https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c0
Summary: Update to OpenStack 2012.2.3 (including security fixes) Classification: openSUSE Product: openSUSE 12.3 Version: RC 1 Platform: Other OS/Version: Other Status: NEEDINFO Severity: Normal Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: vuntz@suse.com QAContact: qa-bugs@suse.de InfoProvider: maintenance@opensuse.org Found By: --- Blocker: ---
I'd like to update the following packages in 12.3: openstack-cinder, openstack-dashboard, openstack-glance, openstack-keystone, openstack-nova, openstack-quantum, openstack-swift.
This is an update to the 2012.2.3 release which only contains bug fixes, as well as three security fixes (in nova, glance and keystone): https://lists.launchpad.net/openstack/msg20515.html https://lists.launchpad.net/openstack/msg20517.html https://lists.launchpad.net/openstack/msg20689.html
(note that the packages have a 2012.2.4+git version; that's because we package from git, which is now tracking 2012.2.4)
At the same time, we should update openstack-quickstart (to make it work in 12.3) and python-django_openstack_auth (contains compatibility fixes for 12.3).
Here are links to the diffs:
https://build.opensuse.org/package/rdiff?opackage=openstack-cinder&oproj... https://build.opensuse.org/package/rdiff?opackage=openstack-dashboard&op... https://build.opensuse.org/package/rdiff?opackage=openstack-glance&oproj... https://build.opensuse.org/package/rdiff?opackage=openstack-keystone&opr... https://build.opensuse.org/package/rdiff?opackage=openstack-nova&oprojec... https://build.opensuse.org/package/rdiff?opackage=openstack-quantum&opro... https://build.opensuse.org/package/rdiff?opackage=openstack-swift&oproje...
https://build.opensuse.org/package/rdiff?opackage=openstack-quickstart&o... https://build.opensuse.org/package/rdiff?opackage=python-django_openstack_au...
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c1
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com InfoProvider|maintenance@opensuse.org |coolo@suse.com
--- Comment #1 from Marcus Meissner meissner@suse.com 2013-02-06 08:13:52 UTC --- Perhaps coolo can still take it.
coolo?
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c2
Stephan Kulow coolo@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW CC| |coolo@suse.com InfoProvider|coolo@suse.com |
--- Comment #2 from Stephan Kulow coolo@suse.com 2013-02-06 11:29:27 CET --- I don't want to, no.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c3
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- AssignedTo|bnc-team-screening@forge.pr |vuntz@suse.com |ovo.novell.com |
--- Comment #3 from Marcus Meissner meissner@suse.com 2013-02-06 12:17:35 UTC --- Vincent, we have to look at this post-12.3 GA freeze time then, we cannot check in real updates before that date.
There wioll probably no issues doing that then.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c4
--- Comment #4 from Vincent Untz vuntz@suse.com 2013-02-06 12:42:53 UTC --- Ok, thanks. I'll come back to this later.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c5
--- Comment #5 from Vincent Untz vuntz@suse.com 2013-02-22 14:23:35 UTC --- Just for the record, the packages now contain fixes for: CVE-2013-0208 CVE-2013-0212 CVE-2013-0247 CVE-2013-0282 CVE-2013-1664 CVE-2013-1665
They're in Cloud:OpenStack:Factory, and I can submit them whenever needed for maintenance in 12.3.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c6
Vincent Untz vuntz@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |NEEDINFO InfoProvider| |maintenance@opensuse.org
--- Comment #6 from Vincent Untz vuntz@suse.com 2013-03-07 10:37:12 UTC --- Maintenance team: are we ready to take updates for 12.3 now? On top of the security issues (the ones mentioned in comment 5 + CVE-2013-0335), the packages have some bugs that make them not work by default.
The update would cover the following packages from Cloud:OpenStack:Folsom: openstack-cinder openstack-dashboard openstack-glance openstack-keystone openstack-nova openstack-quantum openstack-quickstart openstack-swift python-cinderclient python-django_openstack_auth python-keystoneclient
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c7
Benjamin Brunner bbrunner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- InfoProvider|maintenance@opensuse.org |security-team@suse.de
--- Comment #7 from Benjamin Brunner bbrunner@suse.com 2013-03-07 15:52:39 CET --- Changed the needinfo to our security-team, because of the security-fixes. Thanks for bringing this up.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c8
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEEDINFO |NEW InfoProvider|security-team@suse.de |
--- Comment #8 from Marcus Meissner meissner@suse.com 2013-03-08 16:23:50 UTC --- yes we are ready.
please mention bnc#, CVE and patchfilenbames in the .changes as usual ;)
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Summary|Update to OpenStack |VUL-0: Update to OpenStack |2012.2.3 (including |2012.2.3 (including |security fixes) |security fixes)
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c9
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Priority|P5 - None |P3 - Medium
--- Comment #9 from Swamp Workflow Management swamp@suse.de 2013-03-08 23:00:10 UTC --- bugbot adjusting priority
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c10
Vincent Untz vuntz@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |vuntz@suse.com AssignedTo|vuntz@suse.com |security-team@suse.de
--- Comment #10 from Vincent Untz vuntz@suse.com 2013-03-11 10:33:42 UTC --- Submitted as mr#158524 to mr#158534. Note that some of these don't include any security fix but are part of the general update to get things working well.
Btw, the packages are the ones we have in Factory as of today, except for a small change in openstack-keystone and for the fact that I added a .changes entry to mention this bug.
Re-assigning to security team.
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c11
--- Comment #11 from Bernhard Wiedemann bwiedemann@suse.com 2013-03-11 12:00:08 CET --- This is an autogenerated message for OBS integration: This bug (802278) was mentioned in https://build.opensuse.org/request/show/158524 Maintenance / https://build.opensuse.org/request/show/158525 Maintenance / https://build.opensuse.org/request/show/158526 Maintenance / https://build.opensuse.org/request/show/158527 Maintenance / https://build.opensuse.org/request/show/158528 Maintenance / https://build.opensuse.org/request/show/158529 Maintenance / https://build.opensuse.org/request/show/158530 Maintenance / https://build.opensuse.org/request/show/158531 Maintenance / https://build.opensuse.org/request/show/158532 Maintenance / https://build.opensuse.org/request/show/158533 Maintenance / https://build.opensuse.org/request/show/158534 Maintenance /
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Status Whiteboard| |obs:running:1429:moderate
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c12
Marcus Meissner meissner@suse.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution| |FIXED
--- Comment #12 from Marcus Meissner meissner@suse.com 2013-03-21 16:44:50 UTC --- released
(Did we have the problem with Nova / VNC regression here too? If yes, incremental update.=)
https://bugzilla.novell.com/show_bug.cgi?id=802278
https://bugzilla.novell.com/show_bug.cgi?id=802278#c13
--- Comment #13 from Vincent Untz vuntz@suse.com 2013-03-25 09:25:41 UTC --- (In reply to comment #12)
(Did we have the problem with Nova / VNC regression here too? If yes, incremental update.=)
AFAIK, no, didn't have that.
http://bugzilla.novell.com/show_bug.cgi?id=802278
Swamp Workflow Management swamp@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|obs:running:1429:moderate |
http://bugzilla.novell.com/show_bug.cgi?id=802278
SMASH SMASH smash_bz@suse.de changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard| | | |CVSSv2:NVD:CVE-2013-0208:6. | |5:(AV:N/AC:L/Au:S/C:P/I:P/A | |:P) | |CVSSv2:RedHat:CVE-2013-0208 | |:6.5:(AV:N/AC:L/Au:S/C:P/I: | |P/A:P)
-
bugzilla_noreply@novell.com