Public bug reported:
# [FFe] OpenStack Gazpacho dependency sync from Debian for Ubuntu
Resolute
## FFE ##
### Summary
Requesting a standing Feature Freeze Exception to sync 96 OpenStack-related
source packages from Debian experimental/unstable to Ubuntu Resolute. These
packages are the libraries, clients, and dependencies needed for the OpenStack
Gazpacho (2026.1) cycle, which is the target OpenStack release for Ubuntu 26.04
LTS.
Ubuntu Resolute currently carries the OpenStack Flamingo (2025.2) versions of
these
packages. Debian experimental has packaged the Gazpacho versions. Syncing from
Debian brings Ubuntu up to the correct upstream release with minimal delta.
### Rationale
- Ubuntu 26.04 LTS must ship with **OpenStack Gazpacho** (the upstream release
aligned to this cycle). The current archive has Flamingo-era versions.
- All 96 packages have been **reviewed for sync safety** — each for
covering patch loss, build-dep availability, epoch conflicts,
ABI breaks, and CVE regressions.
- The vast majority are **library/client point releases** with no
Ubuntu-specific
patches at risk. The Ubuntu versions are either no-change rebuilds (`buildN`)
or carry only packaging metadata differences (`0ubuntuN` with no patches).
- Syncing from Debian reduces our delta to zero for these packages, which
simplifies long-term maintenance over the LTS lifecycle.
### Packages (96 total)
#### OpenStack Libraries & Clients (70 packages)
These are runtime dependencies of OpenStack services (nova, neutron, cinder,
etc.)
and must be updated together as a coordinated set.
| Package | Ubuntu (Resolute) | Debian |
Component |
|------------------------------|-------------------------|-----------------|-----------|
| mistral-extra | 15.1.0-1 | 16.0.1-1 |
universe |
| python-adjutantclient | 1.4.0-1 | 1.5.0-1 |
universe |
| python-aodhclient | 3.9.1-0ubuntu1 | 3.10.1-1 |
main |
| python-barbicanclient | 7.2.0-0ubuntu1 | 7.3.0-1 |
main |
| python-blazarclient | 4.4.0-0ubuntu1 | 4.5.0-1 |
main |
| python-castellan | 5.5.0-0ubuntu1 | 5.6.0-2 |
main |
| python-ceilometermiddleware | 3.8.0-0ubuntu1 | 3.10.0-1 |
universe |
| python-cinderclient | 1:9.8.0-0ubuntu1 | 1:9.9.0-1 |
main |
| python-cloudkittyclient | 5.4.0-3 | 6.1.0-1 |
universe |
| python-cyborgclient | 2.6.0-2 | 2.7.0-1 |
universe |
| python-designateclient | 6.3.0-0ubuntu1 | 6.4.0-1 |
main |
| python-diskimage-builder | 3.29.0-0ubuntu1 | 3.40.2-1 |
universe |
| python-freezerclient | 6.1.0-2 | 6.2.0-1 |
universe |
| python-glance-store | 5.2.0-0ubuntu1 | 5.4.0-1 |
main |
| python-glanceclient | 1:4.10.0-0ubuntu1 | 1:4.11.0-1 |
main |
| python-heatclient | 5.0.0-0ubuntu2 | 5.1.0-1 |
main |
| python-ironicclient | 5.15.0-0ubuntu1 | 6.0.0-1 |
main |
| python-keystoneauth1 | 5.12.0-0ubuntu1 | 5.13.1-1 |
main |
| python-keystoneclient | 1:5.7.0-0ubuntu1 | 1:5.8.0-2 |
main |
| python-keystonemiddleware | 11.0.0-0ubuntu1 | 12.0.0-1 |
main |
| python-magnumclient | 4.9.0-0ubuntu1 | 4.10.0-1 |
main |
| python-manilaclient | 5.7.1-0ubuntu1 | 6.0.0-1 |
main |
| python-masakariclient | 8.7.0-0ubuntu1 | 8.8.0-1 |
universe |
| python-mistral-lib | 3.5.0-0ubuntu1 | 3.5.1-1 |
universe |
| python-mistralclient | 1:6.1.0-0ubuntu1 | 1:6.2.0-1 |
main |
| python-neutron-lib | 3.23.0-0ubuntu1 | 3.24.0-2 |
main |
| python-neutronclient | 1:11.7.0-0ubuntu1 | 1:11.8.0-1 |
main |
| python-novaclient | 2:18.11.0-0ubuntu1 | 2:18.12.0-1 |
main |
| python-observabilityclient | 1.2.0-0ubuntu1 | 1.3.0-2 |
main |
| python-octavia-lib | 3.10.0-0ubuntu1 | 3.11.0-1 |
main |
| python-octaviaclient | 3.12.0-0ubuntu1 | 3.13.0-1 |
main |
| python-openstackclient | 8.3.0-0ubuntu1 | 9.0.0-1 |
main |
| python-openstacksdk | 4.8.0-0ubuntu1 | 4.10.0-1 |
main |
| python-os-api-ref | 2.3.0-0ubuntu1 | 3.1.0+ds1-1 |
universe |
| python-os-brick | 6.14.0-0ubuntu1 | 7.0.0-1 |
main |
| python-os-ken | 4.1.0-0ubuntu1 | 4.1.1-1 |
main |
| python-os-service-types | 1.8.0-4 | 1.8.2-1 |
main |
| python-os-traits | 3.5.0-0ubuntu1 | 3.6.0-1 |
main |
| python-osc-lib | 4.3.0-0ubuntu1 | 4.4.0-1 |
main |
| python-osc-placement | 4.6.0-0ubuntu2 | 4.8.0-1 |
main |
| python-oslo.cache | 4.0.0-0ubuntu2 | 4.1.1-2 |
main |
| python-oslo.concurrency | 7.2.0-0ubuntu1 | 7.4.0-2 |
main |
| python-oslo.config | 1:10.2.0-0ubuntu1 | 1:10.3.0-1 |
main |
| python-oslo.i18n | 6.7.1-0ubuntu1 | 6.7.2-2 |
main |
| python-oslo.limit | 2.9.2-0ubuntu2 | 2.10.0-2 |
main |
| python-oslo.log | 8.0.0-0ubuntu1 | 8.1.0-2 |
main |
| python-oslo.messaging | 17.2.0-0ubuntu1 | 17.3.0-2 |
main |
| python-oslo.metrics | 0.14.0-0ubuntu1 | 0.15.1-2 |
main |
| python-oslo.middleware | 7.0.0-0ubuntu2 | 8.0.0-2 |
main |
| python-oslo.policy | 4.8.0-0ubuntu2 | 5.0.0-2 |
main |
| python-oslo.privsep | 3.9.0-0ubuntu1 | 3.10.1-1 |
main |
| python-oslo.rootwrap | 7.8.0-0ubuntu1 | 7.9.0-1 |
main |
| python-oslo.serialization | 5.9.0-0ubuntu1 | 5.9.1-2 |
main |
| python-oslo.service | 4.4.1-0ubuntu1 | 4.5.1-1 |
main |
| python-oslo.upgradecheck | 2.7.0-0ubuntu1 | 2.7.1-1 |
main |
| python-oslo.utils | 9.2.0-0ubuntu2 | 10.0.0-2 |
main |
| python-oslo.vmware | 4.8.0-0ubuntu1 | 4.9.0-1 |
main |
| python-oslotest | 1:5.0.1-3 | 1:6.0.0-1 |
universe |
| python-osprofiler | 4.2.0-4ubuntu1 | 4.3.0-4 |
main |
| python-ovsdbapp | 2.15.0-0ubuntu1 | 2.16.0-2 |
main |
| python-pbr | 6.1.1-0ubuntu2 | 7.0.3-2 |
main |
| python-sushy | 5.9.0-0ubuntu1 | 5.10.0-4 |
universe |
| python-swiftclient | 1:4.9.0-0ubuntu1 | 1:4.10.0-1 |
main |
| python-tackerclient | 2.4.0-0ubuntu1 | 2.5.0-1 |
universe |
| python-tooz | 6.3.0-0ubuntu1 | 8.1.0-2 |
main |
| python-tosca-parser | 2.13.0-3 | 2.14.0-1 |
universe |
| python-troveclient | 1:8.8.0-0ubuntu2 | 1:8.10.0-1 |
main |
| python-vitrageclient | 5.3.0-0ubuntu1 | 5.4.0-1 |
main |
| python-watcherclient | 4.9.0-0ubuntu1 | 4.10.0-1 |
universe |
| python-zaqarclient | 4.3.0-0ubuntu1 | 4.4.0-1 |
main |
| python-zunclient | 5.3.0-0ubuntu1 | 5.4.0-1 |
universe |
#### Non-OpenStack Dependencies (26 packages — deps of OpenStack)
These are third-party Python libraries that OpenStack services depend on at
runtime / build time. Updated versions are required by the new OpenStack
Gazpacho libraries above.
| Package | Ubuntu (Resolute) | Debian |
Component |
|------------------------------|-------------------------|-----------------|-----------|
| alembic | 1.16.4-4 | 1.18.4-1 |
main |
| cmd2 | 2.5.11+ds-2 | 3.2.0+ds-1 |
main |
| dnspython | 2.7.0-1ubuntu2 | 2.8.0-1 |
main |
| platformdirs | 4.5.1-1 | 4.9.4-1 |
main |
| pyroute2 | 0.7.11-0ubuntu3 | 0.8.1-4 |
main |
| python-cachetools | 5.3.3-1build1 | 7.0.1-1 |
main |
| python-cotyledon | 1.7.3-3build1 | 2.2.0-2 |
main |
| python-dogpile.cache | 1.3.3-2 | 1.5.0-1 |
main |
| python-etcd3gw | 2.4.2-3 | 2.5.0-1 |
universe |
| python-eventlet | 0.40.3-2 | 0.40.4-1 |
main |
| python-gabbi | 3.0.0-3 | 4.2.0-1 |
universe |
| python-gnocchiclient | 7.0.8-0ubuntu2 | 7.2.0-2 |
main |
| python-greenlet | 3.2.4-3 | 3.3.2-1 |
main |
| python-ldap | 3.4.4-2ubuntu3 | 3.4.5-1 |
main |
| python-requests-kerberos | 0.14.0-6 | 0.15.0-1 |
universe |
| python-requests-oauthlib | 1.3.1-2 | 2.0.0-2 |
universe |
| python-sqlalchemy-utils | 0.41.1-0ubuntu1 | 0.42.1-1 |
main |
| python-stestr | 4.2.0-2 | 4.2.1-1 |
universe |
| python-threadpoolctl | 3.1.0-1build1 | 3.6.0-1 |
universe |
| python-uhashring | 2.3-2build1 | 2.4-1 |
universe |
| python-wrapt | 1.17.3-3 | 2.1.1-1 |
main |
| python-xattr | 0.10.1-1.1 | 1.3.0-1 |
main |
| python-xmltodict | 0.13.0-1ubuntu1 | 1.0.3-1 |
main |
| responses | 0.25.8-1 | 0.26.0-1 |
universe |
| sphinxcontrib-httpdomain | 1.8.1-2build1 | 2.0.0-1 |
universe |
| websocket-client | 1.8.0-2build1 | 1.9.0-1 |
universe |
### Sync ordering constraints
The following dependency chain must be respected during the sync:
1. **python-cotyledon** (1.7.3 → 2.2.0) must be synced **first**. Upstream
cotyledon 2.2.0 adds a new runtime dependency on `python3-oslo.config`
(already in main).
2. **python-oslo.service** (4.4.1 → 4.5.1) depends on
`python3-cotyledon (>= 2.2.0)` at build time. It **cannot be synced until
python-cotyledon 2.2.0 has migrated to the release pocket**. The current
Ubuntu archive only has python-cotyledon 1.7.3, which is insufficient.
3. All other packages have no strict inter-sync ordering requirements and can
be synced in any order once the above two are in place.
### Excluded packages from sync but still need FFe(3)
| Package | Reason
|
|------------------------------|-----------------------------------------------------------|
| stevedore | Ubuntu epoch (1:) higher than Debian — sync
impossible |
| python-oslo.context | Ubuntu epoch (1:) higher than Debian — sync
impossible |
### Risk assessment
Of the 96 packages, **67 are straightforward syncs** with zero Ubuntu patches
lost and no runtime dependency concerns (only build-time/cosmetic differences).
The remaining **29 packages** have specific items to watch:
#### CVE patches — verify upstream inclusion (2 packages)
| Package | CVE | Status
|
|------------------|------------------------------|-----------------------------------------------------|
| python-ldap | CVE-2025-61911, CVE-2025-61912 | Debian 3.4.5 is the
upstream release that includes these fixes. Safe. Also loses Ubuntu apparmor
autopkgtest (test-only). |
| python-xmltodict | CVE-2025-9375 | Debian 1.0.3 is a post-CVE
release — verify fix is included before syncing. |
#### New or changed runtime dependencies (3 packages)
| Package | Change
|
|---------------------------|-----------------------------------------------------------------|
| cmd2 | Adds `python3-rich`, `python3-rich-argparse` as
runtime Depends. Verify availability in main. |
| dnspython | Debian promotes h2/httpx/httpcore from Suggests
to Recommends. These are universe-only — may need to carry delta to keep them
as Suggests. |
| python-oslo.serialization | Adds `python3-debtcollector` and `python3-yaml`
as runtime deps. Verify both are in main. |
#### Major upstream version bumps (12 packages)
All expected Gazpacho-cycle coordinated releases. OpenStack services (nova,
neutron, cinder, etc.) are tested upstream against these exact versions.
| Package | Jump | Reverse-dep impact
|
|----------------------------|-----------------|-------------------------------------------|
| python-pbr | 6.1.1 → 7.0.3 | 100+ packages (build tool)
|
| python-wrapt | 1.17.3 → 2.1.1 | astroid, debtcollector,
walinuxagent |
| python-tooz | 6.3.0 → 8.1.0 | main; ceilometer, cinder, nova,
neutron |
| python-gabbi | 3.0.0 → 4.2.0 | universe; test dep for many
services |
| python-oslo.middleware | 7.0.0 → 8.0.0 | 25+ rdeps (nova, neutron,
cinder...) |
| python-oslo.policy | 4.8.0 → 5.0.0 | 25+ rdeps
|
| python-oslo.utils | 9.2.0 → 10.0.0 | Core oslo library, very wide
rdep set |
| python-requests-oauthlib | 1.3.1 → 2.0.0 | universe; limited rdeps
|
| python-ironicclient | 5.15.0 → 6.0.0 | ironic, ironic-inspector
|
| python-cachetools | 5.3.3 → 7.0.1 | No Ubuntu patches
(rebuild-only) |
| python-openstackclient | 8.3.0 → 9.0.0 | horizon, heat; missing
build-deps python3-vmmsclient, python3-searchlightclient |
| sphinxcontrib-httpdomain | 1.8.1 → 2.0.0 | universe; doc-build only
|
#### Packaging-specific issues that may need post-sync delta (12
packages)
| Package | Issue
|
|----------------------------|------------------------------------------------------------------|
| python-oslo.config | Loses update-alternatives scripts for
`oslo-config-generator` |
| python-oslo.rootwrap | Loses gnucat/Rust coreutils test patch
(test-only, Ubuntu-specific) |
| python-heatclient | Ubuntu patches prod code for py3.14; Debian
patches tests only. Verify upstream 5.1.0 includes prod fix. |
| python-glance-store | Re-introduces `!requiretty` in sudoers (Ubuntu
dropped for sudo-rs, LP: #2120708). Adds `glance-store-common` binary. |
| python-gnocchiclient | Loses `drop-ujson.patch` — Debian uses ujson.
Need to carry patch or MIR ujson. |
| python-openstackdocstheme | Same upstream version; Debian uses
bootstrap5/font-awesome symlinks. |
| python-openstacksdk | Requires `python3-os-service-types >= 1.8.1` —
sync os-service-types first. |
| python-vitrageclient | Loses 3 pydot compat patches. Verify upstream
5.4.0 handles pydot 2.x. |
| python-zunclient | Drops update-alternatives maintainer scripts.
|
| python-diskimage-builder | 11 minor versions ahead; adds system tool
build-deps. |
| python-sqlalchemy-utils | Loses Ubuntu autopkgtests. Dep restructuring.
|
| python-sushy | debhelper compat regression 13→10; previous
Ubuntu excluded oem-idrac tests. |
### Testing plan
1. Each package will be synced individually via `syncpackage` to -proposed.
2. Ubuntu's proposed-migration infrastructure will run autopkgtests and
check installability.
3. The OpenStack team will validate the full stack via deployment testing
once all packages have migrated.
4. Any regressions will be addressed by uploading Ubuntu-specific fixes
on top of the synced packages.
### Additional information
- The sync review was performed using automated analysis of debian/ directory
diffs, build-dep availability, epoch comparisons, CVE cross-references,
and binary package changes.
** Affects: openstack (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- [FFE] Sync newer version of OpenStack packages
+ [FFE] Gazpacho Sync of OpenStack packages
** Description changed:
# [FFe] OpenStack Gazpacho dependency sync from Debian for Ubuntu
Resolute
## FFE ##
### Summary
Requesting a standing Feature Freeze Exception to sync 96 OpenStack-related
source packages from Debian experimental/unstable to Ubuntu Resolute. These
packages are the libraries, clients, and dependencies needed for the OpenStack
Gazpacho (2026.1) cycle, which is the target OpenStack release for Ubuntu
26.04 LTS.
Ubuntu Resolute currently carries the OpenStack Flamingo (2025.2) versions of
these
packages. Debian experimental has packaged the Gazpacho versions. Syncing from
Debian brings Ubuntu up to the correct upstream release with minimal delta.
### Rationale
- Ubuntu 26.04 LTS must ship with **OpenStack Gazpacho** (the upstream release
- aligned to this cycle). The current archive has Flamingo-era versions.
+ aligned to this cycle). The current archive has Flamingo-era versions.
- All 96 packages have been **reviewed for sync safety** — each for
- covering patch loss, build-dep availability, epoch conflicts,
- ABI breaks, and CVE regressions.
+ covering patch loss, build-dep availability, epoch conflicts,
+ ABI breaks, and CVE regressions.
- The vast majority are **library/client point releases** with no
Ubuntu-specific
- patches at risk. The Ubuntu versions are either no-change rebuilds
(`buildN`)
- or carry only packaging metadata differences (`0ubuntuN` with no patches).
+ patches at risk. The Ubuntu versions are either no-change rebuilds
(`buildN`)
+ or carry only packaging metadata differences (`0ubuntuN` with no patches).
- Syncing from Debian reduces our delta to zero for these packages, which
- simplifies long-term maintenance over the LTS lifecycle.
+ simplifies long-term maintenance over the LTS lifecycle.
### Packages (96 total)
- #### OpenStack Libraries & Clients (70 packages — all runtime
- dependencies)
+ #### OpenStack Libraries & Clients (70 packages)
These are runtime dependencies of OpenStack services (nova, neutron, cinder,
etc.)
and must be updated together as a coordinated set.
| Package | Ubuntu (Resolute) | Debian |
Component |
|------------------------------|-------------------------|-----------------|-----------|
| mistral-extra | 15.1.0-1 | 16.0.1-1 |
universe |
| python-adjutantclient | 1.4.0-1 | 1.5.0-1 |
universe |
| python-aodhclient | 3.9.1-0ubuntu1 | 3.10.1-1 |
main |
| python-barbicanclient | 7.2.0-0ubuntu1 | 7.3.0-1 |
main |
| python-blazarclient | 4.4.0-0ubuntu1 | 4.5.0-1 |
main |
| python-castellan | 5.5.0-0ubuntu1 | 5.6.0-2 |
main |
| python-ceilometermiddleware | 3.8.0-0ubuntu1 | 3.10.0-1 |
universe |
| python-cinderclient | 1:9.8.0-0ubuntu1 | 1:9.9.0-1 |
main |
| python-cloudkittyclient | 5.4.0-3 | 6.1.0-1 |
universe |
| python-cyborgclient | 2.6.0-2 | 2.7.0-1 |
universe |
| python-designateclient | 6.3.0-0ubuntu1 | 6.4.0-1 |
main |
| python-diskimage-builder | 3.29.0-0ubuntu1 | 3.40.2-1 |
universe |
| python-freezerclient | 6.1.0-2 | 6.2.0-1 |
universe |
| python-glance-store | 5.2.0-0ubuntu1 | 5.4.0-1 |
main |
| python-glanceclient | 1:4.10.0-0ubuntu1 | 1:4.11.0-1 |
main |
| python-heatclient | 5.0.0-0ubuntu2 | 5.1.0-1 |
main |
| python-ironicclient | 5.15.0-0ubuntu1 | 6.0.0-1 |
main |
| python-keystoneauth1 | 5.12.0-0ubuntu1 | 5.13.1-1 |
main |
| python-keystoneclient | 1:5.7.0-0ubuntu1 | 1:5.8.0-2 |
main |
| python-keystonemiddleware | 11.0.0-0ubuntu1 | 12.0.0-1 |
main |
| python-magnumclient | 4.9.0-0ubuntu1 | 4.10.0-1 |
main |
| python-manilaclient | 5.7.1-0ubuntu1 | 6.0.0-1 |
main |
| python-masakariclient | 8.7.0-0ubuntu1 | 8.8.0-1 |
universe |
| python-mistral-lib | 3.5.0-0ubuntu1 | 3.5.1-1 |
universe |
| python-mistralclient | 1:6.1.0-0ubuntu1 | 1:6.2.0-1 |
main |
| python-neutron-lib | 3.23.0-0ubuntu1 | 3.24.0-2 |
main |
| python-neutronclient | 1:11.7.0-0ubuntu1 | 1:11.8.0-1 |
main |
| python-novaclient | 2:18.11.0-0ubuntu1 | 2:18.12.0-1 |
main |
| python-observabilityclient | 1.2.0-0ubuntu1 | 1.3.0-2 |
main |
| python-octavia-lib | 3.10.0-0ubuntu1 | 3.11.0-1 |
main |
| python-octaviaclient | 3.12.0-0ubuntu1 | 3.13.0-1 |
main |
| python-openstackclient | 8.3.0-0ubuntu1 | 9.0.0-1 |
main |
| python-openstacksdk | 4.8.0-0ubuntu1 | 4.10.0-1 |
main |
| python-os-api-ref | 2.3.0-0ubuntu1 | 3.1.0+ds1-1 |
universe |
| python-os-brick | 6.14.0-0ubuntu1 | 7.0.0-1 |
main |
| python-os-ken | 4.1.0-0ubuntu1 | 4.1.1-1 |
main |
| python-os-service-types | 1.8.0-4 | 1.8.2-1 |
main |
| python-os-traits | 3.5.0-0ubuntu1 | 3.6.0-1 |
main |
| python-osc-lib | 4.3.0-0ubuntu1 | 4.4.0-1 |
main |
| python-osc-placement | 4.6.0-0ubuntu2 | 4.8.0-1 |
main |
| python-oslo.cache | 4.0.0-0ubuntu2 | 4.1.1-2 |
main |
| python-oslo.concurrency | 7.2.0-0ubuntu1 | 7.4.0-2 |
main |
| python-oslo.config | 1:10.2.0-0ubuntu1 | 1:10.3.0-1 |
main |
| python-oslo.i18n | 6.7.1-0ubuntu1 | 6.7.2-2 |
main |
| python-oslo.limit | 2.9.2-0ubuntu2 | 2.10.0-2 |
main |
| python-oslo.log | 8.0.0-0ubuntu1 | 8.1.0-2 |
main |
| python-oslo.messaging | 17.2.0-0ubuntu1 | 17.3.0-2 |
main |
| python-oslo.metrics | 0.14.0-0ubuntu1 | 0.15.1-2 |
main |
| python-oslo.middleware | 7.0.0-0ubuntu2 | 8.0.0-2 |
main |
| python-oslo.policy | 4.8.0-0ubuntu2 | 5.0.0-2 |
main |
| python-oslo.privsep | 3.9.0-0ubuntu1 | 3.10.1-1 |
main |
| python-oslo.rootwrap | 7.8.0-0ubuntu1 | 7.9.0-1 |
main |
| python-oslo.serialization | 5.9.0-0ubuntu1 | 5.9.1-2 |
main |
| python-oslo.service | 4.4.1-0ubuntu1 | 4.5.1-1 |
main |
| python-oslo.upgradecheck | 2.7.0-0ubuntu1 | 2.7.1-1 |
main |
| python-oslo.utils | 9.2.0-0ubuntu2 | 10.0.0-2 |
main |
| python-oslo.vmware | 4.8.0-0ubuntu1 | 4.9.0-1 |
main |
| python-oslotest | 1:5.0.1-3 | 1:6.0.0-1 |
universe |
| python-osprofiler | 4.2.0-4ubuntu1 | 4.3.0-4 |
main |
| python-ovsdbapp | 2.15.0-0ubuntu1 | 2.16.0-2 |
main |
| python-pbr | 6.1.1-0ubuntu2 | 7.0.3-2 |
main |
| python-sushy | 5.9.0-0ubuntu1 | 5.10.0-4 |
universe |
| python-swiftclient | 1:4.9.0-0ubuntu1 | 1:4.10.0-1 |
main |
| python-tackerclient | 2.4.0-0ubuntu1 | 2.5.0-1 |
universe |
| python-tooz | 6.3.0-0ubuntu1 | 8.1.0-2 |
main |
| python-tosca-parser | 2.13.0-3 | 2.14.0-1 |
universe |
| python-troveclient | 1:8.8.0-0ubuntu2 | 1:8.10.0-1 |
main |
| python-vitrageclient | 5.3.0-0ubuntu1 | 5.4.0-1 |
main |
| python-watcherclient | 4.9.0-0ubuntu1 | 4.10.0-1 |
universe |
| python-zaqarclient | 4.3.0-0ubuntu1 | 4.4.0-1 |
main |
| python-zunclient | 5.3.0-0ubuntu1 | 5.4.0-1 |
universe |
- #### Non-OpenStack Dependencies (26 packages — runtime deps of
- OpenStack)
+ #### Non-OpenStack Dependencies (26 packages — deps of OpenStack)
These are third-party Python libraries that OpenStack services depend on at
- runtime. Updated versions are required by the new OpenStack Gazpacho
libraries above.
+ runtime / build time. Updated versions are required by the new OpenStack
Gazpacho libraries above.
| Package | Ubuntu (Resolute) | Debian |
Component |
|------------------------------|-------------------------|-----------------|-----------|
| alembic | 1.16.4-4 | 1.18.4-1 |
main |
| cmd2 | 2.5.11+ds-2 | 3.2.0+ds-1 |
main |
| dnspython | 2.7.0-1ubuntu2 | 2.8.0-1 |
main |
| platformdirs | 4.5.1-1 | 4.9.4-1 |
main |
| pyroute2 | 0.7.11-0ubuntu3 | 0.8.1-4 |
main |
| python-cachetools | 5.3.3-1build1 | 7.0.1-1 |
main |
| python-cotyledon | 1.7.3-3build1 | 2.2.0-2 |
main |
| python-dogpile.cache | 1.3.3-2 | 1.5.0-1 |
main |
| python-etcd3gw | 2.4.2-3 | 2.5.0-1 |
universe |
| python-eventlet | 0.40.3-2 | 0.40.4-1 |
main |
| python-gabbi | 3.0.0-3 | 4.2.0-1 |
universe |
| python-gnocchiclient | 7.0.8-0ubuntu2 | 7.2.0-2 |
main |
| python-greenlet | 3.2.4-3 | 3.3.2-1 |
main |
| python-ldap | 3.4.4-2ubuntu3 | 3.4.5-1 |
main |
| python-requests-kerberos | 0.14.0-6 | 0.15.0-1 |
universe |
| python-requests-oauthlib | 1.3.1-2 | 2.0.0-2 |
universe |
| python-sqlalchemy-utils | 0.41.1-0ubuntu1 | 0.42.1-1 |
main |
| python-stestr | 4.2.0-2 | 4.2.1-1 |
universe |
| python-threadpoolctl | 3.1.0-1build1 | 3.6.0-1 |
universe |
| python-uhashring | 2.3-2build1 | 2.4-1 |
universe |
| python-wrapt | 1.17.3-3 | 2.1.1-1 |
main |
| python-xattr | 0.10.1-1.1 | 1.3.0-1 |
main |
| python-xmltodict | 0.13.0-1ubuntu1 | 1.0.3-1 |
main |
| responses | 0.25.8-1 | 0.26.0-1 |
universe |
| sphinxcontrib-httpdomain | 1.8.1-2build1 | 2.0.0-1 |
universe |
| websocket-client | 1.8.0-2build1 | 1.9.0-1 |
universe |
### Sync ordering constraints
The following dependency chain must be respected during the sync:
1. **python-cotyledon** (1.7.3 → 2.2.0) must be synced **first**. Upstream
- cotyledon 2.2.0 adds a new runtime dependency on `python3-oslo.config`
- (already in main).
+ cotyledon 2.2.0 adds a new runtime dependency on `python3-oslo.config`
+ (already in main).
2. **python-oslo.service** (4.4.1 → 4.5.1) depends on
- `python3-cotyledon (>= 2.2.0)` at build time. It **cannot be synced until
- python-cotyledon 2.2.0 has migrated to the release pocket**. The current
- Ubuntu archive only has python-cotyledon 1.7.3, which is insufficient.
+ `python3-cotyledon (>= 2.2.0)` at build time. It **cannot be synced until
+ python-cotyledon 2.2.0 has migrated to the release pocket**. The current
+ Ubuntu archive only has python-cotyledon 1.7.3, which is insufficient.
3. All other packages have no strict inter-sync ordering requirements and can
- be synced in any order once the above two are in place.
+ be synced in any order once the above two are in place.
### Excluded packages from sync but still need FFe(3)
| Package | Reason
|
|------------------------------|-----------------------------------------------------------|
| stevedore | Ubuntu epoch (1:) higher than Debian — sync
impossible |
| python-oslo.context | Ubuntu epoch (1:) higher than Debian — sync
impossible |
### Risk assessment
Of the 96 packages, **67 are straightforward syncs** with zero Ubuntu patches
lost and no runtime dependency concerns (only build-time/cosmetic
differences).
The remaining **29 packages** have specific items to watch:
#### CVE patches — verify upstream inclusion (2 packages)
| Package | CVE | Status
|
|------------------|------------------------------|-----------------------------------------------------|
| python-ldap | CVE-2025-61911, CVE-2025-61912 | Debian 3.4.5 is the
upstream release that includes these fixes. Safe. Also loses Ubuntu apparmor
autopkgtest (test-only). |
| python-xmltodict | CVE-2025-9375 | Debian 1.0.3 is a post-CVE
release — verify fix is included before syncing. |
#### New or changed runtime dependencies (3 packages)
| Package | Change
|
|---------------------------|-----------------------------------------------------------------|
| cmd2 | Adds `python3-rich`, `python3-rich-argparse` as
runtime Depends. Verify availability in main. |
| dnspython | Debian promotes h2/httpx/httpcore from Suggests
to Recommends. These are universe-only — may need to carry delta to keep them
as Suggests. |
| python-oslo.serialization | Adds `python3-debtcollector` and `python3-yaml`
as runtime deps. Verify both are in main. |
#### Major upstream version bumps (12 packages)
All expected Gazpacho-cycle coordinated releases. OpenStack services (nova,
neutron, cinder, etc.) are tested upstream against these exact versions.
| Package | Jump | Reverse-dep impact
|
|----------------------------|-----------------|-------------------------------------------|
| python-pbr | 6.1.1 → 7.0.3 | 100+ packages (build tool)
|
| python-wrapt | 1.17.3 → 2.1.1 | astroid, debtcollector,
walinuxagent |
| python-tooz | 6.3.0 → 8.1.0 | main; ceilometer, cinder,
nova, neutron |
| python-gabbi | 3.0.0 → 4.2.0 | universe; test dep for many
services |
| python-oslo.middleware | 7.0.0 → 8.0.0 | 25+ rdeps (nova, neutron,
cinder...) |
| python-oslo.policy | 4.8.0 → 5.0.0 | 25+ rdeps
|
| python-oslo.utils | 9.2.0 → 10.0.0 | Core oslo library, very wide
rdep set |
| python-requests-oauthlib | 1.3.1 → 2.0.0 | universe; limited rdeps
|
| python-ironicclient | 5.15.0 → 6.0.0 | ironic, ironic-inspector
|
| python-cachetools | 5.3.3 → 7.0.1 | No Ubuntu patches
(rebuild-only) |
| python-openstackclient | 8.3.0 → 9.0.0 | horizon, heat; missing
build-deps python3-vmmsclient, python3-searchlightclient |
| sphinxcontrib-httpdomain | 1.8.1 → 2.0.0 | universe; doc-build only
|
#### Packaging-specific issues that may need post-sync delta (12
packages)
| Package | Issue
|
|----------------------------|------------------------------------------------------------------|
| python-oslo.config | Loses update-alternatives scripts for
`oslo-config-generator` |
| python-oslo.rootwrap | Loses gnucat/Rust coreutils test patch
(test-only, Ubuntu-specific) |
| python-heatclient | Ubuntu patches prod code for py3.14; Debian
patches tests only. Verify upstream 5.1.0 includes prod fix. |
| python-glance-store | Re-introduces `!requiretty` in sudoers (Ubuntu
dropped for sudo-rs, LP: #2120708). Adds `glance-store-common` binary. |
| python-gnocchiclient | Loses `drop-ujson.patch` — Debian uses ujson.
Need to carry patch or MIR ujson. |
| python-openstackdocstheme | Same upstream version; Debian uses
bootstrap5/font-awesome symlinks. |
| python-openstacksdk | Requires `python3-os-service-types >= 1.8.1` —
sync os-service-types first. |
| python-vitrageclient | Loses 3 pydot compat patches. Verify upstream
5.4.0 handles pydot 2.x. |
| python-zunclient | Drops update-alternatives maintainer scripts.
|
| python-diskimage-builder | 11 minor versions ahead; adds system tool
build-deps. |
| python-sqlalchemy-utils | Loses Ubuntu autopkgtests. Dep restructuring.
|
| python-sushy | debhelper compat regression 13→10; previous
Ubuntu excluded oem-idrac tests. |
### Testing plan
1. Each package will be synced individually via `syncpackage` to -proposed.
2. Ubuntu's proposed-migration infrastructure will run autopkgtests and
- check installability.
+ check installability.
3. The OpenStack team will validate the full stack via deployment testing
- once all packages have migrated.
+ once all packages have migrated.
4. Any regressions will be addressed by uploading Ubuntu-specific fixes
- on top of the synced packages.
+ on top of the synced packages.
### Additional information
- The sync review was performed using automated analysis of debian/ directory
- diffs, build-dep availability, epoch comparisons, CVE cross-references,
- and binary package changes.
+ diffs, build-dep availability, epoch comparisons, CVE cross-references,
+ and binary package changes.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2144841
Title:
[FFE] Gazpacho Sync of OpenStack packages
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/openstack/+bug/2144841/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
