Debian Patches
Status for neutron/2:26.0.3-0+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| fix-path-of-healthcheck_disable.patch | Fix path of healthcheck_disable | Thomas Goirand <zigo@debian.org> | no | 2022-11-14 | ||
| OSSA-2026-016_Fix_plural_policy_names_in_tagging_controller_and_floatingip_policy.patch | Fix plural policy names in tagging controller and floatingip policy The TaggingController.create() and update() methods enforce policy action names using the plural collection key (e.g. create_networks:tags) instead of the singular member name (e.g. create_network:tags). Since the registered policy rules use the singular form, the unmatched plural names fall through to oslo.policy's default rule, allowing project readers to mutate tags on same-project resources. . Fix the delete_floatingips:tags policy rule name (should be singular delete_floatingip:tags) and add a unit test that validates _get_policy_action produces the correct singular form for all supported resources and actions, and that each generated name matches an actually registered policy rule. diff --git a/neutron/conf/policies/floatingip.py b/neutron/conf/policies/floatingip.py index 9a3eaaf..ae99279 100644 |
Rodolfo Alonso Hernandez <ralonsoh@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/neutron/+/989376 | 2026-05-29 |
| OSSA-2026-021_Fix_port_RBAC_policies_to_require_network_ownership.patch | Fix port RBAC policies to require network ownership Several default port policies that require network ownership incorrectly included PROJECT_MANAGER. That rule checks the port project_id, not network ownership, so any project manager could perform those actions on shared/RBAC networks where they do not own the network. . Remove PROJECT_MANAGER from the affected create/update port policies and rely on NET_OWNER_MEMBER or ADMIN_OR_NET_OWNER_MEMBER instead. Project managers who own the network remain authorized through the default Keystone role implication chain (manager implies member). . Conflicts: neutron/tests/unit/conf/policies/test_port.py . =================================================================== |
Rodolfo Alonso Hernandez <ralonsoh@redhat.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/neutron/+/991523 | 2026-06-05 |
All known versions for source package 'neutron'
- 2:28.0.0-8 (sid, forky)
- 2:26.0.3-0+deb13u2 (trixie-security, trixie-proposed-updates)
- 2:26.0.0-9 (trixie)
- 2:21.0.0-7 (bookworm)