[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Guillaume Boutry]

This bug was fixed in the package cinder - 2:22.1.1-0ubuntu1.3~cloud2
---

 cinder (2:22.1.1-0ubuntu1.3~cloud2) jammy-antelope; urgency=medium
 .
   * SECURITY REGRESSION: regression due to missing privset handling
 (LP: #2085851)
 - debian/patches/CVE-2024-32498.patch: switch to final upstream patch
   which differs from the patch provided during embargo.


** Changed in: cloud-archive/antelope
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Guillaume Boutry]

This bug was fixed in the package cinder - 2:23.0.0-0ubuntu1.4~cloud1
---

 cinder (2:23.0.0-0ubuntu1.4~cloud1) jammy-bobcat; urgency=medium
 .
   * SECURITY REGRESSION: regression due to missing privset handling
 (LP: #2085851)
 - debian/patches/CVE-2024-32498.patch: switch to final upstream patch
   which differs from the patch provided during embargo.


** Changed in: cloud-archive/bobcat
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Guillaume Boutry]

Verification done on jammy-antelope

Hello, I've done the necessary verification on Jammy Antelope. I have a
deployed a core openstack services and run the tempest tools to
functionally test these services.

I have attached the script I used to perform the whole verification and
the resulting logs.

Please note that in the case of jammy-antelope, I've had to backport the
versions from noble-caracal for tempest and fasteners.

tempest: 29.0.0-3 -> 36.0.0-2
python3-fasters: 0.14.1-2 -> 0.18-3

PPA holding these backport:
https://launchpad.net/~gboutry/+archive/ubuntu/jammy-backports/+packages

Tempest is the functional testing tool for OpenStack services. I've
preferred to use a more recent version of tempest to ensure right policy
and testing.

Verified versions:
cinder 2:22.1.1-0ubuntu1.3~cloud2


** Attachment added: "repro-jammy-antelope.log"
   
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+attachment/5865478/+files/repro-jammy-antelope.log

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Guillaume Boutry]

To reproduce my testing on bobcat and antelope. you can use the attached
script as follow:

bash repro-ca.sh jammy-bobcat
lcx rm -f monostack
bash repro-ca.sh jammy-antelope

** Attachment added: "repro-ca.sh"
   
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+attachment/5865479/+files/repro-ca.sh

** Tags removed: verification-antelope-needed
** Tags added: verification-antelope-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Guillaume Boutry]

Verification done on jammy-bobcat

Hello, I've done the necessary verification on Jammy Bobcat. I have a
deployed a core openstack services  and run the tempest tools to
functionally test these services.

I have attached the script I used to perform the whole verification and
the resulting logs.

Please note that in the case of jammy-bobcat, I've had to backport the
versions from noble-caracal for tempest.

tempest: 29.0.0-3 -> 36.0.0-2

PPA holding these backport:
https://launchpad.net/~gboutry/+archive/ubuntu/jammy-backports/+packages

Tempest is the functional testing tool for OpenStack services. I've
preferred to use a more recent version of tempest to ensure right policy
and testing.

Verified versions:
cinder 2:23.0.0-0ubuntu1.4~cloud1


** Attachment added: "repro-jammy-bobcat.log"
   
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+attachment/5865477/+files/repro-jammy-bobcat.log

** Tags removed: verification-bobcat-needed verification-caracal-needed
** Tags added: verification-bobcat-done verification-caracal-done

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

This bug was fixed in the package cinder - 2:24.0.0-0ubuntu1.3~cloud0
---

 cinder (2:24.0.0-0ubuntu1.3~cloud0) jammy-caracal; urgency=medium
 .
   * New update for the Ubuntu Cloud Archive.
 .
 cinder (2:24.0.0-0ubuntu1.3) noble-security; urgency=medium
 .
   * SECURITY REGRESSION: regression due to missing privset handling
   (LP: #2085851)
 - debian/patches/CVE-2024-32498.patch: switch to final upstream patch
   which differs from the patch provided during embargo.


** Changed in: cloud-archive/caracal
   Status: Fix Committed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Andreas Hasenack]

Just a note that during my SRU shift I noticed that cinder
2:20.3.1-0ubuntu1.5 on jammy/s390x is consistently failing[1] its
autopkgtests, including a migration-reference/0 run:


133s autopkgtest [18:26:22]: test cinder-daemons: [---
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:152: 
SAWarning: implicitly coercing SELECT object to scalar subquery; please use the 
.scalar_subquery() method to produce a scalar subquery.
134s   last_heartbeat = column_property(
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:160: 
SAWarning: implicitly coercing SELECT object to scalar subquery; please use the 
.scalar_subquery() method to produce a scalar subquery.
134s   num_hosts = column_property(
134s /usr/lib/python3/dist-packages/cinder/db/sqlalchemy/models.py:169: 
SAWarning: implicitly coercing SELECT object to scalar subquery; please use the 
.scalar_subquery() method to produce a scalar subquery.
134s   num_down_hosts = column_property(
134s 2024-11-14 18:26:23.805 9856 INFO cinder.db.migration [-] Applying 
migration(s)
134s 2024-11-14 18:26:23.806 9856 INFO alembic.runtime.migration [-] Context 
impl MySQLImpl.
134s 2024-11-14 18:26:23.806 9856 INFO alembic.runtime.migration [-] Will 
assume non-transactional DDL.
134s 2024-11-14 18:26:23.817 9856 INFO alembic.runtime.migration [-] Running 
upgrade  -> 921e1a36b076, Initial migration.
135s 2024-11-14 18:26:24.627 9856 INFO cinder.db.migration [-] Migration(s) 
applied
135s Job for cinder-scheduler.service failed.
135s See "systemctl status cinder-scheduler.service" and "journalctl -xeu 
cinder-scheduler.service" for details.
136s autopkgtest [18:26:25]: test cinder-daemons: ---]
136s autopkgtest [18:26:25]: test cinder-daemons:  - - - - - - - - - - results 
- - - - - - - - - -
136s cinder-daemons   FAIL non-zero exit status 1


1. https://autopkgtest.ubuntu.com/packages/cinder/jammy/s390x

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Launchpad Bug Tracker]

This bug was fixed in the package cinder - 2:20.3.1-0ubuntu1.5

---
cinder (2:20.3.1-0ubuntu1.5) jammy-security; urgency=medium

  * SECURITY REGRESSION: regression due to missing privset handling
  (LP: #2085851)
- debian/patches/CVE-2024-32498.patch: switch to final upstream patch
  which differs from the patch provided during embargo.

 -- Marc Deslauriers   Mon, 04 Nov 2024
07:35:21 -0500

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Marc Deslauriers]

@james-page thanks for the tests, will publish today.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Launchpad Bug Tracker]

This bug was fixed in the package cinder - 2:16.4.2-0ubuntu2.9

---
cinder (2:16.4.2-0ubuntu2.9) focal-security; urgency=medium

  * SECURITY REGRESSION: regression due to missing privset handling
  (LP: #2085851)
- debian/patches/CVE-2024-32498.patch: switch to final upstream patch
  which differs from the patch provided during embargo.
- debian/patches/fix_CVE-2022-47951_test.patch: fix test after updating
  CVE-2024-32498 patch.

 -- Marc Deslauriers   Mon, 04 Nov 2024
08:29:59 -0500

** Changed in: cinder (Ubuntu Focal)
   Status: In Progress => Fix Released

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-47951

** Changed in: cinder (Ubuntu Noble)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Launchpad Bug Tracker]

This bug was fixed in the package cinder - 2:24.0.0-0ubuntu1.3

---
cinder (2:24.0.0-0ubuntu1.3) noble-security; urgency=medium

  * SECURITY REGRESSION: regression due to missing privset handling
  (LP: #2085851)
- debian/patches/CVE-2024-32498.patch: switch to final upstream patch
  which differs from the patch provided during embargo.

 -- Marc Deslauriers   Mon, 04 Nov 2024
07:16:36 -0500

** Changed in: cinder (Ubuntu Jammy)
   Status: In Progress => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

@mdeslaur - proposed updates regression tested OK for all three targets
and I had confirmation from the bug reporter that the proposed package
update fixes the specific issue (cinder volume -> glance image with an
kernel drive backed block device backend).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

focal proposed update:

==  


 Totals 


   
==  


  
Ran: 94 tests in 988.8594 sec.  


  
 - Passed: 87   
 
 - Skipped: 6   
 
 - Expected Fail: 0 


  
 - Unexpected Success: 0  
 - Failed: 1
 
Sum of execute time for each test: 433.6734 sec. 

$ apt-cache policy python3-cinder
python3-cinder:
  Installed: 2:16.4.2-0ubuntu2.9
  Candidate: 2:16.4.2-0ubuntu2.9
  Version table:
 *** 2:16.4.2-0ubuntu2.9 500
500 http://ppa.launchpad.net/ubuntu-security-proposed/ppa/ubuntu 
focal/main amd64 Packages
100 /var/lib/dpkg/status
 2:16.4.2-0ubuntu2.8 500
500 http://availability-zone-3.clouds.archive.ubuntu.com/ubuntu 
focal-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu focal-security/main amd64 Packages
 2:16.0.0~b3~git2020041012.eb915e2db-0ubuntu1 500
500 http://availability-zone-3.clouds.archive.ubuntu.com/ubuntu 
focal/main amd64 Packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

jammy proposed update:

==
Totals
==
Ran: 94 tests in 751.9069 sec.
 - Passed: 87
 - Skipped: 6
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 1
Sum of execute time for each test: 311.0578 sec.

$ apt-cache policy python3-cinder
python3-cinder:
  Installed: 2:20.3.1-0ubuntu1.5
  Candidate: 2:20.3.1-0ubuntu1.5
  Version table:
 *** 2:20.3.1-0ubuntu1.5 500
500 
https://ppa.launchpadcontent.net/ubuntu-security-proposed/ppa/ubuntu jammy/main 
amd64 Packages
100 /var/lib/dpkg/status
 2:20.3.1-0ubuntu1.4 500
500 http://availability-zone-2.clouds.archive.ubuntu.com/ubuntu 
jammy-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages
 2:20.0.0-0ubuntu1 500
500 http://availability-zone-2.clouds.archive.ubuntu.com/ubuntu 
jammy/main amd64 Packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

noble proposed update:

==
Totals
==
Ran: 94 tests in 827.0558 sec.
 - Passed: 87
 - Skipped: 6
 - Expected Fail: 0
 - Unexpected Success: 0
 - Failed: 1
Sum of execute time for each test: 314. sec.

single failure is an know issue in how the tests are configured for
octavia and unrelated to this update.

$ apt-cache policy python3-cinder
python3-cinder:
  Installed: 2:24.0.0-0ubuntu1.3
  Candidate: 2:24.0.0-0ubuntu1.3
  Version table:
 *** 2:24.0.0-0ubuntu1.3 500
500 
https://ppa.launchpadcontent.net/ubuntu-security-proposed/ppa/ubuntu noble/main 
amd64 Packages
100 /var/lib/dpkg/status
 2:24.0.0-0ubuntu1.2 500
500 http://availability-zone-3.clouds.archive.ubuntu.com/ubuntu 
noble-updates/main amd64 Packages
500 http://security.ubuntu.com/ubuntu noble-security/main amd64 Packages
 2:24.0.0-0ubuntu1 500
500 http://availability-zone-3.clouds.archive.ubuntu.com/ubuntu 
noble/main amd64 Packages

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

** No longer affects: cloud-archive/dalmation

** Changed in: cloud-archive/bobcat
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Edward Hope-Morley]

** Description changed:

  Ubuntu Jammy cinder package version 2:20.3.1-0ubuntu1.4 [1] backported fix 
[2] for the LP#2059809 [3] (the CVE-2024-32498 fix).
- The upstream fix [2] calls the `format_inspector.detect_file_format` with the 
eleviated previlages [4], however the code in the Ubuntu package does not [5]. 
Instead it calls the `format_inspector.detect_file_format` without using 
privsep. That is causing the following error when creating qcow image from 
volume (using purestorage driver):
+ The upstream fix [2] calls the `format_inspector.detect_file_format` with 
elevated privileges [4], however the code in the Ubuntu package does not [5]. 
Instead it calls the `format_inspector.detect_file_format` without using 
privsep. That is causing the following error when creating qcow image from 
volume (using purestorage driver):
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/volume/manager.py", line 1744, in 
copy_volume_to_image
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server 
self.driver.copy_volume_to_image(context, volume,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/volume/driver.py", line 919, in 
copy_volume_to_image
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server 
volume_utils.upload_volume(context,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/volume/volume_utils.py", line 1341, in 
upload_volume
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server 
image_utils.upload_volume(context, image_service, image_meta, volume_path,
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 1083, in 
upload_volume
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server data = 
qemu_img_info(volume_path, run_as_root=run_as_root)
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/image/image_utils.py", line 164, in 
qemu_img_info
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server inspector 
= format_inspector.detect_file_format(path)
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server   File 
"/usr/lib/python3/dist-packages/cinder/image/format_inspector.py", line 921, in 
detect_file_format
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server with 
open(filename, 'rb') as f:
  2024-10-28 09:45:28.849 2007342 ERROR oslo_messaging.rpc.server 
PermissionError: [Errno 13] Permission denied: '/dev/dm-0'
  
  [1] https://launchpad.net/ubuntu/+source/cinder/2:20.3.1-0ubuntu1.4
  [2] https://review.opendev.org/c/openstack/cinder/+/923873
  [3] https://launchpad.net/bugs/2059809
  [4] 
https://review.opendev.org/c/openstack/cinder/+/923873/9/cinder/image/image_utils.py#164
  [5] 
https://launchpadlibrarian.net/737789879/cinder_2%3A20.2.0-0ubuntu1.1_2%3A20.3.1-0ubuntu1.4.diff.gz

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[Marc Deslauriers]

** Changed in: cinder (Ubuntu Focal)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Information type changed from Public to Public Security

** Changed in: cinder (Ubuntu Jammy)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: cinder (Ubuntu Noble)
 Assignee: (unassigned) => Marc Deslauriers (mdeslaur)

** Changed in: cinder (Ubuntu Focal)
   Status: New => In Progress

** Changed in: cinder (Ubuntu Jammy)
   Status: Triaged => In Progress

** Changed in: cinder (Ubuntu Noble)
   Status: Triaged => In Progress

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

** Also affects: cinder (Ubuntu Focal)
   Importance: Undecided
   Status: New

** Also affects: cloud-archive
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/caracal
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/yoga
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/bobcat
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/dalmation
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/antelope
   Importance: Undecided
   Status: New

** Also affects: cloud-archive/ussuri
   Importance: Undecided
   Status: New

** Changed in: cloud-archive
   Status: New => Invalid

** Changed in: cloud-archive/antelope
   Importance: Undecided => High

** Changed in: cloud-archive/antelope
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

This will impact noble as well as it has the older version of the patch.

** Changed in: cinder (Ubuntu Jammy)
   Status: New => Triaged

** Changed in: cinder (Ubuntu Noble)
   Status: New => Triaged

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 2085851] Re: Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep pieces

[James Page]

This is a regression as a result of the security fix for CVE-2024-32498
- the patch issued original was updated after the embargo lifted and
Ubuntu still has the older version of the patch.

** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2024-32498

** Also affects: cinder (Ubuntu Jammy)
   Importance: Undecided
   Status: New

** Also affects: cinder (Ubuntu Noble)
   Importance: Undecided
   Status: New

** Changed in: cinder (Ubuntu)
   Status: New => Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2085851

Title:
  Jammy package 2:20.3.1-0ubuntu1.4 is missing the upstream privsep
  pieces

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/cinder/+bug/2085851/+subscriptions


-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs