From: Raspbian automatic forward porter Date: Tue, 3 Feb 2026 02:28:28 +0000 (+0000) Subject: Merge version 14.2.21-1+rpi1 and 14.2.21-1+deb11u2 to produce 14.2.21-1+rpi1+deb11u2 X-Git-Tag: archive/raspbian/14.2.21-1+rpi1+deb11u2^0 X-Git-Url: https://dgit.raspbian.org/%22http://www.example.com/cgi/%22/%22http:/www.example.com/cgi/%22?a=commitdiff_plain;h=55ddf23693a28c29215060c2c0fcafcc6aa3ddaf;p=ceph.git Merge version 14.2.21-1+rpi1 and 14.2.21-1+deb11u2 to produce 14.2.21-1+rpi1+deb11u2 --- 55ddf23693a28c29215060c2c0fcafcc6aa3ddaf diff --cc debian/changelog index 172276856,9349c7805..15998ddb2 --- a/debian/changelog +++ b/debian/changelog @@@ -1,15 -1,37 +1,50 @@@ - ceph (14.2.21-1+rpi1) bullseye-staging; urgency=medium ++ceph (14.2.21-1+rpi1+deb11u2) bullseye-staging; urgency=medium + + [changes brought forward from 10.2.5-7.2+rpi1 by Peter Michael Green at Sun, 30 Jul 2017 09:48:17 +0000] + * Add Raspbian to lists of "debian-like" distros. + + Hopefully this will fix site-packages vs dist-packages + build failure in Raspbian. + + [changes introduced in 14.2.5-3+rpi1 by Peter Michael Green] + * Remove problematic gitattributes files. + * Disable neon on armhf too. + - -- Raspbian forward porter Fri, 04 Jun 2021 01:22:25 +0000 ++ -- Raspbian forward porter Tue, 03 Feb 2026 02:28:27 +0000 ++ + ceph (14.2.21-1+deb11u2) bullseye-security; urgency=high + + * Non-maintainer upload by the LTS team. + * Add patch to check if HTTP_X_AMZ_COPY_SOURCE header is empty. + (Fixes: CVE-2024-47866) (Closes: #1120797) + * Add patch to fix subvolume discover during upgrade. + (Fixes: CVE-2022-0670) (Closes: #1016069) + + -- Utkarsh Gupta Mon, 15 Dec 2025 17:48:10 +0530 + + ceph (14.2.21-1+deb11u1) bullseye-security; urgency=medium + + [ Thomas Goirand ] + * CVE-2022-3650: privilege escalation from the ceph user to root. Applied + upstream patches (Closes: #1024932). + + [ Bastien Roucariès ] + * CVE-2021-3979: + A key length flaw was found. An attacker can exploit the + fact that the key length is incorrectly passed in an + encryption algorithm to create a non random key, + which is weaker and can be exploited for loss of + confidentiality and integrity on encrypted disks. + * CVE-2023-43040 rgw: Fix bucket validation against POST policies + (Closes: #1053690) + * CVE-2025-52555: an unprivileged user can escalate to root + privileges in a ceph-fuse mounted CephFS by chmod 777 + a directory owned by root to gain access. The result + of this is that a user could read, write and execute + to any directory owned by root as long as they chmod + 777 it. This impacts confidentiality, integrity, and availability. + (Closes: #1108410) + + -- Bastien Roucariès Mon, 22 Sep 2025 22:55:44 +0200 ceph (14.2.21-1) unstable; urgency=high diff --cc debian/patches/series index 79da3ce4b,be2fc3057..337cbcc08 --- a/debian/patches/series +++ b/debian/patches/series @@@ -20,5 -17,11 +17,13 @@@ cmake_add_1.74_to_known_versions.patc another-cmakelists-fix.patch fix-ceph-osd-systemd-target.patch allow-bgp-to-host.patch + CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch + CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch + CVE-2021-3979.patch + CVE-2023-43040.patch + CVE-2025-52555-1.patch + CVE-2025-52555-2.patch + CVE-2022-0670.patch + CVE-2024-47866.patch +detect-raspbian.diff +remove-problematic-gitattributes-files.patch