Package: lxd | Debian Sources

Package: lxd / 5.0.2+git20231211.1364ae4-9+deb13u1

Metadata

Package	Version	Patches format
lxd	5.0.2+git20231211.1364ae4-9+deb13u1	3.0 (quilt)

Patch series

view the series file

Patch	File delta	Description
001 skip TestConvertNetworkConfig.patch \| (download)	lxc-to-lxd/main_migrate_test.go \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	lxc prior to version 4.0.12 had a logic bug in do_lxcapi_create() that returned success in error conditions. since this is a very simple test, that didnt actually matter, but now to properly pass would require the setting up of a user-specific lxc configuration and sub[u\|g]id mappings, which is just too much effort for a small test.
003 adjust import paths.patch \| (download)	lxc-to-lxd/main_migrate.go \| 2 1 + 1 - 0 ! lxc-to-lxd/main_migrate_test.go \| 2 1 + 1 - 0 ! lxc-to-lxd/network.go \| 2 1 + 1 - 0 ! lxd/daemon.go \| 2 1 + 1 - 0 ! lxd/device/proxy.go \| 2 1 + 1 - 0 ! lxd/instance/drivers/driver_lxc.go \| 2 1 + 1 - 0 ! lxd/instance/instance_interface.go \| 2 1 + 1 - 0 ! lxd/instance/instance_utils.go \| 2 1 + 1 - 0 ! lxd/instance_console.go \| 2 1 + 1 - 0 ! lxd/main_forkconsole.go \| 2 1 + 1 - 0 ! lxd/main_forkmigrate.go \| 2 1 + 1 - 0 ! lxd/main_forkstart.go \| 2 1 + 1 - 0 ! lxd/seccomp/seccomp.go \| 2 1 + 1 - 0 ! 13 files changed, 13 insertions(+), 13 deletions(-)	adjust import paths to reflect debian packaging
004 fix qemu detection.patch \| (download)	lxd/instance/drivers/driver_qemu.go \| 24 23 + 1 - 0 ! 1 file changed, 23 insertions(+), 1 deletion(-)	fix qemu detection
005 fix qemu apparmor.patch \| (download)	lxd/apparmor/instance_qemu.go \| 3 1 + 2 - 0 ! 1 file changed, 1 insertion(+), 2 deletions(-)	fix apparmor profile generation for qemu instances (copied from incus)
006 oidc v3.patch \| (download)	client/connection.go \| 2 1 + 1 - 0 ! client/lxd_oidc.go \| 12 6 + 6 - 0 ! 2 files changed, 7 insertions(+), 7 deletions(-)	updates for building with zitadel/oidc/v3, taken from https://github.com/lxc/incus/pull/674
007 update image server url.patch \| (download)	doc/cloud-init.md \| 7 2 + 5 - 0 ! doc/external_resources.md \| 2 1 + 1 - 0 ! doc/howto/benchmark_performance.md \| 4 2 + 2 - 0 ! doc/howto/images_remote.md \| 2 1 + 1 - 0 ! doc/metadata.yaml \| 2 1 + 1 - 0 ! doc/reference/remote_image_servers.md \| 6 0 + 6 - 0 ! doc/rest-api.yaml \| 6 3 + 3 - 0 ! lxc/config/default.go \| 6 3 + 3 - 0 ! lxc/config/file.go \| 11 0 + 11 - 0 ! lxd-benchmark/main.go \| 4 2 + 2 - 0 ! lxd/instance_instance_types.go \| 2 1 + 1 - 0 ! shared/api/image.go \| 2 1 + 1 - 0 ! shared/api/instance.go \| 2 1 + 1 - 0 ! shared/simplestreams/products.go \| 4 2 + 2 - 0 ! shared/util_test.go \| 6 3 + 3 - 0 ! 15 files changed, 23 insertions(+), 43 deletions(-)	update various references of the linux containers image server to canonical's image server. based on upstream prs 12748, 13208, and 13247.
008 Build against go criu v7.patch \| (download)	lxd/instance/drivers/driver_lxc.go \| 2 1 + 1 - 0 ! 1 file changed, 1 insertion(+), 1 deletion(-)	build against go-criu v7
009 skip flaky tests.patch \| (download)	lxd/api_cluster_test.go \| 2 2 + 0 - 0 ! 1 file changed, 2 insertions(+)	skip a couple of flaky tests
010 cherry pick update test cert.patch \| (download)	test/deps/server.crt \| 43 11 + 32 - 0 ! test/deps/server.key \| 57 6 + 51 - 0 ! 2 files changed, 17 insertions(+), 83 deletions(-)	[patch] test/deps: switch to ecdsa certificate Signed-off-by: Simon Deziel <simon.deziel@canonical.com>
011 newer qemu fixes.patch \| (download)	lxd/instance/drivers/driver_qemu.go \| 62 36 + 26 - 0 ! lxd/instance/drivers/qmp/commands.go \| 6 3 + 3 - 0 ! 2 files changed, 39 insertions(+), 29 deletions(-)	fix creation of vms with newer versions of qemu (ported from incus)
012 fix issues with old nvram.patch \| (download)	lxd/instance/drivers/driver_qemu.go \| 18 13 + 5 - 0 ! 1 file changed, 13 insertions(+), 5 deletions(-)	fix issues with old nvram (ported from incus)
100 CVE 2025 54293.patch \| (download)	lxd/instance_logs.go \| 4 4 + 0 - 0 ! shared/util.go \| 5 5 + 0 - 0 ! 2 files changed, 9 insertions(+)	backport fix for cve-2025-54293. note that the function validexecoutputfilename doesn't appear to exist in the 5.0-stable branch.
101 CVE 2025 54287.patch \| (download)	shared/util.go \| 13 12 + 1 - 0 ! 1 file changed, 12 insertions(+), 1 deletion(-)	[patch] shared/util: block some pongo2 functions in templates Signed-off-by: Simon Deziel <simon.deziel@canonical.com> (cherry picked from commit a31f4534876e4f898db76a9938cc37f76b24ecd2)
102 CVE 2025 54288.patch \| (download)	lxd/devlxd.go \| 12 6 + 6 - 0 ! 1 file changed, 6 insertions(+), 6 deletions(-)	backport fix for cve-2025-54288 from incus. the relevant commit in the 5.21-stable branch fixing the issue includes a lot of irrelevant refactoring, making a clean cherry-pick impossible.
103a CVE 2025 54286.patch \| (download)	lxd/daemon.go \| 6 6 + 0 - 0 ! test/suites/serverconfig.sh \| 5 5 + 0 - 0 ! 2 files changed, 11 insertions(+)	[patch 1/2] lxd/daemon: validate browser fetch metadata if supplied to reject non-same-origin requests Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com> (cherry picked from commit 35ac3922d60763c24b1474459c4401f7c8ed619b) (cherry picked from commit 569b7d472b4fc1622579e0aed32dd445ba6f53d0)
103b CVE 2025 54286.patch \| (download)	lxd/daemon.go \| 9 6 + 3 - 0 ! test/suites/serverconfig.sh \| 2 1 + 1 - 0 ! 2 files changed, 7 insertions(+), 4 deletions(-)	[patch 1/3] lxd/daemon: check for cross-site rather than invalid cross-origin Sec-Fetch-Site header value Signed-off-by: Thomas Parrott <thomas.parrott@canonical.com>

1