Your message dated Thu, 01 Jul 2021 20:54:36 +0000
with message-id <[email protected]>
and subject line unblock neutron
has caused the Debian Bug report #990470,
regarding unblock: neutron/17.1.1-6
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
990470: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=990470
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: release.debian.org
Severity: normal
User: [email protected]
Usertags: unblock
Please unblock package neutron
[ Reason ]
The upstream release didn't include python3.9 in the possible python
versions in the rootwrap configuration.
[ Impact ]
Neutron fails to kill the keepalived processes, resulting in a broken
virtual router configuration whenever a router is deleted.
[ Tests ]
This isn't detected by the functional tests upstream (which uses
Python 3.5 to Python 3.8), and the rootrwap tests aren't run in the
unit tests. Though we successfully fixed the setup with the attached
patch in production.
[ Risks ]
No risk, this is just enrichment of an already working config.
[ Checklist ]
[x] all changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in testing
unblock neutron/17.1.1-6
diff -Nru neutron-17.1.1/debian/changelog neutron-17.1.1/debian/changelog
--- neutron-17.1.1/debian/changelog 2021-05-17 20:47:34.000000000 +0200
+++ neutron-17.1.1/debian/changelog 2021-06-30 10:51:00.000000000 +0200
@@ -1,3 +1,9 @@
+neutron (2:17.1.1-6) unstable; urgency=medium
+
+ * Add fix-rootwrap-does-not-include-python-3.9.patch.
+
+ -- Thomas Goirand <[email protected]> Wed, 30 Jun 2021 10:51:00 +0200
+
neutron (2:17.1.1-5) unstable; urgency=high
* CVE-2021-20267: Anti-spoofing bypass using Open vSwitch. Applied upstream
diff -Nru
neutron-17.1.1/debian/patches/fix-rootwrap-does-not-include-python-3.9.patch
neutron-17.1.1/debian/patches/fix-rootwrap-does-not-include-python-3.9.patch
---
neutron-17.1.1/debian/patches/fix-rootwrap-does-not-include-python-3.9.patch
1970-01-01 01:00:00.000000000 +0100
+++
neutron-17.1.1/debian/patches/fix-rootwrap-does-not-include-python-3.9.patch
2021-06-30 10:51:00.000000000 +0200
@@ -0,0 +1,16 @@
+Description: Fix rootwrap does not include python 3.9
+Author: Thomas Goirand <[email protected]>
+Bug-Debian: https://bugs.debian.org/985104
+Forwarded: no
+Last-Update: 2021-06-30
+
+--- neutron-17.1.1.orig/etc/neutron/rootwrap.d/l3.filters
++++ neutron-17.1.1/etc/neutron/rootwrap.d/l3.filters
+@@ -70,6 +70,7 @@ kill_keepalived_monitor_py3: KillFilter,
+ kill_keepalived_monitor_py36: KillFilter, root, python3.6, -15, -9
+ kill_keepalived_monitor_py37: KillFilter, root, python3.7, -15, -9
+ kill_keepalived_monitor_py38: KillFilter, root, python3.8, -15, -9
++kill_keepalived_monitor_py39: KillFilter, root, python3.9, -15, -9
+ # For e.g. RHEL8 neutron-keepalived-state-change is run by "system python"
+ # which is /usr/libexec/platform-python3.6 so this should be in filters also.
+ # Path /usr/libexec isn't in PATH by default so it has to be given here as
diff -Nru neutron-17.1.1/debian/patches/series
neutron-17.1.1/debian/patches/series
--- neutron-17.1.1/debian/patches/series 2021-05-17 20:47:34.000000000
+0200
+++ neutron-17.1.1/debian/patches/series 2021-06-30 10:51:00.000000000
+0200
@@ -1,2 +1,3 @@
Floating_IP_s_for_routed_networks.patch
CVE-2021-20267_Restrict_IPv6_NA_and_DHCPv6_IP_and_MAC_source_addresses.patch
+fix-rootwrap-does-not-include-python-3.9.patch
--- End Message ---
--- Begin Message ---
Unblocked.
--- End Message ---
