Change logs for nova source package in Precise

  • nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.4) precise-security; urgency=medium
    
      * SECURITY UPDATE: ssl not enforced when qpid_protocol is set to ssl
        - debian/patches/CVE-2013-6491.patch: set the right parameter in
          nova/rpc/impl_qpid.py
        - LP: #1158807
        - CVE-2013-6491
      * SECURITY UPDATE: information disclosure via incorrect KVM live block
        migration
        - debian/patches/CVE-2013-7130.patch: fix root disk leak in
          nova/virt/libvirt/connection.py, add upstream test and additional test
          (test_create_images_and_backing_full()) to nova/tests/test_libvirt.py
        - CVE-2013-7130
      * SECURITY UPDATE: denial of service via disk consumption
        - debian/patches/CVE-2013-446x.patch: don't boot oversized images in
          nova/virt/images.py, and nova/virt/libvirt/connection.py. Update tests
          in nova/tests/test_libvirt.py
        - CVE-2013-4463
        - CVE-2013-4469
     -- Jamie Strandboge <email address hidden>   Wed, 14 May 2014 15:14:36 -0500
  • nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.2) precise-security; urgency=low
    
      * SECURITY UPDATE: denial of service with network security group policy
        updates
        - debian/patches/CVE-2013-4185.patch: use cached nwinfo for secgroup rules
          (LP: #1184041)
        - CVE-2013-4185
     -- Jamie Strandboge <email address hidden>   Mon, 21 Oct 2013 17:52:13 -0500
  • nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1.1) precise-security; urgency=low
    
      * SECURITY UPDATE: verify virtual size of QCOW2 images
        - CVE-2013-2096.patch: update nova/virt/libvirt/connection.py to check
          QCOW2 image size during root disk creation
        - CVE-2013-2096
     -- Jamie Strandboge <email address hidden>   Wed, 15 May 2013 16:37:20 -0500
  • nova (2012.1.3+stable-20130423-e52e6912-0ubuntu1) precise-proposed; urgency=low
    
      * Resynchronize with stable/essex (e52e6912) (LP: #1089488):
        - [48e81f1] VNC proxy can be made to connect to wrong VM LP: 1125378
        - [3bf5a58] snat rule too broad for some network configurations LP: 1048765
        - [efaacda] DOS by allocating all fixed ips LP: 1125468
        - [b683ced] Add nosehtmloutput as a test dependency.
        - [45274c8] Nova unit tests not running, but still passing for stable/essex
          LP: 1132835
        - [e02b459] vnc unit-test fixes
        - [87361d3] Jenkins jobs fail because of incompatibility between sqlalchemy-
          migrate and the newest sqlalchemy-0.8.0b1 (LP: #1073569)
        - [e98928c] VNC proxy can be made to connect to wrong VM LP: 1125378
        - [c0a10db] DoS through XML entity expansion (CVE-2013-1664) LP: 1100282
        - [243d516] No authentication on block device used for os-volume_boot
          LP: 1069904
        - [80fefe5] use_single_default_gateway does not function correctly
          (LP: #1075859)
        - [bd10241] Essex 2012.1.3 : Error deleting instance with 2 Nova Volumes
          attached (LP: #1079745)
        - [86a5937] do_refresh_security_group_rules in nova.virt.firewall is very
          slow (LP: #1062314)
        - [ae9c5f4] deallocate_fixed_ip attempts to update an already deleted
          fixed_ip (LP: #1017633)
        - [20f98c5] failed to allocate fixed ip because old deleted one exists
          (LP: #996482)
        - [75f6922] snapshot stays in saving state if the vm base image is deleted
          (LP: #921774)
        - [1076699] lock files may be removed in error dues to permissions issues
          (LP: #1051924)
        - [40c5e94] ensure_default_security_group() does not call sgh (LP: #1050982)
        - [4eebe76] At termination, LXC rootfs is not always unmounted before
          rmtree() is called (LP: #1046313)
        - [47dabb3] Heavily loaded nova-compute instances don't sent reports
          frequently enough (LP: #1045152)
        - [b375b4f] When attach volume lost attach when node restart (LP: #1004791)
        - [4ac2dcc] nova usage-list returns  wrong usage (LP: #1043999)
        - [014fcbc] Bridge port's hairpin mode not set after resuming a machine
          (LP: #1040537)
        - [2f35f8e] Nova flavor ephemeral space size reported incorrectly
          (LP: #1026210)
      * Dropped, superseeded by new snapshot:
        - debian/patches/CVE-2013-0335.patch: [48e81f1]
        - debian/patches/CVE-2013-1838.patch: [efaacda]
        - debian/patches/CVE-2013-1664.patch: [c0a10db]
        - debian/patches/CVE-2013-0208.patch: [243d516]
     -- Yolanda <email address hidden>   Mon, 22 Apr 2013 12:37:08 +0200
  • nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.4) precise-security; urgency=low
    
      * SECURITY UPDATE: fix denial of service via fixed IPs when using extensions
        - debian/patches/CVE-2013-1838.patch: add explicit quota for fixed IP
        - CVE-2013-1838
        - LP: #1125468
      * SECURITY UPDATE: fix VNC token validation
        - debian/patches/CVE-2013-0335*.patch: force console auth service to flush
          all tokens associated with an instance when it is deleted
        - CVE-2013-0335
        - LP: #1125378
     -- Jamie Strandboge <email address hidden>   Wed, 20 Mar 2013 10:07:08 -0500
  • nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.2) precise-security; urgency=low
    
      * SECURITY UPDATE: fix denial of service
        - CVE-2013-1664.patch: Add a new utils.safe_minidom_parse_string function
          and update external API facing Nova modules to use it
        - CVE-2013-1664
     -- Jamie Strandboge <email address hidden>   Tue, 19 Feb 2013 11:45:46 -0600
  • nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1.1) precise-security; urgency=low
    
      * SECURITY UPDATE: fix lack of authentication on block device used for
        os-volume_boot
        - debian/patches/CVE-2013-0208.patch: adjust nova/compute/api.py to
          validate we can access the volumes
        - CVE-2013-0208
     -- Jamie Strandboge <email address hidden>   Wed, 23 Jan 2013 13:03:11 -0600
  • nova (2012.1.3+stable-20120827-4d2a4afe-0ubuntu1) precise-proposed; urgency=low
    
      * New upstream snapshot, fixes FTBFS in -proposed. (LP: #1041120)
      * Resynchronize with stable/essex (4d2a4afe):
        - [5d63601] Inappropriate exception handling on kvm live/block migration
          (LP: #917615)
        - [ae280ca] Deleted floating ips can cause instance delete to fail
          (LP: #1038266)
    
    nova (2012.1.3+stable-20120824-86fb7362-0ubuntu1) precise-proposed; urgency=low
    
      * New upstream snapshot. (LP: #1041120)
      * Dropped, superseded by new snapshot:
        - debian/patches/CVE-2012-3447.patch: [d9577ce]
        - debian/patches/CVE-2012-3371.patch: [25f5bd3]
        - debian/patches/CVE-2012-3360+3361.patch: [b0feaff]
      * Resynchronize with stable/essex (86fb7362):
        - [86fb736] Libvirt driver reports incorrect error when volume-detach fails
          (LP: #1029463)
        - [272b98d] nova delete lxc-instance umounts the wrong rootfs (LP: #971621)
        - [09217ab] Block storage connections are NOT restored on system reboot
          (LP: #1036902)
        - [d9577ce] CVE-2012-3361 not fully addressed (LP: #1031311)
        - [e8ef050] pycrypto is unused and the existing code is potentially insecure
          to use (LP: #1033178)
        - [3b4ac31] cannot umount guestfs  (LP: #1013689)
        - [f8255f3] qpid_heartbeat setting in ineffective (LP: #1030430)
        - [413c641] Deallocation of fixed IP occurs before security group refresh
          leading to potential security issue in error / race conditions
          (LP: #1021352)
        - [219c5ca] Race condition in network/deallocate_for_instance() leads to
          security issue (LP: #1021340)
        - [f2bc403] cleanup_file_locks does not remove stale sentinel files
          (LP: #1018586)
        - [4c7d671] Deleting Flavor currently in use by instance creates error
          (LP: #994935)
        - [7e88e39] nova testsuite errors on newer versions of python-boto (e.g.
          2.5.2) (LP: #1027984)
        - [80d3026] NoMoreFloatingIps: Zero floating ips available after repeatedly
          creating and destroying instances over time (LP: #1017418)
        - [4d74631] Launching with source groups under load produces lazy load error
          (LP: #1018721)
        - [08e5128] API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts
          (LP: #1014925)
        - [801b94a] Restarting nova-compute removes ip packet filters (LP: #1027105)
        - [f6d1f55] instance live migration should create virtual_size disk image
          (LP: #977007)
        - [4b89b4f] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [6e873bc] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [7b215ed] Use default qemu-img cluster size in libvirt connection driver
        - [d3a87a2] Listing flavors with marker set returns 400 (LP: #956096)
        - [cf6a85a] nova-rootwrap hardcodes paths instead of using
          /sbin:/usr/sbin:/usr/bin:/bin (LP: #1013147)
        - [2efc87c] affinity filters don't work if scheduler_hints is None
          (LP: #1007573)
        - [48e5f46] metadata injection is broken in xen (LP: #1022036)
        - [25f5bd3] scheduler hang (DOS) possible with
          DifferentHostFilter/SameHostFilter  (LP: #1017795)
        - [1c1b858] cannot umount guestfs  (LP: #1013689)
        - [835ba4f] not able to get host total memory in xen with libvirt
          (LP: #1004298)
        - [00e5104] Call to network_get_all_by_uuids missing 'db' (LP: #986922)
        - [4c49df7] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [19631f3] [nova][volumes] Exceeding volumes quotas logs
          "VolumeSizeTooLarge" instead of "VolumeLimitExceeded"  (LP: #1020634)
        - [b0feaff] Remote arbitrary file corruption / creation flaw via injected
          files (LP: #1015531)
        - [3cb6e57] NoMoreFixedIps: Zero fixed ips available. Nova seems leaking
          them. (LP: #1014769)
        - [5d8431b] ram_allocation_ratio does not work (LP: #1016273)
        - [410060f] test_get_console_output_file requires sudo NOPASSWD
          (LP: #992805)
        - [33c2575] Stop/start a KVM instance with volumes attached produces an
          error state (LP: #1013782)
        - [6c01c01] Backport tox settings to unbreak jenkins jobs.
        - [344125f] Set defaultbranch in .gitreview to stable/essex
        - [9b789be] floating ips are not disassociated from instances on deletion
          (LP: #997763)
        - [d89c2f3] qpid timeout causing compute service to crash (LP: #999698)
        - [caae0e9] floating ips do not display in 'nova list' after association to
          instance (LP: #939122)
        - [1dc9f19] impl_qpid doesn't ACK messages (LP: #1012374)
        - [bc621bc] Restarting nova-network removes ip packet filters
          (LP: #1000853)
        - [7870157] Add caching to openstack.common.cfg
        - [27133ee] Firewall rules from nova-compute are not refreshed after host
          reboot (LP: #985162)
        - [3ee026e] Source group based security group rule without protocol and port
          causes failures (LP: #1010514)
        - [f0a9f47] [SRU] dns_domains table mysql charset is 'latin1'. Should be
          'utf8' (LP: #993663)
        - [cc8fd97] euca-describe-keypair NonExistent returns 200 (LP: #1006664)
        - [9f9e9da] Security groups fail to be set correctly if incorrect case is
          used for protocol specification (LP: #985184)
     -- Adam Gandelman <email address hidden>   Mon, 27 Aug 2012 14:50:40 -0700
  • nova (2012.1.3+stable-20120824-86fb7362-0ubuntu1) precise-proposed; urgency=low
    
      * New upstream snapshot. (LP: #1041120)
      * Dropped, superseded by new snapshot:
        - debian/patches/CVE-2012-3447.patch: [d9577ce]
        - debian/patches/CVE-2012-3371.patch: [25f5bd3]
        - debian/patches/CVE-2012-3360+3361.patch: [b0feaff]
      * Resynchronize with stable/essex (86fb7362):
        - [86fb736] Libvirt driver reports incorrect error when volume-detach fails
          (LP: #1029463)
        - [272b98d] nova delete lxc-instance umounts the wrong rootfs (LP: #971621)
        - [09217ab] Block storage connections are NOT restored on system reboot
          (LP: #1036902)
        - [d9577ce] CVE-2012-3361 not fully addressed (LP: #1031311)
        - [e8ef050] pycrypto is unused and the existing code is potentially insecure
          to use (LP: #1033178)
        - [3b4ac31] cannot umount guestfs  (LP: #1013689)
        - [f8255f3] qpid_heartbeat setting in ineffective (LP: #1030430)
        - [413c641] Deallocation of fixed IP occurs before security group refresh
          leading to potential security issue in error / race conditions
          (LP: #1021352)
        - [219c5ca] Race condition in network/deallocate_for_instance() leads to
          security issue (LP: #1021340)
        - [f2bc403] cleanup_file_locks does not remove stale sentinel files
          (LP: #1018586)
        - [4c7d671] Deleting Flavor currently in use by instance creates error
          (LP: #994935)
        - [7e88e39] nova testsuite errors on newer versions of python-boto (e.g.
          2.5.2) (LP: #1027984)
        - [80d3026] NoMoreFloatingIps: Zero floating ips available after repeatedly
          creating and destroying instances over time (LP: #1017418)
        - [4d74631] Launching with source groups under load produces lazy load error
          (LP: #1018721)
        - [08e5128] API 'v1.1/{tenant_id}/os-hosts' does not return a list of hosts
          (LP: #1014925)
        - [801b94a] Restarting nova-compute removes ip packet filters (LP: #1027105)
        - [f6d1f55] instance live migration should create virtual_size disk image
          (LP: #977007)
        - [4b89b4f] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [6e873bc] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [7b215ed] Use default qemu-img cluster size in libvirt connection driver
        - [d3a87a2] Listing flavors with marker set returns 400 (LP: #956096)
        - [cf6a85a] nova-rootwrap hardcodes paths instead of using
          /sbin:/usr/sbin:/usr/bin:/bin (LP: #1013147)
        - [2efc87c] affinity filters don't work if scheduler_hints is None
          (LP: #1007573)
        - [48e5f46] metadata injection is broken in xen (LP: #1022036)
        - [25f5bd3] scheduler hang (DOS) possible with
          DifferentHostFilter/SameHostFilter  (LP: #1017795)
        - [1c1b858] cannot umount guestfs  (LP: #1013689)
        - [835ba4f] not able to get host total memory in xen with libvirt
          (LP: #1004298)
        - [00e5104] Call to network_get_all_by_uuids missing 'db' (LP: #986922)
        - [4c49df7] [nova][volumes] Exceeding volumes, gigabytes and floating_ips
          quotas returns general uninformative HTTP 500 error (LP: #1021373)
        - [19631f3] [nova][volumes] Exceeding volumes quotas logs
          "VolumeSizeTooLarge" instead of "VolumeLimitExceeded"  (LP: #1020634)
        - [b0feaff] Remote arbitrary file corruption / creation flaw via injected
          files (LP: #1015531)
        - [3cb6e57] NoMoreFixedIps: Zero fixed ips available. Nova seems leaking
          them. (LP: #1014769)
        - [5d8431b] ram_allocation_ratio does not work (LP: #1016273)
        - [410060f] test_get_console_output_file requires sudo NOPASSWD
          (LP: #992805)
        - [33c2575] Stop/start a KVM instance with volumes attached produces an
          error state (LP: #1013782)
        - [6c01c01] Backport tox settings to unbreak jenkins jobs.
        - [344125f] Set defaultbranch in .gitreview to stable/essex
        - [9b789be] floating ips are not disassociated from instances on deletion
          (LP: #997763)
        - [d89c2f3] qpid timeout causing compute service to crash (LP: #999698)
        - [caae0e9] floating ips do not display in 'nova list' after association to
          instance (LP: #939122)
        - [1dc9f19] impl_qpid doesn't ACK messages (LP: #1012374)
        - [bc621bc] Restarting nova-network removes ip packet filters
          (LP: #1000853)
        - [7870157] Add caching to openstack.common.cfg
        - [27133ee] Firewall rules from nova-compute are not refreshed after host
          reboot (LP: #985162)
        - [3ee026e] Source group based security group rule without protocol and port
          causes failures (LP: #1010514)
        - [f0a9f47] [SRU] dns_domains table mysql charset is 'latin1'. Should be
          'utf8' (LP: #993663)
        - [cc8fd97] euca-describe-keypair NonExistent returns 200 (LP: #1006664)
        - [9f9e9da] Security groups fail to be set correctly if incorrect case is
          used for protocol specification (LP: #985184)
     -- Adam Gandelman <email address hidden>   Fri, 24 Aug 2012 02:09:33 -0400
  • nova (2012.1+stable~20120612-3ee026e-0ubuntu1.3) precise-security; urgency=low
    
      * SECURITY UPDATE: Prohibit file injection writing to host filesystem
        - debian/patches/CVE-2012-3447.patch: update to perform the file name
          canonicalization as the root user
        - CVE-2012-3447
     -- Jamie Strandboge <email address hidden>   Fri, 17 Aug 2012 14:09:26 -0500
  • nova (2012.1+stable~20120612-3ee026e-0ubuntu1.2) precise-security; urgency=low
    
      * SECURITY UPDATE: scheduler affinity denial of service
        - debian/patches/CVE-2012-3371.patch: lookup instance ids only once
          instead of once for each scheduler hint instance id.
     -- Steve Beattie <email address hidden>   Thu, 05 Jul 2012 10:58:26 -0700
  • nova (2012.1+stable~20120612-3ee026e-0ubuntu1.1) precise-security; urgency=low
    
      * SECURITY UPDATE: arbitrary file injection/corruption
        - debian/patches/CVE-2012-3360+3361.patch: ensure that files cannot
          be injected in arbitrary locations
        - CVE-2012-3360
        - CVE-2012-3361
     -- Steve Beattie <email address hidden>   Mon, 02 Jul 2012 19:54:17 -0700
  • nova (2012.1+stable~20120612-3ee026e-0ubuntu1) precise-proposed; urgency=low
    
      * New upstream snapshot. (LP: #1010473)
      * Dropped, superseeded by new snapshot:
        - debian/patches/upstream/0001-fix-bug-where-nova-ignores-glance-host-in-imageref.patch
        - debian/patches/upstream/0002-Stop-libvirt-test-from-deleting-instances-dir.patch
        - debian/patches/upstream/0003-Allow-unprivileged-RADOS-users-to-access-rbd-volumes.patch
        - debian/patches/upstream/0004-Fixed-bug-962840-added-a-test-case.patch
        - debian/patches/upstream/0005-Populate-image-properties-with-project_id-again.patch
        - debian/patches/upstream/0006-Use-project_id-in-ec2.cloud._format_image.patc
        - debian/patches/CVE-2012-2101.patch
        - debian/patches/CVE-2012-2654.patch
      * Resynchronize with stable/essex:
        - 3ee026e Only invoke .lower() on non-None protocols. (LP: #1010514)
        - f0a9f47 Create a utf8 version of the dns_domains table. (LP: #993663)
        - 84a43e1 Report memory correctly on Xen. (LP: #997014)
        - 8c72924 Add libvirt get_console_output tests: pty and file. (LP: #990237)
        - 4e423cd Fix Multi_Scheduler to process host capabilities. (LP: #1000403)
        - 4aea7f1 Nail pep8 dependencies to 1.0.1
        - 2b3bbc4 handle updated qemu-img info output. (LP: #1000261)
        - 2d7d51c Fix type of snapshot_id column to match db. (LP: #962615)
        - ec70c69 Generate a Changelog for Nova
        - e5e890f Fix nova.tests.test_nova_rootwrap on Fedora 17. (LP: #992916)
        - 9e9a554 Ec2 handle strings with "0x" (LP: #983206)
        - 26dc6b7 QuantumManager will start dnsmasq during startup. Fixes (LP: #977759)
        - 7028d66 Introduced flag base_dir_name. (LP: #973194)
        - 76b525a Get unit tests functional in OS X.
        - facb936 Update KillFilter to handle 'deleted' exe's. (LP: #967931)
        - 1209af4 Checks if value is string or not before decode. (LP: #952176)
        - 1209af4 Fix timeout in EC2 CloudController.create_image(). (LP: #989764)
        - 108e74b Re-add console_log from console_console_output(). (LP: #987335)
        - 48a0768 Don't leak RPC connections on timeouts or other exceptions. (LP: #968843)
        - 7c64de9 Cloudpipe tap vpn not always working. (LP: #975043)
        - 5ab5051 add libvirt_inject_key flag fix (LP: #971640)
        - 6c68ef5 Xen: Pass session to destroy_vdi. (LP: #988615)
        - 015744e Delete fixed_ips when network is deleted. (LP: #754900)
      * Add debian/scripts/changelog.sh to help generate the changelog.
      * Add debian/nova-common.docs:
        - Include changelog and README.rst
      * debian/rules: Generate a tarball from git snapshot.
      * debian/patches/fix-pep8-errors.patch: Fix pep8 errors due to pep8 upstream
        migration.
     -- Chuck Short <email address hidden>   Tue, 05 Jun 2012 09:50:59 -0400
  • nova (2012.1-0ubuntu2.3) precise-security; urgency=low
    
      * REGRESSION FIX: security group without protocol set failure (LP: #1010514)
        - debian/patches/CVE-2012-2654-regression.patch: only call .lower()
          when a protocol has been set.
     -- Steve Beattie <email address hidden>   Mon, 11 Jun 2012 16:00:50 -0700
  • nova (2012.1-0ubuntu2.2) precise-security; urgency=low
    
      * SECURITY UPDATE: set security groups correctly if IP protocol is
        specified in upper/mixed case
        - debian/patches/CVE-2012-2654.patch: ensure protocols are in
          lowercase for the controllers
     -- Steve Beattie <email address hidden>   Tue, 29 May 2012 15:25:43 -0700
  • nova (2012.1-0ubuntu2.1) precise-security; urgency=low
    
      * SECURITY UPDATE: Place limit on number of security groups a user may
        create
        - debian/patches/CVE-2012-2101.patch: add quotas for security groups and
          security groups rules
        - CVE-2012-2101
     -- Jamie Strandboge <email address hidden>   Thu, 03 May 2012 15:41:32 -0500
  • nova (2012.1-0ubuntu2) precise; urgency=low
    
      [ Adam Gandelman ]
      * debian/rules: Properly create empty doc/build/man dir for builds that
        skip doc building
      * debian/control: Set 'Conflicts: nova-compute-hypervisor' for the various
        nova-compute-$type packages. (LP: #975616)
      * debian/control: Set 'Breaks: nova-api' for the various nova-api-$service
        sub-packages. (LP: #966115)
    
      [ Chuck Short ]
      * Resynchronize with stable/essex:
        - b1d11b8 Use project_id in ec2.cloud._format_image()
        - 6e988ed Fixes image publication using deprecated auth. (LP: #977765)
        - 6e988ed Populate image properties with project_id again
        - 3b14c74 Fixed bug 962840, added a test case.
        - d4e96fe Allow unprivileged RADOS users to access rbd volumes.
        - 4acfab6 Stop libvirt test from deleting instances dir
        - 155c7b2 fix bug where nova ignores glance host in imageref
      * debian/nova.conf: Enabled ec2_private_dns_show_ip so that juju can
        connect to openstack instances.
      * debian/patches/fix-docs-build-without-network.patch: Fix docs build
        when there is no network access.
     -- Chuck Short <email address hidden>   Thu, 12 Apr 2012 14:14:29 -0400
  • nova (2012.1-0ubuntu1) precise; urgency=low
    
      * New upstream release.
     -- Chuck Short <email address hidden>   Thu, 05 Apr 2012 11:00:38 -0400
  • nova (2012.1~rc4-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * debian/patches/nova-console-monitor.patch: Disabled.
      * debian/nova.conf: Removed console-monitor option.
     -- Chuck Short <email address hidden>   Wed, 04 Apr 2012 16:55:52 -0400
  • nova (2012.1~rc3-0ubuntu1) precise; urgency=low
    
      * New Upstream release.
      * debian/control: Conflict nova-vncproxy with novnc.
     -- Chuck Short <email address hidden>   Wed, 04 Apr 2012 09:25:14 -0400
  • nova (2012.1~rc2-0ubuntu1) precise; urgency=low
    
      [ Adam Gandelman ]
      * debian/control: Remove unncessary nova-cert dependency from nova-api.
        (LP: #965356)
      * debian/nova-common.postinst: Clean up spacing, remove redundant chown,
        set blanket 0700 nova.nova permissions on /etc/nova/
      * debian/nova-compute-{kvm, lxc, uml, xen}.postinst: Set proper permissions
        on /etc/nova/nova-compute.conf (LP: #861459)
      * debian/nova-common.postinst:  Ensure default nova.sqlite database is not
        world-readable.
      * debian/{rules, nova-common.{install, postinst}}: Install api-paste.ini 0600
        with nova-common (in prepartion for proper nova-api-* package separation)
      * debian/{nova-common.nova-manage.logrotate,
        nova-network.nova-dhcpbridge.logrotate, rules}: Add lograte files,
        override_dh_installlogrotate. (LP: #942646)
      * Add manpage stubs for nova-api-ec2, nova-api-metadata,
        nova-api-os-{volume, compute}, nova-rootwrap. Use sphinx built manpage
        for nova-manage (nova-common.manpages)
      * debian/nova-compute-{kvm, xen, uml, qemu}.postinst: Remove calls to
        adduser since this is already handled from nova-compute.postsinst in a
        vendor neutral way.  Silences lintian errors regarding adduser dependency
    
      [ Chuck Short ]
      * New upstream version.
      * debian/patches/libvirt-use-console-pipe.patch: Dropped.
      * debian/patches/nova-console-monitor.patch: Add console-monitor
        option.
      * debian/nova.conf: Enable use_console_monitor
      * debian/patches/fix-ubuntu-tests.patch: Fix nova testsuite.
      * debian/rules: fail package build if testsuite fails.
      * debian/patches/validate_server_name_length.patch: Dropped no longer
        needed.
      * debian/patches/fix-docs-build-without-network.patch: Some docs need
        a network connection in order to build. Disable fetching docs from
        the internet.
      * debian/patches/0001-fix-useexisting-deprecation-warnings.patch:
        Remove deprecated warnings with sqlalchemy.
    
      [ Tyler Hicks ]
      * SECURITY UPDATE: Denial of service via resource exhaustion in nova-api
        (LP: #968411)
        - debian/patches/validate_server_name_length.patch: Limit server names
          to a maximum of 255 characters to prevent nova-api log files from
          exhausting storage space. Based on upstream patch.
        - CVE-2012-1585
     -- Chuck Short <email address hidden>   Mon, 02 Apr 2012 11:17:33 -0400
  • nova (2012.1~rc1-0ubuntu2) precise; urgency=low
    
      * debian/control: Add Breaks/Replaces to nova-consoleauth, update
        description, nova-console Recommends nova-consoleauth
      * debian/nova-console.install: Remove nova-consoleauth
     -- Adam Gandelman <email address hidden>   Thu, 22 Mar 2012 11:31:35 -0700
  • nova (2012.1~rc1-0ubuntu1) precise; urgency=low
    
      [ Adam Gandelman ]
      [Chuck Short]
      * New upstream release.
      * debian/patches/libvirt-use-console-pipe.patch: Refreshed
    
      [Adam Gandelman]
      * debian/patches/libvirt-console.patch: Refresh
      * debian/control: Split nova-consoleauth from nova-console into its own pkg
        (LP: #959289)
      * debian/nova-console.upstart.in: Specify shell
     -- Chuck Short <email address hidden>   Tue, 20 Mar 2012 11:06:11 -0400
  • nova (2012.1~rc1~20120316.13416-0ubuntu1) precise; urgency=low
    
      [Adam Gandelman]
      * New upstream release.
      * debian/patches/libvirt-conosle-patch: Refresh
      * debian/control: Fix descriptions of nova-{doc, cert} (LP: #942541)
    
      [Paul Belanger]
      * debian/control: python-nova depends on openssh-client (LP: #956177)
     -- Adam Gandelman <email address hidden>   Mon, 12 Mar 2012 12:09:45 -0700
  • nova (2012.1~rc1~20120309.13261-0ubuntu1) precise; urgency=low
    
      [ Chuck Short ]
      * New upstream release.
      * Refreshed libvirt-console-patch again.
    
      [ Adam Gandleman ]
      * debian/patches/{ec2-fixes.patch, libvirt-console-pipe.patch}: Fix and
        refresh. Add dep3 headers from original git commits.
      * debian/patches/ec2-fixes.patch: Dropped.  Merge upstream at 121537c3
      * debain/{rules, nova-docs.doc}: Docs now built in doc/build/.
      * debian/patches/libvirt-use-console-pipe.patch: Update use of
        instance['name'] instead of instance_name
     -- Chuck Short <email address hidden>   Fri, 09 Mar 2012 13:07:19 -0500
  • nova (2012.1~e4-0ubuntu1) precise; urgency=low
    
      [ Adam Gandleman ]
      * debian/patches/libvirt-use-console-pipe.patch: Refreshed.
      * debain/nova-volume.upstart.in: Ensure lock directory is created
        (LP: #940780)
      * debain/control: Fix nova-compute-$flavor Depends
      * debian/control: Add python-iso8601 to python-nova Depends
    
      [ Chuck Short ]
      * debian/rules: Fix FTBFS.
      * Merge Ubuntu/Debian packaging:
        - Thanks to Julien Danjou, Ghe Rivero, and Thomas Goirand
        - debian/copyright: Update copyright file.
        - debian/nova-api.init, debian/nova-compute.init,
          debian/nova-network.init, debian/nova-objectstore,
          debian/nova-scheduler, debian/nova-volume.init:
          Synchronize init scripts.
        - nova-common.install, debian/rules: Install policy.json
        - debian/rules, debian/nova-xcp-network.install,
          debian/nova-xcp-plugins.install, nova-xcp-plugins.postrm,
          debian/nova-xcp-plugins.doc, debian/nova-xcp-plugins.postinst,
          debian/README.xcp_and_openstack, debian/control,
          debian/ubuntu_xen-openvswitch-nova.rules,
          debian/patches/path-to-the-xenhost.conf-fixup.patch:
          Add Xen XCP support.
        - debian/control,
          debian/nova-compute-{kvm,lxc,qemu,xen,uml}.postinst: Make
          nova-compute a virtual package.
        - Dropped ubuntu_ubuntu_control_vars: We dont use it
      * New upstream release.
      * Dropped python-babel, it will be handled by langpacks.
      * debian/patches/ec2-fixes.patch: Backport turnk fix for ec2
        permissions.
      * debian/patches/path-to-the-xenhost.conf-fixup.patch: Refreshed.
     -- Chuck Short <email address hidden>   Fri, 02 Mar 2012 11:04:04 -0500
  • nova (2012.1~e4~20120224.12913-0ubuntu1) precise; urgency=low
    
      [ Monty Taylor ]
      * Move files from nova/locale to /usr/share/locale
    
      [ Chuck Short ]
      * debian/rules: Fix FTBFS.
      * debian/control: Add depends on python-babel.
      * debian/control: Add depends on python-iso8601.
      * debian/nova-api-os-volume.install: Fix FTBS.
      * debian/patches/libvirt-use-console-pipe.patch: Refreshed and
        Re-enabled. (LP: #879666)
      * debian/control: Make sure we install nova-cert
    
      [ Joseph Heck ]
      * debian/nova-console.install: Add nova-consoleauth.
      * Add nova-api-ec2, nova-api-os-compute, and nova-api-os-volume.
     -- Chuck Short <email address hidden>   Fri, 24 Feb 2012 10:08:10 -0500
  • nova (2012.1~e4~20120217.12709-0ubuntu1) precise; urgency=low
    
      [ Dave Walker (Daviey) ]
      * New upstream snapshot
      * debian/patches/temp_fix_linux_net.patch:
        - Dropped, applied upstream. LP: #929127
      * debian/patches/libvirt-use-console-pipe.patch:
        - Rebased against latest trunk
    
      [ Chuck Short ]
      * debian/nova.conf: Re-enable default iscsi_helper.
      * debian/nova.conf: More fixups.
      * debian/control: Dont depend and conflicts on nova-compute-
        hypervisor. (LP: #923681)
      * debian/patches/libvirt-us-console-pipe.patch: Refreshed.
      * Temporarily disable console patch. (LP: #932787)
      * New usptream version.
     -- Chuck Short <email address hidden>   Fri, 17 Feb 2012 10:59:59 -0500
  • nova (2012.1~e4~20120210.12574-0ubuntu1) precise; urgency=low
    
      [Chuck Short]
      * New upstream release.
      * debian/patches/nova-manage_flagfile_location.patch:
        Refreshed patch.
      * debian/patches/libvirt-use-console-pipe.patch:
        Re-add from oneiric.
      * Dropped debian/patches/packaged-ajaxterm-calls.patch.
      * debian/control:
        - Dropped recommends on ajaxterm for nova-compute
        - Dropped nova-ajaxterm package.
    
      [Adam Gandleman]
      * debian/patches/temp_fix_linux_net.patch: Temporary patch until LP:
       929127 is resolved.
     -- Chuck Short <email address hidden>   Fri, 10 Feb 2012 11:25:38 -0500
  • nova (2012.1~e4~20120203.12454-0ubuntu1) precise; urgency=low
    
      [ Adam Gandelman ]
      [Chuck Short]
      * New upstream version.
      * debian/control: Replace m2crpto with python-crypto.
        (LP: #917851)
      * debian/*.upstart.in, debian/nova-common.postinst,
        debian/nova_sudoers: Change default shell to /bin/false.
        (LP: #890362)
    
      [Adam Gandleman]
      * debian/nova-common.{install, postinst}: Install policy.json on all
        Nova nodes (LP: #923817)
      * debian/rules: Remove installation of policy.json (moved to nova-common),
        point to the correct upstream git repository.
     -- Chuck Short <email address hidden>   Fri, 03 Feb 2012 09:03:12 -0500
  • nova (2012.1~e3-0ubuntu1) precise; urgency=low
    
      [Chuck short]
      * New upstream release.
      * debian/patches/fix-nova-rootwraper-env.patch: Dropped
        no longer needed.
      * debian/nova-compute-{kvm,xen,uml,lxc}.conf: Add the connection
        type "--connection=libvirt" since libvirt is no longer the default.
    
      [Adam Gandelman]
      * debian/nova.conf: Define connection_type=libvirt in common nova.conf
        instead of nova-compute-*.conf until Bug #921294 is addressed.
    
      [Vish Ishaya]
       * debian/mans/nova-cert.8, debian/nova-cert.init, debian/nova-cert.install,
         debian/nova-cert.logrotate, debian/nova-cert.manpages,
         debian/nova-cert.upstart.in, debian/control, debian/source_nova.py:
         Add nova-cert.
     -- Chuck Short <email address hidden>   Thu, 26 Jan 2012 10:29:13 -0500
  • nova (2012.1~e3~20120120.12170-0ubuntu1) precise; urgency=low
    
      [Chuck Short]
      * New upstream version.
      * debian/nova-vncproxy.install, debian/nova-vncproxy.upstart.in:
        nova-vncproxy becomes nova-xvpvncproxy.
      * debian/nova.conf: Really use the nova rootwrapper. (LP: #918179)
      * debian/nova_sudoers: Fix typo in rootwrap usage.
      * debian/patches/kombu_tests_timeout.patch: Skip
        "test_iterconsume_errors_will_reconnect" test.
    
      [Dan Prince]
      * Add policy.json to packages.
    
      [Thierry Carrez]
       * debian/*.pyinstall: Ship filter files in each node... (LP: #919105)
       * debian/python-nova.pyremove: ...and no longer in python-nova (LP: #919105)
       * debian/patches/fix-nova-rootwraper-env.patch: Fix temporary issue with
         nova-rootwrap and nova-compute.
     -- Chuck Short <email address hidden>   Fri, 20 Jan 2012 11:54:15 -0500
  • nova (2012.1~e3~20120113.12049-0ubuntu1) precise; urgency=low
    
      [Chuck Short]
      * New upstream version.
      * debian/nova_sudoers, debian/nova-common.install,
        Switch out to nova-rootwrap. (LP: #681774)
      * Add "get-origsource-git" which allows developers to
        generate a tarball from github, by doing:
        fakeroot debian/rules get-orig-source-git
      * debian/debian/nova-objectstore.logrotate: Dont determine
        if we are running Debian or Ubuntu. (LP: #91379)
    
      [Adam Gandleman]
      * Removed python-nova.postinst, let dh_python2 generate instead since
        python-support is not a dependency. (LP: #907543)
     -- Chuck Short <email address hidden>   Fri, 13 Jan 2012 09:51:10 +0100
  • nova (2012.1~e2-0ubuntu4) precise; urgency=low
    
      * SECURITY UPDATE: fix tenant bypass by authenticated users via OpenStack
        API (LP: #904072)
        - CVE-2012-XXXX
     -- Jamie Strandboge <email address hidden>   Thu, 05 Jan 2012 08:58:46 -0600
  • nova (2012.1~e2-0ubuntu2) precise; urgency=low
    
      * debian/nova.conf: Fix misconfiguration.
     -- Chuck Short <email address hidden>   Fri, 16 Dec 2011 16:13:46 -0500
  • nova (2012.1~e2-0ubuntu1) precise; urgency=low
    
      * New usptream release. Fixes the following bugs:
        (LP: #871278, #848643, #859679, #83199)
      * debian/nova-console.install: Fix empty package.
      * debian/patches, debian/pydist-overrides: Cleaner way
        of disabling unwanted python-dependencies.
      * debian/control:
        - Suggest python-keystone. (LP: #901881)
        - Update build dependencies.
      * debian/nova.conf: Use virtio networking by default.
        (LP: #904480)
      * debian/fix-traversal-via-image-register.patch: Dropped
        fixed upstream.
     -- Chuck Short <email address hidden>   Fri, 16 Dec 2011 13:03:55 -0500
  • nova (2012.1~e2~20111208.11721-0ubuntu3) precise; urgency=low
    
      * SECURITY UPDATE: fix directory traversal during image registration via
        EC2 API and S3/RegisterImage
        - fix-traversal-via-image-register.patch: adjust nova/image/s3.py to
          use basename instead of absolute path
        - CVE-2011-4596
     -- Jamie Strandboge <email address hidden>   Tue, 13 Dec 2011 08:39:13 -0600
  • nova (2012.1~e2~20111208.11721-0ubuntu2) precise; urgency=low
    
      * Disable python-coverage as well.
     -- Chuck Short <email address hidden>   Mon, 12 Dec 2011 10:13:04 -0500
  • nova (2012.1~e2~20111208.11721-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * debian/control:
        + Add python-suds as a dependency.
      * debian/patches: Temporarily disable python-nosexcover.
     -- Chuck Short <email address hidden>   Fri, 09 Dec 2011 14:24:07 -0500
  • nova (2012.1~e2~20111202.11641-0ubuntu2) precise; urgency=low
    
      * debian/nova.conf: Remove parameter to --force_dhcp_release
        (LP: #891227)
     -- Adam Gandelman <email address hidden>   Fri, 02 Dec 2011 11:31:34 -0800
  • nova (2012.1~e2~20111202.11641-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * debian/nova_sudoers: Clean up to remove unused programs
        needed by root. (LP: #989583)
     -- Chuck Short <email address hidden>   Fri, 02 Dec 2011 10:56:30 -0500
  • nova (2012.1~e2~20111125.11566-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * Refreshed debian/patches/packaged-ajaxterm-calls.patch.
     -- Chuck Short <email address hidden>   Fri, 25 Nov 2011 14:02:18 -0500
  • nova (2012.1~e2~20111116.11495-0ubuntu1) precise; urgency=low
    
      * New upstream version.
      * Refreshed debian/patches/ackaged-ajaxterm-calls.patch.
     -- Chuck Short <email address hidden>   Fri, 18 Nov 2011 09:40:58 -0500
  • nova (2012.1~e1-0ubuntu3) precise; urgency=low
    
      * debian/rules: Take the api-paste.ini from nova/etc.
     -- Chuck Short <email address hidden>   Thu, 17 Nov 2011 14:10:03 -0500
  • nova (2012.1~e1-0ubuntu2) precise; urgency=low
    
      * Revert debian/nova-manage_flagfile_location.patch: It
        was causing more problems then it should have. (LP: #891229)
     -- Chuck Short <email address hidden>   Wed, 16 Nov 2011 21:12:34 -0500
  • nova (2012.1~e1-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * debian/control: Dropped python-feedparser until MIR comes through.
      * Synced with upstream bzr packaging.
     -- Chuck Short <email address hidden>   Fri, 11 Nov 2011 09:25:25 -0500
  • nova (2012.1~e1~20111020.11229-0ubuntu1) precise; urgency=low
    
      * New upstream release.
      * Dropped patches, already applied upstream:
        - debian/patches/backport-iscsitarget-choice.patch
        - debian/patches/backport-libvirt-console-pipe.patch
        - debian/patches/backport-lxc-container-console-fix.patch
        - debian/patches/backport-recreate-gateway-using-dhcp.patch
        - debian/patches/backport-snapshot-cleanup.patch
        - debian/patches/block-migration-needs-copy-backingfile.patch
        - debian/patches/fix-iscsi-target-path.patch
        - debian/patches/fix-lp838581-removed-db_pool-complexities.patch
        - debian/patches/fix-lp863305-images-permission.patch
        - debian/patches/fqdn-in-local-hostname-of-ec2-metadata.patch
        - debian/patches/use-netcat-instead-of-socat.patc
       * debian/control:
         - Add python-feedparser as a build dependency.
         - Bump standards version to 3.9.2
         - Point to the essex branch.
       * debian/patches/nova-manage_flagfile_location.patch:
         Update patch to take in account of devstack (LP: #870405)
     -- Chuck Short <email address hidden>   Fri, 21 Oct 2011 14:37:26 -0400
  • nova (2011.3-0ubuntu7) precise; urgency=low
    
      [Scott Moser]
      * Removed db_pool complexities from nova.db.sqlalchemy.session (LP: #838581)
    
      [Chuck Short]
      * debian/patches/fix-iscsi-target-path.patch: Fix ISCSI target path patch.
        (LP: #871278)
      * debian/control: Either install xen-hypervisor-4.1-amd64 or
        xen-hypervisor-4.1-i386 for nova-compute-xen. (LP: #873243)
     -- Dave Walker (Daviey) <email address hidden>   Sun, 16 Oct 2011 23:00:52 +0100
  • nova (2011.3-0ubuntu6) oneiric; urgency=low
    
      * debian/patches/backport-libvirt-console-pipe.patch:
        - Patch updated to fix race on instance termination (LP: #868349)
     -- Robie Basak <email address hidden>   Wed, 05 Oct 2011 17:37:49 +0100