Package: glance / 2:25.1.0-2+deb12u1

Metadata

Package Version Patches format
glance 2:25.1.0-2+deb12u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
sql_conn registry.patch | (download)

etc/glance-api.conf | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 fixes default connection in glance-registry.conf & glance-api.conf
missing files.patch | (download)

MANIFEST.in | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 
 package missing files
CVE 2024 32498_1_Limit_CaptureRegion_sizes_in_format_inspector_for_VMDK_and_VHDX.patch | (download)

glance/common/format_inspector.py | 22 19 + 3 - 0 !
glance/tests/unit/common/test_format_inspector.py | 120 120 + 0 - 0 !
2 files changed, 139 insertions(+), 3 deletions(-)

 
 limit captureregion sizes in format_inspector for vmdk and vhdx
 VMDK:
 When parsing a VMDK file to calculate its size, the format_inspector
 determines the location of the Descriptor section by reading two
 uint64 from the headers of the file and uses them to create the
 descriptor CaptureRegion.
 .
 It would be possible to craft a VMDK file that commands the
 format_inspector to create a very big CaptureRegion, thus exhausting
 resources on the glance-api process.
 .
 This patch binds the beginning of the descriptor to 0x200 and limits
 the size of the CaptureRegion to 1MB, similar to how the VMDK
 descriptor is parsed by qemu.
 .
 VHDX:
 It is a bit more involved, but similar: when looking for the
 VIRTUAL_DISK_SIZE metadata, the format_inspector was creating an
 unbounded CaptureRegion.
 .
 In the same way as it seems to be done in Qemu, we now limit the upper
 bound of this CaptureRegion.
Bug: https://launchpad.net/bugs/2006490
CVE 2024 32498_2_Support_Stream_Optimized_VMDKs.patch | (download)

glance/common/format_inspector.py | 4 2 + 2 - 0 !
glance/tests/unit/common/test_format_inspector.py | 73 52 + 21 - 0 !
2 files changed, 54 insertions(+), 23 deletions(-)

 
 support stream optimized vmdks
 Stream optimized VMDKs are also monolithic disks images, and start
 with the same sparse extend header as normal monolithic sparse files,
 so we can parse the virtual disk size in the same manner.
 .
 See "VMware Virtual Disks Virtual Disk Format 1.1" p. 17.
 > Header and Footer
 > The header and the footer are both described by the same SparseExtentHeader
 > structure shown in Hosted Sparse Extent Header on page 8.
Bug: https://launchpad.net/bugs/2052291
CVE 2024 32498_3_1_glance stable 2023.1.patch | (download)

glance/async_/flows/base_import.py | 10 10 + 0 - 0 !
glance/async_/flows/plugins/image_conversion.py | 8 8 + 0 - 0 !
glance/tests/unit/async_/flows/plugins/test_image_conversion.py | 16 16 + 0 - 0 !
glance/tests/unit/async_/flows/test_import.py | 33 33 + 0 - 0 !
4 files changed, 67 insertions(+)

 
 cve-2024-32498: [patch 1/7] reject qcow files with data-file attributes
CVE 2024 32498_3_2_glance stable 2023.1.patch | (download)

glance/common/format_inspector.py | 132 129 + 3 - 0 !
glance/tests/unit/common/test_format_inspector.py | 80 78 + 2 - 0 !
2 files changed, 207 insertions(+), 5 deletions(-)

 
 cve-2024-32498: [patch 2/7] extend format_inspector for qcow safety
 This adds two properties to the QcowInspector that makes it able to
 indicate whether the file specifies a backing_file or data_file in the
 header. Both conditions are considered unsafe for our usage. To
 ease checking of this condition, a classmethod is added that takes
 a local filename and digests just enough of the file to assert that
 both conditions are false.
CVE 2024 32498_3_3_glance stable 2023.1.patch | (download)

glance/common/format_inspector.py | 64 62 + 2 - 0 !
glance/tests/unit/common/test_format_inspector.py | 56 56 + 0 - 0 !
2 files changed, 118 insertions(+), 2 deletions(-)

 
 cve-2024-32498: [patch 3/7] add vmdk safety check
 This makes us check the extent filenames to make sure they don't
 have any banned characters in them (i.e. slashes). It also makes
 us reject VMDK files with a footer. Since we process these files
 as a stream, we can't honor a footer that directs us to find the
 descriptor block in a location we've already processed. Thus, if
 a file indicates it has a footer, consider it a policy exception
 and unsupported.
CVE 2024 32498_3_4_glance stable 2023.1.patch | (download)

glance/async_/flows/plugins/image_conversion.py | 44 37 + 7 - 0 !
glance/tests/unit/async_/flows/plugins/test_image_conversion.py | 57 50 + 7 - 0 !
2 files changed, 87 insertions(+), 14 deletions(-)

 
 cve-2024-32498: [patch 4/7] reject unsafe qcow and vmdk files
 This causes us to use the format inspector to pre-examine qcow and
 vmdk files for safe configurations before even using qemu-img
 on them.
CVE 2024 32498_3_5_glance stable 2023.1.patch | (download)

glance/common/format_inspector.py | 18 18 + 0 - 0 !
glance/tests/unit/common/test_format_inspector.py | 6 6 + 0 - 0 !
2 files changed, 24 insertions(+)

 
 cve-2024-32498: [patch 5/7] add qed format detection to format_inspector
 This merely recognizes this format and always marks it as unsafe
 because no service supports it. This prevents someone from uploading
 one that we will ask qemu-img to inspect.
CVE 2024 32498_3_6_glance stable 2023.1.patch | (download)

glance/common/format_inspector.py | 54 43 + 11 - 0 !
glance/tests/unit/common/test_format_inspector.py | 56 0 + 56 - 0 !
2 files changed, 43 insertions(+), 67 deletions(-)

 
 cve-2024-32498: [patch 6/7] add file format detection to format_inspector
CVE 2024 32498_3_7_glance stable 2023.1.patch | (download)

tools/test_format_inspector.py | 7 7 + 0 - 0 !
1 file changed, 7 insertions(+)

 
 cve-2024-32498: [patch 7/7] add safety check and detection support to fi tool
 This adds a safety check and detection mechanism to the
 tools/test_format_inspector.py utility for verifying those features
 outside of glance.