sysvinit/debian/cloud-config | 4 2 + 2 - 0 !
sysvinit/debian/cloud-final | 2 1 + 1 - 0 !
sysvinit/debian/cloud-init-local | 2 1 + 1 - 0 !
3 files changed, 4 insertions(+), 4 deletions(-)

 fix sysv-init dependencies.

systemd/cloud-init.service.tmpl | 1 1 + 0 - 0 !
1 file changed, 1 insertion(+)

 cloud-init before chronyd

Bug-Debian: https://bugs.debian.org/910801

tools/read-version | 45 3 + 42 - 0 !
1 file changed, 3 insertions(+), 42 deletions(-)

 drop all unused extended version handling

tools/Z99-cloud-locale-test.sh | 36 4 + 32 - 0 !
1 file changed, 4 insertions(+), 32 deletions(-)

 fix message when a local is missing.

cloudinit/config/cc_apt_configure.py | 22 21 + 1 - 0 !
cloudinit/config/schemas/schema-cloud-config-v1.json | 5 5 + 0 - 0 !
tests/unittests/config/test_apt_configure_mirrorlists_v3.py | 68 68 + 0 - 0 !
3 files changed, 94 insertions(+), 1 deletion(-)

 [patch] config: support apt automated mirror selection

cloudinit/net/networkd.py | 51 45 + 6 - 0 !
tests/unittests/net/test_networkd.py | 57 56 + 1 - 0 !
2 files changed, 101 insertions(+), 7 deletions(-)

 [patch] networkd: add support for multiple [route] sections (#1868)

Networkd supports multiple [Route] sections within the same file.
Currently all [Route] section tags are squashed into one and if there
is a default gateway it means defining a device route is not possible
as the target is set to the default gateway.

This patch adds support for multiple [Route] sections allowing us to
support device routes. This is done by tracking each route in the route
list individually and ensuring the key-value pairs are maintained within
their respective [Route] section. This both maintains backwards
compatibility with previous behavior and allows the specification of
routes with no destination IP, causing the destination to be added with
a device target.

tests/unittests/test_ds_identify.py | 13 6 + 7 - 0 !
tools/ds-identify | 8 4 + 4 - 0 !
2 files changed, 10 insertions(+), 11 deletions(-)

 [patch] fix: don't attempt to identify non-x86 openstack instances

This causes cloud-init to attempt to reach out to the OpenStack Nova
datasource in non-Nova deployments on non-x86 architectures.

Change default policy of ds-identify to disallow discovery of datasources
without strict identifiable artifacts in either kernel cmdline, DMI
platform information or system configuration files. This prevents
cloud-init from attempting to reach out to well-known hard-codded link-local
IP addresses for configuration information unless the platform strictly
identifies as a specific datasource.

CVE-2024-6174
LP: #2069607
BREAKING_CHANGE: This may break non-x86 OpenStack Nova users. Affected users
    may wish to use ConfigDrive as a workaround.

cloudinit/cmd/devel/logs.py | 4 1 + 3 - 0 !
systemd/cloud-init-hotplugd.service | 5 3 + 2 - 0 !
systemd/cloud-init-hotplugd.socket | 8 5 + 3 - 0 !
tools/hook-hotplug | 2 1 + 1 - 0 !
4 files changed, 10 insertions(+), 9 deletions(-)

 [patch] fix: make hotplug socket writable only by root (#25)

The 'hook-hotplug-cmd' was writable by all users, allowing any user
to trigger the hotplug hook script. This script should only be run
by root via a udev trigger.

Also move socket into 'share' directory and update references
accordingly. Since the 'share' directory is only readable by root,
this adds another layer of security while also being in a consistent
location with the other sockets used by cloud-init.

CVE-2024-11584

[backported to 22.4.2 by noahm@debian.org]