Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2020.0902 SUSE Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform 12 March 2020 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: ardana Publisher: SUSE Operating System: SUSE Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction Modify Arbitrary Files -- Existing Account Denial of Service -- Remote/Unauthenticated Access Confidential Data -- Existing Account Resolution: Patch/Upgrade CVE Names: CVE-2020-7595 CVE-2020-2574 CVE-2019-18901 CVE-2019-16770 CVE-2019-13117 CVE-2019-2974 CVE-2019-2938 CVE-2019-2805 CVE-2019-2758 CVE-2019-2740 CVE-2019-2739 CVE-2019-2737 CVE-2018-17954 CVE-2017-1002201 Reference: ESB-2020.0713 ESB-2019.2784 ESB-2019.2660 Original Bulletin: https://www.suse.com/support/update/announcement/2020/suse-su-20200640-1.html https://www.suse.com/support/update/announcement/2020/suse-su-20200642-1.html Comment: This bulletin contains two (2) SUSE security advisories. - --------------------------BEGIN INCLUDED TEXT-------------------- SUSE Security Update: Security update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-p ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0640-1 Rating: important References: #1077717 #1117080 #1117840 #1123191 #1148158 #1152007 #1154235 #1155089 #1155942 #1156305 #1156669 #1156914 #1157028 #1157206 #1157482 #1158675 #1160048 #1160878 #1160883 #1160895 #1160912 #1161351 #1161517 #1162388 Cross-References: CVE-2017-1002201 CVE-2018-17954 CVE-2019-13117 CVE-2019-16770 CVE-2019-18901 CVE-2019-2737 CVE-2019-2739 CVE-2019-2740 CVE-2019-2758 CVE-2019-2805 CVE-2019-2938 CVE-2019-2974 CVE-2020-2574 CVE-2020-7595 Affected Products: SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud 8 HPE Helion Openstack 8 ______________________________________________________________________________ umavenv-openstack-swift An update that solves 14 vulnerabilities and has 10 fixes is now available. Description: This update for ardana-cinder, ardana-cobbler, ardana-designate, ardana-extensions-example, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-input-model, ardana-ironic, ardana-keystone, ardana-logging, ardana-monasca, ardana-monasca-transform, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, mariadb, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-heat, openstack-heat-templates, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-ironic, openstack-keystone, openstack-monasca-agent, openstack-neutron, openstack-neutron-gbp, openstack-neutron-vsphere, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-resource-agents, openstack-sahara, openstack-trove, python-cinderlm, python-congressclient, python-designateclient, python-ironic-lib, python-networking-cisco, python-osc-lib, python-oslo.context, python-oslo.rootwrap, python-oslo.serialization, python-oslo.service, python-stevedore, python-taskflow, rubygem-crowbar-client, rubygem-puma, venv-openstack-swift fixes the following issues: Security issues fixed: The update of rubygem-crowbar-client, rubygem-puma fixes the following security issues: o CVE-2018-17954: Fixed an issue where crowbar was leaking the secret admin passwords to all nodes (bsc#1117080). o CVE-2019-16770: Fixed a denial-of-service vulnerability that was exploitable by clients sending extraneous keepalive requests (bsc#1158675). The update of mariadb to 10.2.29 fixes several security issues: o CVE-2020-2574: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). o CVE-2019-18901: Fixed a difficult to exploit vulnerability that allowed an attacker to crash the client (bsc#1162388). o CVE-2017-1002201: Fixed an issue where special characters did not escpae properly (bsc#1155089) o CVE-2019-2737, CVE-2019-2739, CVE-2019-2740, CVE-2019-2758, CVE-2019-2805, CVE-2019-2938, CVE-2019-2974: Fixed an issue where could lead a remote attacker to cause denial of service (bsc#1156669) Non-security issues fixed: Changes in ardana-cinder: o Update to version 8.0+git.1579279939.ee7da88: * Add option to flatten snapshots when using SES (SOC-11054) o Update to version 8.0+git.1571846011.1a2f62b: * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753) Changes in ardana-cobbler: o Update to version 8.0+git.1575037115.0326803: * Set root device on SLES autoyast templates (SOC-7365) Changes in ardana-designate: o Update to version 8.0+git.1573597788.15b7984: * Update gerrit location (SOC-9140) Changes in ardana-extensions-example: o Switch to new Gerrit Server o Update to version 8.0+git.1534266307.db1ec28: * SCPL-409 Fix .gitreview for stable/pike Changes in ardana-extensions-nsx: o Update to version 8.0+git.1567529036.a41a037: * Update policy json templates for vmware-nsx (SOC-10254) o Switch to new Gerrit Server Changes in ardana-glance: o Update to version 8.0+git.1571846045.ab9e3ea: * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753) Changes in ardana-heat: o Update to version 8.0+git.1571777596.14dce6a: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in ardana-input-model: o Update to version 8.0+git.1582147997.b9ed134: * Enable port security extension neutron (SOC-11027) o Update to version 8.0+git.1573658751.38e822a: * Move manila share to controller (SOC-10938) Changes in ardana-ironic: o Update to version 8.0+git.1571845225.006843d: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in ardana-keystone: o Update to version 8.0+git.1573147067.09e3ea0: * enable debug and insecure_debug on demand (SOC-10934) Changes in ardana-logging: o Update to version 8.0+git.1572452293.e65d714: * use correct Keystone v3 params bsc#1117840 (SOC-9753) Changes in ardana-monasca: o Update to version 8.0+git.1572527728.9b34bdf: * use correct Keystone v3 params bsc#1117840 (SOC-9753) * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in ardana-monasca-transform: o Update to version 8.0+git.1571845965.97714fb: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in ardana-mq: o Update to version 8.0+git.1581024906.fbf0be3: * Ensure HA queue sync wait fails (SOC-11083) * Fix HA policy setting comments (SOC-10317, SOC-11082) o Update to version 8.0+git.1580853688.4e72fc1: * Set HA policy accordingly (SOC-10317, SOC-11082) o Update to version 8.0+git.1579014733.a855e3a: * Change the HA policy mirror (SOC-10317) Changes in ardana-neutron: o Update to version 8.0+git.1573050365.ff6fa06: * Kill dhclient before restarting neutron-openvswitch-agent (SOC-9230) o Update to version 8.0+git.1571846086.19cb7eb: * SCRD-4764 move v2.0 endpoints to v3 (SOC-9753) Changes in ardana-nova: o Update to version 8.0+git.1571846125.584d988: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in ardana-octavia: o Update to version 8.0+git.1575642049.1f321d0: * Change event_streamer_driver to noop (bsc#1154235) Changes in ardana-osconfig: o Update to version 8.0+git.1581015942.2d21e63: * Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351) o Update to version 8.0+git.1580469528.0ac2a8b: * Start OVS services before wicked service at boot (SOC-11067) Changes in ardana-tempest: o Update to version 8.0+git.1579261264.7dd213a: * Create network resources needed by some heat tests (SOC-7028) o Update to version 8.0+git.1573571182.8fa9823: * Restrore designate test (SOC-9753) o Update to version 8.0+git.1571846164.6279bc0: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in crowbar-core: o Update to version 5.0+git.1582968668.1a55c77c5: * Ignore CVE-2020-7595 in CI (bsc#1161517) o Update to version 5.0+git.1582543433.f71d39544: * Fix deployment queue display (SOC-10741) o Update to version 5.0+git.1580209640.80f2ba3d9: * network: start OVS before wickedd (SOC-11067) o Update to version 5.0+git.1579705862.220974047: * dns: add checks to designate migration (SOC-11047) o Update to version 5.0+git.1579271614.eac1c490c: * upgrade: Add the upgrade menu entry (SOC-11053) * upgrade: Fix upgrade link (SOC-11053) o Update to version 5.0+git.1578989446.a2d23b7e1: * Do not log an error for a case that is correct (trivial) o Update to version 5.0+git.1578472131.b88a31055: * apache2: Restart after enabling SSL flag (SOC-11029) o Update to version 5.0+git.1578295229.96952deab: * Avoid nil crash when provisioner attributes are not set (bsc#1160048) o Update to version 5.0+git.1578063264.d0223905b: * Ignore CVE-2019-16770 (SOC-10999) o Update to version 5.0+git.1576053049.a2f4c9820: * upgrade: Remove DRBD specific code from the preparation parts (SOC-10985) o Update to version 5.0+git.1575020613.fc167f4dc: * List XEN nodes when failing precheck (trivial) o Update to version 5.0+git.1574763025.0a6957f37: * Disable installation repository (bsc#1152007) * Disable automatic repo services (bsc#1152007) * Designate: Don't add the admin node to the public network (SOC-10658) o Update to version 5.0+git.1574715523.ee8e58f4b: * upgrade: Check the result after commiting proposal (noref) * upgrade: Do not try to disable services that might not exist (noref) o Update to version 5.0+git.1574667034.76644f658: * [upgrade] Remove existing upgrade directories from nodes (SOC-10956) o Update to version 5.0+git.1574348992.88de970a6: * [upgrade] Wait for keystone to be ready after start (bsc#1157206) o Update to version 5.0+git.1574270784.294f0e830: * upgrade: Ignore Cloud repository during repocheck (bsc#1152007) o Update to version 5.0+git.1574165163.52870c62e: * [upgrade] Call finalize_nodes_upgrade at the very end (bsc#1155942) o Update to version 5.0+git.1574103089.1fbb5a51d: * Ignore CVE-2019-13117 in CI builds (bsc#1157028) * upgrade: Make the time before next upgrade configurable (SOC-10955) * upgrade: Make sure cinder-volume is really stopped (bsc#1156305) o Update to version 5.0+git.1573110008.449237f0d: * Allow pacemaker remotes for upgrade (SOC-10133) * upgrade: Precheck for unsaved proposals (SOC-10912) o Update to version 5.0+git.1572880575.4a6efa3a1: * upgrade: Add a precheck for XEN compute nodes presence (SOC-10495) * upgrade: Reload repo config in repochecks (SOC-10718) o Update to version 5.0+git.1572097431.519baa552: * Ignore CVE-2017-1002201 in CI builds (bsc#1155089) o Update to version 5.0+git.1571210032.8648ab99c: * Revert "Use block-migration when needed" (SOC-10133) Changes in crowbar-ha: o Update to version 5.0+git.1574286229.e0364c3: * Drop g-haproxy location before group deletion (bsc#1156914) Changes in crowbar-openstack: o Update to version 5.0+git.1582911795.5081ef1da: * designate: Mark as user managed (SOC-10233) * Designate: make sure dns-server is active on a non-admin node (SOC-10636) o Update to version 5.0+git.1580549331.ba1e1a0a3: * [5.0] ec2-api: run keystone_register on cluster founder only (SOC-11079) o Update to version 5.0+git.1579182968.f54cfa8f5: * tempest: tempest run filters as templates (SOC-11052) o Update to version 5.0+git.1578515319.fdab3a0b2: * Install openstack client for neutron recipes (SOC-11039) o Update to version 5.0+git.1576764142.8efe58655: * Do not read data from barclamp that has not been saved (SOC-11028) o Update to version 5.0+git.1576666547.b7a0b8814: * Revert "Octavia: Hide UI until complete (SOC-10550)" o Update to version 5.0+git.1576250115.67b80cbca: * [5.0] tempest: Update default image on schema (SOC-11023) o Update to version 5.0+git.1576078873.ecc798ffe: * neutron: Revert remove .openrc creation from neutron cookbooks (SOC-10378) * keystone: Add OS_INTERFACE env var to .openrc (SOC-11006) o Update to version 5.0+git.1574927541.694ac3863: * designate: move keystone resource lookup to convergence (SOC-10887) o Update to version 5.0+git.1574769056.07a7c373e: * designate: declare all mdns servers as master on pool config (SOC-10952) * designate: add support for SSL (SOC-10877) * designate: change default configuration (SOC-10899) o Update to version 5.0+git.1574421761.ace345683: * Add tempest filter for designate (SOC-10288) o Update to version 5.0+git.1574359417.113b616b2: * horizon: install lbaas horizon dashboard (SOC-10883) o Update to version 5.0+git.1572937880.ffb86e88b: * Make sure the input file with ssh key exists (SOC-10133) o Update to version 5.0+git.1571764038.ad48726d6: * mysql: fix WSREP sync race (SOC-10717) * mysql: stop service for mysql_install_db (SOC-10717) * Do not use obsoleted --endpoint-type option with CLI o Update to version 5.0+git.1571323259.7402ef5eb: * [5.0] Tempest: blacklist test_volume_boot_pattern (SOC-10874) o Update to version 5.0+git.1571241534.f4af21325: * rabbitmq: fix migration 200 (SOC-10623) * Fix Cloud 8 no-op migrations (SOC-10623) * neutron-lbaas: remove loadbalancer/pool limit * [5.0] Configurable timeout for Galera pre-sync o Update to version 5.0+git.1571138324.edb9e8b56: * horizon: tighten check for existence of monasca while deploying grafana * monasca: improve detection if monasca-server is available * monasca: install agent before run setup monitors in server * Monasca: Handle node reinstall (jsc# SOC-10440, bsc#1148158 ) o Update to version 5.0+git.1570618886.06022a6ef: * glance: Set barbican auth endpoint (bsc#1123191, SOC-10844) * tempest: Add barbican run_filters from ardana (SOC-10844) * Fix nova tempest tests (SOC-9298, SOC-10844) o Update to version 5.0+git.1570505588.4bdc5aa6f: * No rndc key if no public DNS server (SOC-10835) Changes in crowbar-ui: o Update to version 1.2.0+git.1575896697.a01a3a08: * upgrade: Added missing error title * travis: Stop testing against nodejs4 o Update to version 1.2.0+git.1572871359.50fc6087: * Add title for XEN compute nodes precheck (SOC-10495) Changes in keepalived: o update to 2.0.19 o new BR pkgconfig(libnftnl) to fix nftables support o add nftables to the BR o added patch * linux-4.15.patch o add buildrequires for file-devel - used in the checker to verify scripts o enable json stats and config dump support new BR: pkgconfig(json-c) o enable http regexp support: new BR pcre2-devel o disable dbus instance creation support as it is marked as dangerous o Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. o full changelog https://keepalived.org/changelog.html Changes in mariadb: o update to 10.2.31 GA [bsc#1162388] * Fixes for the following security vulnerabilities: * 10.2.31: CVE-2020-2574 * 10.2.30: none * release notes and changelog: https://mariadb.com/kb/en/library/ mariadb-10231-release-notes https://mariadb.com/kb/en/library/ mariadb-10231-changelog https://mariadb.com/kb/en/library/ mariadb-10230-release-notes https://mariadb.com/kb/en/library/ mariadb-10230-changelog o refresh mariadb-10.1.12-deharcode-libdir.patch o remove mariadb-10.2.29-bufferoverflowstrncat.patch (upstreamed) o pack pam_user_map.so module in the /%{_lib}/security directory and user_map.conf configuration file in the /etc/security directory o fix race condition with mysql_upgrade_info status file by moving it to the location owned by root (/var/lib/misc) CVE-2019-18901 [bsc#1160895] o move .run-mysql_upgrade file from $datadir/.run-mysql_upgrade to /var/lib/ misc/.mariadb_run_upgrade so the mysql user can't use it for a symlink attack [bsc#1160912] o on BTRFS systems /var/lib/mysql is created as a subvolume with 755 permissions during the system installaion. Fix it to 700 as mysql_install_db doesn't do it [bsc#1077717] o add important options to mariadb.service and mariadb@.service (ProtectSystem, ProtectHome and UMask) [bsc#1160878] o mysql-systemd-helper: use systemd-tmpfiles instead of shell script operations for a cleaner and safer creating of /run/mysql [bsc#1160883] o update to 10.2.29 GA * Fixes for the following security vulnerabilities: * 10.2.29: none * 10.2.28: CVE-2019-2974, CVE-2019-2938 * 10.2.27: none * 10.2.26: CVE-2019-2805, CVE-2019-2740, CVE-2019-2739, CVE-2019-2737, CVE-2019-2758 * release notes and changelog: https://mariadb.com/kb/en/ library/mariadb-10229-release-notes https://mariadb.com/kb/en/library/ mariadb-10229-changelog https://mariadb.com/kb/en/library/ mariadb-10228-release-notes https://mariadb.com/kb/en/library/ mariadb-10228-changelog https://mariadb.com/kb/en/library/ mariadb-10227-release-notes https://mariadb.com/kb/en/library/ mariadb-10227-changelog https://mariadb.com/kb/en/library/ mariadb-10226-release-notes https://mariadb.com/kb/en/library/ mariadb-10226-changelog o refresh mariadb-10.0.15-logrotate-su.patch mariadb-10.2.4-logrotate.patch o add mariadb-10.2.29-bufferoverflowstrncat.patch to fix "Statement might be overflowing a buffer in strncat" error o tracker bug [bsc#1156669] o add main.gis_notembedded to the skipped tests (fails when latin1 is not set) Changes in openstack-cinder: o Update to version cinder-11.2.3.dev23: * Fix handling of 'cinder\ _encryption\_key\_id' image metadata o Update to version cinder-11.2.3.dev21: * Add retry to LVM deactivation o Update to version cinder-11.2.3.dev19: * Fix ceph: only close rbd image after snapshot iteration is finished o Update to version cinder-11.2.3.dev17: * Exclude disabled API versions from listing Changes in openstack-cinder: o Update to version cinder-11.2.3.dev23: * Fix handling of 'cinder\ _encryption\_key\_id' image metadata o Update to version cinder-11.2.3.dev21: * Add retry to LVM deactivation o Update to version cinder-11.2.3.dev19: * Fix ceph: only close rbd image after snapshot iteration is finished o Update to version cinder-11.2.3.dev17: * Exclude disabled API versions from listing Changes in openstack-dashboard: o Update to version horizon-12.0.5.dev2: * Use python 2.7 as the default interpreter in tox * OpenDev Migration Patch 12.0.4 Changes in openstack-dashboard-theme-SUSE: o Update to version 2017.2+git.1573629528.6b21fa5: * SCRD-7984 fixed help links Changes in openstack-heat: o Update to version heat-9.0.8.dev22: * Do deepcopy when copying templates o Update to version heat-9.0.8.dev21: * Set stack.thread\_group\_mgr for cancel\_update * Eliminate client race condition in convergence delete * Delete snapshots using contemporary resources o Update to version heat-9.0.8.dev15: * Unskip StackSnapshotRestoreTest o Update to version heat-9.0.8.dev14: * Fix translate tenants in flavor Changes in openstack-heat: o Update to version heat-9.0.8.dev22: * Do deepcopy when copying templates o Update to version heat-9.0.8.dev21: * Set stack.thread\_group\_mgr for cancel\_update * Eliminate client race condition in convergence delete * Delete snapshots using contemporary resources o Update to version heat-9.0.8.dev15: * Unskip StackSnapshotRestoreTest o Update to version heat-9.0.8.dev14: * Fix translate tenants in flavor Changes in openstack-heat-templates: o Update to version 0.0.0+git.1560033670.e3b5a52: * Add example for running Zun container * OpenDev Migration Patch * Replace openstack.org git:// URLs with https:// * Remove docs, deprecated hooks, tests * Update the bugs link to storyboard * Use octavia resources for autoscaling example * Fix the incorrect cirros default password Changes in openstack-horizon-plugin-designate-ui: o Update to version designate-dashboard-5.0.3.dev2: * Fix list zones updated at same time * OpenDev Migration Patch 5.0.2 Changes in openstack-horizon-plugin-neutron-lbaas-ui: o Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883) The .pyc file needs to be removed when the package is uninstalled, otherwise the panel will remain enabled in the dashboard and cause errors. Changes in openstack-ironic: o Update to version ironic-9.1.8.dev8: * Place upper bound on python-dracclient version Changes in openstack-ironic: o Update to version ironic-9.1.8.dev8: * Place upper bound on python-dracclient version Changes in openstack-keystone: o Update to version keystone-12.0.4.dev5: * Import LDAP job into project Changes in openstack-keystone: o Update to version keystone-12.0.4.dev5: * Import LDAP job into project Changes in openstack-monasca-agent: o Added dependency: * fdupes * pwdutils and shadow-utils for useradd/groupadd o added 0001-add-X.509-certificate-check-plugin.patch Changes in openstack-neutron: o Update to version neutron-11.0.9.dev60: * Set DB retry for quota\ _enforcement pecan\_wsgi hook o Update to version neutron-11.0.9.dev58: * don't clear skb mark when ovs is hw-offload enabled o Update to version neutron-11.0.9.dev57: * doc: add known limitation about attaching SR-IOV ports o Update to version neutron-11.0.9.dev56: * raise priority of dead vlan drop o Update to version neutron-11.0.9.dev54: * [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled o Update to version neutron-11.0.9.dev52: * Initialize phys bridges before setup\_rpc Changes in openstack-neutron: o Update neutron-ha-tool to latest version: * Add DHCP agent evacuation (SOC-11046) o Update to version neutron-11.0.9.dev60: * Set DB retry for quota\ _enforcement pecan\_wsgi hook o Update to version neutron-11.0.9.dev58: * don't clear skb mark when ovs is hw-offload enabled o neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/ o Update to version neutron-11.0.9.dev57: * doc: add known limitation about attaching SR-IOV ports o Update to version neutron-11.0.9.dev56: * raise priority of dead vlan drop o Update to version neutron-11.0.9.dev54: * [Unit tests] Skip TestWSGIServer with IPv6 if no IPv6 enabled o Update to version neutron-11.0.9.dev52: * Initialize phys bridges before setup\_rpc Changes in openstack-neutron-gbp: o Update to version group-based-policy-7.3.1.dev72: * Refactor static path code o Update to version group-based-policy-7.3.1.dev71: * Support named ip protocols for SecurityGroupRules o Update to version group-based-policy-7.3.1.dev70: * Allow both FIP and SNAT on a single port o Update to version group-based-policy-7.3.1.dev69: * Fix active-active AAP RPC query o Update to version group-based-policy-7.3.1.dev67: * [AIM] Add extra provided/consumed contracts to network extension o Update to version group-based-policy-7.3.1.dev66: * Active active AAP feature o Update to version group-based-policy-7.3.1.dev64: * Support cache option for legacy GBP driver o Update to version group-based-policy-7.3.1.dev63: * Fix host ID length in VM names table o Update to version group-based-policy-7.3.1.dev62: * Update\_proj\_descr in apic when project description is updated in os o Update to version group-based-policy-7.3.1.dev61: * Send port notifications when host\_route is getting updated * Provide a control knob to use the internal EP interface o Update to version group-based-policy-7.3.1.dev57: * Fix pep8 failures seen on submitted patches Changes in openstack-neutron-vsphere: o Update to version networking-vsphere-2.0.1.dev133: * Update to use Agent model from neutron.db.models * Fix neutron-dvs-agent startup errors * OpenDev Migration Patch o Remove 0001-fix-dvs-agent-config.patch as changes had been backported to stable/pike - See https://review.opendev.org/#/c/682482 Changes in openstack-nova: o Update to version nova-16.1.9.dev49: * Use stable constraint for Tempest pinned stable branches o Update to version nova-16.1.9.dev48: * Avoid redundant initialize\ _connection on source post live migration * Error out interrupted builds * Skip checking of target\_dev for vhostuser * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * Move restart\ _compute\_service to a common place * lxc: make use of filter python3 compatible * cleanup evacuated instances not on hypervisor * Delete resource providers for all nodes when deleting compute service o Update to version nova-16.1.9.dev30: * Explicitly fail if trying to attach SR-IOV port * Stabilize unshelve notification sample tests o Update to version nova-16.1.9.dev26: * Fix listing deleted servers with a marker * Add functional regression test for bug 1849409 o Update to version nova-16.1.9.dev22: * Hook resource\_tracker to remove stale node information o Update to version nova-16.1.9.dev20: * Workaround missing RequestSpec.instance\_group.uuid * Add regression recreate test for bug 1830747 o Update to version nova-16.1.9.dev16: * Changing scheduler sync event from INFO to DEBUG o Update to version nova-16.1.9.dev14: * Only nil az during shelve offload * Delete instance\_id\_mappings record in instance\_destroy o Update to version nova-16.1.9.dev11: * Revert "openstack server create" to "nova boot" in nova docs * doc: fix and clarify --block-device usage in user docs o Update to version nova-16.1.9.dev8: * Functional reproduce for bug 1852207 Changes in openstack-nova: o Update to version nova-16.1.9.dev49: * Use stable constraint for Tempest pinned stable branches o Update to version nova-16.1.9.dev48: * Avoid redundant initialize\ _connection on source post live migration * Error out interrupted builds * Skip checking of target\_dev for vhostuser * Functional reproduce for bug 1833581 * Prevent init\_host test to interfere with other tests * Add functional test for resize crash compute restart revert * Move restart\ _compute\_service to a common place * lxc: make use of filter python3 compatible * cleanup evacuated instances not on hypervisor * Delete resource providers for all nodes when deleting compute service o Update to version nova-16.1.9.dev30: * Explicitly fail if trying to attach SR-IOV port * Stabilize unshelve notification sample tests o Update to version nova-16.1.9.dev26: * Fix listing deleted servers with a marker * Add functional regression test for bug 1849409 o Update to version nova-16.1.9.dev22: * Hook resource\_tracker to remove stale node information o Update to version nova-16.1.9.dev20: * Workaround missing RequestSpec.instance\_group.uuid * Add regression recreate test for bug 1830747 o Update to version nova-16.1.9.dev16: * Changing scheduler sync event from INFO to DEBUG o Update to version nova-16.1.9.dev14: * Only nil az during shelve offload * Delete instance\_id\_mappings record in instance\_destroy o Update to version nova-16.1.9.dev11: * Revert "openstack server create" to "nova boot" in nova docs * doc: fix and clarify --block-device usage in user docs o Update to version nova-16.1.9.dev8: * Functional reproduce for bug 1852207 Changes in openstack-octavia: o Update to version octavia-1.0.6.dev3: * Fix urgent amphora two-way auth security bug Changes in openstack-octavia-amphora-image: o Update image to 0.1.2 to include udated keepalived 2.0.19 o Update image to 0.1.1 to include latest changes o Add keepalived service Changes in openstack-resource-agents: o Update to version 1.0+git.1569436425.8b9c49f: * Add a configurable delay to Nova Evacuate calls * OpenDev Migration Patch * NovaEvacuate: fix a syntax error * NovaEvacuate: Support the new split-out IHA fence agents with backwards compatibility * NovaEvacuate: Correctly handle stopped hypervisors * neutron-ha-tool: do not replicate dhcp * NovaCompute: Support parsing host option from /etc/nova/nova.conf.d * NovaCompute: Use variable to avoid calling crudini a second time * NovaEvacuate: Allow debug logging to be turned on easily Changes in openstack-sahara: o Update to version sahara-7.0.5.dev4: * Run sahara-scenario using Python 3 * Enforce python 2 for documentation build * Fix requirements(bandit) * OpenDev Migration Patch 7.0.4 Changes in openstack-sahara: o Update to version sahara-7.0.5.dev4: * Run sahara-scenario using Python 3 * Enforce python 2 for documentation build * Fix requirements (bandit) * OpenDev Migration Patch 7.0.4 Changes in openstack-trove: o Update to version trove-8.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 8.0.1 Changes in openstack-trove: o Update to version trove-8.0.2.dev2: * Add local bindep.txt * OpenDev Migration Patch 8.0.1 Changes in python-cinderlm: o Update to version 0.0.2+git.1571845893.27f0b7b: * SCRD-4764 remove V2.0 auth end points (SOC-9753) Changes in python-congressclient: o update to version 1.8.1 - Update .gitreview for stable/pike - Update UPPER_CONSTRAINTS_FILE for stable/pike - import zuul job settings from project-config - Updated from global requirements Changes in python-designateclient: o update to version 2.7.1 - Update .gitreview for stable/pike - Updated from global requirements - import zuul job settings from project-config - Update UPPER_CONSTRAINTS_FILE for stable/pike - server-get/update show wrong values about 'id' and 'update_at' Changes in python-ironic-lib: o update to version 2.10.2 - Replace openstack.org git:// URLs with https:// - Make search for config drive partition case insensitive - Revert "Use dd conv=sparse when writing images to nodes" - Check GPT table with sgdisk insread of partprobe - Avoid tox_install.sh for constraints support - Fix GPT bug with whole disk images - import zuul job settings from project-config Changes in python-networking-cisco: o Update to version networking-cisco-6.1.1.dev65: * Nexus: Add CA Bundle path to https doc * Improve Nexus Ironic related doc and logs * Upgrade release notes to include Tripleo/puppet * Fix socket not closed errors in unit test logs * Add release note about adding support for Rocky OpenStack * Update publish-openstack-python-branch-tarball job * Remove MultiConfigParser from SAF application * More fixes for networking\_cisco rocky support * Remove MultiConfigParser from the device manger config loader * Ensure CFG agent is started after neutron config is written * Removed older version of python added 3.5 * Begin process of supporting neutron Rocky * Typo in tar command in doc install guide * Add cisco providernet extension to Nexus doc * Add missing policy to fix stable/queens unit tests * Pin stestr version (1.1.0) for Mitaka * Fix places in ucsm network driver using .ucsm instead of .ucsms * Fix doc build under python3 * Fix mitaka bug with NeutronWorker missing parameter * Eliminate 30 sec delay for Nexus replay thread * Fix foreign key constraint violation while creating primary key with subnet\_id * Put upper constraint on ncclient version to prevent breakages * Improvements to the networking-cisco zuul jobs * Remove deprecated host/ interface map config * Include device manager configuration file when starting config agent * Fix pep8 and other tox environments locally * Add rocky to CI * Add bandit to tox and resolve Nexus SA errors * Deprecate old ML2 Nexus/UCSM documentation file * Secure Nexus https certificates by default o Add tempest_plugin subpackage Changes in python-osc-lib: o update to version 1.7.1 - import zuul job settings from project-config - Update UPPER_CONSTRAINTS_FILE for stable/pike - Updated from global requirements - Update .gitreview for stable/pike - Avoid tox_install.sh for constraints support Changes iython-oslo.context: o update to version 2.17.2 - Fix sphinx-docs job for stable branch - import zuul job settings from project-config Changes in python-oslo.rootwrap: o update to version 5.9.3 - Avoid tox_install.sh for constraints support - Follow the new PTI for document build - import zuul job settings from project-config Changes in python-oslo.serialization: o update to version 2.20.3 - import zuul job settings from project-config - Fix sphinx-docs job for stable branch Changes in python-oslo.service: o update to version 1.25.2 - import zuul job settings from project-config - Fix sphinx-docs job for stable branch Changes in python-stevedore: o update to version 1.25.2 - move doc requirements to doc/requirements.txt - Use stable branch for upper-constraints - remove duplicate sphinx dependency - Avoid tox_install.sh for constraints support - import zuul job settings from project-config Changes in python-taskflow: o update to version 2.14.2 - don't let tox_install.sh error if there is nothing to do - import zuul job settings from project-config - Updated from global requirements - Use doc/requirements.txt Changes in rubygem-crowbar-client: o Update to 3.9.1 - Fix repocheck table output (SOC-10718) - Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954) Changes in rubygem-puma: o Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This patch fixes a DoS vulnerability a malicious client could use to block a large amount of threads. Changes in venv-openstack-swift: o Fix lower version numver after inheriting the version from main component (SCRD-8523) o Revert: "Inherit version number of venv from main component (SCRD-8523)" as zypper reports the new version number as older than what is released o Inherit version number of venv from main component (SCRD-8523) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 8: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-640=1 o SUSE OpenStack Cloud 8: zypper in -t patch SUSE-OpenStack-Cloud-8-2020-640=1 o HPE Helion Openstack 8: zypper in -t patch HPE-Helion-OpenStack-8-2020-640=1 Package List: o SUSE OpenStack Cloud Crowbar 8 (x86_64): crowbar-core-5.0+git.1582968668.1a55c77c5-3.35.4 crowbar-core-branding-upstream-5.0+git.1582968668.1a55c77c5-3.35.4 keepalived-2.0.19-3.6.3 keepalived-debuginfo-2.0.19-3.6.3 keepalived-debugsource-2.0.19-3.6.3 mariadb-10.2.31-4.17.3 mariadb-client-10.2.31-4.17.3 mariadb-client-debuginfo-10.2.31-4.17.3 mariadb-debuginfo-10.2.31-4.17.3 mariadb-debugsource-10.2.31-4.17.3 mariadb-galera-10.2.31-4.17.3 mariadb-tools-10.2.31-4.17.3 mariadb-tools-debuginfo-10.2.31-4.17.3 ruby2.1-rubygem-crowbar-client-3.9.1-3.9.3 ruby2.1-rubygem-puma-2.16.0-3.3.3 ruby2.1-rubygem-puma-debuginfo-2.16.0-3.3.3 rubygem-puma-debugsource-2.16.0-3.3.3 o SUSE OpenStack Cloud Crowbar 8 (noarch): crowbar-ha-5.0+git.1574286229.e0364c3-3.29.3 crowbar-openstack-5.0+git.1582911795.5081ef1da-4.34.3 crowbar-ui-1.2.0+git.1575896697.a01a3a08-3.15.3 mariadb-errormessages-10.2.31-4.17.3 openstack-cinder-11.2.3~dev23-3.24.4 openstack-cinder-api-11.2.3~dev23-3.24.4 openstack-cinder-backup-11.2.3~dev23-3.24.4 openstack-cinder-doc-11.2.3~dev23-3.24.3 openstack-cinder-scheduler-11.2.3~dev23-3.24.4 openstack-cinder-volume-11.2.3~dev23-3.24.4 openstack-dashboard-12.0.5~dev2-3.23.4 openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3 openstack-heat-9.0.8~dev22-3.27.4 openstack-heat-api-9.0.8~dev22-3.27.4 openstack-heat-api-cfn-9.0.8~dev22-3.27.4 openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4 openstack-heat-doc-9.0.8~dev22-3.27.3 openstack-heat-engine-9.0.8~dev22-3.27.4 openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4 openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3 openstack-heat-test-9.0.8~dev22-3.27.4 openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 openstack-ironic-9.1.8~dev8-3.24.4 openstack-ironic-api-9.1.8~dev8-3.24.4 openstack-ironic-conductor-9.1.8~dev8-3.24.4 openstack-ironic-doc-9.1.8~dev8-3.24.3 openstack-keystone-12.0.4~dev5-5.30.4 openstack-keystone-doc-12.0.4~dev5-5.30.3 openstack-monasca-agent-2.2.5~dev5-3.15.2 openstack-neutron-11.0.9~dev60-3.27.4 openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4 openstack-neutron-doc-11.0.9~dev60-3.27.3 openstack-neutron-gbp-7.3.1~dev72-3.12.3 openstack-neutron-ha-tool-11.0.9~dev60-3.27.4 openstack-neutron-l3-agent-11.0.9~dev60-3.27.4 openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4 openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4 openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4 openstack-neutron-metering-agent-11.0.9~dev60-3.27.4 openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4 openstack-neutron-server-11.0.9~dev60-3.27.4 openstack-neutron-vsphere-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3 openstack-nova-16.1.9~dev49-3.32.4 openstack-nova-api-16.1.9~dev49-3.32.4 openstack-nova-cells-16.1.9~dev49-3.32.4 openstack-nova-compute-16.1.9~dev49-3.32.4 openstack-nova-conductor-16.1.9~dev49-3.32.4 openstack-nova-console-16.1.9~dev49-3.32.4 openstack-nova-consoleauth-16.1.9~dev49-3.32.4 openstack-nova-doc-16.1.9~dev49-3.32.3 openstack-nova-novncproxy-16.1.9~dev49-3.32.4 openstack-nova-placement-api-16.1.9~dev49-3.32.4 openstack-nova-scheduler-16.1.9~dev49-3.32.4 openstack-nova-serialproxy-16.1.9~dev49-3.32.4 openstack-nova-vncproxy-16.1.9~dev49-3.32.4 openstack-octavia-1.0.6~dev3-4.21.3 openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3 openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3 openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3 openstack-octavia-api-1.0.6~dev3-4.21.3 openstack-octavia-health-manager-1.0.6~dev3-4.21.3 openstack-octavia-housekeeping-1.0.6~dev3-4.21.3 openstack-octavia-worker-1.0.6~dev3-4.21.3 openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3 openstack-sahara-7.0.5~dev4-3.12.4 openstack-sahara-api-7.0.5~dev4-3.12.4 openstack-sahara-doc-7.0.5~dev4-3.12.3 openstack-sahara-engine-7.0.5~dev4-3.12.4 openstack-trove-8.0.2~dev2-3.12.3 openstack-trove-api-8.0.2~dev2-3.12.3 openstack-trove-conductor-8.0.2~dev2-3.12.3 openstack-trove-doc-8.0.2~dev2-3.12.3 openstack-trove-guestagent-8.0.2~dev2-3.12.3 openstack-trove-taskmanager-8.0.2~dev2-3.12.3 python-cinder-11.2.3~dev23-3.24.4 python-congressclient-1.8.1-3.3.4 python-designateclient-2.7.1-3.3.4 python-designateclient-doc-2.7.1-3.3.4 python-freezegun-0.3.9-1.3.3 python-heat-9.0.8~dev22-3.27.4 python-horizon-12.0.5~dev2-3.23.4 python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 python-ironic-9.1.8~dev8-3.24.4 python-ironic-lib-2.10.2-3.3.3 python-keystone-12.0.4~dev5-5.30.4 python-monasca-agent-2.2.5~dev5-3.15.2 python-networking-cisco-6.1.1~dev65-3.3.3 python-networking-vsphere-2.0.1~dev133-3.12.3 python-neutron-11.0.9~dev60-3.27.4 python-neutron-gbp-7.3.1~dev72-3.12.3 python-nova-16.1.9~dev49-3.32.4 python-octavia-1.0.6~dev3-4.21.3 python-osc-lib-1.7.1-3.3.3 python-oslo.context-2.17.2-3.3.3 python-oslo.rootwrap-5.9.3-3.3.3 python-oslo.serialization-2.20.3-3.3.3 python-oslo.service-1.25.2-3.3.3 python-sahara-7.0.5~dev4-3.12.4 python-stevedore-1.25.2-3.3.3 python-taskflow-2.14.2-3.3.3 python-trove-8.0.2~dev2-3.12.3 o SUSE OpenStack Cloud 8 (x86_64): keepalived-2.0.19-3.6.3 keepalived-debuginfo-2.0.19-3.6.3 keepalived-debugsource-2.0.19-3.6.3 mariadb-10.2.31-4.17.3 mariadb-client-10.2.31-4.17.3 mariadb-client-debuginfo-10.2.31-4.17.3 mariadb-debuginfo-10.2.31-4.17.3 mariadb-debugsource-10.2.31-4.17.3 mariadb-galera-10.2.31-4.17.3 mariadb-tools-10.2.31-4.17.3 mariadb-tools-debuginfo-10.2.31-4.17.3 o SUSE OpenStack Cloud 8 (noarch): ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3 ardana-cobbler-8.0+git.1575037115.0326803-3.41.3 ardana-designate-8.0+git.1573597788.15b7984-3.17.3 ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3 ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4 ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3 ardana-heat-8.0+git.1571777596.14dce6a-3.15.3 ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3 ardana-ironic-8.0+git.1571845225.006843d-3.9.3 ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3 ardana-logging-8.0+git.1572452293.e65d714-3.21.3 ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3 ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3 ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3 ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3 ardana-nova-8.0+git.1571846125.584d988-3.38.3 ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3 ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3 ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3 mariadb-errormessages-10.2.31-4.17.3 openstack-cinder-11.2.3~dev23-3.24.4 openstack-cinder-api-11.2.3~dev23-3.24.4 openstack-cinder-backup-11.2.3~dev23-3.24.4 openstack-cinder-doc-11.2.3~dev23-3.24.3 openstack-cinder-scheduler-11.2.3~dev23-3.24.4 openstack-cinder-volume-11.2.3~dev23-3.24.4 openstack-dashboard-12.0.5~dev2-3.23.4 openstack-dashboard-theme-SUSE-2017.2+git.1573629528.6b21fa5-7.14.3 openstack-heat-9.0.8~dev22-3.27.4 openstack-heat-api-9.0.8~dev22-3.27.4 openstack-heat-api-cfn-9.0.8~dev22-3.27.4 openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4 openstack-heat-doc-9.0.8~dev22-3.27.3 openstack-heat-engine-9.0.8~dev22-3.27.4 openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4 openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3 openstack-heat-test-9.0.8~dev22-3.27.4 openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 openstack-ironic-9.1.8~dev8-3.24.4 openstack-ironic-api-9.1.8~dev8-3.24.4 openstack-ironic-conductor-9.1.8~dev8-3.24.4 openstack-ironic-doc-9.1.8~dev8-3.24.3 openstack-keystone-12.0.4~dev5-5.30.4 openstack-keystone-doc-12.0.4~dev5-5.30.3 openstack-monasca-agent-2.2.5~dev5-3.15.2 openstack-neutron-11.0.9~dev60-3.27.4 openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4 openstack-neutron-doc-11.0.9~dev60-3.27.3 openstack-neutron-gbp-7.3.1~dev72-3.12.3 openstack-neutron-ha-tool-11.0.9~dev60-3.27.4 openstack-neutron-l3-agent-11.0.9~dev60-3.27.4 openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4 openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4 openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4 openstack-neutron-metering-agent-11.0.9~dev60-3.27.4 openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4 openstack-neutron-server-11.0.9~dev60-3.27.4 openstack-neutron-vsphere-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3 openstack-nova-16.1.9~dev49-3.32.4 openstack-nova-api-16.1.9~dev49-3.32.4 openstack-nova-cells-16.1.9~dev49-3.32.4 openstack-nova-compute-16.1.9~dev49-3.32.4 openstack-nova-conductor-16.1.9~dev49-3.32.4 openstack-nova-console-16.1.9~dev49-3.32.4 openstack-nova-consoleauth-16.1.9~dev49-3.32.4 openstack-nova-doc-16.1.9~dev49-3.32.3 openstack-nova-novncproxy-16.1.9~dev49-3.32.4 openstack-nova-placement-api-16.1.9~dev49-3.32.4 openstack-nova-scheduler-16.1.9~dev49-3.32.4 openstack-nova-serialproxy-16.1.9~dev49-3.32.4 openstack-nova-vncproxy-16.1.9~dev49-3.32.4 openstack-octavia-1.0.6~dev3-4.21.3 openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3 openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3 openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3 openstack-octavia-api-1.0.6~dev3-4.21.3 openstack-octavia-health-manager-1.0.6~dev3-4.21.3 openstack-octavia-housekeeping-1.0.6~dev3-4.21.3 openstack-octavia-worker-1.0.6~dev3-4.21.3 openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3 openstack-sahara-7.0.5~dev4-3.12.4 openstack-sahara-api-7.0.5~dev4-3.12.4 openstack-sahara-doc-7.0.5~dev4-3.12.3 openstack-sahara-engine-7.0.5~dev4-3.12.4 openstack-trove-8.0.2~dev2-3.12.3 openstack-trove-api-8.0.2~dev2-3.12.3 openstack-trove-conductor-8.0.2~dev2-3.12.3 openstack-trove-doc-8.0.2~dev2-3.12.3 openstack-trove-guestagent-8.0.2~dev2-3.12.3 openstack-trove-taskmanager-8.0.2~dev2-3.12.3 python-cinder-11.2.3~dev23-3.24.4 python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3 python-congressclient-1.8.1-3.3.4 python-designateclient-2.7.1-3.3.4 python-designateclient-doc-2.7.1-3.3.4 python-freezegun-0.3.9-1.3.3 python-heat-9.0.8~dev22-3.27.4 python-horizon-12.0.5~dev2-3.23.4 python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 python-ironic-9.1.8~dev8-3.24.4 python-ironic-lib-2.10.2-3.3.3 python-keystone-12.0.4~dev5-5.30.4 python-monasca-agent-2.2.5~dev5-3.15.2 python-networking-cisco-6.1.1~dev65-3.3.3 python-networking-vsphere-2.0.1~dev133-3.12.3 python-neutron-11.0.9~dev60-3.27.4 python-neutron-gbp-7.3.1~dev72-3.12.3 python-nova-16.1.9~dev49-3.32.4 python-octavia-1.0.6~dev3-4.21.3 python-osc-lib-1.7.1-3.3.3 python-oslo.context-2.17.2-3.3.3 python-oslo.rootwrap-5.9.3-3.3.3 python-oslo.serialization-2.20.3-3.3.3 python-oslo.service-1.25.2-3.3.3 python-sahara-7.0.5~dev4-3.12.4 python-stevedore-1.25.2-3.3.3 python-taskflow-2.14.2-3.3.3 python-trove-8.0.2~dev2-3.12.3 venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2 venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2 venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2 venv-openstack-horizon-x86_64-12.0.5~dev2-14.28.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2 venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2 venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2 venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2 venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2 venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3 venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2 o HPE Helion Openstack 8 (noarch): ardana-cinder-8.0+git.1579279939.ee7da88-3.39.3 ardana-cobbler-8.0+git.1575037115.0326803-3.41.3 ardana-designate-8.0+git.1573597788.15b7984-3.17.3 ardana-extensions-example-8.0+git.1534266307.db1ec28-3.3.3 ardana-extensions-nsx-8.0+git.1567529036.a41a037-3.6.4 ardana-glance-8.0+git.1571846045.ab9e3ea-3.20.3 ardana-heat-8.0+git.1571777596.14dce6a-3.15.3 ardana-input-model-8.0+git.1582147997.b9ed134-3.36.3 ardana-ironic-8.0+git.1571845225.006843d-3.9.3 ardana-keystone-8.0+git.1573147067.09e3ea0-3.27.3 ardana-logging-8.0+git.1572452293.e65d714-3.21.3 ardana-monasca-8.0+git.1572527728.9b34bdf-3.21.3 ardana-monasca-transform-8.0+git.1571845965.97714fb-3.12.3 ardana-mq-8.0+git.1581024906.fbf0be3-3.16.3 ardana-neutron-8.0+git.1573050365.ff6fa06-3.36.3 ardana-nova-8.0+git.1571846125.584d988-3.38.3 ardana-octavia-8.0+git.1575642049.1f321d0-3.23.3 ardana-osconfig-8.0+git.1581015942.2d21e63-3.42.3 ardana-tempest-8.0+git.1579261264.7dd213a-3.30.3 mariadb-errormessages-10.2.31-4.17.3 openstack-cinder-11.2.3~dev23-3.24.4 openstack-cinder-api-11.2.3~dev23-3.24.4 openstack-cinder-backup-11.2.3~dev23-3.24.4 openstack-cinder-doc-11.2.3~dev23-3.24.3 openstack-cinder-scheduler-11.2.3~dev23-3.24.4 openstack-cinder-volume-11.2.3~dev23-3.24.4 openstack-dashboard-12.0.5~dev2-3.23.4 openstack-heat-9.0.8~dev22-3.27.4 openstack-heat-api-9.0.8~dev22-3.27.4 openstack-heat-api-cfn-9.0.8~dev22-3.27.4 openstack-heat-api-cloudwatch-9.0.8~dev22-3.27.4 openstack-heat-doc-9.0.8~dev22-3.27.3 openstack-heat-engine-9.0.8~dev22-3.27.4 openstack-heat-plugin-heat_docker-9.0.8~dev22-3.27.4 openstack-heat-templates-0.0.0+git.1560033670.e3b5a52-3.12.3 openstack-heat-test-9.0.8~dev22-3.27.4 openstack-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 openstack-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 openstack-ironic-9.1.8~dev8-3.24.4 openstack-ironic-api-9.1.8~dev8-3.24.4 openstack-ironic-conductor-9.1.8~dev8-3.24.4 openstack-ironic-doc-9.1.8~dev8-3.24.3 openstack-keystone-12.0.4~dev5-5.30.4 openstack-keystone-doc-12.0.4~dev5-5.30.3 openstack-monasca-agent-2.2.5~dev5-3.15.2 openstack-neutron-11.0.9~dev60-3.27.4 openstack-neutron-dhcp-agent-11.0.9~dev60-3.27.4 openstack-neutron-doc-11.0.9~dev60-3.27.3 openstack-neutron-gbp-7.3.1~dev72-3.12.3 openstack-neutron-ha-tool-11.0.9~dev60-3.27.4 openstack-neutron-l3-agent-11.0.9~dev60-3.27.4 openstack-neutron-linuxbridge-agent-11.0.9~dev60-3.27.4 openstack-neutron-macvtap-agent-11.0.9~dev60-3.27.4 openstack-neutron-metadata-agent-11.0.9~dev60-3.27.4 openstack-neutron-metering-agent-11.0.9~dev60-3.27.4 openstack-neutron-openvswitch-agent-11.0.9~dev60-3.27.4 openstack-neutron-server-11.0.9~dev60-3.27.4 openstack-neutron-vsphere-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-doc-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-dvs-agent-2.0.1~dev133-3.12.3 openstack-neutron-vsphere-ovsvapp-agent-2.0.1~dev133-3.12.3 openstack-nova-16.1.9~dev49-3.32.4 openstack-nova-api-16.1.9~dev49-3.32.4 openstack-nova-cells-16.1.9~dev49-3.32.4 openstack-nova-compute-16.1.9~dev49-3.32.4 openstack-nova-conductor-16.1.9~dev49-3.32.4 openstack-nova-console-16.1.9~dev49-3.32.4 openstack-nova-consoleauth-16.1.9~dev49-3.32.4 openstack-nova-doc-16.1.9~dev49-3.32.3 openstack-nova-novncproxy-16.1.9~dev49-3.32.4 openstack-nova-placement-api-16.1.9~dev49-3.32.4 openstack-nova-scheduler-16.1.9~dev49-3.32.4 openstack-nova-serialproxy-16.1.9~dev49-3.32.4 openstack-nova-vncproxy-16.1.9~dev49-3.32.4 openstack-octavia-1.0.6~dev3-4.21.3 openstack-octavia-amphora-agent-1.0.6~dev3-4.21.3 openstack-octavia-amphora-image-debugsource-0.1.2-3.9.3 openstack-octavia-amphora-image-x86_64-0.1.2-3.9.3 openstack-octavia-api-1.0.6~dev3-4.21.3 openstack-octavia-health-manager-1.0.6~dev3-4.21.3 openstack-octavia-housekeeping-1.0.6~dev3-4.21.3 openstack-octavia-worker-1.0.6~dev3-4.21.3 openstack-resource-agents-1.0+git.1569436425.8b9c49f-3.3.3 openstack-sahara-7.0.5~dev4-3.12.4 openstack-sahara-api-7.0.5~dev4-3.12.4 openstack-sahara-doc-7.0.5~dev4-3.12.3 openstack-sahara-engine-7.0.5~dev4-3.12.4 openstack-trove-8.0.2~dev2-3.12.3 openstack-trove-api-8.0.2~dev2-3.12.3 openstack-trove-conductor-8.0.2~dev2-3.12.3 openstack-trove-doc-8.0.2~dev2-3.12.3 openstack-trove-guestagent-8.0.2~dev2-3.12.3 openstack-trove-taskmanager-8.0.2~dev2-3.12.3 python-cinder-11.2.3~dev23-3.24.4 python-cinderlm-0.0.2+git.1571845893.27f0b7b-3.9.3 python-congressclient-1.8.1-3.3.4 python-designateclient-2.7.1-3.3.4 python-designateclient-doc-2.7.1-3.3.4 python-heat-9.0.8~dev22-3.27.4 python-horizon-12.0.5~dev2-3.23.4 python-horizon-plugin-designate-ui-5.0.3~dev2-3.9.3 python-horizon-plugin-neutron-lbaas-ui-3.0.3~dev5-3.14.3 python-ironic-9.1.8~dev8-3.24.4 python-ironic-lib-2.10.2-3.3.3 python-keystone-12.0.4~dev5-5.30.4 python-monasca-agent-2.2.5~dev5-3.15.2 python-networking-cisco-6.1.1~dev65-3.3.3 python-networking-vsphere-2.0.1~dev133-3.12.3 python-neutron-11.0.9~dev60-3.27.4 python-neutron-gbp-7.3.1~dev72-3.12.3 python-nova-16.1.9~dev49-3.32.4 python-octavia-1.0.6~dev3-4.21.3 python-osc-lib-1.7.1-3.3.3 python-oslo.context-2.17.2-3.3.3 python-oslo.rootwrap-5.9.3-3.3.3 python-oslo.serialization-2.20.3-3.3.3 python-oslo.service-1.25.2-3.3.3 python-sahara-7.0.5~dev4-3.12.4 python-stevedore-1.25.2-3.3.3 python-taskflow-2.14.2-3.3.3 python-trove-8.0.2~dev2-3.12.3 venv-openstack-aodh-x86_64-5.1.1~dev7-12.22.2 venv-openstack-barbican-x86_64-5.0.2~dev3-12.23.2 venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.20.2 venv-openstack-cinder-x86_64-11.2.3~dev23-14.23.2 venv-openstack-designate-x86_64-5.0.3~dev7-12.21.2 venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.18.2 venv-openstack-glance-x86_64-15.0.3~dev3-12.21.2 venv-openstack-heat-x86_64-9.0.8~dev22-12.23.2 venv-openstack-horizon-hpe-x86_64-12.0.5~dev2-14.28.2 venv-openstack-ironic-x86_64-9.1.8~dev8-12.23.2 venv-openstack-keystone-x86_64-12.0.4~dev5-11.24.2 venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.22.2 venv-openstack-manila-x86_64-5.1.1~dev2-12.25.2 venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.18.2 venv-openstack-monasca-x86_64-2.2.2~dev1-11.20.2 venv-openstack-murano-x86_64-4.0.2~dev2-12.18.2 venv-openstack-neutron-x86_64-11.0.9~dev60-13.26.2 venv-openstack-nova-x86_64-16.1.9~dev49-11.24.2 venv-openstack-octavia-x86_64-1.0.6~dev3-12.23.2 venv-openstack-sahara-x86_64-7.0.5~dev4-11.22.2 venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.16.3 venv-openstack-trove-x86_64-8.0.2~dev2-11.22.2 o HPE Helion Openstack 8 (x86_64): keepalived-2.0.19-3.6.3 keepalived-debuginfo-2.0.19-3.6.3 keepalived-debugsource-2.0.19-3.6.3 mariadb-10.2.31-4.17.3 mariadb-client-10.2.31-4.17.3 mariadb-client-debuginfo-10.2.31-4.17.3 mariadb-debuginfo-10.2.31-4.17.3 mariadb-debugsource-10.2.31-4.17.3 mariadb-galera-10.2.31-4.17.3 mariadb-tools-10.2.31-4.17.3 mariadb-tools-debuginfo-10.2.31-4.17.3 References: o https://www.suse.com/security/cve/CVE-2017-1002201.html o https://www.suse.com/security/cve/CVE-2018-17954.html o https://www.suse.com/security/cve/CVE-2019-13117.html o https://www.suse.com/security/cve/CVE-2019-16770.html o https://www.suse.com/security/cve/CVE-2019-18901.html o https://www.suse.com/security/cve/CVE-2019-2737.html o https://www.suse.com/security/cve/CVE-2019-2739.html o https://www.suse.com/security/cve/CVE-2019-2740.html o https://www.suse.com/security/cve/CVE-2019-2758.html o https://www.suse.com/security/cve/CVE-2019-2805.html o https://www.suse.com/security/cve/CVE-2019-2938.html o https://www.suse.com/security/cve/CVE-2019-2974.html o https://www.suse.com/security/cve/CVE-2020-2574.html o https://www.suse.com/security/cve/CVE-2020-7595.html o https://bugzilla.suse.com/1077717 o https://bugzilla.suse.com/1117080 o https://bugzilla.suse.com/1117840 o https://bugzilla.suse.com/1123191 o https://bugzilla.suse.com/1148158 o https://bugzilla.suse.com/1152007 o https://bugzilla.suse.com/1154235 o https://bugzilla.suse.com/1155089 o https://bugzilla.suse.com/1155942 o https://bugzilla.suse.com/1156305 o https://bugzilla.suse.com/1156669 o https://bugzilla.suse.com/1156914 o https://bugzilla.suse.com/1157028 o https://bugzilla.suse.com/1157206 o https://bugzilla.suse.com/1157482 o https://bugzilla.suse.com/1158675 o https://bugzilla.suse.com/1160048 o https://bugzilla.suse.com/1160878 o https://bugzilla.suse.com/1160883 o https://bugzilla.suse.com/1160895 o https://bugzilla.suse.com/1160912 o https://bugzilla.suse.com/1161351 o https://bugzilla.suse.com/1161517 o https://bugzilla.suse.com/1162388 - -------------------------------------------------------------------------------- SUSE Security Update: Security update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, ______________________________________________________________________________ Announcement ID: SUSE-SU-2020:0642-1 Rating: important References: #1117080 #1152007 #1154235 #1156305 #1156914 #1157028 #1157206 #1157482 #1158581 #1158675 #1161351 #1161721 Cross-References: CVE-2018-17954 CVE-2019-13117 CVE-2019-16770 Affected Products: SUSE OpenStack Cloud Crowbar 9 SUSE OpenStack Cloud 9 ______________________________________________________________________________ venv-openstack-horizon An update that solves three vulnerabilities and has 9 fixes is now available. Description: This update for ardana-ansible, ardana-cinder, ardana-cobbler, ardana-db, ardana-horizon, ardana-input-model, ardana-monasca, ardana-mq, ardana-nova, ardana-octavia, ardana-osconfig, ardana-tempest, ardana-tls, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, keepalived, openstack-barbican, openstack-ceilometer, openstack-cinder, openstack-dashboard, openstack-dashboard-theme-SUSE, openstack-designate, openstack-heat, openstack-horizon-plugin-designate-ui, openstack-horizon-plugin-ironic-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-octavia-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-monasca-agent, openstack-neutron, openstack-neutron-fwaas, openstack-neutron-gbp, openstack-neutron-vpnaas, openstack-nova, openstack-octavia, openstack-octavia-amphora-image, openstack-sahara, openstack-swift, python-amqp, python-ironic-lib, python-keystoneauth1, python-keystoneclient, python-keystonemiddleware, python-ovs, supportutils-plugin-suse-openstack-cloud, rubygem-crowbar-client, rubygem-puma, venv-openstack-horizon fixes the following issues: Security issues fixed: o CVE-2018-17954: Enabled restricted commands for Cloud 8 (bsc#1117080). o CVE-2019-16770: Fixed a DoS vulnerability a malicious client could use to block a large amount of threads (bsc#1158675). Non-security issues fixed: Changes in ardana-ansible: o Update to version 9.0+git.1581611758.f694f7d: * Don't run deprecated-vhost-removal on localhost (SOC-11098) o Update to version 9.0+git.1580906085.40eb430: * simplify glance image upload (SOC-11089) o Update to version 9.0+git.1580220034.3236aa5: * Ensure rabbitmq-server started after packages updated (SOC-11070) o Update to version 9.0+git.1576060554.bdd84e6: * Fix grep for image details on service-guest-image (SOC-11012) Changes in ardana-cinder: o Update to version 9.0+git.1579256229.c8b4b38: * Add option to flatten snapshots when using SES (SOC-11054) o Update to version 9.0+git.1574694613.04a8b74: * Ensure nfs-client installed for NetApp support (SOC-9005) o Update to version 9.0+git.1574359983.c198cc9: * Add option for nfs_share configuration (SOC-9005) Changes in ardana-cobbler: o Update to version 9.0+git.1574950066.a3c4be4: * Set root device on SLES autoyast templates (SOC-7365) o Update to version 9.0+git.1573845154.3545efd: * Change install_recommended to true (SOC-9005) Changes in ardana-db: o Update to version 9.0+git.1578936438.b9a9b95: * Switch to using override file in my.cnf.d (SOC-11043) o Update to version 9.0+git.1578595169.57c5911: * account for pre-update nodes (SOC-11037) Changes in ardana-horizon: o Update to version 9.0+git.1575562864.8ed5e10: * Generate policy for Octavia dashboard (SOC-10883) o Update to version 9.0+git.1575562860.2ce2851: * Fix policy configuration generation (SOC-10883) Changes in ardana-input-model: o Update to version 9.0+git.1580403439.d425462: * Enable port security extension neutron (SOC-11027) o Update to version 9.0+git.1574953363.60cf58f: * octavia: use lbaasv2-proxy service plugin (SOC-10987) Changes in ardana-monasca: o Update to version 9.0+git.1579273481.4b8c46f: * Leverage schema conversion script for upgrade (SOC-10277) o Update to version 9.0+git.1575919721.5c42222: * align Monasca DB schema with upstream prior to upgrade (SOC-10277) Changes in ardana-mq: o Update to version 9.0+git.1581024903.8e74867: * Ensure HA queue sync wait fails (SOC-11083) o Update to version 9.0+git.1580934283.230ff8b: * Fix HA policy setting comments (SOC-10317, SOC-11082) o Update to version 9.0+git.1580746285.da922ce: * Set HA policy accordingly (SOC-10317, SOC-11082) o Update to version 9.0+git.1575405552.d84f662: * Change the HA policy mirror (SOC-10317) Changes in ardana-nova: o Update to version 9.0+git.1580304673.6c668eb: * Set notification_format to unversioned in nova.conf (bsc#1161721) o Update to version 9.0+git.1575481165.9d3826f: * Remove duplicate entries for alias configuration for GPU (SOC-10837) o Update to version 9.0+git.1573764498.ed4098d: * Pass through gpu device info. (SOC-10837) Changes in ardana-octavia: o Update to version 9.0+git.1576074489.62de7e2: * Add load-balancer roles (SOC-8743) o Update to version 9.0+git.1575366951.e0216b4: * Add policy.json to match the neutron lbaasv2 policy (SOC-10987) o Update to version 9.0+git.1574358661.c976583: * Change event_streamer_driver to noop (bsc#1154235) Changes in ardana-osconfig: o Update to version 9.0+git.1580235830.0dca223: * Start OVS services before wicked service at boot (SOC-11067) o Update to version 9.0+git.1579790275.8afb314: * Adjust 'fs.inotify.max_user_instances' to align with crowbar (bsc#1161351) Changes in ardana-tempest: o Update to version 9.0+git.1578932816.e299c08: * Revert to using cirros image for heat tests (SOC-7028) o Update to version 9.0+git.1578413400.0614192: * Create network resources needed by some heat tests (SOC-7028) o Update to version 9.0+git.1576611974.d17e4df: * Enable octavia tempest plugin test cases (SOC-8743) o Update to version 9.0+git.1574955714.5bae846: * Update lbaas tempest filter for octavia (SOC-10987) Changes in ardana-tls: o Update to version 9.0+git.1575296665.3fdfe45: * Make sure VNC CA file contain our internal CAs (SOC-10968) o Update to version 9.0+git.1574280348.a306396: * default the certificate validity to 5 years for the VNC cert (SOC-10973) Changes in crowbar-core: o Update to version 6.0+git.1582892022.cbd70e833: * upgrade: Run DHCP evacuation (SOC-11046) o Update to version 6.0+git.1582200015.08264d8f9: * Fix deployment queue display (SOC-10741) o Update to version 6.0+git.1580144807.7d068caf0: * network: start OVS before wickedd (SOC-11067) o Update to version 6.0+git.1578997967.4591670f0: * dns: add checks to designate migration (SOC-11047) o Update to version 6.0+git.1578935422.01edb0a9b: * Do not log an error for a case that is correct (trivial) o Update to version 6.0+git.1578563578.68beda299: * Upgrade neutron agent together with nova-compute package (SOC-11031) o Update to version 6.0+git.1578402096.90d9332d9: * apache2: Restart after enabling SSL flag (SOC-11029) * crowbar: add crowbar-pacemaker dependency (SOC-10986) o Update to version 6.0+git.1576756414.ca49a781d: * bind9: Add legacy public.foo DNS entries (SOC-11006) o Update to version 6.0+git.1576662075.88de27567: * upgrade: Make a check for SLES product version (SOC-3089) o Update to version 6.0+git.1576493114.5e9534f13: * upgrade: Stop if nova-compute upgrade fails (SOC-10378) * upgrade: Fix typo in log message (typo) o Update to version 6.0+git.1576149781.1ac02ef0d: * upgrade: add missing exit to Monasca DB dump (trivial) o Update to version 6.0+git.1576072790.23b58b4a2: * upgrade: Fix systemd unit listing (trivial) * Make sure the crowbar migrations are OK (SOC-6849) o Update to version 6.0+git.1575980638.3cad5a333: * Ignore CVE-2019-16770 (SOC-10999) * upgrade: Make cluster health check at the start of services step (SOC-6849) * upgrade: Remove DRBD specific code from the continuation parts (SOC-10985) o Update to version 6.0+git.1575628097.5a7475686: * upgrade: Do not stop and reload nova services in normal mode (SOC-10995) o Update to version 6.0+git.1574763248.ad958e68c: * Disable installation repository (bsc#1152007) * Disable automatic repo services (bsc#1152007) o Update to version 6.0+git.1574431193.3f5c69937: * [upgrade] Wait for keystone to be ready after start (bsc#1157206) o Update to version 6.0+git.1574363439.bc4d86c9b: * upgrade: Make sure cinder-volume is really stopped (bsc#1156305) o Update to version 6.0+git.1574270808.e4344109b: * upgrade: Ignore Cloud repository during repocheck (bsc#1152007) o Update to version 6.0+git.1574102328.13f0b12bf: * Ignore CVE-2019-13117 in CI builds (bsc#1157028) Changes in crowbar-ha: o Update to version 6.0+git.1574286261.6fd1a34: * Drop g-haproxy removal code (bsc#1156914) Changes in crowbar-openstack: o Update to version 6.0+git.1580922461.67fb3c087: * Designate: make sure dns-server is active on a non-admin node (SOC-10636) * Revert rabbitmq: sync startup definitions.json with recipe (SOC-11082) o Update to version 6.0+git.1580480133.d27bf75d0: * ec2-api: run keystone_register on cluster founder only (SOC-11079) o Update to version 6.0+git.1580308069.558c6dd8a: * rabbitmq: sync startup definitions.json with recipe (SOC-11077) o Update to version 6.0+git.1579097055.cf15ef22e: * tempest: enable multiattach for NetApp + LVM (SCPM-97) * tempest: tempest run filters as templates (SOC-11052) o Update to version 6.0+git.1578491103.ca03b990c: * Install openstack client for neutron recipes (SOC-11039) o Update to version 6.0+git.1576859278.871ed9151: * octavia: Add topology setting (SOC-10876) o Update to version 6.0+git.1576769055.cae3ecf9a: * octavia: Add anti-affinity settings (SOC-11026) * designate: Fix the migrations of ssl values (SOC-11030) * octavia: Also delete unused amphora images (SOC-11024) * octavia: Delete old amphora images (SOC-11024) * octavia: Install amphora image always (SOC-11024) o Update to version 6.0+git.1576688912.0cfb42201: * Do not read data from barclamp that has not been saved (SOC-11028) * octavia: Add ssh key to health manager (SOC-11025) o Update to version 6.0+git.1576513513.8456a08f8: * designate: Mark as user managed (SOC-10233) o Update to version 6.0+git.1576331976.c068cbe15: * octavia: Update configuration parameters (SOC-10904) o Update to version 6.0+git.1576245850.2d50399b5: * tempest: Update default image on schema (SOC-11023) o Update to version 6.0+git.1576145909.ec2c5f746: * octavia: enable octavia tempest plugin test cases (SOC-8743) o Update to version 6.0+git.1576091112.c802654e0: * keystone: Add OS_INTERFACE env var to .openrc (SOC-11006) * horizon: add Octavia horizon dashboard (SOC-10833) o Update to version 6.0+git.1575917420.9a9d1b024: * Add Crowbar UI options for mgmt net (SOC-10904) * octavia: configure barbican auth (SOC-10989) * octavia: fix deprecated config options (SOC-10990) o Update to version 6.0+git.1574850023.d4c2337fc: * tempest: create lbaas-octavia filter (SOC-10965) * octavia: switch to noop event streamer (SOC-10868) * tempest: fix lbaasv2 tests with Octavia lbaasv2-proxy service plugin (SOC-10907) o Update to version 6.0+git.1574685608.1c9818d53: * horizon: fix keystone node lookup (SOC-10978) o Update to version 6.0+git.1574428771.9bd63ba0d: * designate: declare all mdns servers as master on pool config (SOC-10952) o Update to version 6.0+git.1574334452.15e0db044: * designate: add support for SSL (SOC-10877) * horizon: install lbaas horizon dashboard (SOC-10883) o Update to version 6.0+git.1574270038.651a48486: * octavia: add SSL section to the UI (SOC-10906) o Update to version 6.0+git.1574094012.3c62b569f: * octavia: Add memcached_servers for token caching (SOC-10905) Changes in crowbar-ui: o Update to version 1.3.0+git.1575896697.a01a3a08: * upgrade: Added missing error title * travis: Stop testing against nodejs4 Changes in keepalived: o update to 2.0.19 o new BR pkgconfig(libnftnl) to fix nftables support o add nftables to the BR o added patch * linux-4.15.patch o add buildrequires for file-devel - used in the checker to verify scripts o enable json stats and config dump support new BR: pkgconfig(json-c) o enable http regexp support: new BR pcre2-devel o disable dbus instance creation support as it is marked as dangerous o Add BFD build option to keepalived.spec rpm file Issue #1114 identified that the keepalived.spec file was not being generated to build BFD support even if keepalived had been configured to support it. o full changelog https://keepalived.org/changelog.html Changes in openstack-barbican: o Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source o Update to version barbican-7.0.1.dev23: * Don't use branch matching * Make broken fedora\_latest job n-v Changes in openstack-barbican: o Update to version barbican-7.0.1.dev24: * Fix the barbicanclient installation not from source o Update to version barbican-7.0.1.dev23: * Don't use branch matching * Make broken fedora\_latest job n-v Changes in openstack-ceilometer: o Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility o Update to version ceilometer-11.0.2.dev19: * [stable-only] Cap msgpack o Update to version ceilometer-11.0.2.dev18: * Add note for loadbalancer resource type support o Update to version ceilometer-11.0.2.dev17: * Fix samples with dots in sample name o Update to version ceilometer-11.0.2.dev15: * Add loadbalancer resource type Changes in openstack-ceilometer: o Update to version ceilometer-11.0.2.dev21: * Tell reno to ignore the kilo branch * Run Grenade job under Python 2 for compatibility o Update to version ceilometer-11.0.2.dev19: * [stable-only] Cap msgpack o Update to version ceilometer-11.0.2.dev18: * Add note for loadbalancer resource type support o Update to version ceilometer-11.0.2.dev17: * Fix samples with dots in sample name o Update to version ceilometer-11.0.2.dev15: * Add loadbalancer resource type Changes in openstack-cinder: o Update to version cinder-13.0.9.dev11: * Cinder backup export broken o Update to version cinder-13.0.9.dev10: * Support Incremental Backup Completion In RBD o Update to version cinder-13.0.9.dev8: * Fix: Create new cache entry when xtremio reaches snap limit * Tell reno to ignore the kilo branch o Update to version cinder-13.0.9.dev5: * Make volume soft delete more thorough o Update to version cinder-13.0.9.dev4: * Cap sphinx for py2 to match global reqs 13.0.8 o Update to version cinder-13.0.8.dev12: * Add 'volume\_attachment' to volume expected attributes * Fix service\_uuid migration for volumes with no host o Update to version cinder-13.0.8.dev9: * Increase cpu limit for image conversion Changes in openstack-cinder: o Update to version cinder-13.0.9.dev11: * Cinder backup export broken o Update to version cinder-13.0.9.dev10: * Support Incremental Backup Completion In RBD o Update to version cinder-13.0.9.dev8: * Fix: Create new cache entry when xtremio reaches snap limit * Tell reno to ignore the kilo branch o Update to version cinder-13.0.9.dev5: * Make volume soft delete more thorough o Update to version cinder-13.0.9.dev4: * Cap sphinx for py2 to match global reqs 13.0.8 o Update to version cinder-13.0.8.dev12: * Add 'volume\_attachment' to volume expected attributes * Fix service\_uuid migration for volumes with no host o Update to version cinder-13.0.8.dev9: * Increase cpu limit for image conversion Changes in openstack-dashboard: o Update to version horizon-14.1.1.dev1: 14.1.0 * Ensure python versions o Update to version horizon-14.0.5.dev9: * Fix typo in publicize\_image policy name o Update to version horizon-14.0.5.dev8: * Fix "prev" link pagination for instances with identical timestamps o Update to version horizon-14.0.5.dev7: * Fix deleting port from port details page * Fix tenant floating\_ip\_allocation call in neutron rest api o Update to version horizon-14.0.5.dev3: * Add "prev" link to instance page list pagination o horizon: Obsolete python-django_openstack_auth (SOC-10228) port of https:// review.opendev.org/#/c/685224 o Update to version horizon-14.0.5.dev2: * Call Glance list with certain image ids Changes in openstack-dashboard-theme-SUSE: o Add trigger for openstack-horizon-plugin-octavia-ui (SOC-10883) Changes in openstack-designate: o Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env Changes in openstack-designate: o Update to version designate-7.0.1.dev23: * Use Tempest 'all' tox env Changes in openstack-heat: o Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs o Update to version openstack-heat-11.0.3.dev29: * Docs: use extrefs to link to other projects' docs o Update to version openstack-heat-11.0.3.dev28: * Use stable constraint for Tempest pinned stable branches o Update to version openstack-heat-11.0.3.dev27: * Correct BRANCH\_OVERRIDE for stable/rocky * Correct availability\_zone to be non-mandatory in heat o Update to version openstack-heat-11.0.3.dev24: * Fix the wrong time unit for OS::Octavia::HealthMonitor Changes in openstack-heat: o Update to version openstack-heat-11.0.3.dev31: * Update Fedora image ref for test jobs o Update to version openstack-heat-11.0.3.dev29: * Docs: use extrefs to link to other projects' docs o Update to version openstack-heat-11.0.3.dev28: * Use stable constraint for Tempest pinned stable branches o Update to version openstack-heat-11.0.3.dev27: * Correct BRANCH\_OVERRIDE for stable/rocky * Correct availability\_zone to be non-mandatory in heat o Update to version openstack-heat-11.0.3.dev24: * Fix the wrong time unit for OS::Octavia::HealthMonitor Changes in openstack-horizon-plugin-designate-ui: o Update to version designate-dashboard-7.0.1.dev8: * Fix list zones updated at same time Changes in openstack-horizon-plugin-ironic-ui: o Update to version ironic-ui-3.3.1.dev14: * Fix horizon dependency * OpenDev Migration Patch Changes in openstack-horizon-plugin-neutron-lbaas-ui: o Update to version neutron-lbaas-dashboard-5.0.1.dev8: * Fix auth url for Barbican client o Add _1481_project_ng_loadbalancersv2_panel.pyc file to package (SOC-10883) The .pyc file needs to be removed when the package is uninstalled, otherwise the panel will remain enabled in the dashboard and cause errors. Changes in openstack-ironic: o Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for lower MTUs automatically * Do not ignore 'fields' query parameter when building next url * Ensure pagination marker is always set o Update to version ironic-11.1.4.dev17: * grub configuration should use user kernel and ramdisk o Update to version ironic-11.1.4.dev16: * Change log level based on node status Changes in openstack-ironic: o Remove rootwrap.d/ironic-lib.filters. This file is included in python-ironic-lib >= 2.14.2. o Update to version ironic-11.1.4.dev22: * Change MTU logic to allow for lower MTUs automatically * Do not ignore 'fields' query parameter when building next url * Ensure pagination marker is always set o Update to version ironic-11.1.4.dev17: * grub configuration should use user kernel and ramdisk o Update to version ironic-11.1.4.dev16: * Change log level based on node status Changes in openstack-ironic-python-agent: o Update to version ironic-python-agent-3.3.3.dev6: * Fix tox.ini to correctly test lower-constraints Changes in openstack-keystone: o Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch o Update to version keystone-14.1.1.dev35: * Always have username in CADF initiator o Update to version keystone-14.1.1.dev33: * Fix role\_assignments role.id filter * Ensure bootstrap handles multiple roles with the same name o Update to version keystone-14.1.1.dev29: * Add the missing packages when install keystone Changes in openstack-keystone: o Update to version keystone-14.1.1.dev36: * Tell reno to ignore the kilo branch o Update to version keystone-14.1.1.dev35: * Always have username in CADF initiator o Update to version keystone-14.1.1.dev33: * Fix role\_assignments role.id filter * Ensure bootstrap handles multiple roles with the same name o Update to version keystone-14.1.1.dev29: * Add the missing packages when install keystone Changes in openstack-magnum: o Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0 o Update to version magnum-7.1.1.dev38: * k8s\_fedora: Move rp\_filter=1 for calico up * k8s\_fedora\_atomic: Add PodSecurityPolicy * k8s: Clear cni configuration * fix: Deploy enable\_service last (rocky only) o Update to version magnum-7.1.1.dev34: * k8s\_fedora: Label master nodes with kubectl * k8s: stop introspecting instance name * Fix proportional autoscaler image * Using Fedora Atomic 29 as default image Changes in openstack-magnum: o Update to version magnum-7.2.1.dev1: * Remove buildimage jobs 7.2.0 o Update to version magnum-7.1.1.dev38: * k8s\_fedora: Move rp\_filter=1 for calico up * k8s\_fedora\_atomic: Add PodSecurityPolicy * k8s: Clear cni configuration * fix: Deploy enable\_service last (rocky only) o Update to version magnum-7.1.1.dev34: * k8s\_fedora: Label master nodes with kubectl * k8s: stop introspecting instance name * Fix proportional autoscaler image * Using Fedora Atomic 29 as default image Changes in openstack-monasca-agent: o update to version 2.8.1~dev13 - add X.509 certificate check plugin o update to version 2.8.1~dev12 - Update hacking version to 1.1.x - OpenDev Migration Patch Changes in openstack-neutron: o Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes o Update to version neutron-13.0.7.dev44: * ovs agent: signal to plugin if tunnel refresh needed * Mock check if ipv6 is enabled in L3 agent unit tests * Fix resource schemas and releated \`get\_sorts\` test cases * Remove sleep command when retrieving OVS dp o Update to version neutron-13.0.7.dev36: * Remove Floating IP DNS record upon associated port deletion * Trigger router update only when gateway port IP changed * Re-use existing ProcessLauncher from wsgi in RPC workers o Update to version neutron-13.0.7.dev30: * Check SG members instead of ports to skip flow update * Ensure driver error preventing trunk port deletion is logged * [L3] Switch order of processing added and removed router ports o Update to version neutron-13.0.7.dev24: * dhcp-agent: equalize port create\ _low/update/delete priority * Catch OVSFWTagNotFound in update\_port\ _filter * [OVS] Handle added/removed ports in the same polling iteration * DVR: Ignore DHCP port during DVR host query * Improve "OVSFirewallDriver.process\_trusted\_ports" * List SG rules which belongs to tenant's SG * Fix py3 compatibility o Update to version neutron-13.0.7.dev10: * Define orm relationships after db classes * Add retries to update trunk port o Update to version neutron-13.0.7.dev6: * Allow to kill keepalived state change monitor process o Update to version neutron-13.0.7.dev4: * Always set ovs bridge name in vif:binding-details o Update to version neutron-13.0.7.dev2: * don't clear skb mark when ovs is hw-offload enabled o Update to version neutron-13.0.7.dev1: * Use constraints for docs tox target and cap hacking 13.0.6 o Update to version neutron-13.0.6.dev21: * Set DB retry for quota\ _enforcement pecan\_wsgi hook o Update to version neutron-13.0.6.dev20: * [OVS FW] Clean port rules if port not found in ovsdb * Add more condition to check sg member exist o Update to version neutron-13.0.6.dev17: * Fix race condition when getting cmdline o Update to version neutron-13.0.6.dev15: * Run revision bump operations en masse o Update to version neutron-13.0.6.dev13: * Add extra unit test for get\ _cmdline\_from\_pid function o Update to version neutron-13.0.6.dev11: * Switch to use cast method in dhcp \_ready\_on\_ports method o Update to version neutron-13.0.6.dev10: * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall Changes in openstack-neutron: o Update to version neutron-13.0.7.dev48: * Do not initialize snat-ns twice * Fix bug: AttributeError arises while sorting with standard attributes o Update to version neutron-13.0.7.dev44: * ovs agent: signal to plugin if tunnel refresh needed * Mock check if ipv6 is enabled in L3 agent unit tests * Fix resource schemas and releated \`get\_sorts\` test cases * Remove sleep command when retrieving OVS dp o Update to version neutron-13.0.7.dev36: * Remove Floating IP DNS record upon associated port deletion * Trigger router update only when gateway port IP changed * Re-use existing ProcessLauncher from wsgi in RPC workers o Update to version neutron-13.0.7.dev30: * Check SG members instead of ports to skip flow update * Ensure driver error preventing trunk port deletion is logged * [L3] Switch order of processing added and removed router ports o Update to version neutron-13.0.7.dev24: * dhcp-agent: equalize port create\ _low/update/delete priority * Catch OVSFWTagNotFound in update\_port\ _filter * [OVS] Handle added/removed ports in the same polling iteration * DVR: Ignore DHCP port during DVR host query * Improve "OVSFirewallDriver.process\_trusted\_ports" * List SG rules which belongs to tenant's SG * Fix py3 compatibility o Update neutron-ha-tool to latest version: * Add DHCP agent evacuation (SOC-11046) o Update to version neutron-13.0.7.dev10: * Define orm relationships after db classes * Add retries to update trunk port o Update to version neutron-13.0.7.dev6: * Allow to kill keepalived state change monitor process o Update to version neutron-13.0.7.dev4: * Always set ovs bridge name in vif:binding-details o Update to version neutron-13.0.7.dev2: * don't clear skb mark when ovs is hw-offload enabled o Update to version neutron-13.0.7.dev1: * Use constraints for docs tox target and cap hacking 13.0.6 o Update to version neutron-13.0.6.dev21: * Set DB retry for quota\ _enforcement pecan\_wsgi hook o Update to version neutron-13.0.6.dev20: * [OVS FW] Clean port rules if port not found in ovsdb * Add more condition to check sg member exist o Update to version neutron-13.0.6.dev17: * Fix racondition when getting cmdline o Update to version neutron-13.0.6.dev15: * Run revision bump operations en masse o neutron: Remove stop action from ovs-cleanup (bsc#1157482) backport of https://review.opendev.org/#/c/695867/ o Update to version neutron-13.0.6.dev13: * Add extra unit test for get\ _cmdline\_from\_pid function o Update to version neutron-13.0.6.dev11: * Switch to use cast method in dhcp \_ready\_on\_ports method o Update to version neutron-13.0.6.dev10: * Handle OVSFWPortNotFound and OVSFWTagNotFound in ovs firewall Changes in openstack-neutron-fwaas: o Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy\_conntrack module o Update to version neutron-fwaas-13.0.3.dev3: * Fix list\_entries for netlink\_lib when running on py3 Changes in openstack-neutron-fwaas: o Update to version neutron-fwaas-13.0.3.dev4: * Fix sorting of filter rules in legacy\_conntrack module o Update to version neutron-fwaas-13.0.3.dev3: * Fix list\_entries for netlink\_lib when running on py3 Changes in openstack-neutron-gbp: o Update to version group-based-policy-5.0.1.dev491: * Refactor static path code o Update to version group-based-policy-5.0.1.dev490: * Support named ip protocols for SecurityGroupRules o Update to version group-based-policy-5.0.1.dev488: * Enable SVI networks with hosts running opflex agent o Update to version group-based-policy-5.0.1.dev486: * Allow both FIP and SNAT on a single port o Update to version group-based-policy-5.0.1.dev485: * Fix active-active AAP RPC query o Update to version group-based-policy-5.0.1.dev484: * [AIM] Add extra provided/consumed contracts to network extension * Active active AAP feature o Update to version group-based-policy-5.0.1.dev481: * Support cache option for legacy GBP driver o Update to version group-based-policy-5.0.1.dev480: * Fix host ID length in VM names table o Update to version group-based-policy-5.0.1.dev479: * Update\_proj\_descr in apic when project description is updated in os o Update to version group-based-policy-5.0.1.dev477: * Fix ambiguity in mapping to domain in port pair workflow Changes in openstack-neutron-vpnaas: o Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test o Update to version neutron-vpnaas-13.0.2.dev5: * Update UPPER\_CONSTRAINTS\ _FILE for stable/rocky Changes in openstack-neutron-vpnaas: o Update to version neutron-vpnaas-13.0.2.dev6: * Add iptables command filter for functional test o Update to version neutron-vpnaas-13.0.2.dev5: * Update UPPER\_CONSTRAINTS\ _FILE for stable/rocky Changes in openstack-nova: o Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles o Update to version nova-18.2.4.dev61: * Use stable constraint for Tempest pinned stable branches o Update to version nova-18.2.4.dev60: * tox: Stop build \*all\* docs in 'docs' o Update to version nova-18.2.4.dev59: * Block deleting compute services with in-progress migrations * Cache security group driver * Join migration\ _context and flavor in Migration.instance o Update to version nova-18.2.4.dev53: * Improve metadata server performance with large security groups o Update to version nova-18.2.4.dev51: * Add functional recreate revert resize test for bug 1852610 * Add functional recreate test for bug 1852610 o Update to version nova-18.2.4.dev47: * Zuul v3: use devstack-plugin-nfs-tempest-full o Update to version nova-18.2.4.dev46: * Add BFV wrinkle to TestNovaManagePlacemenalAllocations * Add --instance option to heal\ _allocations * Add --dry-run option to heal\_allocations CLI o Update to version nova-18.2.4.dev40: * Add functional recreate test for bug 1829479 and bug 1817833 o Update to version nova-18.2.4.dev38: * Do not update root\_device\_name during guest config * compute: Use long\_rpc\_timeout in reserve\_block\ _device\_name o Update to version nova-18.2.4.dev35: * compute: Take an instance.uuid lock when rebooting o Update to version nova-18.2.4.dev33: * Replace time.sleep(10) with service forced\_down in tests o Update to version nova-18.2.4.dev31: * Nova compute: add in log exception to help debug failures o Update to version nova-18.2.4.dev29: * Fix false ERROR message at compute restart o Update to version nova-18.2.4.dev27: * Fix listing deleted servers with a marker o Update to version nova-18.2.4.dev25: * Add functional regression test for bug 1849409 o Update to version nova-18.2.4.dev23: * Don't delete compute node, when deleting service other than nova-compute Changes in openstack-nova: o Update to version nova-18.2.4.dev63: * Mask the token used to allow access to consoles o Update to version nova-18.2.4.dev61: * Use stable constraint for Tempest pinned stable branches o Update to version nova-18.2.4.dev60: * tox: Stop build \*all\* docs in 'docs' o Update to version nova-18.2.4.dev59: * Block deleting compute services with in-progress migrations * Cache security group driver * Join migration\ _context and flavor in Migration.instance o Update to version nova-18.2.4.dev53: * Improve metadata server performance with large security groups o Update to version nova-18.2.4.dev51: * Add functional recreate revert resize test for bug 1852610 * Add functional recreate test for bug 1852610 o Update to version nova-18.2.4.dev47: * Zuul v3: use devstack-plugin-nfs-tempest-full o Update to version nova-18.2.4.dev46: * Add BFV wrinkle to TestNovaManagePlacementHealAllocations * Add --instance option to heal\ _allocations * Add --dry-run option to heal\_allocations CLI o Update to version nova-18.2.4.dev40: * Add functional recreate test for bug 1829479 and bug 1817833 o Update to version nova-18.2.4.dev38: * Do not update root\_device\_name during guest config * compute: Use long\_rpc\_timeout in reserve\_block\ _device\_name o Update to version nova-18.2.4.dev35: * compute: Take an instance.uuid lock when rebooting o Update to version nova-18.2.4.dev33: * Replace time.sleep(10) with service forced\_down in tests o Update to version nova-18.2.4.dev31: * Nova compute: add in log exception to help debug failures o Update to version nova-18.2.4.dev29: * Fix false ERROR message at compute restart o Update to version nova-18.2.4.dev27: * Fix listing deleted servers with a marker o Update to version nova-18.2.4.dev25: * Add functional regression test for bug 1849409 o Update to version nova-18.2.4.dev23: * Don't delete compute node, when deleting service other than nova-compute Changes in openstack-octavia: o Update to version octavia-3.2.2.dev8: * Fix uncaught DB exception when trying to get a spare amphora o Update to version octavia-3.2.2.dev7: * Fix house keeping graceful shutdown o Update to version octavia-3.2.2.dev5: * Fix pep8 failures on stable/rocky branch o Update to version octavia-3.2.2.dev4: * Use stable upper-constraints.txt in Amphora builds o Update to version octavia-3.2.2.dev3: * Add listener and pool protocol validation o Update to version octavia-3.2.2.dev2* Cap hacking version to minor than 2 3.2.1 o Update to version octavia-3.2.1.dev10: * Accept oslopolicy-policy-generator path arguments o Add patch 0001-Accept-oslopolicy-policy-generator-path-arguments.patch https://review.opendev.org/#/c/698433 o Update to version octavia-3.2.1.dev9: * Fix controller worker graceful shutdown o Update to version octavia-3.2.1.dev7: * Fix a potential race condition with certs-ramfs o Update to version octavia-3.2.1.dev5: * Fix issues with unavailable secrets Changes in openstack-octavia-amphora-image: o Updated updateBuildRequires.pl script for SP4 build o Update image to 0.1.2 to include latest changes o Add keepalived service Changes in openstack-sahara: o Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3 Changes in openstack-sahara: o Update to version sahara-9.0.2.dev15: * Run sahara-scenario using Python 3 Changes in openstack-swift: o Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 2.20.0. Changes in openstack-swift: o Update to version swift-2.19.2.dev48: 2.19.2 (rocky stable backports) * Sharding improvements * The container-replicator now only attempts to fetch shard ranges if the remote indicates that it has shard ranges. Further, it does so with a timeout to prevent the process from hanging in certain cases. * The container-replicator now correctly enqueues container-reconciler work for sharded containers. * S3 API improvements * Fixed an issue where v4 signatures would not be validated against the body of the request, allowing a replay attack if request headers were captured by a malicious third party. Note that unsigned payloads still function normally. * CompleteMultipartUpload requests with a Content-MD5 now work. * Fixed v1 listings that end with a non-ASCII object name. * Multipart object segments are now actually deleted when the multipart object is deleted via the S3 API. * Fixed an issue that caused Delete Multiple Objects requests with large bodies to 400. This was previously fixed in 2.20.0. * Fixed an issue where non-ASCII Keystone EC2 credentials would not get mapped to the correct account. This was previously fixed in 0.0. Changes in python-amqp: o Added pyOpenSSL build dependency o Update to 2.4.2: - Added support for the Cygwin platform - Correct offset incrementation when parsing bitmaps. - Consequent bitmaps are now parsed correctly. o Removed patches that are already included in 2.4.2 - 0001-Always-treat-SSLError-timeouts-as-socket-timeouts-24.patch o Better call of py.test o Add versions to dependencies o Remove python-sasl from build dependencies o Update to version 2.4.1 * To avoid breaking the API basic_consume() now returns the consumer tag instead of a tuple when nowait is True. * Fix crash in basic_publish when broker does not support connection.blocked capability. * read_frame() is now Python 3 compatible for large payloads. * Support float read_timeout/write_timeout. * Always treat SSLError timeouts as socket timeouts. * Treat EWOULDBLOCK as timeout. o from 2.4.0 * Fix inconsistent frame_handler return value. The function returned by frame_handler is meant to return True once the complete message is received and the callback is called, False otherwise. This fixes the return value for messages with a body split across multiple frames, and heartbeat frames. * Don't default content_encoding to utf-8 for bytes. This is not an acceptable default as the content may not be valid utf-8, and even if it is, the producer likely does not expect the message to be decoded by the consumer. * Fix encoding of messages with multibyte characters. Body length was previously calculated using string length, which may be less than the length of the encoded body when it contains multibyte sequences. This caused the body of the frame to be truncated. * Respect content_encoding when encoding messages. Previously the content_encoding was ignored and messages were always encoded as utf-8. This caused messages to be incorrectly decoded if content_encoding is properly respected when decoding. * Fix AMQP protocol header for AMQP 0-9-1. Previously it was set to a different value for unknown reasons. * Add support for Python 3.7. Change direct SSLSocket instantiation with wrap_socket. * Add support for field type "x" (byte array). * If there is an exception raised on Connection.connect or Connection.close, ensure that the underlying transport socket is closed. Adjust exception message on connection errors as well. * TCP_USER_TIMEOUT has to be excluded from KNOWN_TCP_OPTS in BSD platforms. * Handle negative acknowledgments. * Added integration tests. * Fix basic_consume() with no consumer_tag provided. * Improved empty AMQPError string representation. * Drain events before publish. This is needed to capture out of memory messages for clients that only publish. Otherwise on_blocked is never called. * Don't revive channel when connection is closing. When connection is closing don't raise error when Channel.Close method is received. Changes in python-ironic-lib: o update to version 2.14.2 - Replace openstack.org git:// URLs with https:// - OpenDev Migration Patch - Include partiton name and flags from parted output Changes in python-keystoneauth1: o switch to tracking stable/rocky tarball o disable renderspec o update to version 3.10.1.dev10 * Make tests pass in 2020 * OpenDev Migration Patch * Revert "Change log hashing to SHA256" * import zuul job settings from project-config * Change log hashing to SHA256 * Update UPPER\ _CONSTRAINTS\_FILE for stable/rocky * Update .gitreview ftable/rocky Changes in python-keystoneclient: o switch to tracking stable/rocky tarball o disable renderspec o update to version 3.17.0.dev5 * Make tests pass in 2020 * OpenDev Migration Patch * import zuul job settings from project-config * Update UPPER\ _CONSTRAINTS\_FILE for stable/rocky * Update .gitreview for stable/rocky Changes in python-keystonemiddleware: o Use version_unconverted for documentation build o Update to version keystonemiddleware-5.2.2.dev3: * Make tests pass in 2022 * Make sure audit middleware use own context Changes in python-ovs: o add 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch (bsc#1158581) Changes in supportutils-plugin-suse-openstack-cloud: o Update to version 9.0.1574431436.987b47d: * Add services from SOC/HOS8 * Fix handling of ardana "config" dir and conf files in /opt/stack/service * Fix more failures of censoring passwords * Include configs and logs for neutron HA Changes in rubygem-crowbar-client: o Update to 3.9.1 - Fix repocheck table output (SOC-10718) - Enable restricted commands for Cloud8 (bsc#1117080, CVE-2018-17954) Changes in rubygem-puma: o Add CVE-2019-16770.patch (bsc#1158675, SOC-10999, CVE-2019-16770) This patch fixes a DoS vulnerability a malicious client could use to block a large amount of threads. Changes in venv-openstack-horizon: o replace neutron-lbaas dashboard with octavia dashboard (SOC-10883) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: o SUSE OpenStack Cloud Crowbar 9: zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2020-642=1 o SUSE OpenStack Cloud 9: zypper in -t patch SUSE-OpenStack-Cloud-9-2020-642=1 Package List: o SUSE OpenStack Cloud Crowbar 9 (x86_64): crowbar-core-6.0+git.1582892022.cbd70e833-3.19.3 crowbar-core-branding-upstream-6.0+git.1582892022.cbd70e833-3.19.3 keepalived-2.0.19-3.3.1 keepalived-debuginfo-2.0.19-3.3.1 keepalived-debugsource-2.0.19-3.3.1 python-ovs-2.9.0-3.3.1 python-ovs-debuginfo-2.9.0-3.3.1 python-ovs-debugsource-2.9.0-3.3.1 ruby2.1-rubygem-crowbar-client-3.9.1-3.3.1 ruby2.1-rubygem-puma-2.16.0-4.3.1 ruby2.1-rubygem-puma-debuginfo-2.16.0-4.3.1 rubygem-puma-debugsource-2.16.0-4.3.1 o SUSE OpenStack Cloud Crowbar 9 (noarch): crowbar-ha-6.0+git.1574286261.6fd1a34-3.13.2 crowbar-openstack-6.0+git.1580922461.67fb3c087-3.19.2 crowbar-ui-1.3.0+git.1575896697.a01a3a08-17.1 openstack-barbican-7.0.1~dev24-3.6.4 openstack-barbican-api-7.0.1~dev24-3.6.4 openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4 openstack-barbican-retry-7.0.1~dev24-3.6.4 openstack-barbican-worker-7.0.1~dev24-3.6.4 openstack-ceilometer-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3 openstack-ceilometer-polling-11.0.2~dev21-3.10.3 openstack-cinder-13.0.9~dev11-3.16.3 openstack-cinder-api-13.0.9~dev11-3.16.3 openstack-cinder-backup-13.0.9~dev11-3.16.3 openstack-cinder-scheduler-13.0.9~dev11-3.16.3 openstack-cinder-volume-13.0.9~dev11-3.16.3 openstack-dashboard-14.1.1~dev1-3.12.2 openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1 openstack-designate-7.0.1~dev23-3.13.3 openstack-designate-agent-7.0.1~dev23-3.13.3 openstack-designate-api-7.0.1~dev23-3.13.3 openstack-designate-central-7.0.1~dev23-3.13.3 openstack-designate-producer-7.0.1~dev23-3.13.3 openstack-designate-sink-7.0.1~dev23-3.13.3 openstack-designate-worker-7.0.1~dev23-3.13.3 openstack-heat-11.0.3~dev31-3.13.3 openstack-heat-api-11.0.3~dev31-3.13.3 openstack-heat-api-cfn-11.0.3~dev31-3.13.3 openstack-heat-engine-11.0.3~dev31-3.13.3 openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3 openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1 openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1 openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2 openstack-ironic-11.1.4~dev22-3.13.2 openstack-ironic-api-11.1.4~dev22-3.13.2 openstack-ironic-conductor-11.1.4~dev22-3.13.2 openstack-ironic-python-agent-3.3.3~dev6-3.13.2 openstack-keystone-14.1.1~dev36-3.19.3 openstack-magnum-7.2.1~dev1-3.10.3 openstack-magnum-api-7.2.1~dev1-3.10.3 openstack-magnum-conductor-7.2.1~dev1-3.10.3 openstack-monasca-agent-2.8.1~dev13-3.6.2 openstack-neutron-13.0.7~dev48-3.19.3 openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3 openstack-neutron-fwaas-13.0.3~dev4-3.9.2 openstack-neutron-gbp-5.0.1~dev491-3.16.1 openstack-neutron-ha-tool-13.0.7~dev48-3.19.3 openstack-neutron-l3-agent-13.0.7~dev48-3.19.3 openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3 openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3 openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3 openstack-neutron-metering-agent-13.0.7~dev48-3.19.3 openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3 openstack-neutron-server-13.0.7~dev48-3.19.3 openstack-neutron-vpnaas-13.0.2~dev6-3.6.2 openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2 openstack-nova-18.2.4~dev63-3.19.3 openstack-nova-api-18.2.4~dev63-3.19.3 openstack-nova-cells-18.2.4~dev63-3.19.3 openstack-nova-compute-18.2.4~dev63-3.19.3 openstack-nova-conductor-18.2.4~dev63-3.19.3 openstack-nova-console-18.2.4~dev63-3.19.3 openstack-nova-novncproxy-18.2.4~dev63-3.19.3 openstack-nova-placement-api-18.2.4~dev63-3.19.3 openstack-nova-scheduler-18.2.4~dev63-3.19.3 openstack-nova-serialproxy-18.2.4~dev63-3.19.3 openstack-nova-vncproxy-18.2.4~dev63-3.19.3 openstack-octavia-3.2.2~dev8-3.19.1 openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1 openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3 openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3 openstack-octavia-api-3.2.2~dev8-3.19.1 openstack-octavia-health-manager-3.2.2~dev8-3.19.1 openstack-octavia-housekeeping-3.2.2~dev8-3.19.1 openstack-octavia-worker-3.2.2~dev8-3.19.1 openstack-sahara-9.0.2~dev15-3.9.2 openstack-sahara-api-9.0.2~dev15-3.9.2 openstack-sahara-engine-9.0.2~dev15-3.9.2 openstack-swift-2.19.2~dev48-3.3.1 openstack-swift-account-2.19.2~dev48-3.3.1 openstack-swift-container-2.19.2~dev48-3.3.1 openstack-swift-object-2.19.2~dev48-3.3.1 openstack-swift-proxy-2.19.2~dev48-3.3.1 python-amqp-2.4.2-4.3.1 python-barbican-7.0.1~dev24-3.6.4 python-ceilometer-11.0.2~dev21-3.10.3 python-cinder-13.0.9~dev11-3.16.3 python-designate-7.0.1~dev23-3.13.3 python-heat-11.0.3~dev31-3.13.3 python-horizon-14.1.1~dev1-3.12.2 python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1 python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1 python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2 python-ironic-11.1.4~dev22-3.13.2 python-ironic-lib-2.14.2-3.3.1 python-keystone-14.1.1~dev36-3.19.3 python-keystoneauth1-3.10.1~dev10-3.3.1 python-keystoneclient-3.17.1~dev5-3.3.1 python-keystoneclient-doc-3.17.1~dev5-3.3.1 python-keystonemiddleware-5.2.2~dev3-14.2 python-magnum-7.2.1~dev1-3.10.3 python-monasca-agent-2.8.1~dev13-3.6.2 python-neutron-13.0.7~dev48-3.19.3 python-neutron-fwaas-13.0.3~dev4-3.9.2 python-neutron-gbp-5.0.1~dev491-3.16.1 python-neutron-vpnaas-13.0.2~dev6-3.6.2 python-nova-18.2.4~dev63-3.19.3 python-octavia-3.2.2~dev8-3.19.1 python-openstack_auth-14.1.1~dev1-3.12.2 python-sahara-9.0.2~dev15-3.9.2 python-swift-2.19.2~dev48-3.3.1 supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1 o SUSE OpenStack Cloud 9 (x86_64): keepalived-2.0.19-3.3.1 keepalived-debuginfo-2.0.19-3.3.1 keepalived-debugsource-2.0.19-3.3.1 python-ovs-2.9.0-3.3.1 python-ovs-debuginfo-2.9.0-3.3.1 python-ovs-debugsource-2.9.0-3.3.1 o SUSE OpenStack Cloud 9 (noarch): ardana-ansible-9.0+git.1581611758.f694f7d-3.16.1 ardana-cinder-9.0+git.1579256229.c8b4b38-3.10.1 ardana-cobbler-9.0+git.1574950066.a3c4be4-3.10.1 ardana-db-9.0+git.1578936438.b9a9b95-3.16.1 ardana-horizon-9.0+git.1575562864.8ed5e10-3.13.1 ardana-input-model-9.0+git.1580403439.d425462-3.13.1 ardana-monasca-9.0+git.1579273481.4b8c46f-3.13.1 ardana-mq-9.0+git.1581024903.8e74867-3.10.1 ardana-nova-9.0+git.1580304673.6c668eb-3.16.1 ardana-octavia-9.0+git.1576074489.62de7e2-3.13.1 ardana-osconfig-9.0+git.1580235830.0dca223-3.13.1 ardana-tempest-9.0+git.1578932816.e299c08-3.10.1 ardana-tls-9.0+git.1575296665.3fdfe45-3.9.1 openstack-barbican-7.0.1~dev24-3.6.4 openstack-barbican-api-7.0.1~dev24-3.6.4 openstack-barbican-keystone-listener-7.0.1~dev24-3.6.4 openstack-barbican-retry-7.0.1~dev24-3.6.4 openstack-barbican-worker-7.0.1~dev24-3.6.4 openstack-ceilometer-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-central-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-compute-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-ipmi-11.0.2~dev21-3.10.3 openstack-ceilometer-agent-notification-11.0.2~dev21-3.10.3 openstack-ceilometer-polling-11.0.2~dev21-3.10.3 openstack-cinder-13.0.9~dev11-3.16.3 openstack-cinder-api-13.0.9~dev11-3.16.3 openstack-cinder-backup-13.0.9~dev11-3.16.3 openstack-cinder-scheduler-13.0.9~dev11-3.16.3 openstack-cinder-volume-13.0.9~dev11-3.16.3 openstack-dashboard-14.1.1~dev1-3.12.2 openstack-dashboard-theme-SUSE-2018.2+git.1555335229.5c8dec9-3.3.1 openstack-designate-7.0.1~dev23-3.13.3 openstack-designate-agent-7.0.1~dev23-3.13.3 openstack-designate-api-7.0.1~dev23-3.13.3 openstack-designate-central-7.0.1~dev23-3.13.3 openstack-designate-producer-7.0.1~dev23-3.13.3 openstack-designate-sink-7.0.1~dev23-3.13.3 openstack-designate-worker-7.0.1~dev23-3.13.3 openstack-heat-11.0.3~dev31-3.13.3 openstack-heat-api-11.0.3~dev31-3.13.3 openstack-heat-api-cfn-11.0.3~dev31-3.13.3 openstack-heat-engine-11.0.3~dev31-3.13.3 openstack-heat-plugin-heat_docker-11.0.3~dev31-3.13.3 openstack-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1 openstack-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1 openstack-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1 openstack-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2 openstack-ironic-11.1.4~dev22-3.13.2 openstack-ironic-api-11.1.4~dev22-3.13.2 openstack-ironic-conductor-11.1.4~dev22-3.13.2 openstack-ironic-python-agent-3.3.3~dev6-3.13.2 openstack-keystone-14.1.1~dev36-3.19.3 openstack-magnum-7.2.1~dev1-3.10.3 openstack-magnum-api-7.2.1~dev1-3.10.3 openstack-magnum-conductor-7.2.1~dev1-3.10.3 openstack-monasca-agent-2.8.1~dev13-3.6.2 openstack-neutron-13.0.7~dev48-3.19.3 openstack-neutron-dhcp-agent-13.0.7~dev48-3.19.3 openstack-neutron-fwaas-13.0.3~dev4-3.9.2 openstack-neutron-gbp-5.0.1~dev491-3.16.1 openstack-neutron-ha-tool-13.0.7~dev48-3.19.3 openstack-neutron-l3-agent-13.0.7~dev48-3.19.3 openstack-neutron-linuxbridge-agent-13.0.7~dev48-3.19.3 openstack-neutron-macvtap-agent-13.0.7~dev48-3.19.3 openstack-neutron-metadata-agent-13.0.7~dev48-3.19.3 openstack-neutron-metering-agent-13.0.7~dev48-3.19.3 openstack-neutron-openvswitch-agent-13.0.7~dev48-3.19.3 openstack-neutron-server-13.0.7~dev48-3.19.3 openstack-neutron-vpnaas-13.0.2~dev6-3.6.2 openstack-neutron-vyatta-agent-13.0.2~dev6-3.6.2 openstack-nova-18.2.4~dev63-3.19.3 openstack-nova-api-18.2.4~dev63-3.19.3 openstack-nova-cells-18.2.4~dev63-3.19.3 openstack-nova-compute-18.2.4~dev63-3.19.3 openstack-nova-conductor-18.2.4~dev63-3.19.3 openstack-nova-console-18.2.4~dev63-3.19.3 openstack-nova-novncproxy-18.2.4~dev63-3.19.3 openstack-nova-placement-api-18.2.4~dev63-3.19.3 openstack-nova-scheduler-18.2.4~dev63-3.19.3 openstack-nova-serialproxy-18.2.4~dev63-3.19.3 openstack-nova-vncproxy-18.2.4~dev63-3.19.3 openstack-octavia-3.2.2~dev8-3.19.1 openstack-octavia-amphora-agent-3.2.2~dev8-3.19.1 openstack-octavia-amphora-image-debugsource-0.1.2-7.6.3 openstack-octavia-amphora-image-x86_64-0.1.2-7.6.3 openstack-octavia-api-3.2.2~dev8-3.19.1 openstack-octavia-health-manager-3.2.2~dev8-3.19.1 openstack-octavia-housekeeping-3.2.2~dev8-3.19.1 openstack-octavia-worker-3.2.2~dev8-3.19.1 openstack-sahara-9.0.2~dev15-3.9.2 openstack-sahara-api-9.0.2~dev15-3.9.2 openstack-sahara-engine-9.0.2~dev15-3.9.2 openstack-swift-2.19.2~dev48-3.3.1 openstack-swift-account-2.19.2~dev48-3.3.1 openstack-swift-container-2.19.2~dev48-3.3.1 openstack-swift-object-2.19.2~dev48-3.3.1 openstack-swift-proxy-2.19.2~dev48-3.3.1 python-amqp-2.4.2-4.3.1 python-barbican-7.0.1~dev24-3.6.4 python-ceilometer-11.0.2~dev21-3.10.3 python-cinder-13.0.9~dev11-3.16.3 python-designate-7.0.1~dev23-3.13.3 python-heat-11.0.3~dev31-3.13.3 python-horizon-14.1.1~dev1-3.12.2 python-horizon-plugin-designate-ui-7.0.1~dev8-3.6.1 python-horizon-plugin-ironic-ui-3.3.1~dev14-3.3.1 python-horizon-plugin-neutron-lbaas-ui-5.0.1~dev8-11.1 python-horizon-plugin-octavia-ui-2.0.2~dev1-1.3.2 python-ironic-11.1.4~dev22-3.13.2 python-ironic-lib-2.14.2-3.3.1 python-keystone-14.1.1~dev36-3.19.3 python-keystoneauth1-3.10.1~dev10-3.3.1 python-keystoneclient-3.17.1~dev5-3.3.1 python-keystoneclient-doc-3.17.1~dev5-3.3.1 python-keystonemiddleware-5.2.2~dev3-14.2 python-magnum-7.2.1~dev1-3.10.3 python-monasca-agent-2.8.1~dev13-3.6.2 python-neutron-13.0.7~dev48-3.19.3 python-neutron-fwaas-13.0.3~dev4-3.9.2 python-neutron-gbp-5.0.1~dev491-3.16.1 python-neutron-vpnaas-13.0.2~dev6-3.6.2 python-nova-18.2.4~dev63-3.19.3 python-octavia-3.2.2~dev8-3.19.1 python-openstack_auth-14.1.1~dev1-3.12.2 python-sahara-9.0.2~dev15-3.9.2 python-swift-2.19.2~dev48-3.3.1 supportutils-plugin-suse-openstack-cloud-9.0.1574431436.987b47d-3.6.1 venv-openstack-barbican-x86_64-7.0.1~dev24-3.15.1 venv-openstack-cinder-x86_64-13.0.9~dev11-3.15.1 venv-openstack-designate-x86_64-7.0.1~dev23-3.15.1 venv-openstack-glance-x86_64-17.0.1~dev30-3.13.1 venv-openstack-heat-x86_64-11.0.3~dev31-3.15.1 venv-openstack-horizon-x86_64-14.1.1~dev1-4.14.2 venv-openstack-ironic-x86_64-11.1.4~dev22-4.11.1 venv-openstack-keystone-x86_64-14.1.1~dev36-3.15.1 venv-openstack-magnum-x86_64-7.2.1~dev1-4.15.1 venv-openstack-manila-x86_64-7.3.1~dev15-3.15.1 venv-openstack-monasca-ceilometer-x86_64-1.8.2~dev3-3.15.1 venv-openstack-monasca-x86_64-2.7.1~dev10-3.13.1 venv-openstack-neutron-x86_64-13.0.7~dev48-6.15.1 venv-openstack-nova-x86_64-18.2.4~dev63-3.15.1 venv-openstack-octavia-x86_64-3.2.2~dev8-4.15.1 venv-openstack-sahara-x86_64-9.0.2~dev15-3.15.1 venv-openstack-swift-x86_64-2.19.2~dev48-2.10.1 References: o https://www.suse.com/security/cve/CVE-2018-17954.html o https://www.suse.com/security/cve/CVE-2019-13117.html o https://www.suse.com/security/cve/CVE-2019-16770.html o https://bugzilla.suse.com/1117080 o https://bugzilla.suse.com/1152007 o https://bugzilla.suse.com/1154235 o https://bugzilla.suse.com/1156305 o https://bugzilla.suse.com/1156914 o https://bugzilla.suse.com/1157028 o https://bugzilla.suse.com/1157206 o https://bugzilla.suse.com/1157482 o https://bugzilla.suse.com/1158581 o https://bugzilla.suse.com/1158675 o https://bugzilla.suse.com/1161351 o https://bugzilla.suse.com/1161721 - --------------------------END INCLUDED TEXT-------------------- You have received this e-mail bulletin as a result of your organisation's registration with AusCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AusCERT's members. As AusCERT did not write the document quoted above, AusCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://www.auscert.org.au/bulletins/ =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBXmnVnWaOgq3Tt24GAQgVGBAAuk75CPgysLFUpWNb6FtC17Q22LiB9Oss KjjOJ55pfBg7Z1kvI8dZP8OKnAXjeJYzheo/rN7plQtE3aLj9zLyJegjxyLNAYAL gLFViDClgGOiyaCIACoYCC/tXq2v65da07wvcSzsf+6yaxy/BxV35JKd3AivzBzC qXGWzyNG8nrRZdjdBbi1Y35zYprxb1x87Owe/xQ46p4+d2oqc7WkQs2YmYnz8bto L/KAYAr+y0+zmzQ/2AoX6I/sFj2N+YXw7MDMKIp70sbIoTtveH8tyvWdlB2Pluu0 Pxk67CJsF302e0z0S12WZ2S3qJ01n+bovxGVTgyYIJ7FW0X7Hh+CW7Izp0X2ZUbt C0IDB+zmUkqLI/+xTRuaTGW/THFXjBEQQ0Po8AGIOQKJLGIUQawJhJx4g/5VroWo DBkn1PJAyl3qiwszsZiiCoVXJ6kLgGB1XS8nGOpKqnDDhHKca0ailH1k7a+neUnx L0MKR769BQFKCEChqg2/Grzpg2hOXbFpBTtPz+MOg8kNrJ4jmURhuiMWRthZ/tmB toYojtEYcWGf+2djAWcFvhBXgWszfSGVz4r9PnBJX7NFbBoVqgWAZef0HBqlxJ3P X3qZwC2PIRQsjnAT5t97ewYnr9BV2et1oGXy9IdC9e5qnJDCVtFdDWy6rYoJHu1/ EKNmuQfd+IQ= =8fHQ -----END PGP SIGNATURE-----