Package: ironic / 1:29.0.0-7
Metadata
| Package | Version | Patches format |
|---|---|---|
| ironic | 1:29.0.0-7 | 3.0 (quilt) |
Patch series
view the series file| Patch | File delta | Description |
|---|---|---|
| adds alembic.ini in MANIFEST.in.patch | (download) |
MANIFEST.in |
1 1 + 0 - 0 ! |
fixes manifest.in so that alembic.ini is packaged |
| fix initial_grub_cfg.template.patch | (download) |
ironic/drivers/modules/initial_grub_cfg.template |
2 1 + 1 - 0 ! |
fix initial_grub_cfg.template The default grub.cfg happen /srv/tftp, but tftp-hpa is, in Debian, already doing a chroot in there. |
| do not print.patch | (download) |
ironic/tests/unit/api/base.py |
5 3 + 2 - 0 ! |
do not print Without this patch, we're getting: . File "/<<PKGBUILDDIR>>/ironic/tests/unit/api/base.py", line 115, in _request_json print(method.upper(), full_path, "WITH", params, "GOT", str(response)) BlockingIOError: [Errno 11] write could not complete without blocking . about 60 times (not always the same number of times...). |
| CVE 2025 44021_OSSA 2025 001_Disallow+unsafe_image_file_paths.patch | (download) |
doc/source/install/standalone/enrollment.rst |
17 12 + 5 - 0 ! |
cve-2025-44021 / ossa-2025-001: disallow unsafe image file:// paths Before this change, Ironic did not filter file:// paths when used as an image source except to ensure they were a file (and not, e.g. a character device). This is problematic from a security perspective because you could end up with config files from well-known paths being written to disk on a node. . The allowlist default list is huge, but it includes all known usages of file:// URLs across Bifrost, Ironic, Metal3, and OpenShift in both CI and default configuration. . For the backportable version of this patch for stable branches, we have omitted the unconditional block of system paths in order to permit operators using those branches to fully disable the new security functionality. Generated-by: Jetbrains Junie Bug: https://launchpad.net/bugs/2107847 Bug-Debian: https://bugs.debian.org/1104964 |