[Bug 1116671] Re: Meta bug for tracking Openstack 2012.2.3 Stable Update
Adam Gandelman
1116671 at bugs.launchpad.net
Tue Apr 23 18:10:32 UTC 2013
** Description changed:
This is a meta-bug used for tracking progress of the 2012.2.3 Folsom
stable update to Nova, Horizon, Keystone, Glance, Cinder and Quantum.
+ Note: Original proposed SRU was rebased to include relevant security
+ updates applied to packages already released to the Ubuntu Archive.
+
+ ------------------------------------------------------------------------------
+
+ cinder (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
+ .
+ * Re-sync with latest security updates.
+ * SECURITY UPDATE: fix denial of service
+ - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
+ and update external API facing Cinder modules to use it
+ - CVE-2013-1664
+ .
cinder (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
.
* Resynchronize with stable/folsom (a8caa79f) (LP: #1116671):
- [cdf6c13] Root wrap tools used by NFS volume driver LP: 1087282
+ ------------------------------------------------------------------------------
+
+ glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
+ .
+ * Resync with latest security update.
+ * SECURITY UPDATE: fix information disclosure via Glance v1 API
+ - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
+ not show image_meta['location']
+ - CVE-2013-1840
+ .
glance (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
.
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0212.patch: [96a470b]
* Resynchronize with stable/folsom (98d9928a) (LP: #1116671):
- [96a470b] glance image-download can display backend Swift password
- [4c96080] install throws errors about SADeprecationWarning LP: 925609
- [bca6e26] wsgi.Middleware forward-compatibility with webob 1.2b1 or later
- [5e5e722] Supplied image size should be verified against actual size
LP: 1092584
- [514b4b4] silent failure when loading the paste deploy app LP: 1091294
+
+ ------------------------------------------------------------------------------
horizon (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
.
* Resynchronize with stable/folsom (f421145b) (LP: #1116671):
- [20fa0fc] EC2 panel shouldn't be visible when the EC2 service isn't
enabled LP: 1102411
- [0b1c553] Server error pages are broken LP: 1067206
- [476072d] login not possible if not service "volume" defined on keystone
LP: 1084137
- [ebc5e6d] Quota tally not handling unlimited values correctly LP: 1084976
- [e19a218] Unable to set unlimited quotas in Horizon LP: 1082489
- [2f959c6] The css class td.actions_column's width is not enough
LP: 1081875
- [817d628] Revert "Temp fix for api/keystone.py"
- [9060885] Can not display usage data for Quota Summary (LP: #1055929)
* debian/static/openstack-dashboard: Recompress static JS and CSS based on
changes applied upstream in stable/folsom.
+ ------------------------------------------------------------------------------
+
+ keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
+ .
+ * Resync with latest security updates.
+ * SECURITY UPDATE: fix PKI revocation bypass
+ - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
+ - CVE-2013-1865
+ * SECURITY UPDATE: fix EC2-style authentication for disabled users
+ - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
+ to ensure user and tenant are enabled in EC2
+ - CVE-2013-0282
+ * SECURITY UPDATE: fix denial of service
+ - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
+ - CVE-2013-1664
+ - CVE-2013-1665
+ .
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low
.
[ Adam Gandelman ]
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0247.patch: [bb2226f]
* Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
- [bb2226f] Add size validations for /tokens.
- [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
- [70e55f9] SQL backend fails if not all URL are defined in an endpoint
LP: 1061736
- [6c95b73] Unparseable endpoint URL's should raise a user friendly error
LP: 1058494
- [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
- [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405
.
[ Chuck Short ]
* debian/patches/fix-ubuntu-tests.patch: Refreshed.
+ ------------------------------------------------------------------------------
+ nova (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
+ .
+ * Re-sync with latest security updates.
+ * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
+ - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
+ - CVE-2013-1838
+ * SECURITY UPDATE: fix VNC token validation
+ - debian/patches/CVE-2013-0335.patch: force console auth service to flush
+ all tokens associated with an instance when it is deleted
+ - CVE-2013-0335
+ * SECURITY UPDATE: fix denial of service
+ - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
+ and update external API facing Nova modules to use it
+ - CVE-2013-1664
+ .
nova (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
.
* Dropped patches, applied upstream:
- debian/patches/CVE-2013-0208.patch: [317cc0a]
* Resynchronize with stable/folsom (e5d0f4b9) (LP: #1116671):
- [317cc0a] No authentication on block device used for os-volume_boot
LP: 1069904
- [6241f91] Include error message in instance faults LP: 1013350
- [5a66812] Rapidly removing a floating ip can leave behind nat rules
LP: 1092762
- [133a040] remove session parameter from fixed_ip_get
- [03200fe] init host crashes if instance cannot be resumed LP: 1100430
- [cf67f3b] Unable to assign a specific IP address to a Quantum port
LP: 1094897
- [fcaab43] No handler for NFS volume LP: 1087252
- [796216e] plug_vifs() not called for each instance when nova compute is
started LP: 1083784
- [b3c2f61] resource tracker reporting strange values in AUDIT logs
LP: 1092418
- [1789d26] Libvirt driver misses out some CPU flags on old libvirt
LP: 1099527
- [eff17b4] nova aggregate-create returns unclear error to user LP: 1083353
- [63fd557] os-hosts extension's show method cannot find host which has '.'
in host-name (or host name is dotted quad) LP: 1027788
- [f864a4e] Folsom - Absolute limit parameters totalKeyPairsUsed and
totalSecurityGroupsUsed values area not incremented when keypair and
security group created LP: 1062049
- [4bfc8f1] KVM guests networking issues with no virbr0 and with vhost_net
kernel modules loaded (LP: #1029430)
- [f9eacd4] Qemu-img does not handle snapshot list LP: 1070088
+ ------------------------------------------------------------------------------
+
+ quantum (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
+ .
+ * debian/quantum-common.install: Install the quantum-ovs-cleanup script
+ that was backported to stable/folsom (LP: #1116671).
+ .
quantum (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
.
* Resynchronize with stable/folsom (d2a85e65) (LP: #1116671):
- [a84ba7e] Quantum port update invokes invalid method LP: 1109001
- [b56c2c9] Linuxbridge plugin: when admin status is set to False, port
status is still ACTIVE LP: 1099065
- [fe0ae7a] OVS cleanup utility does not use the correct root_helper
LP: 1105193
- [1a24b68] quantum server does not honor default_notification_level
LP: 1089773
- [24244c1] Gateway validation on subnet LP: 1096532
- [2730e47] tenant cannot set his router's gateway port on an external
network owned by other tenant LP: 1087243
- [4c9326a] Invalid output when deleting a subnet with a port attached
LP: 1093754
- [9f1bf8d] quantum-plugin-nicira miss a dependency (LP: #1097451)
- [579727a] ipallocationpools remains after subnet deletion LP: 1091946
- [5f8dd88] Printing a list of networks terminates with exception
LP: 1093637
- [9c3812f] Update router gateway successful with existed floatingip
association LP: 1081877
- [5df31af] quantum-dhcp-agent should pass --conf-file with no argument to
dnsmasq when no configure file specified instead not pass --conf-file at
all LP: 1094183
- [88261ce] the local vairable physical_network should be
alloc.physical_network LP: 1091664
- [43ece8f] Internal interfaces defined via OVS are not brought up properly
after a reboot LP: 1091605
- [a587abc] no check prevents deletion of router interface needed by a
floating ip LP: 1081325
- [d973a35] Pin pep8 to v1.3.3.
- [19b5904] DHCP agent does not listen on a unique queue LP: 1084621
- [0e05ddd] dhcp.filters needs ovs_vsctl permission LP: 1090072
- [16e128c] Bump next version to 2012.2.3
- [30572ac] Quantum-l3-agent leaves multiple NAT rules for same floating IP
LP: 1083990
- [01ea272] delete router fails with internal sever error when floatingip
association remains LP: 1080638
- [8017d09] Fix rpc control_exchange regression.
* debian/patches/fix-ubuntu-tests.patch: Refreshed, added skipTests for
linuxbridge tests that attempt to setup udev monitors.
+
+ ------------------------------------------------------------------------------
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1116671
Title:
Meta bug for tracking Openstack 2012.2.3 Stable Update
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1116671/+subscriptions
More information about the Ubuntu-server-bugs
mailing list