Security update for openstack and python-oslo.utils
| Announcement ID: | SUSE-SU-2015:1515-1 |
| Rating: | low |
| References: | #918784 #920573 #926596 #928718 #930574 #931204 #935892 |
| Affected Products: |
An update that contains security fixes can now be installed.
Description:
This update provides the following fixes provided from the upstream
OpenStack-project:
- openstack-suse:
+ do not copy upstream python requirements to the package, we rely on
Requires; upstream requirements.txt introduce version caps which we do
not follow (bnc#920573)
- openstack-sahara:
+ Fix getting heat stack in Sahara
+ Fixed scaling with new node group with auto sg
+ Open all ports for private network for auto SG
+ Fix for getting auth url for hadoop-swift
+ Fixed auto security group cleanup in case of creation error
+ Add list of open ports for Cloudera plugin
+ Add missed files for migrations in MANIFEST.in
+ Include launch_command.py in MANIFEST.in
+ Fix requires
- openstack-keystone:
+ Updated hybrid backend to include fix for bsc#935892
+ Deal with PEP-0476 certificate chaining checking
+ Backport fixes for v3 API sample policy file (lp#1381809 and
lp#1392155).
+ Install v3 sample policy into the doc directory
+ Update hybrid backend to include latest fixes for v3 protocol
(bsc#928718)
+ backend_argument should be marked secret
+ Work with pymongo 3.0
+ Speed up memcache lock
+ Fix up _ldap_res_to_model for ldap identity backend
+ Don't try to convert LDAP attributes to boolean
+ Fix the wrong update logic of catalog kvs driver
+ Do parameter check before updating endpoint_group
+ Correct initialization order for logging to use eventlet locks
+ Fix the syntax issue on creating table `endpoint_group`
- openstack-heat:
+ Add env storing for loaded environments
+ Fix block_device_mapping property validation when using get_attr
+ Add default_client_name in Nova::FloatingIPAssoc
+ Fix cloud-init Python syntax for Python < 2.6
+ Allow lists and strings for Json parameters via provider resources
+ RandomString physical_resource_id as id not the string
+ Authenticate the domain user with id instead of username
+ Tell stevedore not to force verify requirements
+ Use properties.data when testing for "provided by the user"
+ Ship /usr/lib/heat directory in openstack-heat-engine subpackage,
since that's where plugin are loaded from.
+ Create openstack-heat-plugin-heat_docker subpackage to ship the
heat_docker plugin.
+ Fix update on failed stack
+ Enable https for keystone while creating stack user
+ Change the engine-listener topic
+ Just to delete the stack when adopt rollback
+ Release stack lock when successfully acquire
+ Add dependency on Router External Gateway property
+ Use only FIP dependencies from graph
+ Add dependency hidden on router_interface
+ Update heat.conf.sample
+ Upgrade requirements for kombu and greenlet to Juno versions
(bnc#920573)
+ Stop patching oslo.messaging private bits
- openstack-glance:
+ Eventlet green threads not released back to pool
+ Replace assert statements with proper control-flow
+ Fix intermittent unit test failures
+ Initiate deletion of image files if the import was interrupted to
prevent denial of service (bnc#918784, CVE-2014-9684)
- openstack-cinder:
+ Remove nonexistent LIO terminate_connection call
+ Disallow backing files when uploading volumes to image
+ LVM: Pass volume size in MiB to copy_volume() during volume migration
+ Remove iscsi_helper calls from base iscsi driver
+ Fix exceptions logging in iSCSI targets
+ Delete the temporary volume if migration fails
+ Get the 'consumer' in a correct way for retyping with qos-specs
+ Fix re-export of iscsi volume when using lioadm
+ Revert "Add support for customized cluster name"
+ Failed to discovery when iscsi multipath and CHAP both enabled
+ Add support for customized cluster name
+ Only use operational LIFs for iscsi target details
+ Clear migration_status from a destination volume if migration fails
+ Deal with PEP-0476 certificate chaining checking
- openstack-ceilometer:
+ Ensure unique list of consumers created
+ Add bandwidth to measurements
+ Rely on VM UUID to fetch metrics in libvirt
+ Retry to connect database when DB2 or mongodb is restarted
+ Use alarm's evaluation periods in sufficient test
+ [MongoDB] Fix bug with reconnection to new master node
+ Fix the value of query_spec.maxSample to advoid to be zero
+ Fix issue when ceilometer-expirer is called from the wrong user via
cronjob and the resulting logs end up having wrong ownership. See also
bsc#930574
+ Metering data ttl sql backend breaks resource metadata
+ Stop mocking os.path in test_setup_events_default_config
+ Move the cron job to collector package (bnc#926596)
+ Catch exception when evaluate single alarm
- python-oslo.utils:
+ Update to version 1.4.0
* Add a stopwatch + split for duration(s)
* Allow providing a logger to save_and_reraise_exception
* Utility API to generate EUI-64 IPv6 address
* Add a eventlet utils helper module
* Add microsecond support to iso8601_from_timestamp
* Update Oslo imports to remove namespace package
* Add TimeFixture
* Add microsecond support to timeutils.utcnow_ts()
- python-oslo.i18n:
+ Update to version 1.3.1
* Remove deprecation warning (bnc#931204)
* Correct the translation domain for loading messages
* Workflow documentation is now in infra-manual
* Imported Translations from Transifex
* Activate pep8 check that _ is imported
* Make clear in docs to use _LE() when using LOG.exception()
* Support building wheels (PEP-427)
- python-six:
+ Update to version 1.9.0
* Support the `flush` parameter to `six.print_`.
* Add the `python_2_unicode_compatible` decorator.
* Ensure `six.wraps` respects the *updated* and *assigned* arguments.
* Fix `six.moves` race condition in multi-threaded code.
* Add `six.view(keys|values|itmes)`, which provide dictionary views on
Python 2.7+.
* Fix add_metaclass when the class has __slots__ containing
"__weakref__" or "__dict__".
* Always accept *updated* and *assigned* arguments for wraps().
* Fix import six on Python 3.4 with a custom loader.
Patch Instructions:
To install this SUSE Security Update use YaST online_update.
Alternatively you can run the command listed for your product:
- SUSE OpenStack Cloud 5:
zypper in -t patch sleclo50sp3-openstack-201507-12074=1
To bring your system up-to-date, use "zypper patch".
Package List:
- SUSE OpenStack Cloud 5 (x86_64):
- openstack-ceilometer-2014.2.4.dev18-9.7
- openstack-ceilometer-agent-central-2014.2.4.dev18-9.7
- openstack-ceilometer-agent-compute-2014.2.4.dev18-9.7
- openstack-ceilometer-agent-ipmi-2014.2.4.dev18-9.7
- openstack-ceilometer-agent-notification-2014.2.4.dev18-9.7
- openstack-ceilometer-alarm-evaluator-2014.2.4.dev18-9.7
- openstack-ceilometer-alarm-notifier-2014.2.4.dev18-9.7
- openstack-ceilometer-api-2014.2.4.dev18-9.7
- openstack-ceilometer-collector-2014.2.4.dev18-9.7
- openstack-cinder-2014.2.4.dev19-9.7
- openstack-cinder-api-2014.2.4.dev19-9.7
- openstack-cinder-backup-2014.2.4.dev19-9.7
- openstack-cinder-scheduler-2014.2.4.dev19-9.7
- openstack-cinder-volume-2014.2.4.dev19-9.7
- openstack-glance-2014.2.4.dev5-9.5
- openstack-heat-2014.2.4.dev13-9.6
- openstack-heat-api-2014.2.4.dev13-9.6
- openstack-heat-api-cfn-2014.2.4.dev13-9.6
- openstack-heat-api-cloudwatch-2014.2.4.dev13-9.6
- openstack-heat-engine-2014.2.4.dev13-9.6
- openstack-keystone-2014.2.4.dev5-11.8
- openstack-sahara-2014.2.4.dev3-9.5
- openstack-sahara-api-2014.2.4.dev3-9.5
- openstack-sahara-engine-2014.2.4.dev3-9.5
- python-ceilometer-2014.2.4.dev18-9.7
- python-cinder-2014.2.4.dev19-9.7
- python-glance-2014.2.4.dev5-9.5
- python-heat-2014.2.4.dev13-9.6
- python-keystone-2014.2.4.dev5-11.8
- python-oslo.i18n-1.3.1-9.6
- python-oslo.utils-1.4.0-14.2
- python-oslotest-1.2.0-2.5
- python-sahara-2014.2.4.dev3-9.5
- python-six-1.9.0-9.2
- SUSE OpenStack Cloud 5 (noarch):
- openstack-ceilometer-doc-2014.2.4.dev18-9.11
- openstack-cinder-doc-2014.2.4.dev19-9.12
- openstack-glance-doc-2014.2.4.dev5-9.7
- openstack-heat-doc-2014.2.4.dev13-9.8
- openstack-keystone-doc-2014.2.4.dev5-11.12
- openstack-sahara-doc-2014.2.4.dev3-9.5
- openstack-suse-sudo-2014.2-9.2