* [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
@ 2022-08-15 21:02 Sakib Sajal
2022-08-17 14:18 ` Bruce Ashfield
2022-08-21 3:22 ` Bruce Ashfield
0 siblings, 2 replies; 8+ messages in thread
From: Sakib Sajal @ 2022-08-15 21:02 UTC (permalink / raw)
To: meta-virtualization
Upgrade ceph to latest v15.x.
Minor upgrade containing fix for CVE-2022-0670.
Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
---
recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb
similarity index 98%
rename from recipes-extended/ceph/ceph_15.2.15.bb
rename to recipes-extended/ceph/ceph_15.2.17.bb
index 17dbcf3..9fb2e72 100644
--- a/recipes-extended/ceph/ceph_15.2.15.bb
+++ b/recipes-extended/ceph/ceph_15.2.17.bb
@@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
"
-SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
+SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
DEPENDS = "boost bzip2 curl expat gperf-native \
keyutils libaio libibverbs lz4 \
--
2.33.0
^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal
@ 2022-08-17 14:18 ` Bruce Ashfield
2022-08-17 16:28 ` Slater, Joseph
2022-08-21 3:22 ` Bruce Ashfield
1 sibling, 1 reply; 8+ messages in thread
From: Bruce Ashfield @ 2022-08-17 14:18 UTC (permalink / raw)
To: sakib.sajal, Slater, Joseph; +Cc: meta-virtualization
I also have a pending patch from Joe Slater that addresses a different
CVE on kirkstone.
Can someone look and check if it is also covered by this uprev ? Ceph
takes an incredibly long time to build on my servers, so I'd like to
avoid as many builds as possible.
Bruce
On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
>
> Upgrade ceph to latest v15.x.
> Minor upgrade containing fix for CVE-2022-0670.
>
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
>
> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb
> similarity index 98%
> rename from recipes-extended/ceph/ceph_15.2.15.bb
> rename to recipes-extended/ceph/ceph_15.2.17.bb
> index 17dbcf3..9fb2e72 100644
> --- a/recipes-extended/ceph/ceph_15.2.15.bb
> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
> "
>
> -SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> +SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
>
> DEPENDS = "boost bzip2 curl expat gperf-native \
> keyutils libaio libibverbs lz4 \
> --
> 2.33.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7523): https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-17 14:18 ` Bruce Ashfield
@ 2022-08-17 16:28 ` Slater, Joseph
2022-08-17 16:29 ` Bruce Ashfield
0 siblings, 1 reply; 8+ messages in thread
From: Slater, Joseph @ 2022-08-17 16:28 UTC (permalink / raw)
To: Bruce Ashfield, Sajal, Sakib; +Cc: meta-virtualization
The CVE fix I sent you is in the upgraded version of ceph. Joe
> -----Original Message-----
> From: Bruce Ashfield <bruce.ashfield@gmail.com>
> Sent: Wednesday, August 17, 2022 7:19 AM
> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
> <joe.slater@windriver.com>
> Cc: meta-virtualization@lists.yoctoproject.org
> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
> v15.2.17
>
> I also have a pending patch from Joe Slater that addresses a different CVE on
> kirkstone.
>
> Can someone look and check if it is also covered by this uprev ? Ceph takes an
> incredibly long time to build on my servers, so I'd like to avoid as many builds as
> possible.
>
> Bruce
>
>
> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
> >
> > Upgrade ceph to latest v15.x.
> > Minor upgrade containing fix for CVE-2022-0670.
> >
> > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > ---
> > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-) rename
> > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
> >
> > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
> > b/recipes-extended/ceph/ceph_15.2.17.bb
> > similarity index 98%
> > rename from recipes-extended/ceph/ceph_15.2.15.bb
> > rename to recipes-extended/ceph/ceph_15.2.17.bb
> > index 17dbcf3..9fb2e72 100644
> > --- a/recipes-extended/ceph/ceph_15.2.15.bb
> > +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
> ${PV}.tar.gz \
> >
> > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
> >
> > -SRC_URI[sha256sum] =
> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> > +SRC_URI[sha256sum] =
> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
> >
> > DEPENDS = "boost bzip2 curl expat gperf-native \
> > keyutils libaio libibverbs lz4 \
> > --
> > 2.33.0
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=-
> > Links: You receive all messages sent to this group.
> > View/Reply Online (#7523):
> > https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> > Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> > Unsubscribe:
> > https://lists.yoctoproject.org/g/meta-virtualization/unsub
> > [bruce.ashfield@gmail.com]
> > -=-=-=-=-=-=-=-=-=-=-=-
> >
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> its end
> - "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-17 16:28 ` Slater, Joseph
@ 2022-08-17 16:29 ` Bruce Ashfield
2022-08-19 22:48 ` Sakib Sajal
0 siblings, 1 reply; 8+ messages in thread
From: Bruce Ashfield @ 2022-08-17 16:29 UTC (permalink / raw)
To: Slater, Joseph; +Cc: Sajal, Sakib, meta-virtualization
Thanks Joe!
Bruce
On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph
<joe.slater@windriver.com> wrote:
>
> The CVE fix I sent you is in the upgraded version of ceph. Joe
>
> > -----Original Message-----
> > From: Bruce Ashfield <bruce.ashfield@gmail.com>
> > Sent: Wednesday, August 17, 2022 7:19 AM
> > To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
> > <joe.slater@windriver.com>
> > Cc: meta-virtualization@lists.yoctoproject.org
> > Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
> > v15.2.17
> >
> > I also have a pending patch from Joe Slater that addresses a different CVE on
> > kirkstone.
> >
> > Can someone look and check if it is also covered by this uprev ? Ceph takes an
> > incredibly long time to build on my servers, so I'd like to avoid as many builds as
> > possible.
> >
> > Bruce
> >
> >
> > On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
> > >
> > > Upgrade ceph to latest v15.x.
> > > Minor upgrade containing fix for CVE-2022-0670.
> > >
> > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> > > ---
> > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> > > 1 file changed, 1 insertion(+), 1 deletion(-) rename
> > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
> > >
> > > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
> > > b/recipes-extended/ceph/ceph_15.2.17.bb
> > > similarity index 98%
> > > rename from recipes-extended/ceph/ceph_15.2.15.bb
> > > rename to recipes-extended/ceph/ceph_15.2.17.bb
> > > index 17dbcf3..9fb2e72 100644
> > > --- a/recipes-extended/ceph/ceph_15.2.15.bb
> > > +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> > > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
> > ${PV}.tar.gz \
> > >
> > > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
> > >
> > > -SRC_URI[sha256sum] =
> > "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> > > +SRC_URI[sha256sum] =
> > "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
> > >
> > > DEPENDS = "boost bzip2 curl expat gperf-native \
> > > keyutils libaio libibverbs lz4 \
> > > --
> > > 2.33.0
> > >
> > >
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > > Links: You receive all messages sent to this group.
> > > View/Reply Online (#7523):
> > > https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> > > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> > > Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> > > Unsubscribe:
> > > https://lists.yoctoproject.org/g/meta-virtualization/unsub
> > > [bruce.ashfield@gmail.com]
> > > -=-=-=-=-=-=-=-=-=-=-=-
> > >
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> > its end
> > - "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-17 16:29 ` Bruce Ashfield
@ 2022-08-19 22:48 ` Sakib Sajal
2022-08-20 1:05 ` Bruce Ashfield
0 siblings, 1 reply; 8+ messages in thread
From: Sakib Sajal @ 2022-08-19 22:48 UTC (permalink / raw)
To: Bruce Ashfield, Slater, Joseph; +Cc: meta-virtualization
On 2022-08-17 12:29, Bruce Ashfield wrote:
> [Please note: This e-mail is from an EXTERNAL e-mail address]
>
> Thanks Joe!
>
> Bruce
On the same note,
ceph on master branch is also affected by the CVE's mentioned in this
thread.
Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3
I could send and upgrade to the v15.2.17 release like I did for
kirkstone, however upgrading to more recent releases is more logical.
Is an upgrade for ceph on master under work? If not, I can volunteer.
Sakib
>
> On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph
> <joe.slater@windriver.com> wrote:
>> The CVE fix I sent you is in the upgraded version of ceph. Joe
>>
>>> -----Original Message-----
>>> From: Bruce Ashfield <bruce.ashfield@gmail.com>
>>> Sent: Wednesday, August 17, 2022 7:19 AM
>>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
>>> <joe.slater@windriver.com>
>>> Cc: meta-virtualization@lists.yoctoproject.org
>>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
>>> v15.2.17
>>>
>>> I also have a pending patch from Joe Slater that addresses a different CVE on
>>> kirkstone.
>>>
>>> Can someone look and check if it is also covered by this uprev ? Ceph takes an
>>> incredibly long time to build on my servers, so I'd like to avoid as many builds as
>>> possible.
>>>
>>> Bruce
>>>
>>>
>>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
>>>> Upgrade ceph to latest v15.x.
>>>> Minor upgrade containing fix for CVE-2022-0670.
>>>>
>>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>>>> ---
>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
>>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename
>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
>>>>
>>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
>>>> b/recipes-extended/ceph/ceph_15.2.17.bb
>>>> similarity index 98%
>>>> rename from recipes-extended/ceph/ceph_15.2.15.bb
>>>> rename to recipes-extended/ceph/ceph_15.2.17.bb
>>>> index 17dbcf3..9fb2e72 100644
>>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb
>>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
>>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
>>> ${PV}.tar.gz \
>>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
>>>>
>>>> -SRC_URI[sha256sum] =
>>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
>>>> +SRC_URI[sha256sum] =
>>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
>>>> DEPENDS = "boost bzip2 curl expat gperf-native \
>>>> keyutils libaio libibverbs lz4 \
>>>> --
>>>> 2.33.0
>>>>
>>>>
>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>> Links: You receive all messages sent to this group.
>>>> View/Reply Online (#7523):
>>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523
>>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
>>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
>>>> Unsubscribe:
>>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub
>>>> [bruce.ashfield@gmail.com]
>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>>
>>>
>>> --
>>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
>>> its end
>>> - "Use the force Harry" - Gandalf, Star Trek II
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-19 22:48 ` Sakib Sajal
@ 2022-08-20 1:05 ` Bruce Ashfield
2022-08-22 14:01 ` Sakib Sajal
0 siblings, 1 reply; 8+ messages in thread
From: Bruce Ashfield @ 2022-08-20 1:05 UTC (permalink / raw)
To: Sakib Sajal; +Cc: Slater, Joseph, meta-virtualization
On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <sakib.sajal@windriver.com> wrote:
>
>
> On 2022-08-17 12:29, Bruce Ashfield wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> >
> > Thanks Joe!
> >
> > Bruce
> On the same note,
>
> ceph on master branch is also affected by the CVE's mentioned in this
> thread.
>
> Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3
>
> I could send and upgrade to the v15.2.17 release like I did for
> kirkstone, however upgrading to more recent releases is more logical.
>
I was going to suggest the same thing, an uprev is a good idea for master.
> Is an upgrade for ceph on master under work? If not, I can volunteer.
I haven't started one yet, so feel free!
Bruce
>
> Sakib
>
> >
> > On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph
> > <joe.slater@windriver.com> wrote:
> >> The CVE fix I sent you is in the upgraded version of ceph. Joe
> >>
> >>> -----Original Message-----
> >>> From: Bruce Ashfield <bruce.ashfield@gmail.com>
> >>> Sent: Wednesday, August 17, 2022 7:19 AM
> >>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
> >>> <joe.slater@windriver.com>
> >>> Cc: meta-virtualization@lists.yoctoproject.org
> >>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
> >>> v15.2.17
> >>>
> >>> I also have a pending patch from Joe Slater that addresses a different CVE on
> >>> kirkstone.
> >>>
> >>> Can someone look and check if it is also covered by this uprev ? Ceph takes an
> >>> incredibly long time to build on my servers, so I'd like to avoid as many builds as
> >>> possible.
> >>>
> >>> Bruce
> >>>
> >>>
> >>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
> >>>> Upgrade ceph to latest v15.x.
> >>>> Minor upgrade containing fix for CVE-2022-0670.
> >>>>
> >>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> >>>> ---
> >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> >>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename
> >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
> >>>>
> >>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
> >>>> b/recipes-extended/ceph/ceph_15.2.17.bb
> >>>> similarity index 98%
> >>>> rename from recipes-extended/ceph/ceph_15.2.15.bb
> >>>> rename to recipes-extended/ceph/ceph_15.2.17.bb
> >>>> index 17dbcf3..9fb2e72 100644
> >>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb
> >>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> >>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
> >>> ${PV}.tar.gz \
> >>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
> >>>>
> >>>> -SRC_URI[sha256sum] =
> >>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> >>>> +SRC_URI[sha256sum] =
> >>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
> >>>> DEPENDS = "boost bzip2 curl expat gperf-native \
> >>>> keyutils libaio libibverbs lz4 \
> >>>> --
> >>>> 2.33.0
> >>>>
> >>>>
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>> Links: You receive all messages sent to this group.
> >>>> View/Reply Online (#7523):
> >>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> >>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> >>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> >>>> Unsubscribe:
> >>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub
> >>>> [bruce.ashfield@gmail.com]
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>>
> >>>
> >>> --
> >>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> >>> its end
> >>> - "Use the force Harry" - Gandalf, Star Trek II
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await
> > thee at its end
> > - "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal
2022-08-17 14:18 ` Bruce Ashfield
@ 2022-08-21 3:22 ` Bruce Ashfield
1 sibling, 0 replies; 8+ messages in thread
From: Bruce Ashfield @ 2022-08-21 3:22 UTC (permalink / raw)
To: sakib.sajal; +Cc: meta-virtualization
merged.
Bruce
In message: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
on 15/08/2022 sakib.sajal@windriver.com wrote:
> Upgrade ceph to latest v15.x.
> Minor upgrade containing fix for CVE-2022-0670.
>
> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> ---
> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
> rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
>
> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb
> similarity index 98%
> rename from recipes-extended/ceph/ceph_15.2.15.bb
> rename to recipes-extended/ceph/ceph_15.2.17.bb
> index 17dbcf3..9fb2e72 100644
> --- a/recipes-extended/ceph/ceph_15.2.15.bb
> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \
> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \
> "
>
> -SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> +SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
>
> DEPENDS = "boost bzip2 curl expat gperf-native \
> keyutils libaio libibverbs lz4 \
> --
> 2.33.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#7523): https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>
^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
2022-08-20 1:05 ` Bruce Ashfield
@ 2022-08-22 14:01 ` Sakib Sajal
0 siblings, 0 replies; 8+ messages in thread
From: Sakib Sajal @ 2022-08-22 14:01 UTC (permalink / raw)
To: Bruce Ashfield; +Cc: Slater, Joseph, meta-virtualization
On 2022-08-19 21:05, Bruce Ashfield wrote:
> [Please note: This e-mail is from an EXTERNAL e-mail address]
>
> On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <sakib.sajal@windriver.com> wrote:
>>
>> On 2022-08-17 12:29, Bruce Ashfield wrote:
>>> [Please note: This e-mail is from an EXTERNAL e-mail address]
>>>
>>> Thanks Joe!
>>>
>>> Bruce
>> On the same note,
>>
>> ceph on master branch is also affected by the CVE's mentioned in this
>> thread.
>>
>> Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3
>>
>> I could send and upgrade to the v15.2.17 release like I did for
>> kirkstone, however upgrading to more recent releases is more logical.
>>
> I was going to suggest the same thing, an uprev is a good idea for master.
>
>> Is an upgrade for ceph on master under work? If not, I can volunteer.
> I haven't started one yet, so feel free!
I will get started on upgrading to latest 17.x.y release.
>
> Bruce
>
>> Sakib
>>
>>> On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph
>>> <joe.slater@windriver.com> wrote:
>>>> The CVE fix I sent you is in the upgraded version of ceph. Joe
>>>>
>>>>> -----Original Message-----
>>>>> From: Bruce Ashfield <bruce.ashfield@gmail.com>
>>>>> Sent: Wednesday, August 17, 2022 7:19 AM
>>>>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
>>>>> <joe.slater@windriver.com>
>>>>> Cc: meta-virtualization@lists.yoctoproject.org
>>>>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
>>>>> v15.2.17
>>>>>
>>>>> I also have a pending patch from Joe Slater that addresses a different CVE on
>>>>> kirkstone.
>>>>>
>>>>> Can someone look and check if it is also covered by this uprev ? Ceph takes an
>>>>> incredibly long time to build on my servers, so I'd like to avoid as many builds as
>>>>> possible.
>>>>>
>>>>> Bruce
>>>>>
>>>>>
>>>>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
>>>>>> Upgrade ceph to latest v15.x.
>>>>>> Minor upgrade containing fix for CVE-2022-0670.
>>>>>>
>>>>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
>>>>>> ---
>>>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
>>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename
>>>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
>>>>>>
>>>>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
>>>>>> b/recipes-extended/ceph/ceph_15.2.17.bb
>>>>>> similarity index 98%
>>>>>> rename from recipes-extended/ceph/ceph_15.2.15.bb
>>>>>> rename to recipes-extended/ceph/ceph_15.2.17.bb
>>>>>> index 17dbcf3..9fb2e72 100644
>>>>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb
>>>>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
>>>>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
>>>>> ${PV}.tar.gz \
>>>>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
>>>>>>
>>>>>> -SRC_URI[sha256sum] =
>>>>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
>>>>>> +SRC_URI[sha256sum] =
>>>>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
>>>>>> DEPENDS = "boost bzip2 curl expat gperf-native \
>>>>>> keyutils libaio libibverbs lz4 \
>>>>>> --
>>>>>> 2.33.0
>>>>>>
>>>>>>
>>>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>>>> Links: You receive all messages sent to this group.
>>>>>> View/Reply Online (#7523):
>>>>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523
>>>>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
>>>>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
>>>>>> Unsubscribe:
>>>>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub
>>>>>> [bruce.ashfield@gmail.com]
>>>>>> -=-=-=-=-=-=-=-=-=-=-=-
>>>>>>
>>>>> --
>>>>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
>>>>> its end
>>>>> - "Use the force Harry" - Gandalf, Star Trek II
>>>
>>> --
>>> - Thou shalt not follow the NULL pointer, for chaos and madness await
>>> thee at its end
>>> - "Use the force Harry" - Gandalf, Star Trek II
>
>
> --
> - Thou shalt not follow the NULL pointer, for chaos and madness await
> thee at its end
> - "Use the force Harry" - Gandalf, Star Trek II
^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-08-22 14:01 UTC | newest]
Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal
2022-08-17 14:18 ` Bruce Ashfield
2022-08-17 16:28 ` Slater, Joseph
2022-08-17 16:29 ` Bruce Ashfield
2022-08-19 22:48 ` Sakib Sajal
2022-08-20 1:05 ` Bruce Ashfield
2022-08-22 14:01 ` Sakib Sajal
2022-08-21 3:22 ` Bruce Ashfield
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).