summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Pritha Srivastava [Tue, 5 Nov 2024 06:33:00 +0000 (12:03 +0530)]
[PATCH] [CVE-2024-48916] rgw/sts: fix to disallow unsupported JWT algorithms while authenticating AssumeRoleWithWebIdentity using JWT obtained from an external IDP.
fixes: https://tracker.ceph.com/issues/68836
Signed-off-by: Pritha Srivastava <prsrivas@redhat.com>
Gbp-Pq: Name CVE-2024-48916.patch
Adam C. Emerson [Fri, 8 Jul 2022 18:58:16 +0000 (14:58 -0400)]
CVE-2022-3854: rgw: Guard against malformed bucket URLs
Fixes: https://tracker.ceph.com/issues/55765
Fixes: https://tracker.ceph.com/issues/56586
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Signed-off-by: Adam C. Emerson <aemerson@redhat.com>
Origin: upstream, https://github.com/ceph/ceph/pull/47194/commits/
9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch
Bug-Debian: https://bugs.debian.org/
1027151
Last-Update: 2022-01-09
Misplaced colons can result in radosgw thinking is has a bucket URL
but with no bucket name, leading to a crash later on.
Gbp-Pq: Name CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch
Eric Long [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Fix CheckCxxAtomic to detect more accurately
Last-Update: 2022-08-30
Some platforms like riscv64 does not have full support for atomic primitives,
yet passes the test. Adding operator++ fixes this issue.
Gbp-Pq: Name fix-CheckCxxAtomic-riscv64.patch
Shengjing Zhu [Sun, 31 Jul 2022 07:27:17 +0000 (15:27 +0800)]
Fix build with fmt 8/9
+ changes in segment_manager.cc and segment_manager.h are backported from
part of the large changes in https://github.com/ceph/ceph/commit/
d5b0cd13
+ change in node_extent_accessor.h is not forwarded to upstream since it's
a workaround. However it doesn't harm since it's just a error message
which shouldn't happen anyway.
+ changes in seastar is backported from
https://github.com/scylladb/seastar/commit/
dfb62861
+ changes in crimson/osd/main.cc is backported from
https://github.com/ceph/ceph/commit/
58cb9bac
Gbp-Pq: Name Fix-build-with-fmt-8-9.patch
Rosen Penev [Tue, 12 Nov 2019 21:56:53 +0000 (13:56 -0800)]
Only yield under ARMv7 and above (#1176)
Origin: upstream, https://github.com/facebook/folly/commit/
62d8e6e0b91ebd6f878f3066cd9b6e5f3c18a97b.patch
Last-Update: 2021-11-24
Gbp-Pq: Name only-yied-under-armv7-and-above.patch
Kefu Chai [Tue, 23 Nov 2021 16:40:54 +0000 (00:40 +0800)]
cmake: test for 16-byte atomic support on mips also
Origin: upstream, https://github.com/ceph/ceph/commit/
709a77f22010f03aee4a4c0ab930588944cb4a58
Last-Update: 2021-11-24
it's reported that a mips64el build host is able to pass the test of
CheckCxxAtomic without linking against libatomic, while librbd.so
fails to link due to failures like
/usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_store_16'
/usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_load_16'
/usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_compare_exchange_16'
so we have to check the existence of __atomic_load_16 instruction on
mips architecture.
Gbp-Pq: Name cmake-test-for-16-bytes-atomic-support-on-mips-also.patch
Matthew Vernon [Thu, 4 Feb 2021 11:41:14 +0000 (11:41 +0000)]
[PATCH] rgw/radosgw-admin clarify error when email address already in use
The error message if you try and create an S3 user with an email
address that is already associated with another S3 account is very
confusing; this patch makes it much clearer
To reproduce:
radosgw-admin user create --uid=foo --display-name="Foo test" --email=bar@domain.invalid
radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to parse parameters, user id mismatch, operation id: foo does not match: test
With this patch:
radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid
could not create user: unable to create user test because user id foo already exists with email bar@domain.invalid
Fixes: https://tracker.ceph.com/issues/49137
Fixes: https://tracker.ceph.com/issues/19411
Signed-off-by: Matthew Vernon <mv3@sanger.ac.uk>
(cherry picked from commit
05318d6f71e45a42a46518a0ef17047dfab83990)
Gbp-Pq: Name bug1914584.patch
Kefu Chai [Sun, 29 Aug 2021 14:24:30 +0000 (22:24 +0800)]
[PATCH] arch,cmake: compile ppc.c on all powerpc machines
* cmake/modules/SIMDExt.cmake: define HAVE_PPC for 32-bit PowerPC.
* src/arch/CMakeLists.txt: compile ppc.c for all PowerPC architectures,
including powerpc (32-bit PowerPC), ppc64el (64-bit Little Endian
PowerPC) and ppc64 (64-bit Big Endian PowerPC).
before this change, ppc.c is only compiled if HAVE_POWER8 is defined.
but Power8 is a 64-bit PowerPC architecture. while in src/arch/probe.cc,
we check for `defined(__powerpc__) || defined(__ppc__)`, if this is
true, ceph_arch_ppc_probe() is used to check for the support of
Altivec. but on non-power8 PowerPC machines, the linker fails to find the
symbols like ceph_arch_ppc_probe(), as ppc.c is not compiled on them.
in this change, ppc.c is compiled on all PowerPC architectures, so that
ceph_arch_ppc_probe() is also available on non-power8 machines. this
change does not impact the behavior of non-power8 machines. because
on them, the runtime check would fail to detect the existence of
PPC_FEATURE2_VEC_CRYPTO instructions.
Reported-by: Mattias Ellert <mattias.ellert@physics.uu.se>
Signed-off-by: Kefu Chai <tchaikov@gmail.com>
Gbp-Pq: Name compile-ppc.c-on-all-powerpc-machines.patch
Thomas Goirand [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Fix systemd ceph-osd.target
Forwarded: no
Last-Update: 2021-01-28
This helps when rebooting.
Gbp-Pq: Name fix-ceph-osd-systemd-target.patch
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Link with -pthread instead of -lpthread to fix FTBFS on riscv64
Forwarded: no
Last-Update: 2020-03-01
Gbp-Pq: Name riscv64-link-pthread.patch
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
add-option-to-disable-ceph-dencoder
===================================================================
Gbp-Pq: Name add-option-to-disable-ceph-dencoder.patch
James Page [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Misc fixes for 32 bit architecture builds.
Forwarded: no
Gbp-Pq: Name 32bit-fixes.patch
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
fix-bash-completion-location
Gbp-Pq: Name fix-bash-completion-location
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
debian-armel-armhf-buildflags
Gbp-Pq: Name debian-armel-armhf-buildflags.patch
Jesse Williamson [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Adds max_connections to test display.
Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/
3b8eb36676f70d06f8918ccf62029207c49cdda0
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable_test.patch
Jesse Williamson [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Makes SOMAXCONN user-configurable.
Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/
febab7dc38c9671577603425c54c20f841e27f97
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable.patch
Jesse Williamson [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Adds max_connections to reference configuration.
Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/
3b8eb36676f70d06f8918ccf62029207c49cdda0
Bug: https://github.com/civetweb/civetweb/issues/775
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/
1838109
Gbp-Pq: Name civetweb-755-1.8-somaxconn-configurable_conf.patch
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
disable-crypto
===================================================================
Gbp-Pq: Name disable-crypto.patch
Tiago Stürmer Daitx [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
use --release 7 instead of -source/-target
Bug-Ubuntu: https://launchpad.net/bugs/
1756854
Bug-Ubuntu: https://launchpad.net/bugs/
1766998
Forwarded: no
Last-Update: 2018-04-24
Instead of -source/-target ceph should be build with --release for OpenJDK 9
or later so that the bootclasspath is also set, as per JEP-247, otherwise it
risks incurring into binary incompatibility when run with an earlier OpenJDK.
OpenJDK 11 minimum compatibility release has been updated to 7.
Last-Update: 2018-04-24
Gbp-Pq: Name update-java-source-target-flags.patch
Ceph Packaging Team [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
This defines HAVE_REENTRANT_STRSIGNAL as sys_siglist no longer
Forwarded: no
Last-Update: 2020-09-21
exists with glibc 2.32 and all programs should use strsignal instead.
Gbp-Pq: Name enable-strsignal.patch
Daniel Baumann [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
ceph (16.2.15+ds-0+deb12u1) bookworm-security; urgency=medium
* Adding myself to uploaders.
* Updating watch file for ceph 16.
* Merging upstream version 16.2.15:
- 16.2.12: Fix rgw bucket validation against POST policies
[CVE-2023-43040]
* Refreshing 32bit-fixes.patch.
* Removing bug1917414.patch, included upstream.
* Removing patches for CVE-2022-3650, included upstream.
* Cherry-picking patch from upstream to fix authentication bypass in rgw
(Closes: #
1088993) [CVE-2024-48916].
[dgit import unpatched ceph 16.2.15+ds-0+deb12u1]
Daniel Baumann [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Import ceph_16.2.15+ds.orig.tar.xz
[dgit import orig ceph_16.2.15+ds.orig.tar.xz]
Daniel Baumann [Wed, 4 Dec 2024 05:46:17 +0000 (06:46 +0100)]
Import ceph_16.2.15+ds-0+deb12u1.debian.tar.xz
[dgit import tarball ceph 16.2.15+ds-0+deb12u1 ceph_16.2.15+ds-0+deb12u1.debian.tar.xz]
projects / ceph.git / log