Meta bug for tracking Openstack 2012.2.3 Stable Update

Bug #1116671 reported by Adam Gandelman
20
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
Fix Released
Undecided
Unassigned
cinder (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
glance (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
horizon (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
keystone (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
nova (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned
quantum (Ubuntu)
Invalid
Undecided
Unassigned
Quantal
Fix Released
Undecided
Unassigned

Bug Description

This is a meta-bug used for tracking progress of the 2012.2.3 Folsom stable update to Nova, Horizon, Keystone, Glance, Cinder and Quantum.

Note: Original proposed SRU was rebased to include relevant security updates applied to packages already released to the Ubuntu Archive.

------------------------------------------------------------------------------

 cinder (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
 .
   * Re-sync with latest security updates.
   * SECURITY UPDATE: fix denial of service
     - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
       and update external API facing Cinder modules to use it
     - CVE-2013-1664
 .
 cinder (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
 .
   * Resynchronize with stable/folsom (a8caa79f) (LP: #1116671):
     - [cdf6c13] Root wrap tools used by NFS volume driver LP: 1087282

------------------------------------------------------------------------------

 glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
 .
   * Resync with latest security update.
   * SECURITY UPDATE: fix information disclosure via Glance v1 API
     - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
       not show image_meta['location']
     - CVE-2013-1840
 .
 glance (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
 .
   * Dropped patches, applied upstream:
     - debian/patches/CVE-2013-0212.patch: [96a470b]
   * Resynchronize with stable/folsom (98d9928a) (LP: #1116671):
     - [96a470b] glance image-download can display backend Swift password
     - [4c96080] install throws errors about SADeprecationWarning LP: 925609
     - [bca6e26] wsgi.Middleware forward-compatibility with webob 1.2b1 or later
     - [5e5e722] Supplied image size should be verified against actual size
       LP: 1092584
     - [514b4b4] silent failure when loading the paste deploy app LP: 1091294

------------------------------------------------------------------------------

 horizon (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
 .
   * Resynchronize with stable/folsom (f421145b) (LP: #1116671):
     - [20fa0fc] EC2 panel shouldn't be visible when the EC2 service isn't
       enabled LP: 1102411
     - [0b1c553] Server error pages are broken LP: 1067206
     - [476072d] login not possible if not service "volume" defined on keystone
       LP: 1084137
     - [ebc5e6d] Quota tally not handling unlimited values correctly LP: 1084976
     - [e19a218] Unable to set unlimited quotas in Horizon LP: 1082489
     - [2f959c6] The css class td.actions_column's width is not enough
       LP: 1081875
     - [817d628] Revert "Temp fix for api/keystone.py"
     - [9060885] Can not display usage data for Quota Summary (LP: #1055929)
   * debian/static/openstack-dashboard: Recompress static JS and CSS based on
     changes applied upstream in stable/folsom.

------------------------------------------------------------------------------

 keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low
 .
   * Resync with latest security updates.
   * SECURITY UPDATE: fix PKI revocation bypass
     - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
     - CVE-2013-1865
   * SECURITY UPDATE: fix EC2-style authentication for disabled users
     - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
       to ensure user and tenant are enabled in EC2
     - CVE-2013-0282
   * SECURITY UPDATE: fix denial of service
     - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
     - CVE-2013-1664
     - CVE-2013-1665
 .
 keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu1) quantal-proposed; urgency=low
 .
   [ Adam Gandelman ]
   * Dropped patches, applied upstream:
     - debian/patches/CVE-2013-0247.patch: [bb2226f]
   * Resynchronize with stable/folsom (82c87e56) (LP: #1116671):
     - [bb2226f] Add size validations for /tokens.
     - [ec7b94d] Non-API specific 404 exposes traceback LP: 1089987
     - [70e55f9] SQL backend fails if not all URL are defined in an endpoint
       LP: 1061736
     - [6c95b73] Unparseable endpoint URL's should raise a user friendly error
       LP: 1058494
     - [9e300b7] Test 0.2.0 keystoneclient to avoid new deps
     - [ec06625] serviceCatalog is dict in the case of no endpoints LP: 1087405
 .
   [ Chuck Short ]
   * debian/patches/fix-ubuntu-tests.patch: Refreshed.

------------------------------------------------------------------------------
 nova (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
 .
   * Re-sync with latest security updates.
   * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
     - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
     - CVE-2013-1838
   * SECURITY UPDATE: fix VNC token validation
     - debian/patches/CVE-2013-0335.patch: force console auth service to flush
       all tokens associated with an instance when it is deleted
     - CVE-2013-0335
   * SECURITY UPDATE: fix denial of service
     - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
       and update external API facing Nova modules to use it
     - CVE-2013-1664
 .
 nova (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
 .
   * Dropped patches, applied upstream:
     - debian/patches/CVE-2013-0208.patch: [317cc0a]
   * Resynchronize with stable/folsom (e5d0f4b9) (LP: #1116671):
     - [317cc0a] No authentication on block device used for os-volume_boot
       LP: 1069904
     - [6241f91] Include error message in instance faults LP: 1013350
     - [5a66812] Rapidly removing a floating ip can leave behind nat rules
       LP: 1092762
     - [133a040] remove session parameter from fixed_ip_get
     - [03200fe] init host crashes if instance cannot be resumed LP: 1100430
     - [cf67f3b] Unable to assign a specific IP address to a Quantum port
       LP: 1094897
     - [fcaab43] No handler for NFS volume LP: 1087252
     - [796216e] plug_vifs() not called for each instance when nova compute is
       started LP: 1083784
     - [b3c2f61] resource tracker reporting strange values in AUDIT logs
       LP: 1092418
     - [1789d26] Libvirt driver misses out some CPU flags on old libvirt
       LP: 1099527
     - [eff17b4] nova aggregate-create returns unclear error to user LP: 1083353
     - [63fd557] os-hosts extension's show method cannot find host which has '.'
       in host-name (or host name is dotted quad) LP: 1027788
     - [f864a4e] Folsom - Absolute limit parameters totalKeyPairsUsed and
       totalSecurityGroupsUsed values area not incremented when keypair and
       security group created LP: 1062049
     - [4bfc8f1] KVM guests networking issues with no virbr0 and with vhost_net
       kernel modules loaded (LP: #1029430)
     - [f9eacd4] Qemu-img does not handle snapshot list LP: 1070088

------------------------------------------------------------------------------

 quantum (2012.2.3-0ubuntu2) quantal-proposed; urgency=low
 .
   * debian/quantum-common.install: Install the quantum-ovs-cleanup script
     that was backported to stable/folsom (LP: #1116671).
 .
 quantum (2012.2.3-0ubuntu1) quantal-proposed; urgency=low
 .
   * Resynchronize with stable/folsom (d2a85e65) (LP: #1116671):
     - [a84ba7e] Quantum port update invokes invalid method LP: 1109001
     - [b56c2c9] Linuxbridge plugin: when admin status is set to False, port
       status is still ACTIVE LP: 1099065
     - [fe0ae7a] OVS cleanup utility does not use the correct root_helper
       LP: 1105193
     - [1a24b68] quantum server does not honor default_notification_level
       LP: 1089773
     - [24244c1] Gateway validation on subnet LP: 1096532
     - [2730e47] tenant cannot set his router's gateway port on an external
       network owned by other tenant LP: 1087243
     - [4c9326a] Invalid output when deleting a subnet with a port attached
       LP: 1093754
     - [9f1bf8d] quantum-plugin-nicira miss a dependency (LP: #1097451)
     - [579727a] ipallocationpools remains after subnet deletion LP: 1091946
     - [5f8dd88] Printing a list of networks terminates with exception
       LP: 1093637
     - [9c3812f] Update router gateway successful with existed floatingip
       association LP: 1081877
     - [5df31af] quantum-dhcp-agent should pass --conf-file with no argument to
       dnsmasq when no configure file specified instead not pass --conf-file at
       all LP: 1094183
     - [88261ce] the local vairable physical_network should be
       alloc.physical_network LP: 1091664
     - [43ece8f] Internal interfaces defined via OVS are not brought up properly
       after a reboot LP: 1091605
     - [a587abc] no check prevents deletion of router interface needed by a
       floating ip LP: 1081325
     - [d973a35] Pin pep8 to v1.3.3.
     - [19b5904] DHCP agent does not listen on a unique queue LP: 1084621
     - [0e05ddd] dhcp.filters needs ovs_vsctl permission LP: 1090072
     - [16e128c] Bump next version to 2012.2.3
     - [30572ac] Quantum-l3-agent leaves multiple NAT rules for same floating IP
       LP: 1083990
     - [01ea272] delete router fails with internal sever error when floatingip
       association remains LP: 1080638
     - [8017d09] Fix rpc control_exchange regression.
   * debian/patches/fix-ubuntu-tests.patch: Refreshed, added skipTests for
     linuxbridge tests that attempt to setup udev monitors.

------------------------------------------------------------------------------

description: updated
Changed in cinder (Ubuntu):
status: New → Invalid
Changed in glance (Ubuntu):
status: New → Invalid
Changed in horizon (Ubuntu):
status: New → Invalid
Changed in keystone (Ubuntu):
status: New → Invalid
Changed in nova (Ubuntu):
status: New → Invalid
Changed in quantum (Ubuntu):
status: New → Invalid
Changed in cinder (Ubuntu Quantal):
status: New → Confirmed
Changed in glance (Ubuntu Quantal):
status: New → Confirmed
Changed in horizon (Ubuntu Quantal):
status: New → Confirmed
Changed in keystone (Ubuntu Quantal):
status: New → Confirmed
Changed in nova (Ubuntu Quantal):
status: New → Confirmed
Changed in quantum (Ubuntu Quantal):
status: New → Confirmed
Changed in cloud-archive:
status: New → Confirmed
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Please test proposed package

Hello Adam, or anyone else affected,

Accepted cinder into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/cinder/2012.2.3-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cinder (Ubuntu Quantal):
status: Confirmed → Fix Committed
tags: added: verification-needed
Changed in glance (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Adam, or anyone else affected,

Accepted glance into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/glance/2012.2.3-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in horizon (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Adam, or anyone else affected,

Accepted horizon into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/horizon/2012.2.3-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in keystone (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Adam, or anyone else affected,

Accepted keystone into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in nova (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Adam, or anyone else affected,

Accepted nova into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nova/2012.2.3-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in quantum (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Clint Byrum (clint-fewbar) wrote :

Hello Adam, or anyone else affected,

Accepted quantum into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/quantum/2012.2.3-0ubuntu1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Filipe Manco (fmanco) wrote :

Hello

I have installed 2012.2.3 from the proposed repository on Ubuntu 12.10 in order to test the solution to Bug #1091605.

After I install the packages I can't see the file /usr/bin/quantum-ovs-cleanup. In fact I can't find it in any package. Shouldn't it be available?

Thanks

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Thanks for spotting this, Filipe. Yes, the stable/folsom packaging needs to be updated to also include the newly added quantum-ovs-cleanup script. We're currently including this file in Raring as part of the quantum-common package. We should do the same for quantal.

Revision history for this message
Dave Walker (davewalker) wrote :

I have removed this package from quantal-proposed as it has been superseded by a security upload (with a lower version). Please re-base and upload this SRU. Thanks.

Changed in cinder (Ubuntu Quantal):
status: Fix Committed → Confirmed
status: Confirmed → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

(just nova)

Changed in nova (Ubuntu Quantal):
status: Fix Committed → Confirmed
Changed in cinder (Ubuntu Quantal):
status: Fix Committed → Confirmed
Changed in glance (Ubuntu Quantal):
status: Fix Committed → Confirmed
Changed in keystone (Ubuntu Quantal):
status: Fix Committed → Confirmed
Revision history for this message
Dave Walker (davewalker) wrote :

To confirm, the packages removed - that need to be rebased are nova, cinder, glance & keystone. The remaining two, Horizon and Quantum are unaffected.

Thanks.

Revision history for this message
Dave Walker (davewalker) wrote :

Hello Adam, or anyone else affected,

Accepted cinder into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/cinder/2012.2.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in cinder (Ubuntu Quantal):
status: Confirmed → Fix Committed
Changed in nova (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

Hello Adam, or anyone else affected,

Accepted nova into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/nova/2012.2.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in glance (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

Hello Adam, or anyone else affected,

Accepted glance into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/glance/2012.2.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in keystone (Ubuntu Quantal):
status: Confirmed → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

Hello Adam, or anyone else affected,

Accepted keystone into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/keystone/2012.2.3+stable-20130206-82c87e56-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Dave Walker (davewalker) wrote :

Marking back to confirmed, as quantum 2012.2.3-0ubuntu1 needs to be superseded by quantum 2012.2.3-0ubuntu1 (as identified earlier in the report.) Thanks.

Changed in quantum (Ubuntu Quantal):
status: Fix Committed → Confirmed
status: Confirmed → Fix Committed
Revision history for this message
Dave Walker (davewalker) wrote :

Hello Adam, or anyone else affected,

Accepted quantum into quantal-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/quantum/2012.2.3-0ubuntu2 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Revision history for this message
Adam Gandelman (gandelman-a) wrote : Verification report.

Please find the attached test log from the Ubuntu Server Team's CI infrastructure. As part of the verification process for this bug, the OpenStack components have been deployed and configured across multiple nodes using quantal-proposed as an installation source. After successful bring-up and configuration of the cluster, a number of exercises and smoke tests have be invoked to ensure the updated package did not introduce any regressions. A number of test iterations were carried out to catch any possible transient errors.

These proposed packages were deployed and tested in several different configurations. Attached are tarballs with various test logs from each configuration. In addition to the base components, variables in deployments include:

quantal_folsom.tar: nova-network (FlatDHCP), glance (Ceph backend), cinder (Ceph backend),
quantal_folsom_nova-volume.tar: nova-network (FlatDHCP), glance (local file), nova-volume (iSCSI backend)
quantal_folsom_quantum.tar: quantum (OVS plugin), glance (Ceph backend), nova-volume (Ceph backend)

Please note the versions_tested file in each tarball, which contains details about relevant package versions installed and tested.

As per the provisional Micro Release Exception granted to this package by the Technical Board, we hope this contributes toward verification of this update.

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Test coverage log.

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Test coverage log.

Revision history for this message
Adam Gandelman (gandelman-a) wrote :

Test coverage log.

tags: added: verification-done
removed: verification-needed
description: updated
Revision history for this message
Clint Byrum (clint-fewbar) wrote : Update Released

The verification of this Stable Release Update has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regresssions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package horizon - 2012.2.3-0ubuntu1

---------------
horizon (2012.2.3-0ubuntu1) quantal-proposed; urgency=low

  * Resynchronize with stable/folsom (f421145b) (LP: #1116671):
    - [20fa0fc] EC2 panel shouldn't be visible when the EC2 service isn't
      enabled LP: 1102411
    - [0b1c553] Server error pages are broken LP: 1067206
    - [476072d] login not possible if not service "volume" defined on keystone
      LP: 1084137
    - [ebc5e6d] Quota tally not handling unlimited values correctly LP: 1084976
    - [e19a218] Unable to set unlimited quotas in Horizon LP: 1082489
    - [2f959c6] The css class td.actions_column's width is not enough
      LP: 1081875
    - [817d628] Revert "Temp fix for api/keystone.py"
    - [9060885] Can not display usage data for Quota Summary (LP: #1055929)
  * debian/static/openstack-dashboard: Recompress static JS and CSS based on
    changes applied upstream in stable/folsom.
 -- Adam Gandelman <email address hidden> Tue, 05 Feb 2013 14:06:12 -0400

Changed in horizon (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package glance - 2012.2.3-0ubuntu2

---------------
glance (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security update.
  * SECURITY UPDATE: fix information disclosure via Glance v1 API
    - debian/patches/CVE-2013-1840.patch: adjust api/middleware/cache.py to
      not show image_meta['location']
    - CVE-2013-1840
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:48:52 +0000

Changed in glance (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package quantum - 2012.2.3-0ubuntu2

---------------
quantum (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * debian/quantum-common.install: Install the quantum-ovs-cleanup script
    that was backported to stable/folsom (LP: #1116671).

quantum (2012.2.3-0ubuntu1) quantal-proposed; urgency=low

  * Resynchronize with stable/folsom (d2a85e65) (LP: #1116671):
    - [a84ba7e] Quantum port update invokes invalid method LP: 1109001
    - [b56c2c9] Linuxbridge plugin: when admin status is set to False, port
      status is still ACTIVE LP: 1099065
    - [fe0ae7a] OVS cleanup utility does not use the correct root_helper
      LP: 1105193
    - [1a24b68] quantum server does not honor default_notification_level
      LP: 1089773
    - [24244c1] Gateway validation on subnet LP: 1096532
    - [2730e47] tenant cannot set his router's gateway port on an external
      network owned by other tenant LP: 1087243
    - [4c9326a] Invalid output when deleting a subnet with a port attached
      LP: 1093754
    - [9f1bf8d] quantum-plugin-nicira miss a dependency (LP: #1097451)
    - [579727a] ipallocationpools remains after subnet deletion LP: 1091946
    - [5f8dd88] Printing a list of networks terminates with exception
      LP: 1093637
    - [9c3812f] Update router gateway successful with existed floatingip
      association LP: 1081877
    - [5df31af] quantum-dhcp-agent should pass --conf-file with no argument to
      dnsmasq when no configure file specified instead not pass --conf-file at
      all LP: 1094183
    - [88261ce] the local vairable physical_network should be
      alloc.physical_network LP: 1091664
    - [43ece8f] Internal interfaces defined via OVS are not brought up properly
      after a reboot LP: 1091605
    - [a587abc] no check prevents deletion of router interface needed by a
      floating ip LP: 1081325
    - [d973a35] Pin pep8 to v1.3.3.
    - [19b5904] DHCP agent does not listen on a unique queue LP: 1084621
    - [0e05ddd] dhcp.filters needs ovs_vsctl permission LP: 1090072
    - [16e128c] Bump next version to 2012.2.3
    - [30572ac] Quantum-l3-agent leaves multiple NAT rules for same floating IP
      LP: 1083990
    - [01ea272] delete router fails with internal sever error when floatingip
      association remains LP: 1080638
    - [8017d09] Fix rpc control_exchange regression.
  * debian/patches/fix-ubuntu-tests.patch: Refreshed, added skipTests for
    linuxbridge tests that attempt to setup udev monitors.
 -- Adam Gandelman <email address hidden> Fri, 01 Mar 2013 11:12:34 -0800

Changed in quantum (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package nova - 2012.2.3-0ubuntu2

---------------
nova (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Re-sync with latest security updates.
  * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
    - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
    - CVE-2013-1838
  * SECURITY UPDATE: fix VNC token validation
    - debian/patches/CVE-2013-0335.patch: force console auth service to flush
      all tokens associated with an instance when it is deleted
    - CVE-2013-0335
  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Nova modules to use it
    - CVE-2013-1664
 -- James Page <email address hidden> Fri, 22 Mar 2013 12:40:07 +0000

Changed in nova (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package keystone - 2012.2.3+stable-20130206-82c87e56-0ubuntu2

---------------
keystone (2012.2.3+stable-20130206-82c87e56-0ubuntu2) quantal-proposed; urgency=low

  * Resync with latest security updates.
  * SECURITY UPDATE: fix PKI revocation bypass
    - debian/patches/CVE-2013-1865.patch: validate tokens from the backend
    - CVE-2013-1865
  * SECURITY UPDATE: fix EC2-style authentication for disabled users
    - debian/patches/CVE-2013-0282.patch: adjust keystone/contrib/ec2/core.py
      to ensure user and tenant are enabled in EC2
    - CVE-2013-0282
  * SECURITY UPDATE: fix denial of service
    - debian/patches/CVE-2013-1664+1665.patch: disable XML entity parsing
    - CVE-2013-1664
    - CVE-2013-1665
 -- James Page <email address hidden> Fri, 22 Mar 2013 12:02:56 +0000

Changed in keystone (Ubuntu Quantal):
status: Fix Committed → Fix Released
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package cinder - 2012.2.3-0ubuntu2

---------------
cinder (2012.2.3-0ubuntu2) quantal-proposed; urgency=low

  * Re-sync with latest security updates.
  * SECURITY UPDATE: fix denial of service
    - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
      and update external API facing Cinder modules to use it
    - CVE-2013-1664
 -- James Page <email address hidden> Fri, 22 Mar 2013 11:43:38 +0000

Changed in cinder (Ubuntu Quantal):
status: Fix Committed → Fix Released
Changed in cloud-archive:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.