On Fri, Aug 19, 2022 at 6:48 PM Sakib Sajal <[email protected]> wrote: > > > On 2022-08-17 12:29, Bruce Ashfield wrote: > > [Please note: This e-mail is from an EXTERNAL e-mail address] > > > > Thanks Joe! > > > > Bruce > On the same note, > > ceph on master branch is also affected by the CVE's mentioned in this > thread. > > Versions of ceph that contain the fix: v15.2.17, v16.2.10, v17.2.2, v17.2.3 > > I could send and upgrade to the v15.2.17 release like I did for > kirkstone, however upgrading to more recent releases is more logical. >
I was going to suggest the same thing, an uprev is a good idea for master. > Is an upgrade for ceph on master under work? If not, I can volunteer. I haven't started one yet, so feel free! Bruce > > Sakib > > > > > On Wed, Aug 17, 2022 at 12:28 PM Slater, Joseph > > <[email protected]> wrote: > >> The CVE fix I sent you is in the upgraded version of ceph. Joe > >> > >>> -----Original Message----- > >>> From: Bruce Ashfield <[email protected]> > >>> Sent: Wednesday, August 17, 2022 7:19 AM > >>> To: Sajal, Sakib <[email protected]>; Slater, Joseph > >>> <[email protected]> > >>> Cc: [email protected] > >>> Subject: Re: [kirkstone][meta-virtualization][PATCH] ceph: upgrade > >>> v15.2.15 -> > >>> v15.2.17 > >>> > >>> I also have a pending patch from Joe Slater that addresses a different > >>> CVE on > >>> kirkstone. > >>> > >>> Can someone look and check if it is also covered by this uprev ? Ceph > >>> takes an > >>> incredibly long time to build on my servers, so I'd like to avoid as many > >>> builds as > >>> possible. > >>> > >>> Bruce > >>> > >>> > >>> On Mon, Aug 15, 2022 at 5:03 PM <[email protected]> wrote: > >>>> Upgrade ceph to latest v15.x. > >>>> Minor upgrade containing fix for CVE-2022-0670. > >>>> > >>>> Signed-off-by: Sakib Sajal <[email protected]> > >>>> --- > >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} | 2 +- > >>>> 1 file changed, 1 insertion(+), 1 deletion(-) rename > >>>> recipes-extended/ceph/{ceph_15.2.15.bb => ceph_15.2.17.bb} (98%) > >>>> > >>>> diff --git a/recipes-extended/ceph/ceph_15.2.15.bb > >>>> b/recipes-extended/ceph/ceph_15.2.17.bb > >>>> similarity index 98% > >>>> rename from recipes-extended/ceph/ceph_15.2.15.bb > >>>> rename to recipes-extended/ceph/ceph_15.2.17.bb > >>>> index 17dbcf3..9fb2e72 100644 > >>>> --- a/recipes-extended/ceph/ceph_15.2.15.bb > >>>> +++ b/recipes-extended/ceph/ceph_15.2.17.bb > >>>> @@ -16,7 +16,7 @@ SRC_URI = "http://download.ceph.com/tarballs/ceph- > >>> ${PV}.tar.gz \ > >>>> file://0001-SnappyCompressor.h-fix-snappy-compiler-error.patch \ " > >>>> > >>>> -SRC_URI[sha256sum] = > >>> "5dccdaff2ebe18d435b32bfc06f8b5f474bf6ac0432a6a07d144b7c56700d0bf" > >>>> +SRC_URI[sha256sum] = > >>> "d8efe4996aeb01dd2f1cc939c5e434e5a7e2aeaf3f659c0510ffd550477a32e2" > >>>> DEPENDS = "boost bzip2 curl expat gperf-native \ > >>>> keyutils libaio libibverbs lz4 \ > >>>> -- > >>>> 2.33.0 > >>>> > >>>> > >>>> > >>>> > >>> > >>> -- > >>> - Thou shalt not follow the NULL pointer, for chaos and madness await > >>> thee at > >>> its end > >>> - "Use the force Harry" - Gandalf, Star Trek II > > > > > > -- > > - Thou shalt not follow the NULL pointer, for chaos and madness await > > thee at its end > > - "Use the force Harry" - Gandalf, Star Trek II -- - Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end - "Use the force Harry" - Gandalf, Star Trek II
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#7547): https://lists.yoctoproject.org/g/meta-virtualization/message/7547 Mute This Topic: https://lists.yoctoproject.org/mt/93046468/21656 Group Owner: [email protected] Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
