Package: nova / 2:32.1.0-7
Metadata
| Package | Version | Patches format |
|---|---|---|
| nova | 2:32.1.0-7 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| Install missed files.patch | (download) |
MANIFEST.in |
11 11 + 0 - 0 ! |
install missed files |
| remove svg converter from doc conf.py.patch | (download) |
doc/source/conf.py |
1 0 + 1 - 0 ! |
remove sphinxcontrib.rsvgconverter from doc conf.py |
| Add a healtcheck url.patch | (download) |
etc/nova/api-paste.ini |
11 8 + 3 - 0 ! |
[patch] add a /healthcheck url This is useful for operators to configure HAProxy and for monitoring. |
| fix exception.NovaException.patch | (download) |
nova/virt/disk/api.py |
4 2 + 2 - 0 ! |
fix exception.novaexception |
| Fix test_simple_tenant_usage test.patch | (download) |
nova/tests/unit/policies/test_simple_tenant_usage.py |
8 7 + 1 - 0 ! |
fix test_simple_tenant_usage test API policy test_simple_tenant_usage test does not send the start and end time in request's query string. In that case, API set the current time to both start and end times. So there is a chance that both start and end times can be the same, and Nova raises an error: - https://github.com/openstack/nova/blob/9e5ad07aeeb9f14eba37e2cdea9377e7af48ef88/nova/api/openstack/compute/simple_tenant_usage.py#L258 Closes-Bug: https://launchpad.net/bugs/2130703 |
| fix failing timebased tests.patch | (download) |
nova/tests/unit/compute/test_compute.py |
3 3 + 0 - 0 ! |
fixed failing timebased tests If the updates are made on the same second, these unit tests are failing. Adding a time.sleep(2) fixes it. |
| testtools 2.8.2 TestMatchersInterface is removed.patch | (download) |
nova/tests/unit/test_matchers.py |
578 60 + 518 - 0 ! |
compat with testtools 2.8.2: testmatchersinterface is removed |
| fix test_validate_volume_mount_not_working.patch | (download) |
nova/tests/unit/virt/libvirt/volume/test_quobyte.py |
6 3 + 3 - 0 ! |
fix test_validate_volume_mount_not_working() |
| cve 2026 24708 make disk.extend pass format to qemu img 2025.2.patch | (download) |
nova/tests/unit/virt/disk/test_api.py |
35 31 + 4 - 0 ! |
cve-2026-24708/ossa-2026-002: make disk.extend() pass format to qemu-img
This fixes an instance of us passing a disk image to qemu-img for
resize where we don't constrain the format. As has previously been
identified, it is never safe to do that when the image itself is not
trusted. In this case, an instance with a previously-raw disk image
being used by imagebackend.Flat is susceptible to the user writing a
qcow2 (or other) header to their disk causing the unconstrained
qemu-img resize operation to interpret it as a qcow2 file.
.
Since Flat maintains the intended disk format in the disk.info file,
and since we would have safety-checked images we got from glance,
we should be able to trust the image.format specifier, which comes
from driver_format in imagebackend, which is read from disk.info.
Since only raw or qcow2 files should be resized anyway, we can further
constrain it to those.
.
Notes:
1. qemu-img refuses to resize some types of VMDK files, but it may
be able to resize others (there are many subformats). Technically,
Flat will allow running an instance directly from a VMDK file,
and so this change _could_ be limiting existing "unintentionally
works" behavior.
2. This assumes that disk.info is correct, present, etc. The code to
handle disk.info will regenerate the file if it's missing or
unreadable by probing the image without a safety check, which
would be unsafe. However, that is a much more sophisticated attack,
requiring either access to the system to delete the file or an
errant operator action in the first place.
|
