Re: [meta-virtualization] [PATCH] ceph: update to 15.2.12 to address CVEs - IGNORE

From: "Randy MacLeod" <randy.macleod@windriver.com>
To: meta-virtualization@lists.yoctoproject.org
Subject: Re: [meta-virtualization] [PATCH] ceph: update to 15.2.12 to address CVEs - IGNORE
Date: Fri, 21 May 2021 13:30:15 -0400	[thread overview]
Message-ID: <e3d34207-4fa9-2b4a-0ac6-cd837bac2b32@windriver.com> (raw)
In-Reply-To: <20210521170109.1538167-1-saul.wold@windriver.com>

On 2021-05-21 1:01 p.m., Saul Wold wrote:
> Updated sha*
> 
> Fixes: CVE-2021-3509
> Fixes: CVE-2021-3524
> Fixes: CVE-2021-3531

Thanks for the test email Saul.

We have a new email filter so we're trying to confirm that the mangling
that we saw yesterday is fixed:

> 
> Signed-off-by: Saul Wold <saul.wold@windriver.com>

> ---

Today I see:

>   .../ceph/{ceph_15.2.9.bb => ceph_15.2.12.bb}             | 9 ++++-----

Whereas yesterday in my mangled version, this would show up as:

.../ceph/{https://urldefense.com/v3/__http://ceph_15.2.9.bb__;!!AjveYdw8EvQ!J5oI8mC6n_4rfQGE-S3iJWnaD6zWYfXtrSqe-8pKP_UAUzOXalGOzU4j3gBdk-9fDL_8RA$ 
  => 
https://urldefense.com/v3/__http://ceph_15.2.12.bb__;!!AjveYdw8EvQ!J5oI8mC6n_4rfQGE-S3iJWnaD6zWYfXtrSqe-8pKP_UAUzOXalGOzU4j3gBdk--szuRLtw$ 
}             | 9 ++++-----

Ugh!!

Let's see if in a discussion thread that has URLs will get mangled
for Wind River readers:

Here's a free LWN link for those who are reading along! :)

The misc control group
[LWN subscriber-only content]

https://lwn.net/SubscriberLink/856438/7f39950073461e6d/

If your IT group inflicts this system on you, you may find this
repo useful:

https://github.com/cardi/proofpoint-url-decoder

and of course you need to get the IT group to add some exceptions to
the system to allow the mailer lists / text formatted emails to
be delivered without url rewrites.

Sorry for the noise...

../Randy

>   1 file changed, 4 insertions(+), 5 deletions(-)
>   rename recipes-extended/ceph/{ceph_15.2.9.bb => ceph_15.2.12.bb} (91%)
> 
> diff --git a/recipes-extended/ceph/ceph_15.2.9.bb b/recipes-extended/ceph/ceph_15.2.12.bb
> similarity index 91%
> rename from recipes-extended/ceph/ceph_15.2.9.bb
> rename to recipes-extended/ceph/ceph_15.2.12.bb
> index 0d821f0b..9ba72b40 100644
> --- a/recipes-extended/ceph/ceph_15.2.9.bb
> +++ b/recipes-extended/ceph/ceph_15.2.12.bb
> @@ -16,11 +16,10 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
>              file://0001-cmake-add-support-for-python3.9.patch \
>   "
>   
> -SRC_URI[md5sum] = "5a949b91199efe130bfe2e57f200eacd"
> -SRC_URI[sha256sum] = "ea7fa2be68b3570c5c3aa02774dca27de20b6f20a8498f65e5c4ef375a209ace"
> -SRC_URI[sha1sum] = "0503649d7c7d9268cb61b03bbe839106988f87d7"
> -SRC_URI[sha384sum] = "57208c126ea8e640c3979073fd64ce58606f17b4b7ed2e005b0792bdfd51b13391af325658d0f68f961f94175d93e891"
> -SRC_URI[sha512sum] = "1f55b0a13bf06df782831d0c9d5f8617c22442ab97fb186e6ccb08183e02bf1756caf8633fa6b1cf156c3fb7b1bdff90a60a1249adfad0b9450036e2329bf8ff"
> +SRC_URI[sha1sum] = "9c76b298e1e659b9c5501003ac77fb28aab7823d"
> +SRC_URI[sha256sum] = "8710f6700de83765138df8eb4fc7a5e7c66104dd838033e0827a1850f250ac85"
> +SRC_URI[sha384sum] = "2a2f177e5b68f6f5d13b253a8d4daba9e956b4a79a40a4775aee288b60c612fe13b417d6baf77944c32b1181b2136f68"
> +SRC_URI[sha512sum] = "08266a2e9a7ca5a37e03f340873571fd012c630dd898a87241cd97c29760b2bf41fe64c8883e7b08e0f83c26245072cd26e69ecb1db02378d1ec38335ba1cd0f"
>   
>   DEPENDS = "boost bzip2 curl expat gperf-native \
>              keyutils libaio libibverbs lz4 \
> 
> 
> 
> 
> 

-- 
# Randy MacLeod
# Wind River Linux