ceph-volume: honour osd_dmcrypt_key_size option

ceph-volume doesn't honour osd_dmcrypt_key_size.
It means the default size is always applied.

It also changes the default value in `get_key_size_from_conf()`

From cryptsetup manpage:

> For XTS mode you can optionally set a key size of 512 bits with the -s option.

Using more than 512bits will end up with the following error message:

```
Key size in XTS mode must be 256 or 512 bits.
```

Fixes: https://tracker.ceph.com/issues/54006
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 47c33179f9a15ae95cc1579a421be89378602656)

origin: https://github.com/ceph/ceph/commit/f69339e00f582ec64b843ff58b66817975fca0d7
bug: https://tracker.ceph.com/issues/54006

Gbp-Pq: Name CVE-2021-3979.patch

CVE-2022-3650: ceph-crash: fix stderr handling

Bug: a77b47eeeb5770eeefcf4619ab2105ee7a6a003e
Signed-off-by: Tim Serong <tserong@suse.com>
Bug-Debian: https://bugs.debian.org/1024932
Origin: upstream, https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439
Last-Update: 2022-11-28

Popen.communicate() returns a tuple (stdout, stderr), and stderr
will be of type bytes, hence the need to decode it before checking
if it's an empty string or not.

Gbp-Pq: Name CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch

CVE-2022-3650: ceph-crash: drop privleges to run as "ceph" user, rather than root

Bug: https://tracker.ceph.com/issues/57967
Signed-off-by: Tim Serong <tserong@suse.com>
Origin: upstream, https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382
Bug-Debian: https://bugs.debian.org/1024932
Last-Update: 2022-11-28

If privileges cannot be dropped, log an error and exit.  This commit
also catches and logs exceptions when scraping the crash path, without
which ceph-crash would just exit if it encountered an error.

Gbp-Pq: Name CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch

allow BGP-to-the-host style binding

Forwarded: no
Last-Update: 2021-04-21

Gbp-Pq: Name allow-bgp-to-host.patch

Fix systemd ceph-osd.target

Forwarded: no
Last-Update: 2021-01-28

This helps when rebooting.

Gbp-Pq: Name fix-ceph-osd-systemd-target.patch

Another cmakelists fix

Forwarded: no
Last-Update: 2021-01-08

This fixes the last Boost 1.74 compatibility problems.

Gbp-Pq: Name another-cmakelists-fix.patch

cmake: add 1.74 to known versions

Bug-Debian: https://bugs.debian.org/977243
Origin: upstream, https://github.com/ceph/ceph/commit/b6a94da6149e50bdd43752919d7c01b04c59f79e.patch
Last-Update: 2020-12-13

Gbp-Pq: Name cmake_add_1.74_to_known_versions.patch

cmake: define BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT for

Signed-off-by: Kefu Chai <kchai@redhat.com>
Origin: upstream, https://github.com/ceph/ceph/commit/3d708219092d0e89a1434c30ffc8a4999f062cc0.patch
Bug-Debian: https://bugs.debian.org/977243
Last-Update: 2021-03-24

Boost.Asio users

see also
https://www.boost.org/doc/libs/1_74_0/doc/html/boost_asio/std_executors.html#boost_asio.std_executors.polymorphic_i_o_executor

we could use `asio::any_io_executor` later on though for better
performance.

also, define CMP0093, so FindBoost reports Boost_VERSION in x.y.z
format. it is simpler to use `VERSION_GREATER_EQUAL` to compare its
version with 1.74 instead of its C macro version ("107000").

Gbp-Pq: Name cmake_define_BOOST_ASIO_USE_TS_EXECUTOR_AS_DEFAULT_for_Boost.Asio_users.patch

Make Ceph Python 3.9 aware

Forwarded: no
Last-Update: 2020-11-28

Add versions of interpreters Ceph didn't know about.

Gbp-Pq: Name make-ceph-python-3.9-aware.patch

mds-purgequeue-use_uint64_t

===================================================================

Gbp-Pq: Name mds-purgequeue-use_uint64_t.patch

Link with -pthread instead of -lpthread to fix FTBFS on riscv64

Forwarded: no
Last-Update: 2020-03-01

Gbp-Pq: Name riscv64-link-pthread.patch

add-option-to-disable-ceph-dencoder

===================================================================

Gbp-Pq: Name add-option-to-disable-ceph-dencoder.patch

fix-bash-completion-location

Gbp-Pq: Name fix-bash-completion-location

debian-armel-armhf-buildflags

Gbp-Pq: Name debian-armel-armhf-buildflags.patch

[PATCH] os/bluestore/BlueFS: use uint64_t for `len`

change the type of parameter `len` of `BlueFS::_read_random()` from
`size_t` to `uint64_t`.

i think the type of `size_t` comes from
`rocksdb::RandomAccessFile::Read(uint64_t offset, size_t n,
rocksdb::Slice* result, char* scratch)`. and when we implement this
method, we continued using `n`'s type. but, we are using it with
`std::min()`, for instance, where the template parameter type deduction
fails if the lhs and rhs parameters' types are different. so probaly the
better solution is to use `uint64_t` directly to avoid the the cast and
specializing the template.

Signed-off-by: Kefu Chai <kchai@redhat.com>
Gbp-Pq: Name bluefs-use-uint64_t-for-len.patch

Adds max_connections to test display.

Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable_test.patch

Makes SOMAXCONN user-configurable.

Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/febab7dc38c9671577603425c54c20f841e27f97
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable.patch

Adds max_connections to reference configuration.

Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109

Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable_conf.patch

Avoid use of size_t when necessary

Forwarded: no

On 32 bit architectures size_t is not a 64 bit type, which
causes comparison mismatch failures during compilation.

Gbp-Pq: Name 32bit-avoid-size_t.patch

Avoid overloading on 32 bit architectures

Forwarded: no

unsigned and size_t are equivalent on 32 bit architectures,
so only define the size_t based overload of advance on 64
bit architectures.
https://wiki.debian.org/ArchitectureSpecificsMemo

Gbp-Pq: Name 32bit-avoid-overloading.patch

disable-crypto

===================================================================

Gbp-Pq: Name disable-crypto.patch

use --release 7 instead of -source/-target

Bug-Ubuntu: https://launchpad.net/bugs/1756854
Bug-Ubuntu: https://launchpad.net/bugs/1766998
Forwarded: no
Last-Update: 2018-04-24

Instead of -source/-target ceph should be build with --release for OpenJDK 9
or later so that the bootclasspath is also set, as per JEP-247, otherwise it
risks incurring into binary incompatibility when run with an earlier OpenJDK.
OpenJDK 11 minimum compatibility release has been updated to 7.
Last-Update: 2018-04-24
Gbp-Pq: Name update-java-source-target-flags.patch

ceph (14.2.21-1+deb11u2) bullseye-security; urgency=high

  * Non-maintainer upload by the LTS team.
  * Add patch to check if HTTP_X_AMZ_COPY_SOURCE header is empty.
    (Fixes: CVE-2024-47866) (Closes: #1120797)
  * Add patch to fix subvolume discover during upgrade.
    (Fixes: CVE-2022-0670) (Closes: #1016069)

[dgit import unpatched ceph 14.2.21-1+deb11u2]

Import ceph_14.2.21-1+deb11u2.debian.tar.xz

[dgit import tarball ceph 14.2.21-1+deb11u2 ceph_14.2.21-1+deb11u2.debian.tar.xz]

Import ceph_14.2.21.orig.tar.gz

[dgit import orig ceph_14.2.21.orig.tar.gz]