| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| install-missing-files.patch | Install missing files | Thomas Goirand <zigo@debian.org> | not-needed | 2016-03-22 | ||
| do-not-use-urllib3-from-botocore.patch | Do not use urllib3 from botocore Cinder is using urllib3 vendored version from botocore, which we unvendor in Debian. =================================================================== |
Thomas Goirand <zigo@debian.org> | no | 2021-03-27 | ||
| remove-test_backup_s3.patch | Remove test_backup_s3.py This unit test file is using the moto library which we cannot package in Debian because it depends on "jose" which is Python 2 only. |
Thomas Goirand <zigo@debian.org> | no | 2021-03-27 | ||
| add-params-thin_provisioning-equal-one.patch | Add "params thin_provisioning=1" in tgt export Add 'params thin_provisioning=1' in iscsi volume export to allow fstrim to work with the lvm backend. |
Thomas Goirand <zigo@debian.org> | yes | 2023-12-04 | ||
| Fix_invalid_assert_calls.patch | Tests: Fix invalid assert calls "not_called" -> "assert_not_called" "called_with" -> "assert_called_once_with" . These calls currently don't do anything because they are mis-named. diff --git a/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py b/cinder/tests/unit/volume/drivers/netapp/dataontap/test_nfs_base.py index 9c6e686..85b063b 100644 |
Eric Harney <eharney@redhat.com> | yes | upstream | upstream, https://review.opendev.org/c/openstack/cinder/+/903503 | 2023-12-12 |
| cve-2024-32498-cinder-stable-2024.1.patch | [PATCH] CVE-2024-32498: Check for external qcow2 data file Adds code to image_utils to check for a qcow2 external data file, a recent feature of qemu which we do not support and which can be used maliciously. . Advice from the qemu-img community is that it is dangerous to call qemu-img info on untrusted files, so we copy over the format_inspector module from Glance. This performs basic analysis on the image data file so we can detect problematic images before we call qemu-img info to get all the image attributes. It is expected that this code will eventually be added to oslo so it can be consumed by Glance, Cinder, and Nova. . Because cinder itself may create qcow2 format images with a backing file in nfs-based backends, the glance format_inspector has been modified to optionally allow such files. Since we are monkeying with the format_inspector code, we also copy over its unit tests to prevent regressions and to add tests for the changed code. . Includes an additional fix to prevent an issue where a user could mount a raw volume and write a qcow2 header with a larger virtual size on it. On reattaching the volume it would have the new larger virtual size avaialable without actually changing the size value in cinder. While we cannot prevent this we can prevent the user from using this volume again, which makes this exploit pointless. diff --git a/cinder/image/format_inspector.py b/cinder/image/format_inspector.py new file mode 100644 index 000000000..ede09005e |
Brian Rosmaita <rosmaita.fossdev@gmail.com> | yes | debian upstream | upstream, https://review.opendev.org/c/openstack/cinder/+/923245 | 2024-07-02 |
| remove-oauth2client-from-requirements.txt.patch | Remove oauth2client from requirements.txt The oauth2client package is deprecated, and should be removed from Debian. |
Thomas Goirand <zigo@debian.org> | no | 2024-07-21 | ||
| make-package-reproducible.patch | Make package reproducible | Thomas Goirand <zigo@debian.org> | no | 2024-07-23 | ||
| do-not-import-oauth2client.patch | Do not import oauth2client =================================================================== |
Thomas Goirand <zigo@debian.org> | no | 2024-07-23 |