-
cinder (2:16.4.2-0ubuntu2.4) focal-security; urgency=medium
* SECURITY REGRESSION: Regressions in other projects (LP: #2020111)
- debian/patches/series: Do not apply CVE-2023-2088.patch until
patches are ready for all upstream OpenStack projects.
- CVE-2023-2088
-- Corey Bryant <email address hidden> Thu, 18 May 2023 11:30:20 -0400
-
cinder (2:16.4.2-0ubuntu2.3) focal-security; urgency=medium
* SECURITY UPDATE: Unauthorized File Access
- debian/patches/CVE-2023-2088.patch: Reject unsafe delete
attachment calls.
- debian/patches/move-unit-test-code-under-tests-unit.patch: Required
for CVE-2023-2088.patch.
- CVE-2023-2088
-- Corey Bryant <email address hidden> Tue, 09 May 2023 08:42:36 -0400
-
cinder (2:16.4.2-0ubuntu2.2) focal-security; urgency=medium
* SECURITY UPDATE: incorrect VMDK subformat check
- debian/patches/use_json_format.patch: switch qemu_img_info to json
format or the format_specific attribute will always be empty,
resulting in check_vmdk_image() always returning an error.
-- Marc Deslauriers <email address hidden> Tue, 07 Feb 2023 17:11:18 -0500
-
cinder (2:16.4.2-0ubuntu2.1) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary file access
- debian/patches/CVE-2022-47951.patch: Check VMDK subformat
against an allowed list.
- CVE-2022-47951
-- Corey Bryant <email address hidden> Sun, 29 Jan 2023 11:10:33 -0500
-
cinder (2:16.4.2-0ubuntu2) focal; urgency=medium
* d/p/3par-iscsi-driver-primera.patch: Add iSCSI support to
HPE 3PAR driver for Primera 4.2 and higher (LP: #1959712).
cinder (2:16.4.2-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1956994).
-- Corey Bryant <email address hidden> Wed, 02 Feb 2022 08:30:46 -0500
-
cinder (2:16.4.2-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1956994).
-- Chris MacNaughton <email address hidden> Tue, 11 Jan 2022 21:10:37 +0000
-
cinder (2:16.4.1-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1948914).
-- Chris MacNaughton <email address hidden> Thu, 28 Oct 2021 07:01:38 +0000
-
cinder (2:16.4.0-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1941048).
-- Chris MacNaughton <email address hidden> Wed, 25 Aug 2021 12:03:15 +0000
-
cinder (2:16.3.0-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1923036).
* d/p/rbd-retry-delete.patch: Removed after fix landed upstream.
-- Chris MacNaughton <email address hidden> Mon, 12 Apr 2021 12:13:29 +0000
-
cinder (2:16.2.1-0ubuntu2) focal; urgency=medium
* d/p/rbd-retry-delete.patch: Fix RBD mirroring race by retrying volume delete
if VolumeIsBusy in _copy_image_to_volume (LP: #1900775).
* d/p/add-mock-psutil-in-quobyte-tests.patch: Add a mock of psutil
disk_partitions to fix failing unit test (LP: #1913607).
-- Corey Bryant <email address hidden> Tue, 26 Jan 2021 15:28:53 -0500
-
cinder (2:16.2.1-0ubuntu1) focal; urgency=medium
* New stable point release for OpenStack Ussuri (LP: #1912322).
-- Chris MacNaughton <email address hidden> Tue, 19 Jan 2021 10:33:38 +0000
-
cinder (2:16.2.0-0ubuntu1) focal; urgency=medium
[ Chris MacNaughton ]
* d/control: Update VCS paths for move to lp:~ubuntu-openstack-dev.
[ Corey Bryant ]
* New stable point release for OpenStack Ussuri (LP: #1900477).
-- Corey Bryant <email address hidden> Mon, 19 Oct 2020 14:37:28 -0400
-
cinder (2:16.1.0-0ubuntu1) focal-security; urgency=medium
[ Chris MacNaughton ]
* New stable point release for OpenStack Ussuri (LP: #1883879).
[ Corey Bryant ]
* SECURITY UPDATE: Dell EMC ScaleIO/VxFlex OS Backend Credentials Exposure
(LP: #1823200)
- Remove VxFlex OS credentials from connection_properties. Passwords are
now stored in separate file and are retrieved during each attach/detach
operation. Cinder is patched in 16.1.0 stable point release.
- d/control: Align (Build-)Depends with min version of python3-os-brick
required to fix credential exposure.
- CVE-2020-10755
-- Corey Bryant <email address hidden> Tue, 23 Jun 2020 16:52:33 -0400
-
cinder (2:16.0.0-0ubuntu0.20.04.1) focal; urgency=medium
[ Chris MacNaughton ]
* d/watch: Update tarball version.
* d/p/py38skip.patch: Refresh patch.
* New upstream release for OpenStack Ussuri (LP: #1877642).
[ Corey Bryant ]
* d/gbp.conf: Create stable/ussuri branch.
-- Corey Bryant <email address hidden> Fri, 15 May 2020 13:45:11 -0400
-
cinder (2:16.0.0~b3~git2020041012.eb915e2db-0ubuntu1) focal; urgency=medium
* d/watch: Update tarball URL to opendev.org.
* New upstream snapshot for OpenStack Ussuri.
* d/cinder-common.postinst: Set ownership and permissions for all /var/lib
files and directories.
-- Corey Bryant <email address hidden> Fri, 10 Apr 2020 12:56:33 -0400
-
cinder (2:16.0.0~b3~git2020032414.a0c0a9e23-0ubuntu1) focal; urgency=medium
* New upstream snapshot for OpenStack Ussuri.
* d/cinder-common.postinst: Set default ownership and permissions for
/etc/<pkg>, /var/lib/<pkg>, and /var/log/<pkg> (LP: #1859422).
-- Corey Bryant <email address hidden> Tue, 24 Mar 2020 14:47:42 -0400
-
cinder (2:16.0.0~b2~git2020020407.819b4a0fc-0ubuntu1) focal; urgency=medium
* New upstream snapshot for OpenStack Ussuri.
* d/control: Drop. Dropped Python2 support.
* d/rules: Switched to pybuild.
* d/p/skip-taskflow-tests-py37.patch: Dropped. Fixed upstream.
* d/control: Align (Build-)Depends with upstream.
* d/control: Added python3-tabulate.
* d/control: Removed min version for python-hacking.
* d/control: Added python3-sqlalchemy-utils.
* d/p/py38skip.patch: Skip failing tests with Python3.8.
-- Sahid Orentino Ferdjaoui <email address hidden> Thu, 06 Feb 2020 11:33:45 +0000
-
cinder (2:15.0.0-0ubuntu1) eoan; urgency=medium
* New upstream release for OpenStack Train.
-- Corey Bryant <email address hidden> Wed, 16 Oct 2019 10:59:02 -0400