Package: lxc / 1:2.0.7-2+deb9u2

Metadata

Package Version Patches format
lxc 1:2.0.7-2+deb9u2 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
0010 lxc debian root password.patch | (download)

templates/lxc-debian.in | 3 0 + 3 - 0 !
1 file changed, 3 deletions(-)

 [patch] do not set the root password in the debian template

closes #302

Signed-off-by: Evgeni Golov <evgeni@debian.org>

lxc 2.0 CVE 2017 5985 Ensure target netns is caller owned.patch | (download)

src/lxc/lxc_user_nic.c | 119 87 + 32 - 0 !
1 file changed, 87 insertions(+), 32 deletions(-)

 [patch] cve-2017-5985: ensure target netns is caller-owned

Before this commit, lxc-user-nic could potentially have been tricked into
operating on a network namespace over which the caller did not hold privilege.

This commit ensures that the caller is privileged over the network namespace by
temporarily dropping privilege.

Launchpad: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1654676
Reported-by: Jann Horn <jannh@google.com>
Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>

0003 lxc debian don t hardcode valid releases.patch | (download)

templates/lxc-debian.in | 13 7 + 6 - 0 !
1 file changed, 7 insertions(+), 6 deletions(-)

 lxc-debian: don't hardcode valid releases

This avoids the dance of updating the list of valid releases every time
Debian makes a new release.

It also fixes the following bug: even though lxc-debian will default to
creating containers of the latest stable by querying the archive, it
won't allow you to explicitly request `stable` because the current list
of valid releases don't include it.

Last, but not least, avoid hitting the mirror in the case the desired
release is one of the ones we know will always be there, i.e. stable,
testing, sid, and unstable.

Signed-off-by: Antonio Terceiro <terceiro@debian.org>


0004 lxc debian don t write C. locales to etc locale.gen.patch | (download)

templates/lxc-debian.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 lxc-debian: don't write c.* locales to /etc/locale.gen

Doing that confuses locale generation. lxc-ubuntu does the same check

Signed-off-by: Antonio Terceiro <terceiro@debian.org>

0005 debian Use iproute2 instead of iproute.patch | (download)

templates/lxc-debian.in | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 debian: use iproute2 instead of iproute
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64

VGhlIHBhY2thZ2UgaGFzIHByZXR0eSBtdWNoIGFsd2F5cyBiZWVuIGlwcm91dGUyIHdpdGggaXBy
b3V0ZSBiZWluZyBhbgphbGlhcyBmb3IgaXQsIHRoZSBhbGlhcyBpcyBub3cgZ29uZSBzbyB3ZSBu
ZWVkIHRvIHVzZSBpcHJvdXRlMi4KClNpZ25lZC1vZmYtYnk6IFN0w6lwaGFuZSBHcmFiZXIgPHN0
Z3JhYmVyQHVidW50dS5jb20+CkJhY2twb3J0LWJ5OiBBbnRvbmlvIFRlcmNlaXJvIDx0ZXJjZWly
b0BkZWJpYW4ub3JnPgo=