* [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 @ 2022-08-15 21:02 Sakib Sajal 2022-08-17 14:18 ` Bruce Ashfield 2022-08-21 3:22 ` Bruce Ashfield 0 siblings, 2 replies; 8+ messages in thread From: Sakib Sajal @ 2022-08-15 21:02 UTC (permalink / raw) To: meta-virtualization Upgrade ceph to latest v15.x. Minor upgrade containing fix for CVE-2022-0670. Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> --- recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb similarity index 98% rename from recipes-extended/ceph/ceph_15.2.15.bb rename to recipes-extended/ceph/ceph_15.2.17.bb index 17dbcf3..9fb2e72 100644 --- a/recipes-extended/ceph/ceph_15.2.15.bb +++ b/recipes-extended/ceph/ceph_15.2.17.bb @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " -SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" +SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" DEPENDS = "boost bzip2 curl expat gperf-native \ keyutils libaio libibverbs lz4 \ -- 2.33.0 ^ permalink raw reply related [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal @ 2022-08-17 14:18 ` Bruce Ashfield 2022-08-17 16:28 ` Slater, Joseph 2022-08-21 3:22 ` Bruce Ashfield 1 sibling, 1 reply; 8+ messages in thread From: Bruce Ashfield @ 2022-08-17 14:18 UTC (permalink / raw) To: sakib.sajal, Slater, Joseph; +Cc: meta-virtualization I also have a pending patch from Joe Slater that addresses a different CVE on kirkstone. Can someone look and check if it is also covered by this uprev ? Ceph takes an incredibly long time to build on my servers, so I'd like to avoid as many builds as possible. Bruce On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: > > Upgrade ceph to latest v15.x. > Minor upgrade containing fix for CVE-2022-0670. > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > --- > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb > similarity index 98% > rename from recipes-extended/ceph/ceph_15.2.15.bb > rename to recipes-extended/ceph/ceph_15.2.17.bb > index 17dbcf3..9fb2e72 100644 > --- a/recipes-extended/ceph/ceph_15.2.15.bb > +++ b/recipes-extended/ceph/ceph_15.2.17.bb > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ > " > > -SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > +SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > > DEPENDS = "boost bzip2 curl expat gperf-native \ > keyutils libaio libibverbs lz4 \ > -- > 2.33.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#7523): https://lists.yoctoproject.org/g/meta-virtualization/message/7523 > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* RE: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-17 14:18 ` Bruce Ashfield @ 2022-08-17 16:28 ` Slater, Joseph 2022-08-17 16:29 ` Bruce Ashfield 0 siblings, 1 reply; 8+ messages in thread From: Slater, Joseph @ 2022-08-17 16:28 UTC (permalink / raw) To: Bruce Ashfield, Sajal, Sakib; +Cc: meta-virtualization The CVE fix I sent you is in the upgraded version of ceph. Joe > -----Original Message----- > From: Bruce Ashfield <bruce.ashfield@gmail.com> > Sent: Wednesday, August 17, 2022 7:19 AM > To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph > <joe.slater@windriver.com> > Cc: meta-virtualization@lists.yoctoproject.org > Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> > v15.2.17 > > I also have a pending patch from Joe Slater that addresses a different CVE on > kirkstone. > > Can someone look and check if it is also covered by this uprev ? Ceph takes an > incredibly long time to build on my servers, so I'd like to avoid as many builds as > possible. > > Bruce > > > On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: > > > > Upgrade ceph to latest v15.x. > > Minor upgrade containing fix for CVE-2022-0670. > > > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > > --- > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) rename > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > > > > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb > > b/recipes-extended/ceph/ceph_15.2.17.bb > > similarity index 98% > > rename from recipes-extended/ceph/ceph_15.2.15.bb > > rename to recipes-extended/ceph/ceph_15.2.17.bb > > index 17dbcf3..9fb2e72 100644 > > --- a/recipes-extended/ceph/ceph_15.2.15.bb > > +++ b/recipes-extended/ceph/ceph_15.2.17.bb > > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- > ${PV}.tar.gz \ > > > > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " > > > > -SRC_URI[sha256sum] = > "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > > +SRC_URI[sha256sum] = > "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > > > > DEPENDS = "boost bzip2 curl expat gperf-native \ > > keyutils libaio libibverbs lz4 \ > > -- > > 2.33.0 > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > Links: You receive all messages sent to this group. > > View/Reply Online (#7523): > > https://lists.yoctoproject.org/g/meta-virtualization/message/7523 > > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 > > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > > Unsubscribe: > > https://lists.yoctoproject.org/g/meta-virtualization/unsub > > [bruce.ashfield@gmail.com] > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at > its end > - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-17 16:28 ` Slater, Joseph @ 2022-08-17 16:29 ` Bruce Ashfield 2022-08-19 22:48 ` Sakib Sajal 0 siblings, 1 reply; 8+ messages in thread From: Bruce Ashfield @ 2022-08-17 16:29 UTC (permalink / raw) To: Slater, Joseph; +Cc: Sajal, Sakib, meta-virtualization Thanks Joe! Bruce On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph <joe.slater@windriver.com> wrote: > > The CVE fix I sent you is in the upgraded version of ceph. Joe > > > -----Original Message----- > > From: Bruce Ashfield <bruce.ashfield@gmail.com> > > Sent: Wednesday, August 17, 2022 7:19 AM > > To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph > > <joe.slater@windriver.com> > > Cc: meta-virtualization@lists.yoctoproject.org > > Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> > > v15.2.17 > > > > I also have a pending patch from Joe Slater that addresses a different CVE on > > kirkstone. > > > > Can someone look and check if it is also covered by this uprev ? Ceph takes an > > incredibly long time to build on my servers, so I'd like to avoid as many builds as > > possible. > > > > Bruce > > > > > > On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: > > > > > > Upgrade ceph to latest v15.x. > > > Minor upgrade containing fix for CVE-2022-0670. > > > > > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > > > --- > > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > > > 1 file changed, 1 insertion(+), 1 deletion(-) rename > > > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > > > > > > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb > > > b/recipes-extended/ceph/ceph_15.2.17.bb > > > similarity index 98% > > > rename from recipes-extended/ceph/ceph_15.2.15.bb > > > rename to recipes-extended/ceph/ceph_15.2.17.bb > > > index 17dbcf3..9fb2e72 100644 > > > --- a/recipes-extended/ceph/ceph_15.2.15.bb > > > +++ b/recipes-extended/ceph/ceph_15.2.17.bb > > > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- > > ${PV}.tar.gz \ > > > > > > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " > > > > > > -SRC_URI[sha256sum] = > > "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > > > +SRC_URI[sha256sum] = > > "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > > > > > > DEPENDS = "boost bzip2 curl expat gperf-native \ > > > keyutils libaio libibverbs lz4 \ > > > -- > > > 2.33.0 > > > > > > > > > -=-=-=-=-=-=-=-=-=-=-=- > > > Links: You receive all messages sent to this group. > > > View/Reply Online (#7523): > > > https://lists.yoctoproject.org/g/meta-virtualization/message/7523 > > > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 > > > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > > > Unsubscribe: > > > https://lists.yoctoproject.org/g/meta-virtualization/unsub > > > [bruce.ashfield@gmail.com] > > > -=-=-=-=-=-=-=-=-=-=-=- > > > > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await thee at > > its end > > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-17 16:29 ` Bruce Ashfield @ 2022-08-19 22:48 ` Sakib Sajal 2022-08-20 1:05 ` Bruce Ashfield 0 siblings, 1 reply; 8+ messages in thread From: Sakib Sajal @ 2022-08-19 22:48 UTC (permalink / raw) To: Bruce Ashfield, Slater, Joseph; +Cc: meta-virtualization On 2022-08-17 12:29, Bruce Ashfield wrote: > [Please note: This e-mail is from an EXTERNAL e-mail address] > > Thanks Joe! > > Bruce On the same note, ceph on master branch is also affected by the CVE's mentioned in this thread. Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3 I could send and upgrade to the v15.2.17 release like I did for kirkstone, however upgrading to more recent releases is more logical. Is an upgrade for ceph on master under work? If not, I can volunteer. Sakib > > On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph > <joe.slater@windriver.com> wrote: >> The CVE fix I sent you is in the upgraded version of ceph. Joe >> >>> -----Original Message----- >>> From: Bruce Ashfield <bruce.ashfield@gmail.com> >>> Sent: Wednesday, August 17, 2022 7:19 AM >>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph >>> <joe.slater@windriver.com> >>> Cc: meta-virtualization@lists.yoctoproject.org >>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> >>> v15.2.17 >>> >>> I also have a pending patch from Joe Slater that addresses a different CVE on >>> kirkstone. >>> >>> Can someone look and check if it is also covered by this uprev ? Ceph takes an >>> incredibly long time to build on my servers, so I'd like to avoid as many builds as >>> possible. >>> >>> Bruce >>> >>> >>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: >>>> Upgrade ceph to latest v15.x. >>>> Minor upgrade containing fix for CVE-2022-0670. >>>> >>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> >>>> --- >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- >>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) >>>> >>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb >>>> b/recipes-extended/ceph/ceph_15.2.17.bb >>>> similarity index 98% >>>> rename from recipes-extended/ceph/ceph_15.2.15.bb >>>> rename to recipes-extended/ceph/ceph_15.2.17.bb >>>> index 17dbcf3..9fb2e72 100644 >>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb >>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb >>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- >>> ${PV}.tar.gz \ >>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " >>>> >>>> -SRC_URI[sha256sum] = >>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" >>>> +SRC_URI[sha256sum] = >>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" >>>> DEPENDS = "boost bzip2 curl expat gperf-native \ >>>> keyutils libaio libibverbs lz4 \ >>>> -- >>>> 2.33.0 >>>> >>>> >>>> -=-=-=-=-=-=-=-=-=-=-=- >>>> Links: You receive all messages sent to this group. >>>> View/Reply Online (#7523): >>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523 >>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 >>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org >>>> Unsubscribe: >>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub >>>> [bruce.ashfield@gmail.com] >>>> -=-=-=-=-=-=-=-=-=-=-=- >>>> >>> >>> -- >>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at >>> its end >>> - "Use the force Harry" - Gandalf, Star Trek II > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-19 22:48 ` Sakib Sajal @ 2022-08-20 1:05 ` Bruce Ashfield 2022-08-22 14:01 ` Sakib Sajal 0 siblings, 1 reply; 8+ messages in thread From: Bruce Ashfield @ 2022-08-20 1:05 UTC (permalink / raw) To: Sakib Sajal; +Cc: Slater, Joseph, meta-virtualization On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <sakib.sajal@windriver.com> wrote: > > > On 2022-08-17 12:29, Bruce Ashfield wrote: > > [Please note: This e-mail is from an EXTERNAL e-mail address] > > > > Thanks Joe! > > > > Bruce > On the same note, > > ceph on master branch is also affected by the CVE's mentioned in this > thread. > > Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3 > > I could send and upgrade to the v15.2.17 release like I did for > kirkstone, however upgrading to more recent releases is more logical. > I was going to suggest the same thing, an uprev is a good idea for master. > Is an upgrade for ceph on master under work? If not, I can volunteer. I haven't started one yet, so feel free! Bruce > > Sakib > > > > > On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph > > <joe.slater@windriver.com> wrote: > >> The CVE fix I sent you is in the upgraded version of ceph. Joe > >> > >>> -----Original Message----- > >>> From: Bruce Ashfield <bruce.ashfield@gmail.com> > >>> Sent: Wednesday, August 17, 2022 7:19 AM > >>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph > >>> <joe.slater@windriver.com> > >>> Cc: meta-virtualization@lists.yoctoproject.org > >>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> > >>> v15.2.17 > >>> > >>> I also have a pending patch from Joe Slater that addresses a different CVE on > >>> kirkstone. > >>> > >>> Can someone look and check if it is also covered by this uprev ? Ceph takes an > >>> incredibly long time to build on my servers, so I'd like to avoid as many builds as > >>> possible. > >>> > >>> Bruce > >>> > >>> > >>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: > >>>> Upgrade ceph to latest v15.x. > >>>> Minor upgrade containing fix for CVE-2022-0670. > >>>> > >>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > >>>> --- > >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > >>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename > >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > >>>> > >>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb > >>>> b/recipes-extended/ceph/ceph_15.2.17.bb > >>>> similarity index 98% > >>>> rename from recipes-extended/ceph/ceph_15.2.15.bb > >>>> rename to recipes-extended/ceph/ceph_15.2.17.bb > >>>> index 17dbcf3..9fb2e72 100644 > >>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb > >>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb > >>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- > >>> ${PV}.tar.gz \ > >>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " > >>>> > >>>> -SRC_URI[sha256sum] = > >>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > >>>> +SRC_URI[sha256sum] = > >>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > >>>> DEPENDS = "boost bzip2 curl expat gperf-native \ > >>>> keyutils libaio libibverbs lz4 \ > >>>> -- > >>>> 2.33.0 > >>>> > >>>> > >>>> -=-=-=-=-=-=-=-=-=-=-=- > >>>> Links: You receive all messages sent to this group. > >>>> View/Reply Online (#7523): > >>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523 > >>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 > >>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org > >>>> Unsubscribe: > >>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub > >>>> [bruce.ashfield@gmail.com] > >>>> -=-=-=-=-=-=-=-=-=-=-=- > >>>> > >>> > >>> -- > >>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at > >>> its end > >>> - "Use the force Harry" - Gandalf, Star Trek II > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > thee at its end > > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-20 1:05 ` Bruce Ashfield @ 2022-08-22 14:01 ` Sakib Sajal 0 siblings, 0 replies; 8+ messages in thread From: Sakib Sajal @ 2022-08-22 14:01 UTC (permalink / raw) To: Bruce Ashfield; +Cc: Slater, Joseph, meta-virtualization On 2022-08-19 21:05, Bruce Ashfield wrote: > [Please note: This e-mail is from an EXTERNAL e-mail address] > > On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <sakib.sajal@windriver.com> wrote: >> >> On 2022-08-17 12:29, Bruce Ashfield wrote: >>> [Please note: This e-mail is from an EXTERNAL e-mail address] >>> >>> Thanks Joe! >>> >>> Bruce >> On the same note, >> >> ceph on master branch is also affected by the CVE's mentioned in this >> thread. >> >> Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3 >> >> I could send and upgrade to the v15.2.17 release like I did for >> kirkstone, however upgrading to more recent releases is more logical. >> > I was going to suggest the same thing, an uprev is a good idea for master. > >> Is an upgrade for ceph on master under work? If not, I can volunteer. > I haven't started one yet, so feel free! I will get started on upgrading to latest 17.x.y release. > > Bruce > >> Sakib >> >>> On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph >>> <joe.slater@windriver.com> wrote: >>>> The CVE fix I sent you is in the upgraded version of ceph. Joe >>>> >>>>> -----Original Message----- >>>>> From: Bruce Ashfield <bruce.ashfield@gmail.com> >>>>> Sent: Wednesday, August 17, 2022 7:19 AM >>>>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph >>>>> <joe.slater@windriver.com> >>>>> Cc: meta-virtualization@lists.yoctoproject.org >>>>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> >>>>> v15.2.17 >>>>> >>>>> I also have a pending patch from Joe Slater that addresses a different CVE on >>>>> kirkstone. >>>>> >>>>> Can someone look and check if it is also covered by this uprev ? Ceph takes an >>>>> incredibly long time to build on my servers, so I'd like to avoid as many builds as >>>>> possible. >>>>> >>>>> Bruce >>>>> >>>>> >>>>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote: >>>>>> Upgrade ceph to latest v15.x. >>>>>> Minor upgrade containing fix for CVE-2022-0670. >>>>>> >>>>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> >>>>>> --- >>>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- >>>>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename >>>>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) >>>>>> >>>>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb >>>>>> b/recipes-extended/ceph/ceph_15.2.17.bb >>>>>> similarity index 98% >>>>>> rename from recipes-extended/ceph/ceph_15.2.15.bb >>>>>> rename to recipes-extended/ceph/ceph_15.2.17.bb >>>>>> index 17dbcf3..9fb2e72 100644 >>>>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb >>>>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb >>>>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- >>>>> ${PV}.tar.gz \ >>>>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " >>>>>> >>>>>> -SRC_URI[sha256sum] = >>>>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" >>>>>> +SRC_URI[sha256sum] = >>>>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" >>>>>> DEPENDS = "boost bzip2 curl expat gperf-native \ >>>>>> keyutils libaio libibverbs lz4 \ >>>>>> -- >>>>>> 2.33.0 >>>>>> >>>>>> >>>>>> -=-=-=-=-=-=-=-=-=-=-=- >>>>>> Links: You receive all messages sent to this group. >>>>>> View/Reply Online (#7523): >>>>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523 >>>>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 >>>>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org >>>>>> Unsubscribe: >>>>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub >>>>>> [bruce.ashfield@gmail.com] >>>>>> -=-=-=-=-=-=-=-=-=-=-=- >>>>>> >>>>> -- >>>>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at >>>>> its end >>>>> - "Use the force Harry" - Gandalf, Star Trek II >>> >>> -- >>> - Thou shalt not follow the NULL pointer, for chaos and madness await >>> thee at its end >>> - "Use the force Harry" - Gandalf, Star Trek II > > > -- > - Thou shalt not follow the NULL pointer, for chaos and madness await > thee at its end > - "Use the force Harry" - Gandalf, Star Trek II ^ permalink raw reply [flat|nested] 8+ messages in thread
* Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal 2022-08-17 14:18 ` Bruce Ashfield @ 2022-08-21 3:22 ` Bruce Ashfield 1 sibling, 0 replies; 8+ messages in thread From: Bruce Ashfield @ 2022-08-21 3:22 UTC (permalink / raw) To: sakib.sajal; +Cc: meta-virtualization merged. Bruce In message: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 on 15/08/2022 sakib.sajal@windriver.com wrote: > Upgrade ceph to latest v15.x. > Minor upgrade containing fix for CVE-2022-0670. > > Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com> > --- > recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > rename recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > > diff --git a/recipes-extended/ceph/ceph_15.2.15.bb b/recipes-extended/ceph/ceph_15.2.17.bb > similarity index 98% > rename from recipes-extended/ceph/ceph_15.2.15.bb > rename to recipes-extended/ceph/ceph_15.2.17.bb > index 17dbcf3..9fb2e72 100644 > --- a/recipes-extended/ceph/ceph_15.2.15.bb > +++ b/recipes-extended/ceph/ceph_15.2.17.bb > @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-${PV}.tar.gz \ > file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ > " > > -SRC_URI[sha256sum] = "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > +SRC_URI[sha256sum] = "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > > DEPENDS = "boost bzip2 curl expat gperf-native \ > keyutils libaio libibverbs lz4 \ > -- > 2.33.0 > > > -=-=-=-=-=-=-=-=-=-=-=- > Links: You receive all messages sent to this group. > View/Reply Online (#7523): https://lists.yoctoproject.org/g/meta-virtualization/message/7523 > Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810 > Group Owner: meta-virtualization+owner@lists.yoctoproject.org > Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com] > -=-=-=-=-=-=-=-=-=-=-=- > ^ permalink raw reply [flat|nested] 8+ messages in thread
end of thread, other threads:[~2022-08-22 14:01 UTC | newest] Thread overview: 8+ messages (download: mbox.gz / follow: Atom feed) -- links below jump to the message on this page -- 2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal 2022-08-17 14:18 ` Bruce Ashfield 2022-08-17 16:28 ` Slater, Joseph 2022-08-17 16:29 ` Bruce Ashfield 2022-08-19 22:48 ` Sakib Sajal 2022-08-20 1:05 ` Bruce Ashfield 2022-08-22 14:01 ` Sakib Sajal 2022-08-21 3:22 ` Bruce Ashfield
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).