[Bug 802278] New: Update to OpenStack 2012.2.3 (including security fixes)
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c0 Summary: Update to OpenStack 2012.2.3 (including security fixes) Classification: openSUSE Product: openSUSE 12.3 Version: RC 1 Platform: Other OS/Version: Other Status: NEEDINFO Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: vuntz@suse.com QAContact: qa-bugs@suse.de InfoProvider: maintenance@opensuse.org Found By: --- Blocker: --- I'd like to update the following packages in 12.3: openstack-cinder, openstack-dashboard, openstack-glance, openstack-keystone, openstack-nova, openstack-quantum, openstack-swift. This is an update to the 2012.2.3 release which only contains bug fixes, as well as three security fixes (in nova, glance and keystone): https://lists.launchpad.net/openstack/msg20515.html https://lists.launchpad.net/openstack/msg20517.html https://lists.launchpad.net/openstack/msg20689.html (note that the packages have a 2012.2.4+git version; that's because we package from git, which is now tracking 2012.2.4) At the same time, we should update openstack-quickstart (to make it work in 12.3) and python-django_openstack_auth (contains compatibility fixes for 12.3). Here are links to the diffs: https://build.opensuse.org/package/rdiff?opackage=openstack-cinder&oproject=openSUSE%3A12.3&package=openstack-cinder&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-dashboard&oproject=openSUSE%3A12.3&package=openstack-dashboard&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-glance&oproject=openSUSE%3A12.3&package=openstack-glance&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-keystone&oproject=openSUSE%3A12.3&package=openstack-keystone&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-nova&oproject=openSUSE%3A12.3&package=openstack-nova&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-quantum&oproject=openSUSE%3A12.3&package=openstack-quantum&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-swift&oproject=openSUSE%3A12.3&package=openstack-swift&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=openstack-quickstart&oproject=openSUSE%3A12.3&package=openstack-quickstart&project=Cloud%3AOpenStack%3AFactory https://build.opensuse.org/package/rdiff?opackage=python-django_openstack_auth&oproject=openSUSE%3A12.3&package=python-django_openstack_auth&project=Cloud%3AOpenStack%3AFactory&rev=3 -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c1 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com InfoProvider|maintenance@opensuse.org |coolo@suse.com --- Comment #1 from Marcus Meissner <meissner@suse.com> 2013-02-06 08:13:52 UTC --- Perhaps coolo can still take it. coolo? -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c2 Stephan Kulow <coolo@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |coolo@suse.com InfoProvider|coolo@suse.com | --- Comment #2 from Stephan Kulow <coolo@suse.com> 2013-02-06 11:29:27 CET --- I don't want to, no. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c3 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |vuntz@suse.com |ovo.novell.com | --- Comment #3 from Marcus Meissner <meissner@suse.com> 2013-02-06 12:17:35 UTC --- Vincent, we have to look at this post-12.3 GA freeze time then, we cannot check in real updates before that date. There wioll probably no issues doing that then. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c4 --- Comment #4 from Vincent Untz <vuntz@suse.com> 2013-02-06 12:42:53 UTC --- Ok, thanks. I'll come back to this later. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c5 --- Comment #5 from Vincent Untz <vuntz@suse.com> 2013-02-22 14:23:35 UTC --- Just for the record, the packages now contain fixes for: CVE-2013-0208 CVE-2013-0212 CVE-2013-0247 CVE-2013-0282 CVE-2013-1664 CVE-2013-1665 They're in Cloud:OpenStack:Factory, and I can submit them whenever needed for maintenance in 12.3. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c6 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |maintenance@opensuse.org --- Comment #6 from Vincent Untz <vuntz@suse.com> 2013-03-07 10:37:12 UTC --- Maintenance team: are we ready to take updates for 12.3 now? On top of the security issues (the ones mentioned in comment 5 + CVE-2013-0335), the packages have some bugs that make them not work by default. The update would cover the following packages from Cloud:OpenStack:Folsom: openstack-cinder openstack-dashboard openstack-glance openstack-keystone openstack-nova openstack-quantum openstack-quickstart openstack-swift python-cinderclient python-django_openstack_auth python-keystoneclient -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c7 Benjamin Brunner <bbrunner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|maintenance@opensuse.org |security-team@suse.de --- Comment #7 from Benjamin Brunner <bbrunner@suse.com> 2013-03-07 15:52:39 CET --- Changed the needinfo to our security-team, because of the security-fixes. Thanks for bringing this up. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c8 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de | --- Comment #8 from Marcus Meissner <meissner@suse.com> 2013-03-08 16:23:50 UTC --- yes we are ready. please mention bnc#, CVE and patchfilenbames in the .changes as usual ;) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|Update to OpenStack |VUL-0: Update to OpenStack |2012.2.3 (including |2012.2.3 (including |security fixes) |security fixes) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c9 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium --- Comment #9 from Swamp Workflow Management <swamp@suse.de> 2013-03-08 23:00:10 UTC --- bugbot adjusting priority -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c10 Vincent Untz <vuntz@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |vuntz@suse.com AssignedTo|vuntz@suse.com |security-team@suse.de --- Comment #10 from Vincent Untz <vuntz@suse.com> 2013-03-11 10:33:42 UTC --- Submitted as mr#158524 to mr#158534. Note that some of these don't include any security fix but are part of the general update to get things working well. Btw, the packages are the ones we have in Factory as of today, except for a small change in openstack-keystone and for the fact that I added a .changes entry to mention this bug. Re-assigning to security team. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c11 --- Comment #11 from Bernhard Wiedemann <bwiedemann@suse.com> 2013-03-11 12:00:08 CET --- This is an autogenerated message for OBS integration: This bug (802278) was mentioned in https://build.opensuse.org/request/show/158524 Maintenance / https://build.opensuse.org/request/show/158525 Maintenance / https://build.opensuse.org/request/show/158526 Maintenance / https://build.opensuse.org/request/show/158527 Maintenance / https://build.opensuse.org/request/show/158528 Maintenance / https://build.opensuse.org/request/show/158529 Maintenance / https://build.opensuse.org/request/show/158530 Maintenance / https://build.opensuse.org/request/show/158531 Maintenance / https://build.opensuse.org/request/show/158532 Maintenance / https://build.opensuse.org/request/show/158533 Maintenance / https://build.opensuse.org/request/show/158534 Maintenance / -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1429:moderate -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c12 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED --- Comment #12 from Marcus Meissner <meissner@suse.com> 2013-03-21 16:44:50 UTC --- released (Did we have the problem with Nova / VNC regression here too? If yes, incremental update.=) -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=802278 https://bugzilla.novell.com/show_bug.cgi?id=802278#c13 --- Comment #13 from Vincent Untz <vuntz@suse.com> 2013-03-25 09:25:41 UTC --- (In reply to comment #12)
(Did we have the problem with Nova / VNC regression here too? If yes, incremental update.=)
AFAIK, no, didn't have that. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=802278 Swamp Workflow Management <swamp@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:1429:moderate | -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=802278 SMASH SMASH <smash_bz@suse.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | | |CVSSv2:NVD:CVE-2013-0208:6. | |5:(AV:N/AC:L/Au:S/C:P/I:P/A | |:P) | |CVSSv2:RedHat:CVE-2013-0208 | |:6.5:(AV:N/AC:L/Au:S/C:P/I: | |P/A:P) -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com