consumers, the OpenStack team
will run their continuous integration test against the packages that
are in -proposed. A successful run of all available tests will be
required before the proposed packages can be let into -updates.
The OpenStack team will be in charge of attaching the output summary
of the executed tests. The OpenStack team members will not mark
‘verification-done’ until this has happened.
[Regression Potential]
In order to mitigate the regression potential, the results of the aforementioned tests are attached to this bug.
[Discussion]
Thew new versions of os-brick are defined by opentack's upper-constraints which are the versions that get tested by the upstream gate: https://github.com/openstack/requirements/blob/master/upper-constraints.txt
Following are the delta of fixes between the current versions in
Ubuntu/UCA and the new versions that we would like to pick up:
# Yoga (Jammy)
os-brick$ git-pretty 5.2.0..5.2.2
- [743002c] RBD: Fix disconnect_volume for encrypted volumes
- [0bd5dc9] Fix encryption symlink issues
- [0f6b3d4] Update TOX_CONSTRAINTS_FILE for stable/yoga
- [008c8e6] Update .gitreview for stable/yoga
# Xena
os-brick$ git-pretty 5.0.2..5.0.3
- [3aa5d29] RBD: Fix disconnect_volume for encrypted volumes
- [b31b109] Fix encryption symlink issues
[Discussion]
It is important to note that upstream has:
1) a reliable and credible test suite for assuring the quality of every commit or release,
2) the tests are covering both functionality and API/ABI stability
The upstream policy for testing is described a bit here: https://docs.openstack.org/cinder/latest/contributor/contributing.html#getting-your-patch-merged
(specifically see the paragraphs starting with "Patches lacking unit tests are unlikely to be approved." and "If your patch has a -1 from Zuul.."). Pep8, unit, and functional (tempest) tests are run during the gate for each patch. For example, looking at the following upstream review: https://review.opendev.org/c/openstack/os-brick/+/822025 we can see that zuul tests must vote +1 in order for the patch to be merged. It is also important to note the upstream openstack stable branch policy noted at https://docs.openstack.org/project-team-guide/stable-branches.html#review-guidelines.
It is also import to note that the ubuntu package has:
1) unit tests run during package build to cover all architectures
Additionally, the OpenStack team will run their continuous integration
test against the packages that are in -proposed (a juju deployed
openstack with tempest functional tests executed to validate the
cloud). A successful run of all available tests will be required
before the proposed packages can be let into -updates.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2018564/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list