Debian Patches
Status for incus/6.0.4-2+deb13u2~bpo12+1
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 106c-GHSA-56mx-8g9f-5crf.patch | [PATCH] incusd/patches: Fix incorrect error check in permission patch | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-11-10 | ||
| 001-skip-TestConvertNetworkConfig.patch | lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. Since this is a very simple test, that didn’t actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u|g]id mappings, which is just too much effort for a small test.diff --git a/cmd/lxc-to-incus/main_migrate_test.go b/cmd/lxc-to-incus/main_migrate_test.go index 6fbff5fce..d3783b998 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 002-adjust-import-paths.patch | Adjust import paths to reflect Debian packagingdiff --git a/cmd/incusd/daemon.go b/cmd/incusd/daemon.go index ab4793aaf..475ac9e7b 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 005-cherry-pick-qemu-socket-cleanup.patch | [PATCH] incusd/instance/qemu: Clean leftover sockets on startup | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-04-08 | ||
| 006-cherry-pick-agent-mount-retry.patch | [PATCH] incus-agent: Retry mounts to avoid kernel races Closes #1881 |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-04-04 | ||
| 007-cherry-pick-usb-hotplug-fix.patch | [PATCH] incusd/devices: Don't require a serial number for USB hotplug Closes #1944 |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-04-18 | ||
| 050-revert-use-of-go-criu.patch | go-criu v6 isn't available in bookworm, so revert upstream commits 63eb82717a8ed0fe70e8b191e12d3be0c0319081 and f510fe6447690e14a9c6a91b802c60529e854ea7 to facilitate backportingdiff --git a/internal/migration/migrate.pb.go b/internal/migration/migrate.pb.go index 1d23fb295..08bf87f47 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 051-use-older-openfga-go-sdk.patch | Backporting newer versions of openfga-go-sdk would pull in a huge grpc dependency tree. This reverts upstream commit 061a5f8 so we can keep using the older version of openfga-go-sdk.diff --git a/internal/server/auth/driver_openfga.go b/internal/server/auth/driver_openfga.go index edbab835f..d001750b4 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 052-backport-sftp-removeall.patch | Backport the RemoveAll function from sftp package v1.13.6.diff --git a/cmd/incus/file.go b/cmd/incus/file.go index 7039c189a..70c6e2e3f 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 100-CVE-2025-54293.patch | [PATCH] incusd/instance_logs: Perform stricter path validation | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-07-17 | ||
| 101-CVE-2025-54287.patch | [PATCH 1/2] internal/util: Add recursion limit to RenderTemplate | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-07-18 | ||
| 102-CVE-2025-54288.patch | [PATCH] incusd/dev_incus: Add extra validation for monitor We shouldn't just rely on the process name but also make sure that it's running outside of the container as this is a unique characteristic of the real monitor process. |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-07-17 | ||
| 103-CVE-2025-54286.patch | [PATCH 1/2] [lxd-import] lxd/daemon: Validate browser fetch metadata if supplied to reject non-same-origin requests Imported from stable-5.0 (Apache 2.0 licensed) (cherry picked from commit 35ac3922d60763c24b1474459c4401f7c8ed619b) (cherry picked from commit 569b7d472b4fc1622579e0aed32dd445ba6f53d0) |
Thomas Parrott <thomas.parrott@canonical.com> | no | 2025-06-30 | ||
| 104-CVE-2025-54290_CVE-2025-54291.patch | [PATCH 1/2] incusd/images: Restrict public image listing to default project | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-07-18 | ||
| 105-CVE-2025-54289.patch | [PATCH 1/5] incusd/operations: Add IsSameRequestor | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-07-25 | ||
| 106a-GHSA-56mx-8g9f-5crf.patch | [PATCH] incusd/storage: Tighten storage pool volume permissions Closes #2641 |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-11-09 | ||
| 106b-GHSA-56mx-8g9f-5crf.patch | [PATCH] incusd/patches: Re-apply storage permissions on update | =?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-11-09 |
All known versions for source package 'incus'
- 6.17.0-1~exp1 (experimental)
- 6.0.5-6 (sid, forky)
- 6.0.4-2+deb13u2 (trixie-security, trixie-proposed-updates)
- 6.0.4-2+deb13u2~bpo12+1 (bookworm-backports)
- 6.0.4-2+deb13u1 (trixie)