Debian Patches

Status for lxd/5.0.2+git20231211.1364ae4-9+deb13u1

Patch	Description	Author	Forwarded	Bugs	Origin	Last update
001-skip-TestConvertNetworkConfig.patch	lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. Since this is a very simple test, that didn’t actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u\|g]id mappings, which is just too much effort for a small test.diff --git a/lxc-to-lxd/main_migrate_test.go b/lxc-to-lxd/main_migrate_test.go index 0b85e4bc5..adda1096d 100644	Mathias Gibbens <gibmat@debian.org>	not-needed
003-adjust-import-paths.patch	Adjust import paths to reflect Debian packagingdiff --git a/lxc-to-lxd/main_migrate.go b/lxc-to-lxd/main_migrate.go index 957ef8180..95a264e8f 100644	Mathias Gibbens <gibmat@debian.org>	not-needed
004-fix-qemu-detection.patch	Fix QEMU detectiondiff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..fadcca84e 100644	Mathias Gibbens <gibmat@debian.org>	invalid
005-fix-qemu-apparmor.patch	Fix apparmor profile generation for QEMU instances (copied from Incus)diff --git a/lxd/apparmor/instance_qemu.go b/lxd/apparmor/instance_qemu.go index 8f483a0b8..a52986e67 100644	Mathias Gibbens <gibmat@debian.org>	invalid
006-oidc-v3.patch	Updates for building with zitadel/oidc/v3, taken from https://github.com/lxc/incus/pull/674diff --git a/client/connection.go b/client/connection.go index c2f6d7387..a2d2301d6 100644	Mathias Gibbens <gibmat@debian.org>	invalid
007-update-image-server-url.patch	Update various references of the Linux Containers image server to Canonical's image server. Based on upstream PRs 12748, 13208, and 13247.diff --git a/doc/cloud-init.md b/doc/cloud-init.md index bbaead9c6..62429a130 100644	Mathias Gibbens <gibmat@debian.org>	not-needed
008-Build-against-go-criu-v7.patch	Build against go-criu v7	Reinhard Tartler <siretart@tauware.de>	no			2024-08-08
009-skip-flaky-tests.patch	Skip a couple of flaky testsdiff --git a/lxd/api_cluster_test.go b/lxd/api_cluster_test.go index 953d34349..8c81519df 100644	Mathias Gibbens <gibmat@debian.org>	yes
010-cherry-pick-update-test-cert.patch	[PATCH] test/deps: switch to ecdsa certificate	Simon Deziel <simon.deziel@canonical.com>	no			2023-10-26
011-newer-qemu-fixes.patch	Fix creation of VMs with newer versions of QEMU (ported from Incus)diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..3b557ff9f 100644	https://github.com/lxc/incus/pull/1196, https://github.com/lxc/incus/pull/1531, and https://github.com/lxc/incus/pull/1871	no
012-fix-issues-with-old-nvram.patch	Fix issues with old NVRAM (ported from Incus)diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..d73ba9594 100644	https://github.com/lxc/incus/commit/7f63ae9a9fd3b083a8148a69094abdd1c07111e9	no
100-CVE-2025-54293.patch	Backport fix for CVE-2025-54293. Note that the function validExecOutputFileName doesn't appear to exist in the 5.0-stable branch.diff --git a/lxd/instance_logs.go b/lxd/instance_logs.go index 4c45416ff..c6b5039d8 100644	Mathias Gibbens <gibmat@debian.org>	no		https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h
101-CVE-2025-54287.patch	[PATCH] shared/util: block some pongo2 functions in templates (cherry picked from commit a31f4534876e4f898db76a9938cc37f76b24ecd2)	Simon Deziel <simon.deziel@canonical.com>	no			2025-06-25
102-CVE-2025-54288.patch	Backport fix for CVE-2025-54288 from Incus. The relevant commit in the 5.21-stable branch fixing the issue includes a lot of irrelevant refactoring, making a clean cherry-pick impossible.diff --git a/lxd/devlxd.go b/lxd/devlxd.go index b7ddff3fc..05230ee7f 100644	Mathias Gibbens <gibmat@debian.org>	no		https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525
103a-CVE-2025-54286.patch	[PATCH 1/2] lxd/daemon: Validate browser fetch metadata if supplied to reject non-same-origin requests (cherry picked from commit 35ac3922d60763c24b1474459c4401f7c8ed619b) (cherry picked from commit 569b7d472b4fc1622579e0aed32dd445ba6f53d0)	Thomas Parrott <thomas.parrott@canonical.com>	no			2025-06-30
103b-CVE-2025-54286.patch	[PATCH 1/3] lxd/daemon: Check for cross-site rather than invalid cross-origin Sec-Fetch-Site header value	Thomas Parrott <thomas.parrott@canonical.com>	no			2025-07-04

All known versions for source package 'lxd'

5.0.2+git20231211.1364ae4-9+deb13u2 (trixie-proposed-updates)
5.0.2+git20231211.1364ae4-9+deb13u1 (trixie, trixie-security)
5.0.2-5+deb12u2 (bookworm-proposed-updates, bookworm-security)
5.0.2-5 (bookworm)

Links