Merge version 14.2.21-1+rpi1 and 14.2.21-1+deb11u2 to produce 14.2.21-1+rpi1+deb11u2

diff --cc debian/changelog
index 172276856e0a83ee1b53a7f900f586f2ae6e2b64,9349c7805aa6b50eb2cba77ac943601161283c76..15998ddb2d3507449602b642237746de267b85d6
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,15 -1,37 +1,50 @@@
- ceph (14.2.21-1+rpi1) bullseye-staging; urgency=medium
++ceph (14.2.21-1+rpi1+deb11u2) bullseye-staging; urgency=medium
 +
 +  [changes brought forward from 10.2.5-7.2+rpi1 by Peter Michael Green <plugwash@raspbian.org> at Sun, 30 Jul 2017 09:48:17 +0000]
 +  * Add Raspbian to lists of "debian-like" distros.
 +    + Hopefully this will fix site-packages vs dist-packages
 +      build failure in Raspbian.
 + 
 +  [changes introduced in 14.2.5-3+rpi1 by Peter Michael Green]
 +  * Remove problematic gitattributes files.
 +  * Disable neon on armhf too.
 +
-  -- Raspbian forward porter <root@raspbian.org>  Fri, 04 Jun 2021 01:22:25 +0000
++ -- Raspbian forward porter <root@raspbian.org>  Tue, 03 Feb 2026 02:28:27 +0000
++
+ ceph (14.2.21-1+deb11u2) bullseye-security; urgency=high
+ 
+   * Non-maintainer upload by the LTS team.
+   * Add patch to check if HTTP_X_AMZ_COPY_SOURCE header is empty.
+     (Fixes: CVE-2024-47866) (Closes: #1120797)
+   * Add patch to fix subvolume discover during upgrade.
+     (Fixes: CVE-2022-0670) (Closes: #1016069)
+ 
+  -- Utkarsh Gupta <utkarsh@debian.org>  Mon, 15 Dec 2025 17:48:10 +0530
+ 
+ ceph (14.2.21-1+deb11u1) bullseye-security; urgency=medium
+ 
+   [ Thomas Goirand ]
+   * CVE-2022-3650: privilege escalation from the ceph user to root. Applied
+     upstream patches (Closes: #1024932).
+ 
+   [ Bastien Roucariès ]
+   * CVE-2021-3979:
+     A key length flaw was found. An attacker can exploit the
+     fact that the key length is incorrectly passed in an
+     encryption algorithm to create a non random key,
+     which is weaker and can be exploited for loss of
+     confidentiality and integrity on encrypted disks.
+   * CVE-2023-43040 rgw: Fix bucket validation against POST policies
+     (Closes: #1053690)
+   * CVE-2025-52555: an unprivileged user can escalate to root
+     privileges in a ceph-fuse mounted CephFS by chmod 777
+     a directory owned by root to gain access. The result
+     of this is that a user could read, write and execute
+     to any directory owned by root as long as they chmod
+     777 it. This impacts confidentiality, integrity, and availability.
+     (Closes: #1108410)
+ 
+  -- Bastien Roucariès <rouca@debian.org>  Mon, 22 Sep 2025 22:55:44 +0200
  
  ceph (14.2.21-1) unstable; urgency=high
  

diff --cc debian/patches/series
index 79da3ce4bed9e1c9030ee0560e6c3e7e6a6bf9e4,be2fc305757886646c0877182949cb7ad97bff3f..337cbcc0894469d9951fd37460b3bcc1d27ad779
--- 1/debian/patches/series
--- 2/debian/patches/series
+++ b/debian/patches/series
@@@ -20,5 -17,11 +17,13 @@@ cmake_add_1.74_to_known_versions.patc
  another-cmakelists-fix.patch
  fix-ceph-osd-systemd-target.patch
  allow-bgp-to-host.patch
+ CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch
+ CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch
+ CVE-2021-3979.patch
+ CVE-2023-43040.patch
+ CVE-2025-52555-1.patch
+ CVE-2025-52555-2.patch
+ CVE-2022-0670.patch
+ CVE-2024-47866.patch
 +detect-raspbian.diff
 +remove-problematic-gitattributes-files.patch