From: Bruce Ashfield <bruce.ashfield@gmail.com>
To: Sakib Sajal <sakib.sajal@windriver.com>
Cc: "Slater, Joseph" <joe.slater@windriver.com>,
"meta-virtualization@lists.yoctoproject.org"
<meta-virtualization@lists.yoctoproject.org>
Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17
Date: Fri, 19 Aug 2022 21:05:48 -0400 [thread overview]
Message-ID: <CADkTA4N_Kmf0a1S=TmN5t87oyyX6N7qt5jgjeRa46EnwO3+apA@mail.gmail.com> (raw)
In-Reply-To: <a4e9265c-0a69-b5c8-6304-876a05c52bb1@windriver.com>
On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <sakib.sajal@windriver.com> wrote:
>
>
> On 2022-08-17 12:29, Bruce Ashfield wrote:
> > [Please note: This e-mail is from an EXTERNAL e-mail address]
> >
> > Thanks Joe!
> >
> > Bruce
> On the same note,
>
> ceph on master branch is also affected by the CVE's mentioned in this
> thread.
>
> Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3
>
> I could send and upgrade to the v15.2.17 release like I did for
> kirkstone, however upgrading to more recent releases is more logical.
>
I was going to suggest the same thing, an uprev is a good idea for master.
> Is an upgrade for ceph on master under work? If not, I can volunteer.
I haven't started one yet, so feel free!
Bruce
>
> Sakib
>
> >
> > On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph
> > <joe.slater@windriver.com> wrote:
> >> The CVE fix I sent you is in the upgraded version of ceph. Joe
> >>
> >>> -----Original Message-----
> >>> From: Bruce Ashfield <bruce.ashfield@gmail.com>
> >>> Sent: Wednesday, August 17, 2022 7:19 AM
> >>> To: Sajal, Sakib <Sakib.Sajal@windriver.com>; Slater, Joseph
> >>> <joe.slater@windriver.com>
> >>> Cc: meta-virtualization@lists.yoctoproject.org
> >>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 ->
> >>> v15.2.17
> >>>
> >>> I also have a pending patch from Joe Slater that addresses a different CVE on
> >>> kirkstone.
> >>>
> >>> Can someone look and check if it is also covered by this uprev ? Ceph takes an
> >>> incredibly long time to build on my servers, so I'd like to avoid as many builds as
> >>> possible.
> >>>
> >>> Bruce
> >>>
> >>>
> >>> On Mon, Aug 15, 2022 at 5:03 PM <sakib.sajal@windriver.com> wrote:
> >>>> Upgrade ceph to latest v15.x.
> >>>> Minor upgrade containing fix for CVE-2022-0670.
> >>>>
> >>>> Signed-off-by: Sakib Sajal <sakib.sajal@windriver.com>
> >>>> ---
> >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +-
> >>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename
> >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%)
> >>>>
> >>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb
> >>>> b/recipes-extended/ceph/ceph_15.2.17.bb
> >>>> similarity index 98%
> >>>> rename from recipes-extended/ceph/ceph_15.2.15.bb
> >>>> rename to recipes-extended/ceph/ceph_15.2.17.bb
> >>>> index 17dbcf3..9fb2e72 100644
> >>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb
> >>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb
> >>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph-
> >>> ${PV}.tar.gz \
> >>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ "
> >>>>
> >>>> -SRC_URI[sha256sum] =
> >>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf"
> >>>> +SRC_URI[sha256sum] =
> >>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2"
> >>>> DEPENDS = "boost bzip2 curl expat gperf-native \
> >>>> keyutils libaio libibverbs lz4 \
> >>>> --
> >>>> 2.33.0
> >>>>
> >>>>
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>> Links: You receive all messages sent to this group.
> >>>> View/Reply Online (#7523):
> >>>> https://lists.yoctoproject.org/g/meta-virtualization/message/7523
> >>>> Mute This Topic: https://lists.yoctoproject.org/mt/93046468/1050810
> >>>> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> >>>> Unsubscribe:
> >>>> https://lists.yoctoproject.org/g/meta-virtualization/unsub
> >>>> [bruce.ashfield@gmail.com]
> >>>> -=-=-=-=-=-=-=-=-=-=-=-
> >>>>
> >>>
> >>> --
> >>> - Thou shalt not follow the NULL pointer, for chaos and madness await thee at
> >>> its end
> >>> - "Use the force Harry" - Gandalf, Star Trek II
> >
> >
> > --
> > - Thou shalt not follow the NULL pointer, for chaos and madness await
> > thee at its end
> > - "Use the force Harry" - Gandalf, Star Trek II
--
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II
next prev parent reply other threads:[~2022-08-20 1:06 UTC|newest]
Thread overview: 8+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-15 21:02 [kirkstone][meta-virtualization][PATCH] ceph: upgrade v15.2.15 -> v15.2.17 Sakib Sajal
2022-08-17 14:18 ` Bruce Ashfield
2022-08-17 16:28 ` Slater, Joseph
2022-08-17 16:29 ` Bruce Ashfield
2022-08-19 22:48 ` Sakib Sajal
2022-08-20 1:05 ` Bruce Ashfield [this message]
2022-08-22 14:01 ` Sakib Sajal
2022-08-21 3:22 ` Bruce Ashfield
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CADkTA4N_Kmf0a1S=TmN5t87oyyX6N7qt5jgjeRa46EnwO3+apA@mail.gmail.com' \
--to=bruce.ashfield@gmail.com \
--cc=joe.slater@windriver.com \
--cc=meta-virtualization@lists.yoctoproject.org \
--cc=sakib.sajal@windriver.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).