Debian Patches
Status for incus/7.0.0-5
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 001-skip-TestConvertNetworkConfig.patch | lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. Since this is a very simple test, that didn’t actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u|g]id mappings, which is just too much effort for a small test.diff --git a/cmd/lxc-to-incus/main_migrate_test.go b/cmd/lxc-to-incus/main_migrate_test.go index 6fbff5fce..d3783b998 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 002-adjust-import-paths.patch | Adjust import paths to reflect Debian packagingdiff --git a/cmd/incusd/daemon.go b/cmd/incusd/daemon.go index 1a88e6d4f..7c49e55a6 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 003-Compile-against-go-criu-v7.patch | Compile against go-criu v7 | Reinhard Tartler <siretart@tauware.de> | no | 2024-08-08 | ||
| 004-include-incusos-network-structs.patch | Incus now consumes the IncusOS network API and cli package. This causes a dependency loop, so extract the relevant structs needed by Incus.diff --git a/cmd/incus/admin_os.go b/cmd/incus/admin_os.go index 12a8baf06..35cb3385d 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 005-skip-flaky-tests.patch | Skip flaky tests that occasionally fail on slower architecturesdiff --git a/internal/server/endpoints/dev_incus_test.go b/internal/server/endpoints/dev_incus_test.go index 869bfcddd..1b070e17b 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 006-cherry-pick-initial-fixes.patch | [PATCH 1/3] incusd/instance/qemu: Fix version detection for qemu-kvm On systems using /usr/libexec/qemu-kvm, the QEMU version detection wasn't working, resulting in an assumption that the system was running an older QEMU than it did in practice. Closes #3302 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-04 | ||
| 007-cherry-pick-deprecated-qemu-flag.patch | incusd/instance/qemu: Remove deprecated QEMU flag zero-blocks has been deprecated since 9.1 and fully removed now |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-05 | ||
| 008-cherry-pick-update-go-yaml-v4-rc5.patch | global: Update for go-yaml/v4 rc5 | Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-10 | ||
| 009-fix-x509keypairleaf.patch | Debian's reliance on GO111MODULE=off is causing generation of a pfx client certificate to crash. Set the x509keypairleaf GODEBUG environment variable to use modern behavior.diff --git a/cmd/incus/main.go b/cmd/incus/main.go index 26d1fb4e6..fff211f30 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 100-CVE-2026-47753.patch | incusd/storage: Fix unsafe access to backup data This addresses CVE-2026-47753 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-20 | ||
| 101-CVE-2026-48753.patch | incusd/storage/s3: Confine multipart uploads with os.Root This addresses CVE-2026-48753 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-28 | ||
| 102-CVE-2026-48754.patch | incusd/storage: Guard nil fields in createDependentVolumesFromBackup This addresses CVE-2026-48754 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-28 | ||
| 103-CVE-2026-48756.patch | incusd/storage: Guard nil ExpiresAt in CreateCustomVolumeFromBackup This addresses CVE-2026-48756 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-05-28 | ||
| 104-CVE-2026-48749.patch | [PATCH 1/8] incusd: Reject rootfs symlink for instances This addresses CVE-2026-48749 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 105-CVE-2026-48750.patch | [PATCH 2/8] incusd/exec: Reject exec-output symlink This addresses CVE-2026-48750 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 106-CVE-2026-48751.patch | [PATCH 3/8] incusd/instance: Enforce project restrictions on snapshot restore This addresses CVE-2026-48751 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 107-CVE-2026-48752.patch | [PATCH 4/8] incusd/instance: Confine template access to instance root This addresses CVE-2026-48752 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 108-CVE-2026-48755.patch | [PATCH 5/8] shared/validate: Reject compression algorithm arguments This addresses CVE-2026-48755 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 109-CVE-2026-48769.patch | [PATCH 6/8] incusd/images: Validate fingerprint on direct download This addresses CVE-2026-48769 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 110-CVE-2026-55621.patch | [PATCH 7/8] incusd/storage: Check source volume access on copy This addresses CVE-2026-55621 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 | ||
| 111-CVE-2026-55622.patch | [PATCH 8/8] incusd/instances: Check source instance access on copy This addresses CVE-2026-55622 |
Stéphane Graber <stgraber@stgraber.org> | no | 2026-06-22 |
All known versions for source package 'incus'
- 7.2.0-1~exp1 (experimental)
- 7.0.0-5 (sid)
- 7.0.0-3 (forky)
- 7.0.0-2~bpo13+1 (trixie-backports)
- 6.0.4-2+deb13u8 (trixie-security)
- 6.0.4-2+deb13u7 (trixie)
- 6.0.4-2+deb13u7~bpo12+1 (bookworm-backports)