SUSE-SU-2020:1901-1: important: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Tue Jul 14 10:13:59 MDT 2020


   SUSE Security Update: Security update for ansible, ansible1, ardana-ansible, ardana-cluster, ardana-freezer, ardana-input-model, ardana-logging, ardana-mq, ardana-neutron, ardana-octavia, ardana-osconfig, caasp-openstack-heat-templates, crowbar-core, crowbar-openstack, documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard, openstack-dashboard-theme-HPE, openstack-heat-templates, openstack-keystone, openstack-monasca-agent, openstack-monasca-installer, openstack-neutron, openstack-octavia-amphora-image, python-Django, python-Flask, python-GitPython, python-Pillow, python-amqp, python-apicapi, python-keystoneauth1, python-oslo.messaging, python-psutil, python-pyroute2, python-pysaml2, python-tooz, python-waitress, storm
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:1901-1
Rating:             important
References:         #1068612 #1092420 #1107190 #1108719 #1123872 
                    #1126503 #1141968 #11483483 #1148383 #1153191 
                    #1156525 #1159046 #1160152 #1160153 #1160192 
                    #1160790 #1160851 #1161088 #1161089 #1161670 
                    #1164322 #1167244 #1168593 #1169770 #1170657 
                    #1171273 #1171560 #1171594 #1171661 #1171909 
                    #1172166 #1172167 #1172175 #1172176 #1172409 
                    
Cross-References:   CVE-2017-1000246 CVE-2019-1010083 CVE-2019-15043
                    CVE-2019-16785 CVE-2019-16786 CVE-2019-16789
                    CVE-2019-16792 CVE-2019-16865 CVE-2019-18874
                    CVE-2019-19911 CVE-2019-3828 CVE-2020-10663
                    CVE-2020-10743 CVE-2020-11076 CVE-2020-11077
                    CVE-2020-12052 CVE-2020-13254 CVE-2020-13379
                    CVE-2020-13596 CVE-2020-5312 CVE-2020-5313
                    CVE-2020-5390 CVE-2020-8151
Affected Products:
                    SUSE OpenStack Cloud Crowbar 8
                    SUSE OpenStack Cloud 8
                    HPE Helion Openstack 8
______________________________________________________________________________

   An update that solves 23 vulnerabilities and has 12 fixes
   is now available.

Description:

   This update for ansible, ansible1, ardana-ansible, ardana-cluster,
   ardana-freezer, ardana-input-model, ardana-logging, ardana-mq,
   ardana-neutron, ardana-octavia, ardana-osconfig,
   caasp-openstack-heat-templates, crowbar-core, crowbar-openstack,
   documentation-suse-openstack-cloud, grafana, kibana, openstack-dashboard,
   openstack-dashboard-theme-HPE, openstack-heat-templates,
   openstack-keystone, openstack-monasca-agent, openstack-monasca-installer,
   openstack-neutron, openstack-octavia-amphora-image, python-Django,
   python-Flask, python-GitPython, python-Pillow, python-amqp,
   python-apicapi, python-keystoneauth1, python-oslo.messaging,
   python-psutil, python-pyroute2, python-pysaml2, python-tooz,
   python-waitress, storm contains the following fixes:

   The update fixes several security issues:

   ansible
   - CVE-2019-3828: Fixed a path traversal in the fetch module (bsc#1126503).

   grafana
   - CVE-2020-13379: Fixed an incorrect access control issue which could lead
     to information leaks or denial of service (bsc#1172409).
   - CVE-2020-12052: Fixed an cross site scripting vulnerability related to
     the annotation popup (bsc#1170657).

   kibana
   - CVE-2020-10743: Fixed a clickjacking vulnerability (bsc#1171909).

   python-Django
   - CVE-2020-13254: Fixed a data leakage via malformed memcached keys.
     (bsc#1172167)
   - CVE-2020-13596: Fixed a cross site scripting vulnerability related to
     the admin parameters of the ForeignKeyRawIdWidget. (bsc#1172166)

   python-Flask
   - CVE-2019-1010083: Fixed a denial of service via crafted encoded JSON.
     (bsc#1141968)


   python-Pillow
   - CVE-2019-16865: Fixed a denial of service with specially crafted image
     files. (bsc#1153191)
   - CVE-2020-5312: Fixed a buffer overflow in the PCX P mode. (bsc#1160152)
   - CVE-2020-5313: Fixed a buffer overflow related to FLI. (bsc#1160153)
   - CVE-2019-19911: Fixed a denial of service in FpxImagePlugin.py.
     (bsc#1160192)

   python-psutil
   - CVE-2019-18874: Fixed a double free caused by refcount mishandling.
     (bsc#1156525)

   python-pysaml2
   - CVE-2020-5390: Fixed an issue with the verification of signatures in
     SAML documents. (bsc#1160851)
   - CVE-2017-1000246: Fixed an issue with  weak encryption data, caused by
     initialization vector reuse. (bsc#1068612)

   python-waitress (to version 1.4.3)
   - CVE-2019-16785: Fixed HTTP request smuggling through LF vs CRLF
     handling. (bsc#1161088)
   - CVE-2019-16786: Fixed HTTP request smuggling through invalid
     Transfer-Encoding. (bsc#1161089)
   - CVE-2019-16789: Fixed HTTP Request Smuggling through Invalid whitespace
     characters. (bsc#1160790)
   - CVE-2019-16792: Fixed HTTP Request Smuggling through Content-Length
     header handling. (bsc#1161670)

   rubygem-activeresource
   - CVE-2020-8151: Fixed information disclosure issue via specially crafted
     requests. (bsc#1171560)

   rubygem-json-1_7
   - CVE-2020-10663: Fixed an unsafe object creation vulnerability.
     (bsc#1167244)

   rubygem-puma
   - CVE-2020-11077: Fixed a HTTP smuggling issue related to proxy usage.
     (bsc#1172175)
   - CVE-2020-11076: Fixed a HTTP smuggling issue when using an invalid
     transfer-encoding header. (bsc#1172176)



   Other non-security fixes in in the update below:

   Changes in ansible:
   - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch
     (bsc#1126503, CVE-2019-3828)

   Changes in ansible1:
   - Add 0001-Disallow-use-of-remote-home-directories-containing-..patch
     (bsc#1126503, CVE-2019-3828)

   Changes in ardana-ansible:
   - Update to version 8.0+git.1589740980.6c3bcdc:
     * Reconfigure rabbitmq user permissions on update (SOC-11082)

   - Update to version 8.0+git.1588953487.9bfd5cb:
     * Fix incorrect prefix used to collect supportconfig files (bsc#1171273)

   - Update to version 8.0+git.1585690828.81d8f45:
     * Cleanup keystone-ansible (bsc#1108719)

   Changes in ardana-cluster:
   - Update to version 8.0+git.1585685203.3e71e49:
     * Use bool filter to ensure valid boolean evaluation (SOC-11192)

   Changes in ardana-freezer:
   - Update to version 8.0+git.1586539529.b7d295f:
     * Recovering Cloud8 using Freezer or SSH backups if upgrade fails
       (SOC-10137)

   Changes in ardana-input-model:
   - Update to version 8.0+git.1589740934.0e0ad61:
     * Add default rabbitmq exchange write permissions (SOC-11082)

   - Update to version 8.0+git.1586174594.2b92ec3:
     * add port neutron security extension to CI models (SOC-11027)

   Changes in ardana-logging:
   - Update to version 8.0+git.1591194866.b7375d0:
     * kibana: set x-frame-options header (bsc#1171909)

   - Update to version 8.0+git.1586179244.ae61f62:
     * Fix YAMLLoadWarning: calling yaml.load() without Loader (bsc#1168593)

   Changes in ardana-mq:
   - Update to version 8.0+git.1589715269.62ad6df:
     * Don't mirror reply queues (SOC-10317)

   - Update to version 8.0+git.1586784724.586343d:
     * Actually fail if sync HA queues retries exceeded (SOC-11083)

   Changes in ardana-neutron:
   - Update to version 8.0+git.1590756744.ba84abc:
     * Update L3 rootwrap filters (SOC-11306)

   - Update to version 8.0+git.1587737509.4e09de3:
     * Add network.target "After" option (bsc#1169770)

   - Update to version 8.0+git.1586546152.e7bc07f:
     * Add neutron-common role dependencies (SOC-10875)

   - Update to version 8.0+git.1586543712.62bb5a3:
     * Fix neutron-ovsvapp-agent status (SOC-10637)

   - Update to version 8.0+git.1586535447.55769df:
     * Improve neutron service restart limit handling (SOC-8746)

   - Update to version 8.0+git.1586519528.a28db53:
     * Correctly setup ardana_notify_... fact (SOC-10902)

   Changes in ardana-octavia:
   - Update to version 8.0+git.1590100427.cf4cc8f:
     * fix octavia to glance communication over internal endpoint (SOC-11294)

   Changes in ardana-osconfig:
   - Update to version 8.0+git.1587034587.eac37b8:
     * Include SLE 12 SP3 LTSS repos in list of managed repos (SOC-11223)

   Changes in caasp-openstack-heat-templates:
   - Switch github URL from git@ to git:// to bypass authentication

   Changes in crowbar-core:
   - Update to version 5.0+git.1593156248.55bbdb26d:
     * Ignore CVE-8184 (SOC-11299)
     * Ignore latest ruby-related CVEs in the CI (SOC-11299)

   - Update to version 5.0+git.1589804984.44a89be24:
     * provisioner: Fix ssh key validation (SOC-11126)
     * assign host to hostless keys (noref)

   Changes in crowbar-openstack:
   - Update to version 5.0+git.1593085772.64c4ab43c:
     * monasca: Prevent deploying monasca-server to the node in pacemaker
       cluster (SOC-6354)

   - Update to version 5.0+git.1591171674.1f299cd1c:
     * Restore undeprecated nova dhcp_domain option (bsc#1171594)

   - Update to version 5.0+git.1591104265.683d76534:
     * [5.0] Fix availability zone script (bsc#1171661)

   - Update to version 5.0+git.1590398068.f5cfacc12:
     * nova: only create nonexistent cell1

   - Update to version 5.0+git.1590150829.e86326d03:
     * [5.0] Tempest: enable test_volume_boot_pattern test (SOC-10874)

   - Update to version 5.0+git.1589814633.23fde86ab:
     * rabbitmq: sync startup definitions.json with recipe
       (SOC-11077,SOC-11274)

   - Update to version 5.0+git.1589647291.73c7f1cb6:
     * [5.0] trove: fix rabbitmq connection URL (SOC-11286)

   - Update to version 5.0+git.1589214669.8332efff3:
     * Fix monasca libvirt ping checks (bsc#1107190)

   - Update to version 5.0+git.1588271874.90adebc7a:
     * run keystone_register on cluster founder only when HA (SOC-11248)
     * nova: run keystone_register on cluster founder only (SOC-11243)

   - Update to version 5.0+git.1588059034.3823515b7:
     * tempest: retry openstack commands (SOC-11238)

   - Update to version 5.0+git.1587403360.c43cd9905:
     * tempest: disable block migration when using RBD (SOC-11176)

   - Update to version 5.0+git.1586293860.901cb0f55:
     * monasca: disable postgres backend monitoring by default (SOC-11190)

   - Update to version 5.0+git.1585659861.c29fac257:
     * magnum: Populate SSL configuration (SOC-9849)
     * magnum: Add SSL support (SOC-9849)
     * nova: Populate cinder SES settings early (SOC-11179)

   Changes in documentation-suse-openstack-cloud:
   - Update to version 8.20200527:
     * Update Travis config: new container name (noref)

   - Update to version 8.20200417:
     * Recovering Cloud8 using Freezer or SSH backups if upgrade fails
       (SOC-10137)

   - Update to version 8.20200326:
     * Clarify wipe_disks does not affect non-OS partitions (bsc#1092420)

   Changes in grafana:
   - Add CVE-2020-13379.patch
     * Security: fix unauthorized avatar proxying (bsc#1172409,
       CVE-2020-13379)
   - Refresh systemd-notification.patch
   - Fix declaration for LICENSE

   - Add
     0002-CVE-2020-12052-bsc1170657-XSS-annotation-popup-vulnerability.patch
     * Security: Fix annotation popup XSS vulnerability (bsc#1170657)

   - Add CVE-2019-15043.patch (SOC-10357, CVE-2019-15043, bsc#11483483)
     Changes in kibana:
   - Add 0001-Configurable-custom-response-headers-for-server.patch
     (bsc#1171909, CVE-2020-10743)

   Changes in openstack-dashboard:
   - Update to version horizon-12.0.5.dev3:
     * Fix typo in publicize\_image policy name

   Changes in openstack-dashboard-theme-HPE:
   - Switch github URL from git@ to https:// to bypass authentication

   Changes in openstack-heat-templates:
   - Update to version 0.0.0+git.1582270132.8a20477:
     * Drop use of git.openstack.org
     * Add sample templates for Blazar

   Changes in openstack-keystone:
   - Update to version keystone-12.0.4.dev11:
     * Fix security issues with EC2 credentials

   - Update to version keystone-12.0.4.dev10:
     * Check timestamp of signed EC2 token request
     * Ensure OAuth1 authorized roles are respected

   - Update to version keystone-12.0.4.dev6:
     * Remove neutron-grenade job

   Changes in openstack-keystone:
   - Update to version keystone-12.0.4.dev11:
     * Fix security issues with EC2 credentials

   - Update to version keystone-12.0.4.dev10:
     * Check timestamp of signed EC2 token request
     * Ensure OAuth1 authorized roles are respected

   - Update to version keystone-12.0.4.dev6:
     * Remove neutron-grenade job

   Changes in openstack-monasca-agent:
   - update to version 2.2.6~dev4
     - Add debug output for libvirt ping checks

   - Lockdown /bin/ip permissions for the monasca-agent (bsc#1107190)
     - add addtional arguments to /bin/ip in sudoers

   - Fix missing sudo privleges (bsc#1107190)
     - add /bin/ip and /usr/bin/ovs-vsctl to monasca-agent sudoers

   - removed 0001-Avoid-overwriting-sys.path-ip-command.patch
   - update to version 2.2.6~dev3
     - Do not copy /sbin/ip to /usr/bin/monasa-agent-ip

   - update to version 2.2.6~dev2
     - Remove incorrect assignment of ping_cmd to 'True'

   - update to version 2.2.6~dev1
     - Update hacking version to 1.1.x

   Changes in openstack-monasca-installer:
   - Add 0001-kibana:-set-x-frame-options-header.patch (bsc#1171909,
     CVE-2020-10743)

   Changes in openstack-neutron:
   - Update to version neutron-11.0.9.dev65:
     * Revert iptables TCP checksum-fill code

   - Update to version neutron-11.0.9.dev64:
     * [Pike-only]: make grenade jobs non-voting

   Changes in openstack-neutron:
   - Update to version neutron-11.0.9.dev65:
     * Revert iptables TCP checksum-fill code

   - Update to version neutron-11.0.9.dev64:
     * [Pike-only]: make grenade jobs non-voting

   Changes in openstack-octavia-amphora-image:
   - Update image to 0.1.4 to include latest changes

   Changes in python-Django:
   - Security fixes (bsc#1172167, bsc#1172166, CVE-2020-13254,
     CVE-2020-13596)
     * Added patch CVE-2020-13254-1.8.19.patch
     * Added patch CVE-2020-13596-1.8.19.patch

   Changes in python-Flask:
   - Apply patch to resolve CVE-2019-1010083 (bsc#1141968)
     - 0001-detect-UTF-encodings-when-loading-json.patch

   Changes in python-GitPython:
   - Require git-core instead of git

   Changes in python-Pillow:
   - Remove decompression_bomb.gif and relevant test case to avoid ClamAV
     scan alerts during build

   - Add 001-Corrected-negative-seeks.patch
      * From upstream, backported
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 002-Added-DecompressionBombError.patch
      * From upstream, backported
      * Adds DecompressionBombError class
      * Used by 003-Added-decompression-bomb-checks.patch
   - Add 003-Added-decompression-bomb-checks.patch
      * From upstream, backported
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 004-Raise-error-if-dimension-is-a-string.patch
      * From upstream, backported
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 005-Catch-buffer-overruns.patch
      * From upstream, backported
      * Fixes part of CVE-2019-16865, bsc#1153191
   - Add 006-Catch-PCX-P-mode-buffer-overrun.patch
      * From upstream, backported
      * Fixes CVE-2020-5312, bsc#1160152
   - Add 007-Test-animated-FLI-file.patch
      * From upstream, backported
      * Adds test animated FLI file
      * Used by 008-Ensure-previous-FLI-frame-is-loaded.patch
   - Add 008-Ensure-previous-FLI-frame-is-loaded.patch
      * From upstream, backported
      * Fixes https://github.com/python-pillow/Pillow/issues/2649
      * Uncovers CVE-2020-5313, bsc#1160153
   - Add 009-Catch-FLI-buffer-overrun.patch
      * From upstream, backported
      * Fixes CVE-2020-5313, bsc#1160153
   - Add 010-Invalid-number-of-bands-in-FPX-image.patch
      * From upstream, backported
      * Fixes CVE-2019-19911, bsc#1160192

   Changes in python-amqp:
   - Add python-devel as build dependecy
     * Required when building against python 2.7.17

   Changes in python-apicapi:
   - Add python-devel as build dependecy
     * Required when building against python 2.7.17

   Changes in python-keystoneauth1:
   - switch to tracking stable/pike tarball
   - disable renderspec
   - update to version 3.1.2.dev2
     - Make tests pass in 2020
     - OpenDev Migration Patch
     - import zuul job settings from project-config into stable/pike
     - Remove tox_install.sh
     - import zuul job settings from project-config
     - Update UPPER_CONSTRAINTS_FILE for stable/pike into stable/pike
     - Update .gitreview for stable/pike into stable/pike
     - Updated from global requirements
     - Update UPPER_CONSTRAINTS_FILE for stable/pike
     - Update .gitreview for stable/pike

   Changes in python-oslo.messaging:
   - added 0001-Use-default-exchange-for-direct-messaging.patch (SOC-11082,
     SOC-11274, bsc#1159046)

   - Add 0001-Retry-to-declare-a-queue-after-internal-error.patch
     (bsc#1123872) After receiving "AMQP internal error 541", retry to create
     the queue after a delay.

   Changes in python-psutil:
   - Add bsc1156525-CVE-2019-18874.patch (bsc#1156525, CVE-2019-18874))

   Changes in python-pyroute2:
   - netns: fix NetNS resource leakage (#504) (bsc#1164322)

   Changes in python-pysaml2:
   - Add 0001-Always-generate-a-random-IV-for-AES-operations.patch
     (CVE-2017-1000246, bsc#1068612)

   - Add 0001-Fix-XML-Signature-Wrapping-XSW-vulnerabilities.patch
     (CVE-2020-5390, bsc#1160851)

   Changes in python-tooz:
   - update to version 1.58.1
     - Update .gitreview for stable/pike
     - import zuul job settings from project-config
     - Add doc/requirements.txt
     - Fix sphinx-docs job for stable branch

   Changes in python-waitress:
   - update to 1.4.3 to include fixes for:
     * CVE-2019-16785 / bsc#1161088
     * CVE-2019-16786 / bsc#1161089
     * CVE-2019-16789 / bsc#1160790
     * CVE-2019-16792 / bsc#1161670

   - make sure UTF8 locale is used when runnning tests
     * Sometimes functional tests executed in python3 failed if stdout was
       not set to UTF-8. The error message was: ValueError: underlying buffer
       has been detached

   - %python3_only -> %python_alternative

   - update to 1.4.3
     * Waitress did not properly validate that the HTTP headers it received
       were properly formed, thereby potentially allowing a front-end server
       to treat a request different from Waitress. This could lead to HTTP
       request smuggling/splitting.
   - drop patch local-intersphinx-inventories.patch
     * it was commented out, anyway

   - update to 1.4.0:
     - Waitress used to slam the door shut on HTTP pipelined requests without
       setting the ``Connection: close`` header as appropriate in the
       response. This is of course not very friendly. Waitress now explicitly
       sets the header when responding with an internally generated error
       such as 400 Bad Request or 500 Internal Server Error to notify the
       remote client that it will be closing the connection after the
       response is sent.
     - Waitress no longer allows any spaces to exist between the header
       field-name and the colon. While waitress did not strip the space and
       thereby was not vulnerable to any potential header field-name
       confusion, it should have sent back a 400 Bad Request. See
       https://github.com/Pylons/waitress/issues/273
     - CRLR handling Security fixes

   - update to 1.3.1
     * Waitress won’t accidentally throw away part of the path if it starts
       with a double slash

   - version update to 1.3.0 Deprecations ~~~~~~~~~~~~
     - The ``send_bytes`` adjustment now defaults to ``1`` and is deprecated
       pending removal in a future release. and
       https://github.com/Pylons/waitress/pull/246 Features ~~~~~~~~
     - Add a new ``outbuf_high_watermark`` adjustment which is used to apply
       backpressure on the ``app_iter`` to avoid letting it spin faster than
       data can be written to the socket. This stabilizes responses that
       iterate quickly with a lot of data. See
       https://github.com/Pylons/waitress/pull/242
     - Stop early and close the ``app_iter`` when attempting to write to a
       closed socket due to a client disconnect. This should notify a
       long-lived streaming response when a client hangs up. See
       https://github.com/Pylons/waitress/pull/238 and
       https://github.com/Pylons/waitress/pull/240 and
       https://github.com/Pylons/waitress/pull/241
     - Adjust the flush to output ``SO_SNDBUF`` bytes instead of whatever was
       set in the ``send_bytes`` adjustment. ``send_bytes`` now only controls
       how much waitress will buffer internally before flushing to the
       kernel, whereas previously it used to also throttle how much data was
       sent to the kernel. This change enables a streaming ``app_iter``
       containing small chunks to still be flushed efficiently. See
       https://github.com/Pylons/waitress/pull/246 Bugfixes ~~~~~~~~
     - Upon receiving a request that does not include HTTP/1.0 or HTTP/1.1 we
       will no longer set the version to the string value "None". See
       https://github.com/Pylons/waitress/pull/252 and
       https://github.com/Pylons/waitress/issues/110
     - When a client closes a socket unexpectedly there was potential for
       memory leaks in which data was written to the buffers after they were
       closed, causing them to reopen. See
       https://github.com/Pylons/waitress/pull/239
     - Fix the queue depth warnings to only show when all threads are busy.
       See https://github.com/Pylons/waitress/pull/243 and
       https://github.com/Pylons/waitress/pull/247
     - Trigger the ``app_iter`` to close as part of shutdown. This will only
       be noticeable for users of the internal server api. In more typical
       operations the server will die before benefiting from these changes.
       See https://github.com/Pylons/waitress/pull/245
     - Fix a bug in which a streaming ``app_iter`` may never cleanup data
       that has already been sent. This would cause buffers in waitress to
       grow without bounds. These buffers now properly rotate and release
       their data. See https://github.com/Pylons/waitress/pull/242
     - Fix a bug in which non-seekable subclasses of ``io.IOBase`` would
       trigger an exception when passed to the ``wsgi.file_wrapper``
       callback. See https://github.com/Pylons/waitress/pull/249

   - Trim marketing wording and other platform mentions.

   - Add fetch-intersphinx-inventories.sh to sources
   - Add local-intersphinx-inventories.patch for generating the docs correctly

   - update to version 1.2.1: too many changes to list here, see:
     https://github.com/Pylons/waitress/blob/master/CHANGES.txt
     or even: https://github.com/Pylons/waitress/commits/master

   - Remove superfluous devel dependency for noarch package

   - update to version 1.1.0:
     * Features
       + Waitress now has a __main__ and thus may be called with "python
         -mwaitress"
     * Bugfixes
       + Waitress no longer allows lowercase HTTP verbs. This change was made
         to fall in line with most HTTP servers. See
         https://github.com/Pylons/waitress/pull/170
       + When receiving non-ascii bytes in the request URL, waitress will no
         longer abruptly close the connection, instead returning a 400 Bad
         Request. See https://github.com/Pylons/waitress/pull/162 and
         https://github.com/Pylons/waitress/issues/64

   - Update to 1.0.2
     * Python 3.6 is now officially supported in Waitress
     * Add a work-around for libc issue on Linux not following the documented
       standards. If getnameinfo() fails because of DNS not being available
       it should return the IP address instead of the reverse DNS entry,
       however instead getnameinfo() raises. We catch this, and ask
       getnameinfo() for the same information again, explicitly asking for IP
       address instead of reverse DNS hostname.
   - Implement single-spec version.
   - Fix source URL.

   - update to 1.0.1:
     - IPv6 support on Windows was broken due to missing constants in the
       socket module. This has been resolved by setting the constants on
       Windows if they are missing. See
       https://github.com/Pylons/waitress/issues/138
     - A ValueError was raised on Windows when passing a string for the port,
       on Windows in Python 2 using service names instead of port numbers
       doesn't work with `getaddrinfo`. This has been resolved by attempting
       to convert the port number to an integer, if that fails a ValueError
       will be raised. See https://github.com/Pylons/waitress/issues/139
     - Removed `AI_ADDRCONFIG` from the call to `getaddrinfo`, this resolves
       an issue whereby `getaddrinfo` wouldn't return any addresses to `bind`
       to on hosts where there is no internet connection but localhost is
       requested to be bound to. See
       https://github.com/Pylons/waitress/issues/131 for more information.
   - disable tests. need network access.

   Changes in storm:
   - update to 1.1.3:
     * 1.1.3:
       * [STORM-3026] - Upgrade ZK instance for security
       * [STORM-3027] - Make Impersonation Optional
       * [STORM-3011] - Use default bin path in flight.bash if $JAVA_HOME is
         undefined
       * [STORM-3039] - Ports of killed topologies remain in TIME_WAIT state
         preventing to start new topology
       * [STORM-2911] - SpoutConfig is serializable but does not declare a
         serialVersionUID field
       * [STORM-2978] - The fix for STORM-2706 is broken, and adds a
         transitive dependency on Zookeeper 3.5.3-beta for projects that
         depend on e.g. storm-kafka
       * [STORM-2979] - WorkerHooks EOFException during
         run_worker_shutdown_hooks
       * [STORM-2981] - Upgrade Curator to lastest patch version
       * [STORM-2985] - Add jackson-annotations to dependency management
       * [STORM-2989] - LogCleaner should preserve current worker.log.metrics
       * [STORM-2994] - KafkaSpout consumes messages but doesn't commit
         offsets
       * [STORM-3043] - NullPointerException thrown in
         SimpleRecordTranslator.apply()
       * [STORM-3052] - Let blobs un archive
       * [STORM-3059] - KafkaSpout throws NPE when hitting a null tuple if
         the processing guarantee is not AT_LEAST_ONCE
       * [STORM-2960] - Better to stress importance of setting up proper OS
         account for Storm processes
       * [STORM-3060] - Configuration mapping between storm-kafka &
         storm-kafka-client
       * [STORM-2952] - Deprecate storm-kafka in 1.x
       * [STORM-3005] - [DRPC] LinearDRPCTopologyBuilder shouldn't be
         deprecated
       * [STORM-2841] - testNoAcksIfFlushFails UT fails with
         NullPointerException
     * 1.1.2:
       * [STORM-2512] - Change KafkaSpoutConfig in storm-kafka-client to make
         it work with flux
       * [STORM-2616] - Document the built in metrics (just in time to
         replace them???)
       * [STORM-2657] - Update SECURITY.MD
       * [STORM-2663] - Backport STORM-2558 and deprecate storm.cmd on
         1.x-branch
       * [STORM-2712] - accept arbitrary number of rows per tuple in
         storm-cassandra
       * [STORM-2775] - Improve KafkaPartition Metric Names
       * [STORM-2807] - Integration test should shut down topologies
         immediately after the test
       * [STORM-2862] - More flexible logging in multilang (Python, Ruby, JS)
       * [STORM-2877] - Introduce an option to configure pagination in Storm
         UI
       * [STORM-2917] - Check the config(nimbus.host) before using it to
         connect
       * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack
       * [STORM-2426] - First tuples fail after worker is respawn
       * [STORM-2500] - waitUntilReady in PacemakerClient cannot be invoked
       * [STORM-2525] - Fix flaky integration tests
       * [STORM-2535] - test-reset-timeout is flaky. Replace with a more
         reliable test.
       * [STORM-2541] - Manual partition assignment doesn't work
       * [STORM-2607] - [kafka-client] Consumer group every time with lag 1
       * [STORM-2642] - Storm-kafka-client spout cannot be serialized when
         using manual partition assignment
       * [STORM-2660] - The Nimbus storm-local directory is relative to the
         working directory of the shell executing "storm nimbus"
       * [STORM-2666] - Storm-kafka-client spout can sometimes emit messages
         that were already committed.
       * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes
       * [STORM-2677] - consider all sampled tuples which took greater than 0
         ms processing time
       * [STORM-2682] - Supervisor crashes with NullPointerException
       * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make
         Supervisor.launchDaemon() accessible
       * [STORM-2695] - BlobStore uncompress argument should be Boolean
       * [STORM-2705] - DRPCSpout sleeps twice when idle
       * [STORM-2706] - Nimbus stuck in exception and does not fail fast
       * [STORM-2724] - ExecutorService in WaterMarkEventGenerator never
         shutdown
       * [STORM-2736] - o.a.s.b.BlobStoreUtils [ERROR] Could not update the
         blob with key
       * [STORM-2750] - fix double_checked locking
       * [STORM-2751] - Remove AsyncLoggingContext from Supervisor
       * [STORM-2764] - HDFSBlobStore leaks file system objects
       * [STORM-2769] - Fast-fail if output stream Id is null
       * [STORM-2771] - Some tests are being run twice
       * [STORM-2779] - NPE on shutting down WindowedBoltExecutor
       * [STORM-2786] - Ackers leak tracking info on failure and lots of
         other cases.
       * [STORM-2810] - Storm-hdfs tests are leaking resources
       * [STORM-2811] - Nimbus may throw NPE if the same topology is killed
         multiple times, and the integration test kills the same topology
         multiple times
       * [STORM-2814] - Logviewer HTTP server should return 403 instead of
         200 if the user is unauthorized
       * [STORM-2815] - UI HTTP server should return 403 if the user is
         unauthorized
       * [STORM-2833] - Cached Netty Connections can have different keys for
         the same thing.
       * [STORM-2853] - Deactivated topologies cause high cpu utilization
       * [STORM-2855] - Travis build doesn't work after update of Ubuntu image
       * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty
         image
       * [STORM-2868] - Address handling activate/deactivate in multilang
         module files
       * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService
         which prevents process to be finished
       * [STORM-2876] - Some storm-hdfs tests fail with out of memory
         periodically
       * [STORM-2879] - Supervisor collapse continuously when there is a
         expired assignment for overdue storm
       * [STORM-2892] - Flux test fails to parse valid PATH environment
         variable
       * [STORM-2894] - fix some random typos in tests
       * [STORM-2912] - Tick tuple is being shared without resetting start
         time and incur side-effect to break metrics
       * [STORM-2918] - Upgrade Netty version
       * [STORM-2942] - Remove javadoc and source jars from toollib directory
         in binary distribution
       * [STORM-2874] - Minor style improvements to backpressure code
       * [STORM-2858] - Fix worker-launcher build
     * 1.1.1:
       * STORM-2659: Add daemon.name variable to storm.cmd to fix log4j
         logging
       * STORM-2652: fix error in open method of JmsSpout
       * STORM-2645: Update storm.py to be python3 compatible
       * STORM-2621: add tuple_population metric
       * STORM-2639: Kafka Spout incorrectly computes numCommittedOffsets due
         to voids in the topic (topic compaction)
       * STORM-2544: Fixing issue in acking of tuples that hit retry limit
         under manual commit mode
       * STORM-2618: Add TridentKafkaStateUpdater for storm-kafka-client
       * STORM-2608: Remove any pending offsets that are no longer valid
       * STORM-2503: Fix lgtm.com alerts on equality and comparison operations
       * STORM-2478: Fix BlobStoreTest.testDeleteAfterFailedCreate on Windows
       * STORM-2602: storm.zookeeper.topology.auth.payload doesn't work even
         you set it
       * STORM-2597: Don't parse passed in class paths
       * STORM-2564: We should provide a template for storm-cluster-auth.yaml
       * STORM-2568: Fix getTopicsString
       * STORM-2563: Remove the workaround to handle missing
         UGI.loginUserFromSubject
       * STORM-2552: KafkaSpoutMessageId should be serializable
       * STORM-2562: Use stronger key size than default for blow fish key
         generator and get rid of stack trace
       * STORM-2557: A bug in DisruptorQueue causing severe underestimation
         of queue arrival rates
       * STORM-2449: Ensure same key appears only once in State iterator
       * STORM-2516: Fix timing issues with
         testPrepareLateTupleStreamWithoutBuilder
       * STORM-2489: Overlap and data loss on WindowedBolt based on Duration
       * STORM-2528: Bump log4j version to 2.8.2
       * STORM-2527: Initialize java.sql.DriverManager earlier to avoid
         deadlock
       * STORM-2413: Make new Kafka spout respect tuple retry limits
       * STORM-2518: Handles empty name for "USER type" ACL when normalizing
         ACLs
       * STORM-2511: Submitting a topology with name containing unicode
         getting failed
       * STORM-2496: Dependency artifacts should be uploaded to blobstore
         with READ permission for all
       * STORM-2505: Spout to support topic compaction
       * STORM-2498: Fix Download Full File link
       * STORM-2343: New Kafka spout can stop emitting tuples if more than
         maxUncommittedOffsets tuples fail at once.
       * STORM-2486: Prevent cd from printing target directory to avoid
         breaking classpath
       * STORM-2488: The UI user Must be HTTP.
       * STORM-2481: Upgrade Aether version to resolve Aether bug BUG-451566
       * STORM-2435: Logging in storm.js inconsistent to console.log and does
         not support log levels
       * STORM-2315: New kafka spout can't commit offset when ack is disabled
       * STORM-2467: Use explicit charset when decoding from array backed
         buffer
       * STORM-1114: Race condition in trident zookeeper zk-node create/delete
       * STORM-2448: Add in Storm and JDK versions when submitting a topology
       * STORM-2343: Fix new Kafka spout stopping processing if more than
         maxUncommittedOffsets tuples fail at once
       * STORM-2431: the default blobstore.dir is storm.local.dir/blobs which
         is different from distcache-blobstore.md
       * STORM-2429: Properly validate supervisor.scheduler.meta
       * STORM-2451: windows storm.cmd does not set log4j2 config file
         correctly by default
       * STORM-2450: Write resources into correct local director
       * STORM-2440: Kill process if executor catches
         java.net.SocketTimeoutException
       * STORM-2432: Storm-Kafka-Client Trident Spout Seeks Incorrect Offset
         With UNCOMMITTED_LATEST Strategy
     * 1.1.0:
       * STORM-2425: Storm Hive Bolt not closing open transactions
       * STORM-2409: Storm-Kafka-Client KafkaSpout Support for Failed and
         NullTuples
       * STORM-2423: Join Bolt should use explicit instead of default window
         anchoring for emitted tuples
       * STORM-2416: Improve Release Packaging to Reduce File Size
       * STORM-2414: Skip checking meta's ACL when subject has write
         privileges for any blobs
       * STORM-2038: Disable symlinks with a config option
       * STORM-2240: STORM PMML Bolt - Add Support to Load Models from Blob
         Store
       * STORM-2412: Nimbus isLeader check while waiting for max replication
       * STORM-2408: build failed if storm.kafka.client.version = 0.10.2.0
       * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be
         acked
       * STORM-2361: Kafka spout - after leader change, it stops committing
         offsets to ZK
       * STORM-2353: Replace kafka-unit by kafka_2.11 and kafka-clients to
         test kafka-clients:0.10.1.1
       * STORM-2387: Handle tick tuples properly for Bolts in external modules
       * STORM-2345: Type mismatch in ReadClusterState's ProfileAction
         processing Map
       * STORM-2400: Upgraded Curator to 2.12.0 and made respective API
         changes
       * STORM-2396: setting interrupted status back before throwing a
         RuntimeException
       * STORM-1772: Adding Perf module with topologies for measuring
         performance
       * STORM-2395: storm.cmd supervisor calls the wrong class name
       * STORM-2391: Move HdfsSpoutTopology from storm-starter to
         storm-hdfs-examples
       * STORM-2389: Avoid instantiating Event Logger when
         topology.eventlogger.executors=0
       * STORM-2386: Fail-back Blob deletion also fails in
         BlobSynchronizer.syncBlobs.
       * STORM-2388: JoinBolt breaks compilation against JDK 7
       * STORM-2374: Storm Kafka Client Test Topologies Must be Serializable
       * STORM-2372: Pacemaker client doesn't clean up heartbeats properly
       * STORM-2326: Upgrade log4j and slf4j
       * STORM-2334: Join Bolt implementation
       * STORM-1363: TridentKafkaState should handle null values from
         TridentTupleToKafkaMapper.getMessageFromTuple()
       * STORM-2365: Support for specifying output stream in event hubs spout
       * STORM-2250: Kafka spout refactoring to increase modularity and
         testability
       * STORM-2340: fix AutoCommitMode issue in KafkaSpout
       * STORM-2344: Flux YAML File Viewer for Nimbus UI
       * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken
       * STORM-2270 Kafka spout should consume from latest when ZK partition
         commit offset bigger than the latest offset
       * STORM-1464: storm-hdfs support for multiple output files and
         partitioning
       * STORM-2320: DRPC client printer class reusable for local and remote
         DRPC
       * STORM-2281: Running Multiple Kafka Spouts (Trident) Throws Illegal
         State Exception
       * STORM-2296: Kafka spout no dup on leader changes
       * STORM-2244: Some shaded jars doesn't exclude dependency signature
         files
       * STORM-2014: New Kafka spout duplicates checking if failed messages
         have reached max retries
       * STORM-1443: [Storm SQL] Support customizing parallelism in StormSQL
       * STORM-2148: [Storm SQL] Trident mode: back to code generate and
         compile Trident topology
       * STORM-2331: Emitting from JavaScript should work when not anchoring.
       * STORM-2225: change spout config to be simpler.
       * STORM-2323: Precondition for Leader Nimbus should check all topology
         blobs and also corresponding dependencies
       * STORM-2330: Fix storm sql code generation for UDAF with non standard
         sql types
       * STORM-2298: Don't kill Nimbus when ClusterMetricsConsumer is failed
         to initialize
       * STORM-2301: [storm-cassandra] upgrade cassandra driver to 3.1.2
       * STORM-1446: Compile the Calcite logical plan to Storm Trident
         logical plan
       * STORM-2303: [storm-opentsdb] Fix list invariant issue for JDK 7
       * STORM-2236: storm kafka client should support manual partition
         management
       * STORM-2295: KafkaSpoutStreamsNamedTopics should return output fields
         with predictable ordering
       * STORM-2300: [Flux] support list of references
       * STORM-2297: [storm-opentsdb] Support Flux for OpenTSDBBolt
       * STORM-2294: Send activate and deactivate command to ShellSpout
       * STORM-2280: Upgrade Calcite version to 1.11.0
       * STORM-2278: Allow max number of disruptor queue flusher threads to
         be configurable
       * STORM-2277: Add shaded jar for Druid connector
       * STORM-2274: Support named output streams in Hdfs Spout
       * STORM-2204: Adding caching capabilities in HBaseLookupBolt
       * STORM-2267: Use user's local maven repo. directory to local repo.
       * STORM-2254: Provide Socket time out for nimbus thrift client
       * STORM-2200: [Storm SQL] Drop Aggregate & Join support on Trident mode
       * STORM-2266: Close NimbusClient instances appropriately
       * STORM-2203: Add a getAll method to KeyValueState interface
       * STORM-1886: Extend KeyValueState iface with delete
       * STORM-2022: update Fields test to match new behavior
       * STORM-2020: Stop using sun internal classes
       * STORM-1228: port fields_test to java
       * STORM-2104: New Kafka spout crashes if partitions are reassigned
         while tuples are in-flight
       * STORM-2257: Add built in support for sum function with different
         types.
       * STORM-2082: add sql external module storm-sql-hdfs
       * STORM-2256: storm-pmml breaks on java 1.7
       * STORM-2223: PMML Bolt.
       * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails
       * STORM-2190: reduce contention between submission and scheduling
       * STORM-2239: Handle InterruptException in new Kafka spout
       * STORM-2087: Storm-kafka-client: Failed tuples are not always replayed
       * STORM-2238: Add Timestamp extractor for windowed bolt
       * STORM-2235: Introduce new option: 'add remote repositories' for
         dependency resolver
       * STORM-2215: validate blobs are present before submitting
       * STORM-2170: [Storm SQL] Add built-in socket datasource to runtime
       * STORM-2226: Fix kafka spout offset lag ui for kerberized kafka
       * STORM-2224: Exposed a method to override in computing the field from
         given tuple in FieldSelector
       * STORM-2220: Added config support for each bolt in Cassandra bolts,
         fixed the bolts to be used also as sinks.
       * STORM-2205: Racecondition in getting nimbus summaries while ZK
         connectionions are reconnected
       * STORM-2182: Refactor Storm Kafka Examples Into Own Modules.
       * STORM-1694: Kafka Spout Trident Implementation Using New Kafka
         Consumer API
       * STORM-2173: [SQL] Support CSV as input / output format
       * STORM-2177: [SQL] Support TSV as input / output format
       * STORM-2172: [SQL] Support Avro as input / output format
       * STORM-2185: Storm Supervisor doesn't delete directories properly
         sometimes
       * STORM-2103: [SQL] Introduce new sql external module:
         storm-sql-mongodb
       * STORM-2175: fix double close of workers
       * STORM-2109: Under supervisor V2 SUPERVISOR_MEMORY_CAPACITY_MB and
         SUPERVISOR_CPU_CAPACITY must be Doubles
       * STORM-2110: in supervisor v2 filter out empty command line args
       * STORM-2117: Supervisor V2 with local mode extracts resources
         directory to topology root directory instead of temporary directory
       * STORM-2131: Add blob command to worker-launcher, make stormdist
         directory not writeable by topo owner
       * STORM-2018: Supervisor V2
       * STORM-2139: Let ShellBolts and ShellSpouts run with scripts from
         blobs
       * STORM-2072: Add map, flatMap with different outputs (T->V) in Trident
       * STORM-2134: improving the current scheduling strategy for RAS
       * STORM-2125: Use Calcite's implementation of Rex Compiler
       * STORM-1546: Adding Read and Write Aggregations for Pacemaker to make
         it HA compatible
       * STORM-1444: Support EXPLAIN statement in StormSQL
       * STORM-2099: Introduce new sql external module: storm-sql-redis
       * STORM-2097: Improve logging in trident core and examples
       * STORM-2144: Fix Storm-sql group-by behavior in standalone mode
       * STORM-2066: make error message in IsolatedPool.java more descriptive
       * STORM-1870: Allow FluxShellBolt/Spout set custom "componentConfig"
         via yaml
       * STORM-2126: fix NPE due to race condition in
         compute-new-sched-assign…
       * STORM-2124: show requested cpu mem for each component
       * STORM-2089: Replace Consumer of ISqlTridentDataSource with
         SqlTridentConsumer
       * STORM-2118: A few fixes for storm-sql standalone mode
       * STORM-2105: Cluster/Supervisor total and available resources
         displayed in the UI
       * STORM-2078: enable paging in worker datatable
       * STORM-1664: Allow Java users to start a local cluster with a Nimbus
         Thrift server.
       * STORM-1872: Release Jedis connection when topology shutdown
       * STORM-2100: Fix Trident SQL join tests to not rely on ordering
       * STORM-1837: Fix complete-topology and prevent message loss
       * STORM-2098: DruidBeamBolt: Pass DruidConfig.Builder as constructor
         argument
       * STORM-2092: optimize TridentKafkaState batch sending
       * STORM-1979: Storm Druid Connector implementation.
       * STORM-2057: Support JOIN statement in Storm SQL
       * STORM-1970: external project examples refator
       * STORM-2074: fix storm-kafka-monitor NPE bug
       * STORM-1459: Allow not specifying producer properties in read-only
         Kafka table in StormSQL
       * STORM-2052: Kafka Spout New Client API - Log Improvements and
         Parameter Tuning for Better Performance.
       * STORM-2050: [storm-sql] Support User Defined Aggregate Function for
         Trident mode
       * STORM-1434: Support the GROUP BY clause in StormSQL
       * STORM-2016: Topology submission improvement: support adding local
         jars and maven artifacts on submission
       * STORM-1994: Add table with per-topology & worker resource usage and
         components in (new) supervisor and topology pages
       * STORM-2042: Nimbus client connections not closed properly causing
         connection leaks
       * STORM-1766: A better algorithm server rack selection for RAS
       * STORM-1913: Additions and Improvements for Trident RAS API
       * STORM-2037: debug operation should be whitelisted in
         SimpleAclAuthorizer.
       * STORM-2023: Add calcite-core to dependency of storm-sql-runtime
       * STORM-2036: Fix minor bug in RAS Tests
       * STORM-1979: Storm Druid Connector implementation.
       * STORM-1839: Storm spout implementation for Amazon Kinesis Streams.
       * STORM-1876: Option to build storm-kafka and storm-kafka-client with
         different kafka client version
       * STORM-2000: Package storm-opentsdb as part of external dir in
         installation
       * STORM-1989: X-Frame-Options support for Storm UI
       * STORM-1962: support python 3 and 2 in multilang
       * STORM-1964: Unexpected behavior when using count window together
         with timestamp extraction
       * STORM-1890: ensure we refetch static resources after package build
       * STORM-1988: Kafka Offset not showing due to bad classpath.
       * STORM-1966: Expand metric having Map type as value into multiple
         metrics based on entries
       * STORM-1737: storm-kafka-client has compilation errors with Apache
         Kafka 0.10
       * STORM-1968: Storm logviewer does not work for nimbus.log in secure
         cluster
       * STORM-1910: One topology cannot use hdfs spout to read from two
         locations
       * STORM-1960: Add CORS support to STORM UI Rest api
       * STORM-1959: Add missing license header to KafkaPartitionOffsetLag
       * STORM-1950: Change response json of "Topology Lag" REST API to keyed
         by spoutId, topic, partition.
       * STORM-1833: Simple equi-join in storm-sql standalone mode
       * STORM-1866: Update Resource Aware Scheduler Documentation
       * STORM-1930: Kafka New Client API - Support for Topic Wildcards
       * STORM-1924: Adding conf options for Persistent Word Count Topology
       * STORM-1956: Disabling Backpressure by default
       * STORM-1934: Fix race condition between sync-supervisor and
         sync-processes
       * STORM-1919: Introduce FilterBolt on storm-redis
       * STORM-1945: Fix NPE bugs on topology spout lag for
         storm-kafka-monitor
       * STORM-1888: add description for shell command
       * STORM-1902: add a simple & flexible FileNameFormat for storm-hdfs
       * STORM-1914: Storm Kafka Field Topic Selector
       * STORM-1907: PartitionedTridentSpoutExecutor has incompatible types
         that cause ClassCastException
       * STORM-1925: Remove Nimbus thrift call from Nimbus itself
       * STORM-1909: Update HDFS spout documentation
       * STORM-1136: Command line module to return kafka spout offsets lag
         and display in storm ui
       * STORM-1911: IClusterMetricsConsumer should use seconds to timestamp
         unit
       * STORM-1893: Support OpenTSDB for storing timeseries data.
       * STORM-1723: Introduce ClusterMetricsConsumer
       * STORM-1700: Introduce 'whitelist' / 'blacklist' option to
         MetricsConsumer
       * STORM-1698: Asynchronous MetricsConsumerBolt
       * STORM-1705: Cap number of retries for a failed message
       * STORM-1884: Prioritize pendingPrepare over pendingCommit
       * STORM-1575: fix TwitterSampleSpout NPE on close
       * STORM-1874: Update logger private permissions
       * STORM-1865: update command line client document
       * STORM-1771: HiveState should flushAndClose before closing old or
         idle Hive connections
       * STORM-1882: Expose TextFileReader public
       * STORM-1873: Implement alternative behaviour for late tuples
       * STORM-1719: Introduce REST API: Topology metric stats for stream
       * STORM-1887: Fixed help message for set_log_level command
       * STORM-1878: Flux can now handle IStatefulBolts
       * STORM-1864: StormSubmitter should throw respective exceptions and
         log respective errors forregistered submitter hook invocation
       * STORM-1868: Modify TridentKafkaWordCount to run in distributed mode
       * STORM-1859: Ack late tuples in windowed mode
       * STORM-1851: Fix default nimbus impersonation authorizer config
       * STORM-1848: Make KafkaMessageId and Partition serializable to support
       * STORM-1862: Flux ShellSpout and ShellBolt can't emit to named streams
       * Storm-1728: TransactionalTridentKafkaSpout error
       * STORM-1850: State Checkpointing Documentation update
       * STORM-1674: Idle KafkaSpout consumes more bandwidth than needed
       * STORM-1842: Forward references in storm.thrift cause tooling issues
       * STORM-1730: LocalCluster#shutdown() does not terminate all storm
         threads/thread pools.
       * STORM-1709: Added group by support in storm sql standalone mode
       * STORM-1720: Support GEO in storm-redis
     * 1.0.6:
       * [STORM-2877] - Introduce an option to configure pagination in Storm
         UI
       * [STORM-2917] - Check the config(nimbus.host) before using it to
         connect
       * [STORM-2451] - windows storm.cmd does not set log4j2 config file
         correctly by default
       * [STORM-2690] - resurrect invocation of ISupervisor.assigned() & make
         Supervisor.launchDaemon() accessible
       * [STORM-2751] - Remove AsyncLoggingContext from Supervisor
       * [STORM-2764] - HDFSBlobStore leaks file system objects
       * [STORM-2771] - Some tests are being run twice
       * [STORM-2786] - Ackers leak tracking info on failure and lots of
         other cases.
       * [STORM-2853] - Deactivated topologies cause high cpu utilization
       * [STORM-2856] - Make Storm build work on post 2017Q4 Travis Trusty
         image
       * [STORM-2870] - FileBasedEventLogger leaks non-daemon ExecutorService
         which prevents process to be finished
       * [STORM-2879] - Supervisor collapse continuously when there is a
         expired assignment for overdue storm
       * [STORM-2892] - Flux test fails to parse valid PATH environment
         variable
       * [STORM-2894] - fix some random typos in tests
       * [STORM-2912] - Tick tuple is being shared without resetting start
         time and incur side-effect to break metrics
       * [STORM-2918] - Upgrade Netty version
       * [STORM-2874] - Minor style improvements to backpressure code
       * [STORM-2937] - Overwrite storm-kafka-client 1.x-branch into
         1.0.x-branch
       * [STORM-2858] - Fix worker-launcher build
   - Use %license macro

     * 1.0.5:
       * [STORM-2657] - Update SECURITY.MD
       * [STORM-2231] - NULL in DisruptorQueue while multi-threaded ack
       * [STORM-2660] - The Nimbus storm-local directory is relative to the
         working directory of the shell executing "storm nimbus"
       * [STORM-2674] - NoNodeException when ZooKeeper tries to delete nodes
       * [STORM-2677] - consider all sampled tuples which took greater than 0
         ms processing time
       * [STORM-2682] - Supervisor crashes with NullPointerException
       * [STORM-2695] - BlobStore uncompress argument should be Boolean
       * [STORM-2705] - DRPCSpout sleeps twice when idle
     * 1.0.4:
       * STORM-2627: Update docs for storm.zookeeper.topology.auth.scheme
       * STORM-2597: Don't parse passed in class paths
       * STORM-2524: Set Kafka client.id with storm-kafka
       * STORM-2448: Add in Storm and JDK versions when submitting a topology
       * STORM-2511: Submitting a topology with name containing unicode
         getting failed
       * STORM-2498: Fix Download Full File link
       * STORM-2486: Prevent cd from printing target directory to avoid
         breaking classpath
       * STORM-1114: Race condition in trident zookeeper zk-node create/delete
       * STORM-2429: Properly validate supervisor.scheduler.meta
       * STORM-2194: Stop ignoring socket timeout error from executor
       * STORM-2450: Write resources into correct local director
       * STORM-2414: Skip checking meta's ACL when subject has write
         privileges for any blobs
       * STORM-2038: Disable symlinks with a config option
       * STORM-2038: No symlinks for local cluster
       * STORM-2403: Fix KafkaBolt test failure: tick tuple should not be
         acked
       * STORM-2361: Kafka spout - after leader change, it stops committing
         offsets to ZK
       * STORM-2296: Kafka spout - no duplicates on leader changes
       * STORM-2387: Handle tick tuples properly for Bolts in external modules
       * STORM-2345: Type mismatch in ReadClusterState's ProfileAction
         processing Map
       * STORM-2104: New Kafka spout crashes if partitions are reassigned
         while tuples are in-flight
       * STORM-2396: setting interrupted status back before throwing a
         RuntimeException
       * STORM-2395: storm.cmd supervisor calls the wrong class name
       * STORM-2385: pacemaker_state_factory.clj does not compile on
         branch-1.0.x
       * STORM-2389: Avoid instantiating Event Logger when
         topology.eventlogger.executors=0
       * STORM-2386: Fail-back Blob deletion also fails in
         BlobSynchronizer.syncBlobs
       * STORM-2360: Storm-Hive: Thrift version mismatch with storm-core
       * STORM-2372: Pacemaker client doesn't clean up heartbeats properly
       * STORM-2326: Upgrade log4j and slf4j
       * STORM-2350: Storm-HDFS's listFilesByModificationTime is broken
     * 1.0.3:
       * STORM-2197: NimbusClient connectins leak due to leakage in
         ThriftClient
       * STORM-2321: Handle blobstore zk key deletion in KeySequenceNumber.
       * STORM-2324: Fix deployment failure if resources directory is missing
         in topology jar
       * STORM-2335: Fix broken Topology visualization with empty
         ':transferred' in executor stats
       * STORM-2336: Close Localizer and AsyncLocalizer when supervisor is
         shutting down
       * STORM-2338: Subprocess exception handling is broken in storm.py on
         Windows environment
       * STORM-2337: Broken documentation generation for
         storm-metrics-profiling-internal-actions.md and
         windows-users-guide.md
       * STORM-2325: Logviewer doesn't consider 'storm.local.hostname'
       * STORM-1742: More accurate 'complete latency'
       * STORM-2176: Workers do not shutdown cleanly and worker hooks don't
         run when a topology is killed
       * STORM-2293: hostname should only refer node's 'storm.local.hostname'
       * STORM-2246: Logviewer download link has urlencoding on part of the
         URL
       * STORM-1906: Window count/length of zero should be disallowed
       * STORM-1841: Address a few minor issues in windowing and doc
       * STORM-2268: Fix integration test for Travis CI build
       * STORM-2283: Fix DefaultStateHandler kryo multithreading issues
       * STORM-2264: OpaqueTridentKafkaSpout failing after STORM-2216
       * STORM-2276: Remove twitter4j usages due to license issue (JSON.org
         is catalog X)
       * STORM-2095: remove any remaining files when deleting blobstore
         directory
       * STORM-2222: Repeated NPEs thrown in nimbus if rebalance fails
       * STORM-2251: Integration test refers specific version of Storm which
         should be project version
       * STORM-2234: heartBeatExecutorService in shellSpout don't work well
         with deactivate
       * STORM-2216: Favor JSONValue.parseWithException
       * STORM-2208: HDFS State Throws FileNotFoundException in Azure Data
         Lake Store file system (adl://)
       * STORM-2213: ShellSpout has race condition when ShellSpout is being
         inactive longer than heartbeat timeout
       * STORM-2210: remove array shuffle from ShuffleGrouping
       * STORM-2052: Kafka Spout - New Client API - Performance Improvements
       * storm-2205: Racecondition in getting nimbus summaries while ZK
         connections are reconnected
       * STORM-2198: perform RotationAction when stopping HdfsBolt
       * STORM-2196: A typo in RAS_Node::consumeCPU
       * STORM-2189: RAS_Node::freeCPU outputs incorrect info
       * STORM-2184: Don't wakeup KafkaConsumer on shutdown
       * STORM-2185: Storm Supervisor doesn't delete directories properly
         sometimes
       * STORM-2175: fix double close of workers
       * STORM-2018: Supervisor V2
       * STORM-2145: Leave leader nimbus's hostname to log when trying to
         connect leader nimbus
       * STORM-2127: Storm-eventhubs should use latest amqp and
         eventhubs-client versions
       * STORM-2040: Fix bug on assert-can-serialize
       * STORM-2017: ShellBolt stops reporting task ids
       * STORM-2119: bug in log message printing to stdout
       * STORM-2120: Emit to _spoutConfig.outputStreamId
       * STORM-2101: fixes npe in compute-executors in nimbus
       * STORM-2090: Add integration test for storm windowing
       * STORM-2003: Make sure config contains TOPIC before get it
       * STORM-1567: in defaults.yaml 'topology.disable.loadaware' should be
         'topology.disable.loadaware.messaging'
       * STORM-1987: Fix TridentKafkaWordCount arg handling in distributed
         mode.
       * STORM-1969: Modify HiveTopology to show usage of non-partition table.
       * STORM-1849: HDFSFileTopology should use the 3rd argument as
         topologyName
       * STORM-2086: use DefaultTopicSelector instead of creating a new one
       * STORM-2079: Unneccessary readStormConfig operation
       * STORM-2081: create external directory for storm-sql various data
         sources and move storm-sql-kafka to it
       * STORM-2070: Fix sigar native binary download link
       * STORM-2056: Bugs in logviewer
       * STORM-1646: Fix ExponentialBackoffMsgRetryManager test
       * STORM-2039: Backpressure refactoring in worker and executor
       * STORM-2064: Add storm name and function, access result and function
         to log-thrift-access
       * STORM-2063: Add thread name in worker logs
       * STORM-2042: Nimbus client connections not closed properly causing
         connection leaks
       * STORM-2032: removes warning in case more than one metrics tuple is
         received
       * STORM-1594: org.apache.storm.tuple.Fields can throw NPE if given
         invalid field in selector
       * STORM-1995: downloadChunk in nimbus.clj should close the input stream

   Changes in rubygem-activeresource:
   - Add bsc#1171560-CVE-2020-8151-encode-id-param.patch Prevent possible
     information disclosure issue that could allow an attacker to create
     specially crafted requests to access data in an unexpected way
     (bsc#1171560 CVE-2020-8151))_

   Changes in rubygem-crowbar-client:
   - Update to 3.9.2
     - Enable SES commands in Cloud8 (SOC-11122)

   Changes in rubygem-json-1_7:
   - Add CVE-2020-10663.patch (CVE-2020-10663, bsc#1167244)

   Changes in rubygem-puma:
   - Fix indentation in gem2rpm.yml_

   - Add CVE-2020-11077.patch (bsc#1172175, CVE-2020-11077)
   - Add chunked-request-handling.patch (needed for CVE-2020-11076.patch)
   - Add CVE-2020-11076.patch (bsc#1172176, CVE-2020-11076)
   - Add all patches to gem2rpm.yml


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE OpenStack Cloud Crowbar 8:

      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2020-1901=1

   - SUSE OpenStack Cloud 8:

      zypper in -t patch SUSE-OpenStack-Cloud-8-2020-1901=1

   - HPE Helion Openstack 8:

      zypper in -t patch HPE-Helion-OpenStack-8-2020-1901=1



Package List:

   - SUSE OpenStack Cloud Crowbar 8 (noarch):

      ansible-2.4.6.0-3.9.1
      caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1
      crowbar-openstack-5.0+git.1593085772.64c4ab43c-4.40.2
      documentation-suse-openstack-cloud-deployment-8.20200527-1.26.1
      documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1
      documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1
      documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1
      openstack-dashboard-12.0.5~dev3-3.26.1
      openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1
      openstack-keystone-12.0.4~dev11-5.33.2
      openstack-keystone-doc-12.0.4~dev11-5.33.2
      openstack-monasca-agent-2.2.6~dev4-3.18.1
      openstack-monasca-installer-20190923_16.32-3.12.1
      openstack-neutron-11.0.9~dev65-3.33.2
      openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2
      openstack-neutron-doc-11.0.9~dev65-3.33.2
      openstack-neutron-ha-tool-11.0.9~dev65-3.33.2
      openstack-neutron-l3-agent-11.0.9~dev65-3.33.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2
      openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metering-agent-11.0.9~dev65-3.33.2
      openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2
      openstack-neutron-server-11.0.9~dev65-3.33.2
      openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2
      openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2
      python-Django-1.11.23-3.15.1
      python-Flask-0.12.1-3.3.1
      python-amqp-2.4.2-3.12.1
      python-apicapi-1.6.0-3.6.1
      python-horizon-12.0.5~dev3-3.26.1
      python-keystone-12.0.4~dev11-5.33.2
      python-keystoneauth1-3.1.2~dev2-3.3.1
      python-monasca-agent-2.2.6~dev4-3.18.1
      python-neutron-11.0.9~dev65-3.33.2
      python-oslo.messaging-5.30.8-3.11.1
      python-pyroute2-0.4.21-3.3.1
      python-pysaml2-4.0.2-5.6.1
      python-tooz-1.58.1-3.3.1
      python-waitress-1.4.3-3.3.1

   - SUSE OpenStack Cloud Crowbar 8 (x86_64):

      crowbar-core-5.0+git.1593156248.55bbdb26d-3.41.2
      crowbar-core-branding-upstream-5.0+git.1593156248.55bbdb26d-3.41.2
      grafana-4.6.5-4.9.1
      grafana-debuginfo-4.6.5-4.9.1
      grafana-debugsource-4.6.5-4.9.1
      kibana-4.6.3-3.3.1
      kibana-debuginfo-4.6.3-3.3.1
      python-Pillow-4.2.1-3.5.1
      python-Pillow-debuginfo-4.2.1-3.5.1
      python-Pillow-debugsource-4.2.1-3.5.1
      python-psutil-5.2.2-3.3.1
      python-psutil-debuginfo-5.2.2-3.3.1
      python-psutil-debugsource-5.2.2-3.3.1
      ruby2.1-rubygem-activeresource-4.0.0-3.3.1
      ruby2.1-rubygem-crowbar-client-3.9.2-3.12.1
      ruby2.1-rubygem-json-1_7-1.7.7-3.3.1
      ruby2.1-rubygem-json-1_7-debuginfo-1.7.7-3.3.1
      ruby2.1-rubygem-puma-2.16.0-3.9.1
      ruby2.1-rubygem-puma-debuginfo-2.16.0-3.9.1
      rubygem-json-1_7-debugsource-1.7.7-3.3.1
      rubygem-puma-debugsource-2.16.0-3.9.1
      storm-1.1.3-3.3.1
      storm-nimbus-1.1.3-3.3.1
      storm-supervisor-1.1.3-3.3.1

   - SUSE OpenStack Cloud 8 (noarch):

      ansible-2.4.6.0-3.9.1
      ansible1-1.9.6-7.3.1
      ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1
      ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1
      ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1
      ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1
      ardana-logging-8.0+git.1591194866.b7375d0-3.24.1
      ardana-mq-8.0+git.1589715269.62ad6df-3.22.1
      ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1
      ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1
      ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1
      caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1
      documentation-suse-openstack-cloud-installation-8.20200527-1.26.1
      documentation-suse-openstack-cloud-operations-8.20200527-1.26.1
      documentation-suse-openstack-cloud-opsconsole-8.20200527-1.26.1
      documentation-suse-openstack-cloud-planning-8.20200527-1.26.1
      documentation-suse-openstack-cloud-security-8.20200527-1.26.1
      documentation-suse-openstack-cloud-supplement-8.20200527-1.26.1
      documentation-suse-openstack-cloud-upstream-admin-8.20200527-1.26.1
      documentation-suse-openstack-cloud-upstream-user-8.20200527-1.26.1
      documentation-suse-openstack-cloud-user-8.20200527-1.26.1
      openstack-dashboard-12.0.5~dev3-3.26.1
      openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1
      openstack-keystone-12.0.4~dev11-5.33.2
      openstack-keystone-doc-12.0.4~dev11-5.33.2
      openstack-monasca-agent-2.2.6~dev4-3.18.1
      openstack-monasca-installer-20190923_16.32-3.12.1
      openstack-neutron-11.0.9~dev65-3.33.2
      openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2
      openstack-neutron-doc-11.0.9~dev65-3.33.2
      openstack-neutron-ha-tool-11.0.9~dev65-3.33.2
      openstack-neutron-l3-agent-11.0.9~dev65-3.33.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2
      openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metering-agent-11.0.9~dev65-3.33.2
      openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2
      openstack-neutron-server-11.0.9~dev65-3.33.2
      openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2
      openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2
      python-Django-1.11.23-3.15.1
      python-Flask-0.12.1-3.3.1
      python-GitPython-2.1.8-3.3.1
      python-amqp-2.4.2-3.12.1
      python-apicapi-1.6.0-3.6.1
      python-horizon-12.0.5~dev3-3.26.1
      python-keystone-12.0.4~dev11-5.33.2
      python-keystoneauth1-3.1.2~dev2-3.3.1
      python-monasca-agent-2.2.6~dev4-3.18.1
      python-neutron-11.0.9~dev65-3.33.2
      python-oslo.messaging-5.30.8-3.11.1
      python-pyroute2-0.4.21-3.3.1
      python-pysaml2-4.0.2-5.6.1
      python-tooz-1.58.1-3.3.1
      python-waitress-1.4.3-3.3.1
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1
      venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1
      venv-openstack-horizon-x86_64-12.0.5~dev3-14.30.1
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2
      venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2
      venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3
      venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1
      venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2
      venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1
      venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1

   - SUSE OpenStack Cloud 8 (x86_64):

      grafana-4.6.5-4.9.1
      grafana-debuginfo-4.6.5-4.9.1
      grafana-debugsource-4.6.5-4.9.1
      kibana-4.6.3-3.3.1
      kibana-debuginfo-4.6.3-3.3.1
      python-Pillow-4.2.1-3.5.1
      python-Pillow-debuginfo-4.2.1-3.5.1
      python-Pillow-debugsource-4.2.1-3.5.1
      python-psutil-5.2.2-3.3.1
      python-psutil-debuginfo-5.2.2-3.3.1
      python-psutil-debugsource-5.2.2-3.3.1
      storm-1.1.3-3.3.1
      storm-nimbus-1.1.3-3.3.1
      storm-supervisor-1.1.3-3.3.1

   - HPE Helion Openstack 8 (x86_64):

      grafana-4.6.5-4.9.1
      grafana-debuginfo-4.6.5-4.9.1
      grafana-debugsource-4.6.5-4.9.1
      kibana-4.6.3-3.3.1
      kibana-debuginfo-4.6.3-3.3.1
      python-Pillow-4.2.1-3.5.1
      python-Pillow-debuginfo-4.2.1-3.5.1
      python-Pillow-debugsource-4.2.1-3.5.1
      python-psutil-5.2.2-3.3.1
      python-psutil-debuginfo-5.2.2-3.3.1
      python-psutil-debugsource-5.2.2-3.3.1
      storm-1.1.3-3.3.1
      storm-nimbus-1.1.3-3.3.1
      storm-supervisor-1.1.3-3.3.1

   - HPE Helion Openstack 8 (noarch):

      ansible-2.4.6.0-3.9.1
      ansible1-1.9.6-7.3.1
      ardana-ansible-8.0+git.1589740980.6c3bcdc-3.73.1
      ardana-cluster-8.0+git.1585685203.3e71e49-3.36.1
      ardana-freezer-8.0+git.1586539529.b7d295f-3.21.1
      ardana-input-model-8.0+git.1589740934.0e0ad61-3.39.1
      ardana-logging-8.0+git.1591194866.b7375d0-3.24.1
      ardana-mq-8.0+git.1589715269.62ad6df-3.22.1
      ardana-neutron-8.0+git.1590756744.ba84abc-3.42.1
      ardana-octavia-8.0+git.1590100427.cf4cc8f-3.29.1
      ardana-osconfig-8.0+git.1587034587.eac37b8-3.45.1
      caasp-openstack-heat-templates-1.0+git.1560518045.ad7dc6d-4.18.1
      documentation-hpe-helion-openstack-installation-8.20200527-1.26.1
      documentation-hpe-helion-openstack-operations-8.20200527-1.26.1
      documentation-hpe-helion-openstack-opsconsole-8.20200527-1.26.1
      documentation-hpe-helion-openstack-planning-8.20200527-1.26.1
      documentation-hpe-helion-openstack-security-8.20200527-1.26.1
      documentation-hpe-helion-openstack-user-8.20200527-1.26.1
      openstack-dashboard-12.0.5~dev3-3.26.1
      openstack-dashboard-theme-HPE-8+git.1523473653.6599ec8-3.3.1
      openstack-heat-templates-0.0.0+git.1582270132.8a20477-3.15.1
      openstack-keystone-12.0.4~dev11-5.33.2
      openstack-keystone-doc-12.0.4~dev11-5.33.2
      openstack-monasca-agent-2.2.6~dev4-3.18.1
      openstack-monasca-installer-20190923_16.32-3.12.1
      openstack-neutron-11.0.9~dev65-3.33.2
      openstack-neutron-dhcp-agent-11.0.9~dev65-3.33.2
      openstack-neutron-doc-11.0.9~dev65-3.33.2
      openstack-neutron-ha-tool-11.0.9~dev65-3.33.2
      openstack-neutron-l3-agent-11.0.9~dev65-3.33.2
      openstack-neutron-linuxbridge-agent-11.0.9~dev65-3.33.2
      openstack-neutron-macvtap-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metadata-agent-11.0.9~dev65-3.33.2
      openstack-neutron-metering-agent-11.0.9~dev65-3.33.2
      openstack-neutron-openvswitch-agent-11.0.9~dev65-3.33.2
      openstack-neutron-server-11.0.9~dev65-3.33.2
      openstack-octavia-amphora-image-debugsource-0.1.4-3.12.2
      openstack-octavia-amphora-image-x86_64-0.1.4-3.12.2
      python-Django-1.11.23-3.15.1
      python-Flask-0.12.1-3.3.1
      python-GitPython-2.1.8-3.3.1
      python-amqp-2.4.2-3.12.1
      python-apicapi-1.6.0-3.6.1
      python-horizon-12.0.5~dev3-3.26.1
      python-keystone-12.0.4~dev11-5.33.2
      python-keystoneauth1-3.1.2~dev2-3.3.1
      python-monasca-agent-2.2.6~dev4-3.18.1
      python-neutron-11.0.9~dev65-3.33.2
      python-oslo.messaging-5.30.8-3.11.1
      python-pyroute2-0.4.21-3.3.1
      python-pysaml2-4.0.2-5.6.1
      python-tooz-1.58.1-3.3.1
      python-waitress-1.4.3-3.3.1
      venv-openstack-aodh-x86_64-5.1.1~dev7-12.26.2
      venv-openstack-barbican-x86_64-5.0.2~dev3-12.27.2
      venv-openstack-ceilometer-x86_64-9.0.8~dev7-12.24.2
      venv-openstack-cinder-x86_64-11.2.3~dev23-14.27.2
      venv-openstack-designate-x86_64-5.0.3~dev7-12.25.2
      venv-openstack-freezer-x86_64-5.0.0.0~xrc2~dev2-10.22.1
      venv-openstack-glance-x86_64-15.0.3~dev3-12.25.1
      venv-openstack-heat-x86_64-9.0.8~dev22-12.27.1
      venv-openstack-horizon-hpe-x86_64-12.0.5~dev3-14.30.1
      venv-openstack-ironic-x86_64-9.1.8~dev8-12.27.2
      venv-openstack-keystone-x86_64-12.0.4~dev11-11.28.2
      venv-openstack-magnum-x86_64-5.0.2_5.0.2_5.0.2~dev31-11.26.2
      venv-openstack-manila-x86_64-5.1.1~dev5-12.31.2
      venv-openstack-monasca-ceilometer-x86_64-1.5.1_1.5.1_1.5.1~dev3-8.22.2
      venv-openstack-monasca-x86_64-2.2.2~dev1-11.22.3
      venv-openstack-murano-x86_64-4.0.2~dev2-12.22.1
      venv-openstack-neutron-x86_64-11.0.9~dev65-13.30.2
      venv-openstack-nova-x86_64-16.1.9~dev61-11.28.2
      venv-openstack-octavia-x86_64-1.0.6~dev3-12.27.2
      venv-openstack-sahara-x86_64-7.0.5~dev4-11.26.2
      venv-openstack-swift-x86_64-2.15.2_2.15.2_2.15.2~dev32-11.18.1
      venv-openstack-trove-x86_64-8.0.2~dev2-11.26.1


References:

   https://www.suse.com/security/cve/CVE-2017-1000246.html
   https://www.suse.com/security/cve/CVE-2019-1010083.html
   https://www.suse.com/security/cve/CVE-2019-15043.html
   https://www.suse.com/security/cve/CVE-2019-16785.html
   https://www.suse.com/security/cve/CVE-2019-16786.html
   https://www.suse.com/security/cve/CVE-2019-16789.html
   https://www.suse.com/security/cve/CVE-2019-16792.html
   https://www.suse.com/security/cve/CVE-2019-16865.html
   https://www.suse.com/security/cve/CVE-2019-18874.html
   https://www.suse.com/security/cve/CVE-2019-19911.html
   https://www.suse.com/security/cve/CVE-2019-3828.html
   https://www.suse.com/security/cve/CVE-2020-10663.html
   https://www.suse.com/security/cve/CVE-2020-10743.html
   https://www.suse.com/security/cve/CVE-2020-11076.html
   https://www.suse.com/security/cve/CVE-2020-11077.html
   https://www.suse.com/security/cve/CVE-2020-12052.html
   https://www.suse.com/security/cve/CVE-2020-13254.html
   https://www.suse.com/security/cve/CVE-2020-13379.html
   https://www.suse.com/security/cve/CVE-2020-13596.html
   https://www.suse.com/security/cve/CVE-2020-5312.html
   https://www.suse.com/security/cve/CVE-2020-5313.html
   https://www.suse.com/security/cve/CVE-2020-5390.html
   https://www.suse.com/security/cve/CVE-2020-8151.html
   https://bugzilla.suse.com/1068612
   https://bugzilla.suse.com/1092420
   https://bugzilla.suse.com/1107190
   https://bugzilla.suse.com/1108719
   https://bugzilla.suse.com/1123872
   https://bugzilla.suse.com/1126503
   https://bugzilla.suse.com/1141968
   https://bugzilla.suse.com/11483483
   https://bugzilla.suse.com/1148383
   https://bugzilla.suse.com/1153191
   https://bugzilla.suse.com/1156525
   https://bugzilla.suse.com/1159046
   https://bugzilla.suse.com/1160152
   https://bugzilla.suse.com/1160153
   https://bugzilla.suse.com/1160192
   https://bugzilla.suse.com/1160790
   https://bugzilla.suse.com/1160851
   https://bugzilla.suse.com/1161088
   https://bugzilla.suse.com/1161089
   https://bugzilla.suse.com/1161670
   https://bugzilla.suse.com/1164322
   https://bugzilla.suse.com/1167244
   https://bugzilla.suse.com/1168593
   https://bugzilla.suse.com/1169770
   https://bugzilla.suse.com/1170657
   https://bugzilla.suse.com/1171273
   https://bugzilla.suse.com/1171560
   https://bugzilla.suse.com/1171594
   https://bugzilla.suse.com/1171661
   https://bugzilla.suse.com/1171909
   https://bugzilla.suse.com/1172166
   https://bugzilla.suse.com/1172167
   https://bugzilla.suse.com/1172175
   https://bugzilla.suse.com/1172176
   https://bugzilla.suse.com/1172409



More information about the sle-security-updates mailing list