Debian Patches
Status for lxd/5.0.2-5+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| 001-skip-TestConvertNetworkConfig.patch | lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. Since this is a very simple test, that didn’t actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u|g]id mappings, which is just too much effort for a small test.diff --git a/lxc-to-lxd/main_migrate_test.go b/lxc-to-lxd/main_migrate_test.go index 0b85e4bc5..adda1096d 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 003-adjust-import-paths.patch | Adjust import paths to reflect Debian packagingdiff --git a/lxc-to-lxd/main_migrate.go b/lxc-to-lxd/main_migrate.go index 3412b2b5d..bfcde4059 100644 |
Mathias Gibbens <gibmat@debian.org> | not-needed | |||
| 004-revert-use-of-go-criu.patch | go-criu v6 isn't available in Debian yet, so revert upstream commit 63eb82717a8ed0fe70e8b191e12d3be0c0319081 for the time beingdiff --git a/go.mod b/go.mod index 28120a92d..efdcbe962 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 005-add-mips-aliases.patch | Add mipsle and mips64le architecture aliasesdiff --git a/shared/osarch/architectures.go b/shared/osarch/architectures.go index 14b9c5fc6..799c28646 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 006-cherry-pick-btrfs-fix.patch | [PATCH] lxd/storage/drivers/driver/btrfs/utils: Only check for minimum number of columns in `btrfs qgroup show` command Previously we expected 4 columns, but in btrfs-progs >= 6.0 this has changed to 5 columns. E.g. in Jammy btrfs-progs v5.16.2: ``` sudo btrfs qgroup show /var/lib/lxd/storage-pools/btrfs qgroupid rfer excl |
Thomas Parrott <thomas.parrott@canonical.com> | no | https://github.com/lxc/lxd/pull/11333 | 2023-02-07 | |
| 007-cherry-pick-qemu-fix.patch | Cherry-pick upstream fix for qemu >= 7.2, rebase, and drop SEV features not in current LTS releasediff --git a/lxd/instance/drivers/driver_qemu.go b/lxd/instance/drivers/driver_qemu.go index 9dcdd9da7..08211b034 100644 |
Mathias Gibbens <gibmat@debian.org> | no | https://github.com/lxc/lxd/pull/11594 | ||
| 009-skip-flaky-tests.patch | Skip a couple of flaky testsdiff --git a/lxd/api_cluster_test.go b/lxd/api_cluster_test.go index 953d34349..8c81519df 100644 |
Mathias Gibbens <gibmat@debian.org> | yes | |||
| 100-CVE-2025-54293.patch | Backport fix for CVE-2025-54293. Note that the function validExecOutputFileName doesn't appear to exist in the 5.0-stable branch.diff --git a/lxd/instance_logs.go b/lxd/instance_logs.go index 4c45416ff..c6b5039d8 100644 |
Mathias Gibbens <gibmat@debian.org> | no | https://github.com/canonical/lxd/security/advisories/GHSA-472f-vmf2-pr3h | ||
| 101-CVE-2025-54287.patch | [PATCH] shared/util: block some pongo2 functions in templates (cherry picked from commit a31f4534876e4f898db76a9938cc37f76b24ecd2) |
Simon Deziel <simon.deziel@canonical.com> | no | 2025-06-25 | ||
| 102-CVE-2025-54288.patch | Backport fix for CVE-2025-54288 from Incus. The relevant commit in the 5.21-stable branch fixing the issue includes a lot of irrelevant refactoring, making a clean cherry-pick impossible.diff --git a/lxd/devlxd.go b/lxd/devlxd.go index d6e90eecd..666560902 100644 |
Mathias Gibbens <gibmat@debian.org> | no | https://github.com/canonical/lxd/security/advisories/GHSA-7232-97c6-j525 | ||
| 103a-CVE-2025-54286.patch | [PATCH 1/2] lxd/daemon: Validate browser fetch metadata if supplied to reject non-same-origin requests (cherry picked from commit 35ac3922d60763c24b1474459c4401f7c8ed619b) (cherry picked from commit 569b7d472b4fc1622579e0aed32dd445ba6f53d0) |
Thomas Parrott <thomas.parrott@canonical.com> | no | 2025-06-30 | ||
| 103b-CVE-2025-54286.patch | [PATCH 1/3] lxd/daemon: Check for cross-site rather than invalid cross-origin Sec-Fetch-Site header value | Thomas Parrott <thomas.parrott@canonical.com> | no | 2025-07-04 | ||
| 104-GHSA-56mx-8g9f-5crf.patch | [PATCH 1/5] lxd/storage: Tighten storage pool volume permissions Related to https://github.com/lxc/incus/issues/2641 (cherry picked from commit b0c6c0bac42c6ac27d536984cc043a6ec02b9e7c) (cherry picked from commit 7598d5ab710e05829c7bc4a6e30106a022f376c1) (cherry picked from commit 049d86def7c26e8736bb991e4223ec89dab0b05e) |
=?UTF-8?q?St=C3=A9phane=20Graber?= <stgraber@stgraber.org> | no | 2025-11-09 |
All known versions for source package 'lxd'
- 5.0.2+git20231211.1364ae4-9+deb13u2 (trixie-proposed-updates)
- 5.0.2+git20231211.1364ae4-9+deb13u1 (trixie, trixie-security)
- 5.0.2-5+deb12u2 (bookworm-proposed-updates, bookworm-security)
- 5.0.2-5 (bookworm)