Debian Patches
Status for lxd/5.0.2+git20231211.1364ae4-9+deb13u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 102-CVE-2025-54288.patch | Backport fix for CVE-2025-54288 from Incus. The relevant commit in the 5.21-stable branch fixing the issue includes a lot of irrelevant refactoring, making a clean cherry-pick impossible.diff --git a/lxd/devlxd.go b/lxd/devlxd.go index b7ddff3fc..05230ee7f 100644 |
Mathias Gibbens <gibmat@debian.org> | no | https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525 | ||
| 103a-CVE-2025-54286.patch | [PATCH 1/2] lxd/daemon: Validate browser fetch metadata if supplied to reject non-same-origin requests (cherry picked from commit 35ac3922d60763c24b1474459c4401f7c8ed619b) (cherry picked from commit 569b7d472b4fc1622579e0aed32dd445ba6f53d0) |
Thomas Parrott <thomas.parrott@canonical.com> | no | 2025-06-30 | ||
| 103b-CVE-2025-54286.patch | [PATCH 1/3] lxd/daemon: Check for cross-site rather than invalid cross-origin Sec-Fetch-Site header value | Thomas Parrott <thomas.parrott@canonical.com> | no | 2025-07-04 | ||
| 012-fix-issues-with-old-nvram.patch | Fix issues with old NVRAM (ported from Incus)diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..d73ba9594 100644 |
https://github.com/lxc/incus/commit/7f63ae9a9fd3b083a8148a69094abdd1c07111e9 | no | |||
| 013-cherry-pick-fix-idmapping.patch | [PATCH] shared/idmap: Make get_userns_fd configure the userns (cherry picked from commit ec223f75e7056f271fb84be56980243cd68e67b3) |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2024-05-22 | ||
| 100-CVE-2025-54293.patch | Backport fix for CVE-2025-54293. Note that the function validExecOutputFileName doesn't appear to exist in the 5.0-stable branch.diff --git a/lxd/instance_logs.go b/lxd/instance_logs.go index 4c45416ff..c6b5039d8 100644 |
Mathias Gibbens <gibmat@debian.org> | no | https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h | ||
| 101-CVE-2025-54287.patch | [PATCH] shared/util: block some pongo2 functions in templates (cherry picked from commit a31f4534876e4f898db76a9938cc37f76b24ecd2) |
Simon Deziel <simon.deziel@canonical.com> | no | 2025-06-25 | ||
| 001-skip-TestConvertNetworkConfig.patch | lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. Since this is a very simple test, that didn’t actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u|g]id mappings, which is just too much effort for a small test.diff --git a/lxc-to-lxd/main_migrate_test.go b/lxc-to-lxd/main_migrate_test.go index 0b85e4bc5..adda1096d 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 003-adjust-import-paths.patch | Adjust import paths to reflect Debian packagingdiff --git a/lxc-to-lxd/main_migrate.go b/lxc-to-lxd/main_migrate.go index 957ef8180..95a264e8f 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 004-fix-qemu-detection.patch | Fix QEMU detectiondiff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..fadcca84e 100644 |
Mathias Gibbens <gibmat@debian.org> | invalid | |||
| 005-fix-qemu-apparmor.patch | Fix apparmor profile generation for QEMU instances (copied from Incus)diff --git a/lxd/apparmor/instance_qemu.go b/lxd/apparmor/instance_qemu.go index 8f483a0b8..a52986e67 100644 |
Mathias Gibbens <gibmat@debian.org> | invalid | |||
| 006-oidc-v3.patch | Updates for building with zitadel/oidc/v3, taken from https://github.com/lxc/incus/pull/674diff --git a/client/connection.go b/client/connection.go index c2f6d7387..a2d2301d6 100644 |
Mathias Gibbens <gibmat@debian.org> | invalid | |||
| 007-update-image-server-url.patch | Update various references of the Linux Containers image server to Canonical's image server. Based on upstream PRs 12748, 13208, and 13247.diff --git a/doc/cloud-init.md b/doc/cloud-init.md index bbaead9c6..62429a130 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 008-Build-against-go-criu-v7.patch | Build against go-criu v7 | Reinhard Tartler <siretart@tauware.de> | no | 2024-08-08 | ||
| 009-skip-flaky-tests.patch | Skip a couple of flaky testsdiff --git a/lxd/api_cluster_test.go b/lxd/api_cluster_test.go index 953d34349..8c81519df 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 010-cherry-pick-update-test-cert.patch | [PATCH] test/deps: switch to ecdsa certificate | Simon Deziel <simon.deziel@canonical.com> | no | 2023-10-26 | ||
| 011-newer-qemu-fixes.patch | Fix creation of VMs with newer versions of QEMU (ported from Incus)diff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 8f19feb95..3b557ff9f 100644 |
https://github.com/lxc/incus/pull/1196, https://github.com/lxc/incus/pull/1531, and https://github.com/lxc/incus/pull/1871 | no | |||
| 104-GHSA-56mx-8g9f-5crf.patch | [PATCH 1/5] lxd/storage: Tighten storage pool volume permissions Related to https://github.com/lxc/incus/issues/2641 (cherry picked from commit b0c6c0bac42c6ac27d536984cc043a6ec02b9e7c) (cherry picked from commit 7598d5ab710e05829c7bc4a6e30106a022f376c1) (cherry picked from commit 049d86def7c26e8736bb991e4223ec89dab0b05e) |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-11-09 |
All known versions for source package 'lxd'
- 5.0.2+git20231211.1364ae4-9+deb13u2 (trixie-proposed-updates)
- 5.0.2+git20231211.1364ae4-9+deb13u1 (trixie, trixie-security)
- 5.0.2-5+deb12u2 (bookworm-proposed-updates, bookworm-security)
- 5.0.2-5 (bookworm)