ubuntu/+source/neutron:ubuntu/trusty-security

Last commit made on 2014-11-11
Get this branch:
git clone -b ubuntu/trusty-security https://git.launchpad.net/ubuntu/+source/neutron
Members of Ubuntu Server Dev import team can upload to this branch. Log in for directions.

Branch merges

Branch information

Name:
ubuntu/trusty-security
Repository:
lp:ubuntu/+source/neutron

Recent commits

271fb73... by Marc Deslauriers on 2014-10-21

Import patches-unapplied version 1:2014.1.3-0ubuntu1.1 to ubuntu/trusty-security

Imported using git-ubuntu import.

Changelog parent: 0c28417bdb3b20c1c43a4eeb7eab8e74966b5de7

New changelog entries:
  * No change rebuild for security:
    - [dd4b77f] Forbid regular users to reset admin-only attrs to default values
      + CVE-2014-6414
      + LP: #1357379

0c28417... by Chuck Short on 2014-10-06

Import patches-unapplied version 1:2014.1.3-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7a47a0a69f83a44df136d6ada670a949e2d5d148

New changelog entries:
  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (4a0210e) (LP: #1377136):
    - [3a30d19] Deletes floating ip related connection states
    - [dd4b77f] Forbid regular users to reset admin-only attrs to default values
    - [dc2c893] Add delete operations for the ODL MechanismDriver
    - [b51e2c7] Add missing ml2 plugin to migration 1fcfc149aca4
    - [a17a500] Don't convert numeric protocol values to int
    - [3a85946] NSX: Optionally not enforce nat rule match length check
    - [645f984] Don't spawn metadata-proxy for non-isolated nets
    - [b464d89] Big Switch: Check for 'id' in port before lookup
    - [3116ffa] use TRUE in SQL for boolean var
    - [3520e66] call security_groups_member_updated in port_update
    - [50e1534] Don't allow user to set firewall rule with port and no protocol
    - [0061533] BSN: Add context to backend request for debugging
    - [6de6d61] Improve ODL ML2 Exception Handling
    - [2a4153d] Send network name and uuid to subnet create
    - [b5e3c9a] BSN: Allow concurrent reads to consistency DB
    - [b201432] Big Switch: Retry on 503 errors from backend
    - [f6c47ee] NSX: log request body to NSX as debug
    - [97d622a] Fix metadata agent's auth info caching
    - [255df45] NSX: Correct allowed_address_pair return value on create_port
    - [5bea041] Neutron should not use the neutronclient utils module for import_class
    - [d5314e2] Cisco N1kv plugin to send subtype on network profile creation
    - [f32d1ce] Pass object to policy when finding fields to strip
    - [8b5f6be] Call policy.init() once per API request
    - [9a6d811] Perform policy checks only once on list responses
    - [c48db90] Datacenter moid should not be tuple
    - [161d465] Allow unsharing a network used as gateway/floatingip
    - [9574a2f] Add support for router scheduling in Cisco N1kv Plugin
    - [6f54565] Fix func job hook script permission problems
    - [ea43103] Add hook scripts for the functional infra job
    - [8161cb7] Fixes Hyper-V agent issue on Hyper-V 2008 R2
    - [8e99cfd] Fixes Hyper-V issue due to ML2 RPC versioning
    - [69f9121] Ensure ip6tables are used only if ipv6 is enabled in kernel
    - [399b809] Remove explicit dependency on amqplib
    - [a872143] Clear entries in Cisco N1KV specific tables on rollback
    - [ad82fad] Verify ML2 type driver exists before calling del
    - [af2cc98] Big Switch: Only update hash header on success
    - [b1e5eec] Ignore variable column widths in ovsdb functional tests
    - [4a0210e] VMWare: don't notify on disassociate_floatingips()

7a47a0a... by Corey Bryant on 2014-08-08

Import patches-unapplied version 1:2014.1.2-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 7df5a2c9b96063b29d9765c70b512151f040e865

New changelog entries:
  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (5db494d) (LP: #1354159):
    - [1d4a3e3] Add dsvm-functional tox env to fix functional job
    - [c19633d] Fix deprecated opt in haproxy driver
    - [2c762be] Add configurable http_timeout parameter for Cisco N1K
    - [9c94d96] Avoid notifying while inside transaction opened in delete_port()
    - [f9379ef] BSN: Remove db lock and add missing contexts
    - [bea1e2d] Set python hash seed to 0 in tox.ini
    - [f427754] Big Switch: Remove consistency hash on full sync
    - [3ad288d] Add -s option for neutron metering rules
    - [231010b] Do not mark device as processed if it wasn't
    - [72edc13] Big Switch: Lock consistency table for REST calls
    - [b65c036] NSX: fix router ports port_security_enabled=False
    - [9dcc476] NSX: Remove unneed call to _ensure_default_security_group
    - [2ce59ec] Added support for NOS version 4.1.0, 5.0.0 and greater
    - [2c4828e] no quota for allowed address pair
    - [46a37e2] NSX: neutron router-interface-add should clear security-groups
    - [5d0d72b] Control update, delete for cisco-network-profile
    - [0459a6a] NSX: return 400 if dscp set for trusted queue
    - [d880134] Fix typo in ml2 configuration file
    - [fb40f65] Register LBaaS resources to quotas engine
    - [0cb4aaa] Make plugin deallocation check optional
    - [478f487] Ensure core plugin deallocation after every test
    - [ea5ecf9] OVS agent: Correct bridge setup ordering
    - [98ef1bc] Fixed dhcp & gateway ip conflict in PLUMgrid plugin
    - [38bf2be] Exit rpc_loop when SIGTERM is recieved in ovs-agent
    - [67ef62d] NSX sync cache: add a flag to skip item deletion
    - [d2c11e5] OFAgent: Avoid processing ports which are not yet ready
    - [c02763a] OFAgent: Fixing lost vlan ids on interfaces
    - [8d56f44] OFAgent: Improve handling of security group updates
    - [63d3a54] OFAgent: Avoid re-wiring ports unnecessarily
    - [8131a2e] Synced jsonutils from oslo-incubator
    - [33992c8] Brocade mechanism driver depends on the brocade plugin templates
    - [1da7abd] ofagent: Fix VLAN usage for TYPE_FLAT and TYPE_VLAN
    - [2a79749] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
    - [45281bb] Brocade mechanism driver should be derived from ML2 plugin base class
    - [3eeda2c] Add missing keyword raise to get_profile_binding function
    - [e517da2] Big Switch: Remove unnecessary initialization code
    - [2f65656] ovs-agent: Ensure integration bridge is created
    - [0324965] remove token from notifier middleware
    - [6d62c91] Big Switch: Add missing data to topology sync
    - [fac71fe] Added missing core_plugins symbolic names
    - [505f902] Big Switch: Catch exceptions in watchdog thread
    - [ac90f9b] Segregate the VSM calls from database calls in N1kv plugin
    - [86e4b80] Fix network profile subtype validation in N1kv plugin
    - [24f2460] ofagent: Add a missing push_vlan action
    - [50408e6] OFA agent: use hexadecimal IP address in tunnel port name
    - [f0af041] Big Switch: Call correct method in watchdog
    - [71097a0] Check DB scheme prior to migration to Ml2
    - [db7f8a7] ofa_neutron_agent: Fix _phys_br_block_untranslated_traffic
    - [d5d345b] Fix race condition with firewall deletion
    - [ce712b2] Metadata agent caches networks for routers
    - [cac3aa8] Ensure routing key is specified in the address for a direct producer
    - [5e0ea72] Default to setting secure mode on the integration bridge
    - [77d8da1] OVS and OF Agents: Create updated_ports attribute before setup_rpc
    - [9268ea6] OFAgent: Process port_update notifications in the main agent loop
    - [9124db5] Remove RPC to plugin when dhcp sets default route
    - [6fd5a20] Improve iptables_manager _modify_rules() method
    - [5285164] Big Switch: fix capabilities retrieval code
    - [ca7ed8f] OVS Agent: limit veth names to 15 chars
    - [7d76335] NSX: Fix request_id in api_client to increment
    - [583db13] NSX: fix tenant_id passed as security_profile_id
    - [066760e] LBaaS add missing rootwrap filter for route
    - [cd7a622] Do not defer IPTables apply in firewall path
    - [315319c] BSN: Set hash header to empty instead of False
    - [5d9a034] Remove function replacement with mock patch
    - [a4b467d] NSX: fix bug for flat provider network
    - [96e580d] Wrong key router.interface reported by ceilometer
    - [9ce5ef3] Common decorator for caching methods
    - [f3fa89f] Fixes Hyper-V agent security groups disabling
    - [6fe2596] Fixes Hyper-V agent security group ICMP rules
    - [5db494d] Add support for multiple RPC workers under Metaplugin
  * d/p/disable-failing-metaplugin-tests.patch: Dropped.
  * d/p/skip-lb-test.patch: Dropped.
  [ James Page ]
  * d/watch: Point to tarballs.openstack.org for release artifacts.

7df5a2c... by Jamie Strandboge on 2014-06-18

Import patches-unapplied version 1:2014.1.1-0ubuntu2 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 3b154e6c31ab1cbd1426551cfe6234d41e182095

New changelog entries:
  [ Corey Bryant ]
  * Resynchronize with stable/icehouse (54ac82b) (LP: #1328134):
    - [2b42dd3] Handle errors from run_ofctl() when dumping flows
    - [d00446b] Reprogram flows when ovs-vswitchd restarts
    - [8d3026b] Added missing plugin .ini files to setup.cfg
    - [072bbc0] NEC plugin: Bump L3RPC callback version to 1.1
    - [47a4954] Remove List events API from Cisco N1kv Neutron
    - [28a26db] Install SNAT rules for ipv4 only
    - [5bdea2d] Use os.uname() instead of calling uname in subprocess
    - [48bc7db] Replace loopingcall in notifier with a delayed send
    - [66eeda2] Explicitly import state_path opt in tests.base
    - [f1b0607] NSX: allow net-migration only in combined mode
    - [8abb05c] NSX: do not raise on missing router during migration step
    - [4c945dd] NSX: fix error when creating VM ports on subnets without dhcp
    - [efa4f28] OVS lib defer apply doesn't handle concurrency
    - [bc30b52] NSX: ensure that no LSN is created on external networks
    - [2bcc7bf] NSX: pass the right argument during metadata setup
    - [26a591a] Big Switch: Check source_address attribute exists
    - [74a9365] L3 RPC loop could delete a router on concurrent update
    - [2a7164a] Optimize querying for security groups
    - [bac4389] set api.extensions logging to ERROR in unit tests
    - [d1ab56d] Make default nova_url use a version
    - [2c56e14] NSX: fix API payloads for dhcp/metadata setup
    - [f217479] NSX: fix migration for networks without a subnet
    - [bf281cd] NSX: change api mapping for Service Cluster to Edge Cluster
    - [7225e2b] NSX: add nsx switch lookup to dhcp and metadata operations
    - [b922aa7] Fixed floating IP logic in PLUMgrid plugin
    - [84650f8] IBM: set secret=True on passwd config field
    - [c5040b4] Update ensure()/reconnect() to catch MessagingError
    - [e0deffc] NSX: Fix fake_api_client to raise NotFound
    - [42a8539] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
    - [68a24e5] Validate CIDR given as ip-prefix in security-group-rule-create
    - [8991aa6] gw_port should be set as lazy='join'
    - [54ac82b] NSX: ensure dhcp port is setup on metadata network
  [ Jamie Strandboge ]
  * SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
    neutron-rootwrap
    - CVE-2013-6433 (LP: #1185019)

3b154e6... by James Page on 2014-04-17

Import patches-unapplied version 1:2014.1-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: ad35311900fc8dc3f183d0d541e4ea10cd0b6f95

New changelog entries:
  [ Chuck Short ]
  * New upstream release (LP: #1288245).

ad35311... by James Page on 2014-04-14

Import patches-unapplied version 1:2014.1~rc2-0ubuntu4 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 29e920faf62e85a91e8cb248b4b842af4238f7ec

New changelog entries:
  * d/neutron-vpn-agent.upstart: Wait for neutron-ovs-cleanup service to
    start if installed to ensure that Open vSwitch state is cleaned up
    on reboot (LP: #1307208).

29e920f... by Steve Langasek on 2014-04-10

Import patches-unapplied version 1:2014.1~rc2-0ubuntu3 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: 8244fa92b07d99be79351563be8cdd9188235e11

New changelog entries:
  * Fix the Breaks/Replaces from the previous version, as they were
    accidentally added to the wrong package (and with the wrong versioning).
  * Ensure that VPN and L3 agents are not installed together (LP: #1303876):
    - d/control: Add Conflicts on neutron-l3-agent to neutron-vpn-agent,
      drop dependency from neutron-vpn-agent -> neutron-l3-agent.
    - d/neutron-{common,vpn-agent,l3-agent}.install: Move configuration and
      rootwrap filters to -common package for use by both agent types.
    - d/control: Add appropriate Breaks/Replaces for config file moves.
    - d/neutron-vpn-agent.upstart: Include fwaas_driver.ini on config file
      path inline with l3-agent configuration.
    - d/control: Align Depends of neutron-vpn-agent with neutron-l3-agent.

8244fa9... by Chuck Short on 2014-04-09

Import patches-unapplied version 1:2014.1~rc2-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: ba8d95ad5d3f027d4698bb4e1131bdbe1d702f88

New changelog entries:
  [ James Page ]
  * d/neutron-plugin-oneconvergence-agent.upstart: Rename upstart
    configuration to match package name (LP: #1301957).
  * d/neutron-vpn-agent.install: Install missing vpnaas.filters for
    rootwrap (LP: #1303876).
  [ Chuck Short ]
  * New upstream release candidate (LP: #1288245).

ba8d95a... by James Page on 2014-04-01

Import patches-unapplied version 1:2014.1~rc1-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: cd5fa21c04b9e6b64547ce02ef49d0c0c986d64b

New changelog entries:
  [ Chuck Short ]
  * debian/rules: Run testr init before tests.
  * debian/patches/disable-udev-tests.patch: Refresh.
  * d/control,neutron-plugin-oneconvergence*: Add One Convergence plugin
    and agent (LP: #1293632).
  [ James Page ]
  * New upstream release candidate (LP: #1288696, #1291535).
  * d/control,neutron-mlnx-plugin{-agent}.install: Split out Mellanox
    plugin configuration from agent package (LP: #1255420).
  * d/control,neutron-{plugin-}{vpn|metering}-agent.*: Drop -plugin from
    metering and vpn agents (they are not plugins) and deal with associated
    change in name of upstart configurations.
  * d/neutron-l3-agent.{install,upstart}: Install fwaas_driver.ini with
    l3-agent and add to config-file path in upstart configuration
    (LP: #1298676).
  * d/neutron-vpn-agent.upstart,control: Include l3_agent.ini on upstart
    config-file path, add dependency on neutron-l3-agent (LP: #1298675).

cd5fa21... by James Page on 2014-03-07

Import patches-unapplied version 1:2014.1~b3-0ubuntu1 to ubuntu/trusty-proposed

Imported using git-ubuntu import.

Changelog parent: bc8e6244cb42cbfc8a2bfcc1b5914853614f7ba7

New changelog entries:
  [ Chuck Short ]
  * New upstream release.
  * debian/rules: Re-enabled tests.
  * debian/patches/requirements.patch: Dropped no longer needed.
  * debian/patches/sql-alchemy-0.8.3-compat.patch: Dropped no longer needed.
  * debian/patches/bump-sqlalchemy-version.patch: Dropped no longer needed.
  * debian/neutron-plugin-vmware.install: Install usr/bin/neutron-nsx-manage.
  * debian/patches/use-concurrency.patch: Set default concurrency to 1.
  [ James Page ]
  * d/control,neutron-plugin-ibm*: Add plugin and agent packages for IBM
    SDN-VE.
  * d/control,neutron-openflow-*: Add agent package for OpenFlow ML2 agent.
  * d/control,neutron-plugin-bigswitch-agent*: Add agent package for
    BigSwitch.
  * d/neutron-plugin-mlnx-agent.{upstart,logrotate}: Correct log path
    and add logrotate configuration (LP: #1284144).
  [ Corey Bryant ]
  * Renamed Nicira NVP plugin to VMware NSX (LP: #1273877):
    - debian/neutron-plugin-*.install: Update path and file for rename
    - debian/tests/*-plugin: Replace nicira-plugin with vmware-plugin
    - debian/control:
      + Change neutron-plugin-nicira to transtional package
      + Add neutron-plugin-vmware package which breaks/replaces
        neutron-plugin-nicira package.