lp://staging/ubuntu/trusty-updates/neutron

Branch merges

Propose for merging

No branches dependent on this one.

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related bugs

Bug #1321080: [OSSA 2014-021] auth token is exposed in meter http.request (CVE-2014-4615)

Critical

Fix Committed

Link a bug report

Related blueprints

36. By Corey Bryant on 2015-06-22

* Resynchronize with stable/icehouse (877df58) (LP: #1467533):
  - [cae7108] Fix enable_snat column migration for Postgres + SQLite
  - [61571b4] Persist DHCP leases to a local database
  - [fba8d9b] Process port IP requests before subnet requests
  - [43fe809] Don't resync on DHCP agent setup failure
  - [91cc867] Deal with PEP-0476 certificate chaining checking
  - [877df58] Ignore http_proxy while connecting to test WSGI server

35. By Corey Bryant on 2015-03-30

d/control: Set minimum python-six dependency to 1.5.2 (LP: #1403114).

34. By Marc Deslauriers on 2014-10-21

* No change rebuild for security:
  - [dd4b77f] Forbid regular users to reset admin-only attrs to default values
    + CVE-2014-6414
    + LP: #1357379

33. By Chuck Short on 2014-10-06

[ Corey Bryant ]
* Resynchronize with stable/icehouse (4a0210e) (LP: #1377136):
  - [3a30d19] Deletes floating ip related connection states
  - [dd4b77f] Forbid regular users to reset admin-only attrs to default values
  - [dc2c893] Add delete operations for the ODL MechanismDriver
  - [b51e2c7] Add missing ml2 plugin to migration 1fcfc149aca4
  - [a17a500] Don't convert numeric protocol values to int
  - [3a85946] NSX: Optionally not enforce nat rule match length check
  - [645f984] Don't spawn metadata-proxy for non-isolated nets
  - [b464d89] Big Switch: Check for 'id' in port before lookup
  - [3116ffa] use TRUE in SQL for boolean var
  - [3520e66] call security_groups_member_updated in port_update
  - [50e1534] Don't allow user to set firewall rule with port and no protocol
  - [0061533] BSN: Add context to backend request for debugging
  - [6de6d61] Improve ODL ML2 Exception Handling
  - [2a4153d] Send network name and uuid to subnet create
  - [b5e3c9a] BSN: Allow concurrent reads to consistency DB
  - [b201432] Big Switch: Retry on 503 errors from backend
  - [f6c47ee] NSX: log request body to NSX as debug
  - [97d622a] Fix metadata agent's auth info caching
  - [255df45] NSX: Correct allowed_address_pair return value on create_port
  - [5bea041] Neutron should not use the neutronclient utils module for import_class
  - [d5314e2] Cisco N1kv plugin to send subtype on network profile creation
  - [f32d1ce] Pass object to policy when finding fields to strip
  - [8b5f6be] Call policy.init() once per API request
  - [9a6d811] Perform policy checks only once on list responses
  - [c48db90] Datacenter moid should not be tuple
  - [161d465] Allow unsharing a network used as gateway/floatingip
  - [9574a2f] Add support for router scheduling in Cisco N1kv Plugin
  - [6f54565] Fix func job hook script permission problems
  - [ea43103] Add hook scripts for the functional infra job
  - [8161cb7] Fixes Hyper-V agent issue on Hyper-V 2008 R2
  - [8e99cfd] Fixes Hyper-V issue due to ML2 RPC versioning
  - [69f9121] Ensure ip6tables are used only if ipv6 is enabled in kernel
  - [399b809] Remove explicit dependency on amqplib
  - [a872143] Clear entries in Cisco N1KV specific tables on rollback
  - [ad82fad] Verify ML2 type driver exists before calling del
  - [af2cc98] Big Switch: Only update hash header on success
  - [b1e5eec] Ignore variable column widths in ovsdb functional tests
  - [4a0210e] VMWare: don't notify on disassociate_floatingips()

32. By Jamie Strandboge on 2014-08-21

* No change rebuild for security:
  - [0324965] remove token from notifier middleware
    + CVE-2014-4615
    + LP: #1321080
  - [2c4828e] no quota for allowed address pair
    + CVE-2014-3555
    + LP: #1336207

31. By Corey Bryant on 2014-08-08

[ Corey Bryant ]
* Resynchronize with stable/icehouse (5db494d) (LP: #1354159):
  - [1d4a3e3] Add dsvm-functional tox env to fix functional job
  - [c19633d] Fix deprecated opt in haproxy driver
  - [2c762be] Add configurable http_timeout parameter for Cisco N1K
  - [9c94d96] Avoid notifying while inside transaction opened in delete_port()
  - [f9379ef] BSN: Remove db lock and add missing contexts
  - [bea1e2d] Set python hash seed to 0 in tox.ini
  - [f427754] Big Switch: Remove consistency hash on full sync
  - [3ad288d] Add -s option for neutron metering rules
  - [231010b] Do not mark device as processed if it wasn't
  - [72edc13] Big Switch: Lock consistency table for REST calls
  - [b65c036] NSX: fix router ports port_security_enabled=False
  - [9dcc476] NSX: Remove unneed call to _ensure_default_security_group
  - [2ce59ec] Added support for NOS version 4.1.0, 5.0.0 and greater
  - [2c4828e] no quota for allowed address pair
  - [46a37e2] NSX: neutron router-interface-add should clear security-groups
  - [5d0d72b] Control update, delete for cisco-network-profile
  - [0459a6a] NSX: return 400 if dscp set for trusted queue
  - [d880134] Fix typo in ml2 configuration file
  - [fb40f65] Register LBaaS resources to quotas engine
  - [0cb4aaa] Make plugin deallocation check optional
  - [478f487] Ensure core plugin deallocation after every test
  - [ea5ecf9] OVS agent: Correct bridge setup ordering
  - [98ef1bc] Fixed dhcp & gateway ip conflict in PLUMgrid plugin
  - [38bf2be] Exit rpc_loop when SIGTERM is recieved in ovs-agent
  - [67ef62d] NSX sync cache: add a flag to skip item deletion
  - [d2c11e5] OFAgent: Avoid processing ports which are not yet ready
  - [c02763a] OFAgent: Fixing lost vlan ids on interfaces
  - [8d56f44] OFAgent: Improve handling of security group updates
  - [63d3a54] OFAgent: Avoid re-wiring ports unnecessarily
  - [8131a2e] Synced jsonutils from oslo-incubator
  - [33992c8] Brocade mechanism driver depends on the brocade plugin templates
  - [1da7abd] ofagent: Fix VLAN usage for TYPE_FLAT and TYPE_VLAN
  - [2a79749] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
  - [45281bb] Brocade mechanism driver should be derived from ML2 plugin base class
  - [3eeda2c] Add missing keyword raise to get_profile_binding function
  - [e517da2] Big Switch: Remove unnecessary initialization code
  - [2f65656] ovs-agent: Ensure integration bridge is created
  - [0324965] remove token from notifier middleware
  - [6d62c91] Big Switch: Add missing data to topology sync
  - [fac71fe] Added missing core_plugins symbolic names
  - [505f902] Big Switch: Catch exceptions in watchdog thread
  - [ac90f9b] Segregate the VSM calls from database calls in N1kv plugin
  - [86e4b80] Fix network profile subtype validation in N1kv plugin
  - [24f2460] ofagent: Add a missing push_vlan action
  - [50408e6] OFA agent: use hexadecimal IP address in tunnel port name
  - [f0af041] Big Switch: Call correct method in watchdog
  - [71097a0] Check DB scheme prior to migration to Ml2
  - [db7f8a7] ofa_neutron_agent: Fix _phys_br_block_untranslated_traffic
  - [d5d345b] Fix race condition with firewall deletion
  - [ce712b2] Metadata agent caches networks for routers
  - [cac3aa8] Ensure routing key is specified in the address for a direct producer
  - [5e0ea72] Default to setting secure mode on the integration bridge
  - [77d8da1] OVS and OF Agents: Create updated_ports attribute before setup_rpc
  - [9268ea6] OFAgent: Process port_update notifications in the main agent loop
  - [9124db5] Remove RPC to plugin when dhcp sets default route
  - [6fd5a20] Improve iptables_manager _modify_rules() method
  - [5285164] Big Switch: fix capabilities retrieval code
  - [ca7ed8f] OVS Agent: limit veth names to 15 chars
  - [7d76335] NSX: Fix request_id in api_client to increment
  - [583db13] NSX: fix tenant_id passed as security_profile_id
  - [066760e] LBaaS add missing rootwrap filter for route
  - [cd7a622] Do not defer IPTables apply in firewall path
  - [315319c] BSN: Set hash header to empty instead of False
  - [5d9a034] Remove function replacement with mock patch
  - [a4b467d] NSX: fix bug for flat provider network
  - [96e580d] Wrong key router.interface reported by ceilometer
  - [9ce5ef3] Common decorator for caching methods
  - [f3fa89f] Fixes Hyper-V agent security groups disabling
  - [6fe2596] Fixes Hyper-V agent security group ICMP rules
  - [5db494d] Add support for multiple RPC workers under Metaplugin
* d/p/disable-failing-metaplugin-tests.patch: Dropped.
* d/p/skip-lb-test.patch: Dropped.

[ James Page ]
* d/watch: Point to tarballs.openstack.org for release artifacts.

30. By Jamie Strandboge on 2014-06-18

[ Corey Bryant ]
* Resynchronize with stable/icehouse (54ac82b) (LP: #1328134):
  - [2b42dd3] Handle errors from run_ofctl() when dumping flows
  - [d00446b] Reprogram flows when ovs-vswitchd restarts
  - [8d3026b] Added missing plugin .ini files to setup.cfg
  - [072bbc0] NEC plugin: Bump L3RPC callback version to 1.1
  - [47a4954] Remove List events API from Cisco N1kv Neutron
  - [28a26db] Install SNAT rules for ipv4 only
  - [5bdea2d] Use os.uname() instead of calling uname in subprocess
  - [48bc7db] Replace loopingcall in notifier with a delayed send
  - [66eeda2] Explicitly import state_path opt in tests.base
  - [f1b0607] NSX: allow net-migration only in combined mode
  - [8abb05c] NSX: do not raise on missing router during migration step
  - [4c945dd] NSX: fix error when creating VM ports on subnets without dhcp
  - [efa4f28] OVS lib defer apply doesn't handle concurrency
  - [bc30b52] NSX: ensure that no LSN is created on external networks
  - [2bcc7bf] NSX: pass the right argument during metadata setup
  - [26a591a] Big Switch: Check source_address attribute exists
  - [74a9365] L3 RPC loop could delete a router on concurrent update
  - [2a7164a] Optimize querying for security groups
  - [bac4389] set api.extensions logging to ERROR in unit tests
  - [d1ab56d] Make default nova_url use a version
  - [2c56e14] NSX: fix API payloads for dhcp/metadata setup
  - [f217479] NSX: fix migration for networks without a subnet
  - [bf281cd] NSX: change api mapping for Service Cluster to Edge Cluster
  - [7225e2b] NSX: add nsx switch lookup to dhcp and metadata operations
  - [b922aa7] Fixed floating IP logic in PLUMgrid plugin
  - [84650f8] IBM: set secret=True on passwd config field
  - [c5040b4] Update ensure()/reconnect() to catch MessagingError
  - [e0deffc] NSX: Fix fake_api_client to raise NotFound
  - [42a8539] netaddr<=0.7.10 raises ValueError instead of AddrFormatError
  - [68a24e5] Validate CIDR given as ip-prefix in security-group-rule-create
  - [8991aa6] gw_port should be set as lazy='join'
  - [54ac82b] NSX: ensure dhcp port is setup on metadata network

[ Jamie Strandboge ]
* SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
  neutron-rootwrap
  - CVE-2013-6433 (LP: #1185019)

29. By Jamie Strandboge on 2014-06-18

* SECURITY UPDATE: specify /etc/neutron/rootwrap.conf for use with
  neutron-rootwrap
  - CVE-2013-6433 (LP: #1185019)
* SECURITY UPDATE: Validate CIDR given as ip-prefix in
  security-group-rule-create
  - CVE-2014-0187
  - LP: #1300785
* debian/patches/CVE-2014-0187b.patch: update for python-netaddr <= 0.7.10
* SECURITY UPDATE: Install SNAT rules for ipv4 only
  - CVE-2014-4167
  - LP: #1309195

28. By James Page on 2014-04-17

[ Chuck Short ]
New upstream release (LP: #1288245).

27. By James Page on 2014-04-14

d/neutron-vpn-agent.upstart: Wait for neutron-ovs-cleanup service to
start if installed to ensure that Open vSwitch state is cleaned up
on reboot (LP: #1307208).