Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, arda

Announcement ID:	SUSE-SU-2019:2267-1
Rating:	moderate
References:	bsc#1027315 bsc#1129729 bsc#1133719 bsc#1134232 bsc#1140512 bsc#1141676 bsc#1144026 bsc#1144027 jsc#SOC-10001 jsc#SOC-10003 jsc#SOC-10010 jsc#SOC-10029 jsc#SOC-10063 jsc#SOC-10073 jsc#SOC-10130 jsc#SOC-10145 jsc#SOC-10146 jsc#SOC-10164 jsc#SOC-10182 jsc#SOC-10287 jsc#SOC-5837 jsc#SOC-6098 jsc#SOC-6100 jsc#SOC-6361 jsc#SOC-6800 jsc#SOC-8139 jsc#SOC-8555 jsc#SOC-8746 jsc#SOC-8749 jsc#SOC-9029 jsc#SOC-9239 jsc#SOC-9280 jsc#SOC-9285 jsc#SOC-9298 jsc#SOC-9303 jsc#SOC-9330 jsc#SOC-9339 jsc#SOC-9349 jsc#SOC-9357 jsc#SOC-9369 jsc#SOC-9482 jsc#SOC-9483 jsc#SOC-9574 jsc#SOC-9631 jsc#SOC-9633 jsc#SOC-9677 jsc#SOC-9679 jsc#SOC-9683 jsc#SOC-9689 jsc#SOC-9695 jsc#SOC-9745 jsc#SOC-9767 jsc#SOC-9775 jsc#SOC-9800 jsc#SOC-9840 jsc#SOC-9842 jsc#SOC-9857 jsc#SOC-9863 jsc#SOC-9872 jsc#SOC-9902 jsc#SOC-9911 jsc#SOC-9923 jsc#SOC-9935 jsc#SOC-9939 jsc#SOC-9940 jsc#SOC-9954 jsc#SOC-9957 jsc#SOC-9981 jsc#SOC-9989 jsc#SOC-9997
Cross-References:	CVE-2015-3448 CVE-2017-17051 CVE-2019-11236 CVE-2019-11324 CVE-2019-13611 CVE-2019-7164 CVE-2019-7548 CVE-2019-9735 CVE-2019-9740
CVSS scores:	CVE-2017-17051 ( NVD ): 8.6 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H CVE-2019-11236 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-11324 ( SUSE ): 4.0 CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVE-2019-11324 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVE-2019-13611 ( SUSE ): 5.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N CVE-2019-13611 ( NVD ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-7164 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-7164 ( NVD ): 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2019-7548 ( SUSE ): 8.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-7548 ( NVD ): 7.8 CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2019-9735 ( SUSE ): 7.7 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H CVE-2019-9735 ( NVD ): 6.5 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2019-9740 ( SUSE ): 5.4 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N CVE-2019-9740 ( NVD ): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2019-9740 ( NVD ): 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Affected Products:	SUSE Linux Enterprise Server 12 SP4 SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 9

An update that solves nine vulnerabilities and contains 62 features can now be installed.

Description:

This update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, ardana-input-model, ardana-installer-ui, ardana-ironic, ardana-keystone, ardana-logging, ardana-magnum, ardana-monasca, ardana-mq, ardana-neutron, ardana-nova, ardana-octavia, ardana-opsconsole, ardana-opsconsole-ui, ardana-osconfig, ardana-service, ardana-ses, ardana-swift, ardana-tempest, crowbar-core, crowbar-ha, crowbar-openstack, crowbar-ui, java-monasca-common, java-monasca-common-kit, openstack-ceilometer, openstack-cinder, openstack-designate, openstack-heat, openstack-horizon-plugin-neutron-fwaas-ui, openstack-horizon-plugin-neutron-lbaas-ui, openstack-horizon-plugin-neutron-vpnaas-ui, openstack-ironic, openstack-ironic-python-agent, openstack-keystone, openstack-magnum, openstack-manila, openstack-monasca-notification, openstack-monasca-persister, openstack-monasca-persister-java, openstack-monasca-persister-java-kit, openstack-neutron, openstack-neutron-gbp, openstack-neutron-lbaas, openstack-nova, openstack-octavia, openstack-tempest, python-ardana-configurationprocessor, python-cinder-tempest-plugin, python-ironicclient, python-keystonemiddleware, python-monasca-tempest-plugin, python-openstackclient, python-openstacksdk, python-proliantutils, python-python-engineio, python-swiftlm, python-vmware-nsx, python-vmware-nsxlib, yast2-crowbar fixes the following issues:

Update to version 9.0+git.1566374020.301191f:
Use raw image format when using SES backend on Nova (SOC-9285)
Update to version 9.0+git.1563375514.31fa9a7:
Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
Update to version 9.0+git.1563192450.30e8f16:
Ensure Cloud8/SLE-12-SP3 repps still served (SOC-9840)
Update to version 9.0+git.1566251498.be02ca4:
adds ipv6 format to http/https urls (SOC-10063)
Update to version 9.0+git.1565678764.c3a9b9f:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1562898832.1731f25:
FIX broken symlink for policy.yaml.j2. (SOC-0000)
Update to version 9.0+git.1559333871.40508f7:
Allow system to bind to non local ipv6 addresses (SOC-9330)
Update to version 9.0+git.1566336494.93967dd:
Using python netaddr for ipv6 address comparison (SOC-9940)
Update to version 9.0+git.1564409964.b7e4fc3:
Don't use 'latest' with 'zypper' (SOC-9997)
Update to version 9.0+git.1562182567.aef23e0:
Format curl commands for ipv6 (SOC-9369)
Update to version 9.0+git.1565680593.df7a432:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1566213657.69862ab:
Add missing service plugin for l2gw (SOC-5837)
Update to version 9.0+git.1563904379.31ff1e9:
Add the NSX-T L2-Gateway Service definition (SOC-5837)
Switch to new Gerrit Server
Update to version 9.0+git.1566375806.f0b2333:
Configure glance image_direct_url/multiple_locations (SOC-9285)
Update to version 9.0+git.1565720518.c7fdca2:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1564491141.602fdf9:
Default glance_default_store to rbd if SES enabled (SOC-8749)
Update to version 9.0+git.1565721273.f44b8d7:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565891518.2a545a1:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565655129.ab3a58c:
Removed None condition from rule (SOC-10003)
Update to version 9.0+git.1564609155.033a963:
Updated heat_policy.json permission to be 664 (SOC-9872)
Update to version 9.0+git.1562848565.91e75b2:
Include memcached in the minimal ardana-ci model (SOC-9800)
Update to version 9.0+git.1566255088.3443670:
Add server state column (SOC-9957)
Update to version 9.0+git.1565218199.868c5d1:
Add ipv6 support (SOC-9677) (#357)
Update to version 9.0+git.1563912815.7090c20:
Only show ses config upload option when ses is not configured (SOC-8555) (#356)
Update to version 9.0+git.1565721987.ddc59c8:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565891593.cad6d1a:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1563911975.a7ed208:
Ensure Member role is created during upgrade (SOC-9923)
Update to version 9.0+git.1565761582.2dc823a:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565762005.016032a:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1566332665.ad894c0:
adds ipv6 format to http/https urls (SOC-10063)
Update to version 9.0+git.1565691188.2309798:
Use systemd for monasca-thresh (SOC-10145)
Update to version 9.0+git.1565115025.148d092:
Enable ipv6 on rabbitmq-server (SOC-9745)
Update to version 9.0+git.1566251310.3a1e8f9:
adds ipv6 format to http/https urls (SOC-10063)
Update to version 9.0+git.1563989391.dfe3688:
Let SDN services configure VPN and Firewall service providers (SOC-9935)
Update to version 9.0+git.1561563389.90bfb06:
Add dependent services to neutron services (SOC-8746)
Update to version 9.0+git.1566332515.e232568:
adds ipv6 format to http/https urls (SOC-10063)
Update to version 9.0+git.1565946239.023aefe:
Set diskcachemode and disk discard when using RBD (SOC-10182)
Update to version 9.0+git.1565715522.3fe67c6:
fix Ironic endpoint override (SOC-10130)
Update to version 9.0+git.1565366126.4993583:
Make default/rpc_response_timeout configurable (SOC-9285)
Update to version 9.0+git.1562762205.ce51d30:
Resolves nova-novncproxy random status failures (SOC-9574)
Update to version 9.0+git.1566206502.6c87b41:
Use default values for amphora connection retries/timeout (SOC-9285)
Update to version 9.0+git.1566251377.b1caeaa:
adds ipv6 format to http/https urls (SOC-10063)
Add ipaddr bower dependency (SOC-9679)
Update to version 9.0+git.1565764394.545b573:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565380193.f006466:
Introduce conditional forward:NORMAL rule on POST-UP for OVS bridges (SOC-9939)
Update to version 9.0+git.1565265803.6a720d0:
Ensure ardana-update-pkgs works for dist-upgrade (SOC-9857)
Update to version 9.0+git.1565150548.c475cb8:
Configured logrotate user for ovs as 'root' (SOC-8139)
Update to version 9.0+git.1563894224.943cbc2:
Make the example repo url entry totally fictitious (SOC-6800)
Update to version 9.0+git.1563383124.1d585e4:
Add an global_filter entry to lvm.conf (bsc#1140512)
Update to version 9.0+git.1562782235.67538c9:
Configure ovs user for logrotate (SOC-8139)
Update to version 9.0+git.1562371586.24a698a:
Allow for use of --check in iptables command (SOC-9349)
Update to version 9.0+git.1562170979.edc53b6:
Don't set datapath-ids on ovs-bridges anymore (SOC-9239)
Update to version 9.0+git.1564706915.edd44c4:
Add ipv6 support (SOC-9677)
Update to version 9.0+git.1563468620.5035cf8:
Add support for ses integration (SOC-8555)
Update to version 9.0+git.1563461311.16ea2df:
Change url of upper-constraints file (SOC-9863)
Update to version 9.0+git.1565962617.523149b:
Add ses-status playbook (SOC-9902)
Update to version 9.0+git.1565704258.123de3f:
Update Swift endpoint during deploy (SOC-9303)
Update to version 9.0+git.1565891872.73fc3c7:
adds ipv6 format to urls (SOC-10063)
Update to version 9.0+git.1565644472.644d5f6:
Cloud 8 to 9 upgrade enhancements (SOC-10146)
Update to version 9.0+git.1566471752.a3c5c9c:
Delete existing run filter before deploying it (SOC-10287)
Update to version 9.0+git.1565366961.33ad009:
Run loadbalancer tests in parallel (SOC-9285)
Update to version 9.0+git.1563203769.49124de:
Blacklist failing shelve tests (SOC-9775)
Update to version 9.0+git.1562783575.7e02c70:
Blacklist failing shelve tests (SOC-9775)
Update to version 6.0+git.1566321308.1de18b9a4:
ohai: Hardcode ruby version for package installation (SOC-10010)
Update to version 6.0+git.1566303970.2c7d83971:
upgrade: restart nova services after upgrade
Update to version 6.0+git.1565859218.525130340:
upgrade: remove nova-consoleauth service entries on upgrade (SOC-10164)
Update to version 6.0+git.1565256572.49359f57b:
ovs-pre-up: remove controller for admin bridge (SOC-10073)
Update to version 6.0+git.1564996068.e7ccb0bae:
batch: Fix get_proposal_json (SOC-9954)
Update to version 6.0+git.1564738819.232375c6f:
batch: Format crowbar batch error output (SOC-9954)
repochecks errors for ses5-pool on SOC9
dns: fix migration for designate
Update to version 6.0+git.1564480387.a4b8c2ff7:
batch: Format crowbar batch error output (SOC-9954)
Update to version 6.0+git.1564406710.9273d5a17:
travis: Whitelist CVE-2015-3448 (SOC-9911)
travis: Use env variable for commit range (SOC-9911)
Update to version 6.0+git.1564131651.98f426eae:
monasca: add cleanup before upgrade (SOC-9482)
bind9: Fix spelling error in template
Update to version 6.0+git.1563950117.f6123bd8f:
Cleanup clone_stateless_services leftovers (SOC-9842)
Update to version 6.0+git.1562772809.4a470bec0:
upgrade: update file names for 8 -> 9 (SOC-9029)
Update to version 6.0+git.1562733958.204289d65:
ipv6: Add a wrap_ip helper to NetworkHelper (SOC-6098)
Update to version 6.0+git.1566406179.7549de2:
corosync: Hardcode ruby version for package installation (SOC-10010)
Update to version 6.0+git.1566404979.41279a88e:
Designate: Update DB pools configuration (SOC-9767)
horizon: Install designate plugin when configured (SOC-9695)
Update to version 6.0+git.1566211690.54dcd56ba:
ceilometer: Remove old ceilometer-api vhosts (SOC-9483)
Update to version 6.0+git.1565968769.ae650697c:
Octavia: Barclamp (SOC-6100)
Update to version 6.0+git.1565739445.3fc6ef5e8:
designate: Configure resource settings (SOC-9633)
Update to version 6.0+git.1565713423.0dd3fbb3e:
tempest: Set port_admin_state_change to false when using linuxbridge (SOC-10029)
Update to version 6.0+git.1565081581.1e2cf5bd0:
nova: add max_threads_per_process tuneable (SOC-10001, bsc#1133719)
Update to version 6.0+git.1564586397.a7203dba7:
Add tempest filters based on services (SOC-9298)
upgrade: Fix HA detection for keystone db_sync (SOC-9981)
Update to version 6.0+git.1564498339.07f14a985:
Fix magnum tempest tests (SOC-9298)
Fix nova tempest tests (SOC-9298)
Update to version 6.0+git.1564435128.cef47cc21:
neutron: raise validation error if domain names dont end with a dot(.)
Update to version 6.0+git.1564412715.c969e1e11:
Fix barbican SSL support (SOC-9298)
Update to version 6.0+git.1564039130.9ad11f213:
designate: Use server node for VIP look ups (SOC-9631)
add cirros-0.4.0-x86_64-disk.img (SOC-9298)
the disk img is required to run the barbican tempest test
Update to version 6.0+git.1563891318.d41ce2e75:
Cleanup clone_stateless_services leftovers (SOC-9842)
Update to version 6.0+git.1563439849.5c507bcdb:
Fix tempest config for cinder using ceph as backenid (SOC-9298)
Update to version 6.0+git.1562841293.9768602a2:
swift: Sync HA nodes (SOC-9683)
Update to version 6.0+git.1562684470.f5d361077:
designate: Fix spelling error inside comments (SOC-6361)
Update to version 6.0+git.1562599436.b4c63fc56:
case-insensitive when lookup by name (SOC-9339)
Update to version 6.0+git.1562319309.98a52a0a3:
monasca: move Grafana DB creation
Update to version 1.3.0+git.1563181545.65360af5:
upgrade: Update repocheck keys
Update texts for 8-9 upgrade (SOC-9689)
Update to version 1.3.0+git.1562579063.5690a1bc:
Pin gulp-angular-templatecache version
Bumped package version to 1.3 to differentiate it from 8-9 version
Udate to version 2.11.1.dev4
Add Cassandra db support
Bump the pom version to 1.3.0
Remove cassandra.patch (merged upstream)
Fix license
Bump version to 2.11.1~a0~dev4 to match updated java-monasca-common
Update to version ceilometer-11.0.2.dev14:
Fixing broken links
Update to version ceilometer-11.0.2.dev14:
Fixing broken links
Update to version cinder-13.0.7.dev3:
Prevent double-attachment race in attachment_reserve
Update to version cinder-13.0.7.dev1: 13.0.6
Add OS-SCH-HNT in extensions list
Update to version cinder-13.0.6.dev16:
Revert "Declare multiattach support for HPE MSA"
Update to version cinder-13.0.6.dev14:
Remove Sheepdog tests from zuul config
Update to version cinder-13.0.6.dev13:
[VNX] Fix test case issue
Update to version cinder-13.0.7.dev3:
Prevent double-attachment race in attachment_reserve
Update to version cinder-13.0.7.dev1: 13.0.6
Add OS-SCH-HNT in extensions list
Update to version cinder-13.0.6.dev16:
Revert "Declare multiattach support for HPE MSA"
Update to version cinder-13.0.6.dev14:
Remove Sheepdog tests from zuul config
Update to version cinder-13.0.6.dev13:
[VNX] Fix test case issue
nimble: Fix missing ssl support (bsc#1027315)
Update to version designate-7.0.1.dev21:
Improve log message for better understanding
Update to version designate-7.0.1.dev21:
Improve log message for better understanding
Update to version openstack-heat-11.0.3.dev19:
Fix allowed address pair validation
Update to version openstack-heat-11.0.3.dev18:
Show an engine as down if service record is not updated twice
Allow update of previously-replaced resources
Do not perform the tenant stack limit check for admin user
Update to version openstack-heat-11.0.3.dev12:
Add entry_point for oslo policy scripts
Update to version openstack-heat-11.0.3.dev10:
Don't resolve properties for OS::Heat::None resource
Update to version openstack-heat-11.0.3.dev8:
Add local bindep.txt and limit bandit version
Retry on DB deadlock in event_create()
Update to version openstack-heat-11.0.3.dev19:
Fix allowed address pair validation
Update to version openstack-heat-11.0.3.dev18:
Show an engine as down if service record is not updated twice
Allow update of previously-replaced resources
Do not perform the tenant stack limit check for admin user
Update to version openstack-heat-11.0.3.dev12:
Add entry_point for oslo policy scripts
Update to version openstack-heat-11.0.3.dev10:
Don't resolve properties for OS::Heat::None resource
Update to version openstack-heat-11.0.3.dev8:
Add local bindep.txt and limit bandit version
Retry on DB deadlock in event_create()
Do not exclude python bytecode files (see https://review.opendev.org/#/c/666611 for details)
Update to version neutron-lbaas-dashboard-5.0.1.dev7:
Update tox.ini for new upper constraints strategy
OpenDev Migration Patch
Update to latest spec from rpm-packaging
Don't exclude python bytecode files in dashboards
Update to version ironic-11.1.4.dev9:
Filter security group list on the ID's we expect
Ansible module: fix deployment for private and/or shared images
Update to version ironic-11.1.4.dev5:
Ansible driver: fix deployment with serial specified as root device hint
CI: stop using pyghmi from git master
Update to version ironic-11.1.4.dev9:
Filter security group list on the ID's we expect
Ansible module: fix deployment for private and/or shared images
Update to version ironic-11.1.4.dev5:
Ansible driver: fix deployment with serial specified as root device hint
CI: stop using pyghmi from git master
Update to version ironic-python-agent-3.3.3.dev4:
CI: stop using pyghmi from git master
Update to version ironic-python-agent-3.3.3.dev3:
Correct formatting of a warning when lshw cannot be run
Update to version ironic-python-agent-3.3.3.dev1:
Stop logging lshw output, collect it with other logs instead 3.3.2
Update to version keystone-14.1.1.dev8:
Revert "Blacklist bandit 1.6.0"
Update to version keystone-14.1.1.dev8:
Revert "Blacklist bandit 1.6.0"
Update to version magnum-7.1.1.dev28:
Revert "support http/https proxy for discovery url"
Use rocky heat-container-agent for stable/rocky
Update to version magnum-7.1.1.dev28:
Revert "support http/https proxy for discovery url"
Use rocky heat-container-agent for stable/rocky
Update to version manila-7.3.1.dev3:
Remove the redunant table from windows' editor
Update to version manila-7.3.1.dev3:
Remove the redunant table from windows' editor
update to version 1.14.2~dev1
[GateFix] Ignore false positive bandit B105 test failure
update to version 1.12.1~dev9
Update all columns in metrics on an update to refresh TTL
update to version 1.12.1~dev7
Widen exception catch for point parse failure
update to version 1.12.1~dev6
some points unable to parse
OpenDev Migration Patch
Rebased patches:
0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch dropped (merged upstream)
Update to version monasca-persister-1.12.1.dev9:
Update all columns in metrics on an update to refresh TTL
OpenDev Migration Patch
Add 0001-Update-all-columns-in-metrics-on-an-update-to-refres.patch
Update to version monasca-persister-1.12.1.dev4
Java persister config: defaults and robustness
Add Cassandra db support
Remove java-persister-defaults.patch (merged upstream)
Remove cassandra.patch (merged upstream)
Add missing URLs for patches
Updated to kit tarball built from 1.12.1.dev4
Updated README.updating for current version
Update to version neutron-13.0.5.dev22:
Clear skb mark on encapsulating packets
Stop OVS agent before starting it again
Fix sort issue in test_dhcp_agent_scheduler.test_filter_bindings
fix update port bug
Update to version neutron-13.0.5.dev15:
Check for agent restarted after checking for DVR port
Update to version neutron-13.0.5.dev14:
Retry trunk status updates failing with StaleDataError
Update to version neutron-13.0.5.dev13:
Don't crash ovs agent during reconfigure of phys bridges
Update to version neutron-13.0.5.dev12:
Use --bind-dynamic with dnsmasq instead of --bind-interfaces
Yield control to other greenthreads while processing trusted ports
Limit max ports per rpc for dhcp_ready_on_ports()
Update to version neutron-13.0.5.dev6:
Ignore first local port update notification
Update to version neutron-13.0.5.dev5:
Add custom ethertype processing 13.0.4
Update to version neutron-13.0.5.dev22:
Clear skb mark on encapsulating packets
Stop OVS agent before starting it again
Fix sort issue in test_dhcp_agent_scheduler.test_filter_bindings
fix update port bug
Update to version neutron-13.0.5.dev15:
Check for agent restarted after checking for DVR port
Update to version neutron-13.0.5.dev14:
Retry trunk status updates failing with StaleDataError
Update to version neutron-13.0.5.dev13:
Don't crash ovs agent during reconfigure of phys bridges
Update to version neutron-13.0.5.dev12:
Use --bind-dynamic with dnsmasq instead of --bind-interfaces
Yield control to other greenthreads while processing trusted ports
Limit max ports per rpc for dhcp_ready_on_ports()
Update to version neutron-13.0.5.dev6:
Ignore first local port update notification
Update to version neutron-13.0.5.dev5:
Add custom ethertype processing 13.0.4
When converting sg rules to iptables, do not emit dport if not supported (CVE-2019-9735, bsc#1129729)
Update to version group-based-policy-5.0.1.dev459:
Tempest Scenario test for Connection Tracking
Update to version group-based-policy-5.0.1.dev457:
Adding icmp_code and icmp_type for SG rule
A VM could be associated with multiple ports
Optimize the extend_router_dict() call
Update to version group-based-policy-5.0.1.dev451:
[AIM] Enhance gbp-validate to detect routed subnet overlap
Update to version group-based-policy-5.0.1.dev450:
[AIM] Prevent overlapping CIDRs in routed VRF
Disallow external subnets as router interfaces
Update to version group-based-policy-5.0.1.dev448:
Fix issues on sync_state display on neutron based on AIM status
Update to version group-based-policy-5.0.1.dev446:
Send the port updates for the SNAT use case if needed
Make DHCP provisioning blocks conditional
Update to version neutron-lbaas-13.0.1.dev14:
Update tox.ini for new upper constraints strategy
Remove the release notes job from stable/rocky
add 0001-neutron-lbaas-haproxy-agent-prevent-vif-unplug-when-.patch
Update to version neutron-lbaas-13.0.1.dev14:
Update tox.ini for new upper constraints strategy
Remove the release notes job from stable/rocky
Fix doubling allocations on rebuild (CVE-2017-17051, bsc#CVE-2017-17051)
Update to version octavia-3.1.2.dev8:
Add octavia-v2-dsvm jobs to the gate queue
Update to version octavia-3.1.2.dev7:
Fix for utils LB DM transformation function
Update to version octavia-3.1.2.dev5:
Update amphora-agent to report UDP listener health
Update to version octavia-3.1.2.dev3:
Update tox.ini for new upper constraints strategy
Add patches fixing tempest cleanup removing all networks https://bugs.launchpad.net/tempest/+bug/1812660
0001-Remove-deprecated-services-from-cleanup.patch
0002-Fix-tempest-cleanup.patch
0003-Add-NetworkSubnetPools-to-tempest-cleanup.patch
Update to version 9.0+git.1566405927.c5c03d4:
Adds ipv6 support to baremetal ServersValidator (SOC-9940)
Update to version 9.0+git.1565384645.8fcf5db:
Ensure forward_normal_on_post_up is set for every OVS bridge (SOC-9939)
Update to version 9.0+git.1564587526.5db9d5d:
Flag forward:NORMAL on MANAGEMENT network group (SOC-9939)
Update to version 9.0+git.1563384666.4c1a3e5:
Bracketed ipv6 addresses for endpoint urls (SOC-9357)
added 0001-Fix-volume-revert-to-snapshot-tests.patch
update to version 2.5.3
Do not try to use /v1/v1 when endpoint_override is used
OpenDev Migration Patch
added 0001-Skip-the-services-with-no-endpoints-when-parsing-ser.patch
added 0001-Use-unicode-literals-in-test_metrics.patch
update to version 3.16.2 (bsc#1144027, bsc#1144026)
update to version 0.17.3
OpenDev Migration Patch
Replace openstack.org git:// URLs with https://
Fixes for Unicode characters in python 2 requests
Fix functional tests on stable/rocky
Correct updating baremetal nodes by name or ID
Support bare metal service error messages
import zuul job settings from project-config
Correct update operations for baremetal
Add simple create/show/delete functional tests for all baremetal resources
Add a simple baremetal functional job
Pass microversion info through from Profile
update to 2.8.4 (SOC-9280)
Adding fix for nic_capacity calculation
Add patch CVE-2019-13611.patch (SOC-9989) (bsc#1141676)
python-python-engineio: An issue was discovered in python-engineio through 3.8.2. There is a Cross-Site WebSocket Hijacking (CSWSH) vulnerability that allows attackers to make WebSocket connections to a server
Switch to new Gerrit Server
Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log.
Updated to 13.0.1~dev146 (d307746a5)
NSX|V3 adminUtils: detect and clean orphaned section rules
OpenDev Migration Patch
Delete SG rules when deleting their remote group
NSX|V3: Limit number of subnet static routes per backend
NSX|V: Restrict creating conflicting address_pair in the same network
NSX|V3: Add verification of num defined address pairs
constrain rocky dependencies
Update rocky .gitreview branch
Handle multiple default SG creation in all plugins
update tox for stable branch
NSX|V3: remove redundent code in get_port/s
NSX|V3: Change status code of SG failure
NSX|V: enable allow_address_pairs upon request
Revert "NSX|V3: Simplify LBaaS implementation"
NSX|V3: Fix LBaaS loadbalancer creation
NSX|V: Init FWaaS callbacks only if enabled
NSX|V3: Simplify LBaaS implementation
Complete the init of the Neutron main process
NSX|V3: Respect default keyword for physical_net
NSX|V admin utils: Find and fix spoofguard policies mismatches
TVD: Add start_rpc_listeners to the plugin
Upgrade appdirs lower constraints
NSX|V+V3: relax FWaaS validation
Revert "NSX|V3: Init FWaaS before spawn"
NSX|V3: prevent user from changing the NSX internal SG
Fix provider security group exception call
NSX|V3+V: Handle fwaas policy removal
NSX|V3: Create port bindings for dhcp ports
NSX|V3: Fix LB error handling
Fix security group broken code & tests
[NSX-V] Ensure binding exists before assigning lswitch_id
NSX|V: Fix update section header
NSX|V3: Validate FWaaS cidrs
Devstack: Delete old project before deciding how to get the new code
NSX|V3: Init FWaaS before spawn
Devstack: Fix failed of ml2 directory creation
Devstack: Fix failed of ml2 directory creation
Fix cffi lower constraints
NSX|V3: Do not allow external subnets overlapping with uplink cidr
Devstack: Fix ml2 config file creation for FWaaS-V2
NSX|V3 Support expected codes for LB HM
NSX|V3: Fix ipam to check subnets carefully
NSX|V3 Fix provider nsx-net create
NSX-T: Delete subnet in case of dhcp error
Fix Octavia devstack instructions
NSX|V3: Fix LB statistics getter
NSX|V3: Add L2GW connection validation
Devstack: Create ml2 config file for FWaaS-V2
NSX|V3: Configure tier0 transit networks
Use upper-constraints from stable/rocky
fix lower constraints
TVD: Add missing VPN driver api
NSX|V3: FWaaS translate 0.0.0.0 to Any ip
NSX|V use context reader for router driver
NSX|V Fix AdminUtils get apis to use the right context
TVD LBaaS: fix operational status api
Use tenant context to get router GW network
NSX-v3: Fix listener for pool not fetched anymore
NSX-v3: Prevent comparison with None
NSXv: use admin context for metadata port config
NSX-v3: Fix LB HTTP/HTTPS monitor impl
NSX|V Fix orphaned networks and bindings
NSX|V3 Fix dhcp binding rollback
NSX|V3: Fix FW(v2) status when deleting an illegal port
Ensure NSX VS is always associated with NSX LBS
NSX|V3: validate LBaaS NSX stats fields
TVD verify loadbalancer project match the LB object project
TVD: Do not crash in case the project is not found
NSX|V3: Fix member fip error message
NSX|V3: Restrict update of LB port with fixed IP
NSX|V3 Add NO-NAT rules only for routers with enabled SNAT
NSXv: Metadata should complete init
TVD: Add LBaaS get_operating_status support
NSX|V Fill VIF data for upgraded ports
Devstack plugin: fetch Neutron only when needed
NSX|V: Improve SG rule service creation
NSX|V fix LBaaS operation status function params
NSX|V3: Add LB status calls validations
NSX|V3 remove lbaas import to allow the plugin to work without lbaas
NSX|V Allow updating port security and mac learning together
NSX|V3: Change external provider network error message
NSX|V+V3: Prevent adding different projects routers to fwaas-V1
NSX|V: Fix BGP plugin get operations
NSX|V: Validate DVS Id when creating flat/vlan network
NSX|V: Fix devstack cleanup for python 3
NSX|V3: Check specific exception when deleting dhcp port
NSX|V3 Validate rate-limit value in admin utilitiy
NSX|V3 adminUtils: Use nsx plugin to get ports
NSX|V3: Fail on unsupported QoS rules
NSX|V3: VPN connection status update
NSX-V3| Fix port MAC learning flag handling
NSX|V3 update port revision on update_port response
NSX|V: Avoid updating the default section at init
NSX|V3: LBaaS operating status support
NSX|V3: Fix external LB member create
Devstack: Use the right python version in cleanup
NSX|V: Fix host groups for DRS HA for AZ
NSX|V Fix policy security group update
NSX|V+V3 QoS rbac support
NSX|V3 update port binding for callbacks notifications
NSX|V3: Support new icmp codes and types
NSX|V3: Make sure LB member is connected to the LB router
NSX|V3: Prevent adding an external net as a router interface
NSX|V: Shorten the L2 bridge edge name
NSX|V3: Fix port binding update on new ports
update to version 13.0.1~dev146
Switch to opendev as external projects are not longer synced to github. As a result, there is also no automatic change log.
update to version 13.0.1~dev24 (ebaacab)
updates for stable branch
NSX|V3+P: Change max allowed host routes
Adding the option to configure disabled mac profile
OpenDev Migration Patch
NSX|T: Backend parameter for max subnet static routes
NSX|T: Add NSX limit of IP address association to port
Fix nsgroup update to access the logging field safely
Retry http requests on timeouts
Added retries if API call fails due to MP cluster reconfig
Fix check_manager_status to support older NSX versions
Improve Cluster validation checks
Add apis to get tier0 uplink cidrs and not just ips
Support response status codes for LB HM
Add manager status validation to validate connection
Handle get_default_headers errors
Update the max NS groups criteria tags number dynamically
Fix multi-cluster connectivity
Amend allowed ICMP types and codes in strict mode
Fix cluster connectivity
Fix the revision needed for security rules version
New api for getting VPN session status
New api for getting the LB virtual servers status
NSX|V3: Support new icmp codes and types list-
update to version 13.0.1~dev24
Fix the Requires: format in spec file (bsc#1134232)
3.4.2

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

SUSE OpenStack Cloud 9
zypper in -t patch SUSE-OpenStack-Cloud-9-2019-2267=1
SUSE OpenStack Cloud Crowbar 9
zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-9-2019-2267=1

Security update for ardana-ansible, ardana-barbican, ardana-cinder, ardana-cluster, ardana-cobbler, ardana-db, ardana-designate, ardana-extensions-nsx, ardana-glance, ardana-heat, ardana-horizon, arda

Description:

Patch Instructions:

Package List: