Package: release.debian.org Severity: normal Tags: bookworm User: release.debian....@packages.debian.org Usertags: pu X-Debbugs-Cc: pkg-lxc-de...@lists.alioth.debian.org, gib...@debian.org Control: affects -1 + src:lxc
[ Reason ] The version of lxc in bookworm segfaults when attempting to use a shared host rootfs. Originally reported against lxc in sid as bug #1085241, I have verified the issue is also present in bookworm. The fix was included in the lxc 6.0.3 release, which has recently migrated to testing. The relevant commit applies cleanly to lxc 5.0.2. [ Impact ] The version of lxc currently in bookworm will unexpectedly segfault if configured to use a shared rootfs. [ Tests ] This issue was fixed in lxc 6.0.3. I have verified that lxc no longer segfaults in bookworm with this fix applied. [ Risks ] Minor/none -- a missing check was added which will prevent null pointer dereferencing. [ Checklist ] [*] *all* changes are documented in the d/changelog [*] I reviewed all changes and I approve them [*] attach debdiff against the package in (old)stable [*] the issue is verified as fixed in unstable [ Changes ] Cherry-pick upstream commit d5c2d1efff92b2b992f10b29bd459a4b07875025, which was included in the lxc 6.0.3 release. [ Other info ] The source debdiff is attached.
diff -Nru lxc-5.0.2/debian/changelog lxc-5.0.2/debian/changelog --- lxc-5.0.2/debian/changelog 2023-11-30 01:17:33.000000000 +0000 +++ lxc-5.0.2/debian/changelog 2024-12-22 18:35:15.000000000 +0000 @@ -1,3 +1,10 @@ +lxc (1:5.0.2-1+deb12u3) bookworm; urgency=medium + + * Cherry-pick upstream fix for null pointer dereference when using a shared + rootfs (See #1085241) + + -- Mathias Gibbens <gib...@debian.org> Sun, 22 Dec 2024 18:35:15 +0000 + lxc (1:5.0.2-1+deb12u2) bookworm; urgency=medium * Cherry-pick upstream fix for creating ephemeral copies (See #1001713) diff -Nru lxc-5.0.2/debian/patches/0102-cherry-pick-fix-null-pointer-dereference.patch lxc-5.0.2/debian/patches/0102-cherry-pick-fix-null-pointer-dereference.patch --- lxc-5.0.2/debian/patches/0102-cherry-pick-fix-null-pointer-dereference.patch 1970-01-01 00:00:00.000000000 +0000 +++ lxc-5.0.2/debian/patches/0102-cherry-pick-fix-null-pointer-dereference.patch 2024-12-20 03:27:46.000000000 +0000 @@ -0,0 +1,27 @@ +From d5c2d1efff92b2b992f10b29bd459a4b07875025 Mon Sep 17 00:00:00 2001 +From: Steven Galgano <sgalg...@adjacentlink.com> +Date: Mon, 14 Oct 2024 15:16:36 -0400 +Subject: [PATCH] Avoid null pointer dereference when using shared rootfs. + rootfs->storage not set by lxc_storage_prepare when using a shared rootfs. + +Fixes: https://github.com/lxc/lxc/issues/4476 +Signed-off-by: Steven Galgano <sgalg...@adjacentlink.com> +--- + src/lxc/conf.c | 4 ++++ + 1 file changed, 4 insertions(+) + +diff --git a/src/lxc/conf.c b/src/lxc/conf.c +index 4b46d24bfe..6a14c60360 100644 +--- a/src/lxc/conf.c ++++ b/src/lxc/conf.c +@@ -341,6 +341,10 @@ int lxc_rootfs_init(struct lxc_conf *conf, bool userns) + ret = lxc_storage_prepare(conf); + if (ret) + return syserror_set(-EINVAL, "Failed to prepare rootfs storage"); ++ ++ if (!rootfs->storage) ++ return log_trace(0, "Not pinning because container does not have storage"); ++ + type = rootfs->storage->type; + + if (!type) diff -Nru lxc-5.0.2/debian/patches/series lxc-5.0.2/debian/patches/series --- lxc-5.0.2/debian/patches/series 2023-11-30 01:17:33.000000000 +0000 +++ lxc-5.0.2/debian/patches/series 2024-12-22 18:33:00.000000000 +0000 @@ -3,3 +3,4 @@ 0004-nesting-Extend-mount-permissions-in-apparmor-to-allo.patch 0100-fix-nftables-ipv6.patch 0101-cherry-pick-fix-ephemeral-copies.patch +0102-cherry-pick-fix-null-pointer-dereference.patch
signature.asc
Description: This is a digitally signed message part
