-
ceph (10.2.11-0ubuntu0.16.04.3) xenial-security; urgency=medium
* SECURITY UPDATE: XSS attacks
- debian/patches/CVE-2020-1760-1.patch: reject unauthenticated
response-header actions in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-2.patch: change EPERM to
ERR_INVALID_REQUEST in src/rgw/rgw_rest_s3.cc.
- debian/patches/CVE-2020-1760-3.patch: reject control characters in
response-header actions in src/rgw/rgw_rest_s3.cc.
- CVE-2020-1760
* SECURITY UPDATE: HTTP header injection
- debian/patches/CVE-2020-10753.patch: sanitize newlines in
src/rgw/rgw_cors.cc.
- CVE-2020-10753
-- Marc Deslauriers <email address hidden> Wed, 09 Sep 2020 08:57:28 -0400
-
ceph (10.2.11-0ubuntu0.16.04.2) xenial-security; urgency=medium
* SECURITY UPDATE: incorrect permissions on dm-crypt keys
- debian/patches/CVE-2018-14662.patch: limit caps allowed to access the
store in qa/suites/rados/singleton/all/mon-config-key-caps.yaml,
qa/workunits/mon/test_config_key_caps.sh, src/mon/MonCap.cc.
- CVE-2018-14662
* SECURITY UPDATE: DoS against OMAPs holding bucket indices
- debian/patches/CVE-2018-16846-pre1.patch: enforce bounds on
max-keys/max-uploads/max-parts in src/rgw/rgw_op.cc,
src/rgw/rgw_op.h, src/rgw/rgw_rest.cc, src/rgw/rgw_rest_swift.cc,
src/common/config_opts.h.
- debian/patches/CVE-2018-16846.patch: fix issues with 'enforce bounds'
patch in src/rgw/rgw_op.cc, src/rgw/rgw_op.h, src/rgw/rgw_rest.cc.
- CVE-2018-16846
-- Marc Deslauriers <email address hidden> Wed, 29 May 2019 12:06:34 -0400
-
ceph (10.2.11-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream point release (LP: #1784401).
- d/p/*: Refresh.
* Resolve build hang with RocksDB under i386:
- d/p/0001-CoreLocalArray-class.patch
d/p/0002-core-local-array-type-conversions.patch
d/p/0003-Core-local-statistics.patch: Selected cherry picks
from later Ceph releases with same issue.
-- James Page <email address hidden> Tue, 09 Oct 2018 10:10:23 +0100
-
ceph (10.2.10-0ubuntu0.16.04.1) xenial; urgency=medium
* d/watch: Scope to 10.2.x series, use tarball download site.
* New upstream point release (LP: #1780930).
-- James Page <email address hidden> Wed, 11 Jul 2018 11:10:52 +0100
-
ceph (10.2.9-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream point release (LP: #1706566):
- d/p/sleep-recover.patch: Drop, superceeded by upstream fix.
-- James Page <email address hidden> Tue, 26 Sep 2017 07:39:00 +0100
-
ceph (10.2.7-0ubuntu0.16.04.1) xenial; urgency=medium
[ Billy Olsen ]
* Start ceph-all after static-network-up (LP: #1636322):
- d/p/start-ceph-all-after-network.patch: add dependency on
the static-network-up event before starting ceph-all.
[ James Page ]
* New upstream point release (LP: #1684527):
- d/p/disable-openssl-linking.patch: Dropped, no longer required.
- d/control: Add BD on libssl-dev to support optional runtime
loading of openssl in the radosgw.
-- James Page <email address hidden> Fri, 21 Apr 2017 09:21:10 +0100
-
ceph (10.2.6-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable point release (LP: #1671117):
- d/p/osd-limit-omap-data-in-push-op.patch,rgw_rados-creation_time.patch:
Dropped, included upstream.
- d/p/*: Refresh.
-- James Page <email address hidden> Thu, 09 Mar 2017 16:21:36 +0000
-
ceph (10.2.5-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (LP: #1649856):
- d/p/32bit-ftbfs.patch: Drop, no longer required.
- d/p/*: Refresh.
- d/ceph-common.install: Switch to RSA keys for drop.ceph.com.
* d/rules: Install upstream provided systemd targets and ensure they
are enabled and started on install to ensure that integrations aligned
to upstream packaging work with Ubuntu packages (LP: #1646583).
* d/ceph.*,d/*.logrotate: Install logrotate configuration
in ceph-common, ensuring that all daemons get log rotation on
log files, deal with removal of logrotate configuration in
ceph for upgrades (LP: #1609866).
-- James Page <email address hidden> Wed, 18 Jan 2017 13:59:57 +0000
-
ceph (10.2.3-0ubuntu0.16.04.2) xenial; urgency=medium
* rgw: Fixes for creation times for buckets (LP: #1587261):
- d/p/rgw_rados-creation_time.patch: Backport fix from upstream master.
Fix logic error that leads to creation time being 0 instead of current
time when creating buckets.
ceph (10.2.3-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (LP: #1628809).
- d/p/*: Refresh.
- d/p/rocksdb-flags.patch: Dropped, accepted upstream.
- d/p/32bit-ftbfs.patch: Cherry pick fix for 32bit arch compat.
- d/ceph-{fs-common,fuse}.install: Fix install locations
for mount{.fuse}.ceph.
* Limit the amount of data per chunk in omap push operations to 64k,
ensuring that OSD threads don't hit timeouts during recovery
operations (LP: #1628750):
- d/p/osd-limit-omap-data-in-push-op.patch: Cherry pick fix from
upstream master branch.
-- Frode Nordahl <email address hidden> Fri, 28 Oct 2016 13:50:40 +0200
-
ceph (10.2.3-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (LP: #1628809).
- d/p/*: Refresh.
- d/p/rocksdb-flags.patch: Dropped, accepted upstream.
- d/p/32bit-ftbfs.patch: Cherry pick fix for 32bit arch compat.
- d/ceph-{fs-common,fuse}.install: Fix install locations
for mount{.fuse}.ceph.
* Limit the amount of data per chunk in omap push operations to 64k,
ensuring that OSD threads don't hit timeouts during recovery
operations (LP: #1628750):
- d/p/osd-limit-omap-data-in-push-op.patch: Cherry pick fix from
upstream master branch.
-- James Page <email address hidden> Fri, 30 Sep 2016 09:22:50 +0100
-
ceph (10.2.2-0ubuntu0.16.04.2) xenial; urgency=medium
* d/ceph-common.{preinst,postinst,postrm}: Fix version checks in maintainer
scripts to ensure that /etc/default/ceph actually gets installed on
upgrade (LP: #1587516).
ceph (10.2.2-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (LP: #1585660).
- d/p/drop-user-group-osd-prestart.patch: Dropped, included upstream.
- d/ceph.install: Drop install of 60-ceph-partuuid-workaround.rules, no
longer needed and not shipped by upstream.
* Rename /etc/default/ceph/ceph -> /etc/default/ceph (LP: #1587516):
- d/rules,ceph-common.install: Ensure that /etc/default/ceph is a file
and not a directory.
- d/ceph-common.{preinst,postinst,postrm}: Ensure that rename of
/etc/default/ceph/ceph -> /etc/default/ceph is handled correctly
and that any end-user changes are preserved.
-- James Page <email address hidden> Tue, 19 Jul 2016 10:32:34 +0100
-
ceph (10.2.2-0ubuntu0.16.04.1) xenial; urgency=medium
* New upstream stable release (LP: #1585660).
- d/p/drop-user-group-osd-prestart.patch: Dropped, included upstream.
- d/ceph.install: Drop install of 60-ceph-partuuid-workaround.rules, no
longer needed and not shipped by upstream.
* Rename /etc/default/ceph/ceph -> /etc/default/ceph (LP: #1587516):
- d/rules,ceph-common.install: Ensure that /etc/default/ceph is a file
and not a directory.
- d/ceph-common.{preinst,postinst,postrm}: Ensure that rename of
/etc/default/ceph/ceph -> /etc/default/ceph is handled correctly
and that any end-user changes are preserved.
-- James Page <email address hidden> Thu, 16 Jun 2016 11:53:36 +0100
-
ceph (10.2.0-0ubuntu0.16.04.2) xenial; urgency=medium
* Recompile to resolve miscompilation on s390x architecture. LP:
#1572613
-- Dimitri John Ledkov <email address hidden> Fri, 20 May 2016 04:27:37 +0100
-
ceph (10.2.0-0ubuntu0.16.04.1) xenial; urgency=medium
* Ceph Jewel stable release (LP: #1563714).
-- James Page <email address hidden> Thu, 21 Apr 2016 19:54:54 +0100
-
ceph (10.1.2-0ubuntu1) xenial; urgency=medium
* New upstream release candidate for Ceph Jewel:
- FFe: http://pad.lv/1563714.
- d/p/32bit-compat.patch,tasksmax-infinity.patch: Dropped,
included upstream.
* d/ceph-common.postinst: Silence output of usermod call (LP: #1569249).
-- James Page <email address hidden> Thu, 14 Apr 2016 14:46:58 +0100
-
ceph (10.1.1-0ubuntu1) xenial; urgency=medium
* New upstream release candidate for Ceph Jewel:
- FFe: http://pad.lv/1563714.
- d/p/*: Refresh.
-- James Page <email address hidden> Fri, 08 Apr 2016 16:30:43 +0100
-
ceph (10.1.0-0ubuntu1) xenial; urgency=medium
* New upstream release candidate for Ceph Jewel
(see http://pad.lv/1563714 for FFe):
- d/control,rules,librgw*: Add new binary packages for librgw2.
- d/p/fix-systemd-escaping.patch,pybind-flags.patch: Dropped,
included upstream.
- d/p/*: Refresh remaining patches.
- d/control: Add BD on libldap2-dev for rados gateway.
- d/p/disable-openssl-linking.patch: Disable build time linking
with OpenSSL due to licensing incompatibilities.
- d/*.symbols: Add new symbols for RC.
- d/python-*.install: Correct wildcards for python module install.
- d/p/32bit-compat.patch: Cherry pick upstream fix for 32 bit
compatibility, resolving FTBFS on armhf/i386.
* d/rules: Strip rbd-mirror package correctly.
* d/rules: Install upstart and systemd configurations for rbd-mirror.
* d/copyright: Ensure that jerasure and gf-complete are not stripped
from the upstream release tarball.
* d/p/drop-user-group-osd-prestart.patch: Drop --setuser/--setgroup
arguments from call to ceph-osd-prestart.sh; they are not supported
and generate spurious non-fatal warning messages (LP: #1557461).
* d/p/tasksmax-infinity.patch: Drop systemd limitation of number of
processes and threads to long running ceph processes; the default
of 512 tasks is way to low for even a modest Ceph cluster
(LP: #1564917).
* d/rules: Ensure that dh_systemd_start does not insert maintainer
script snippets for ceph-mon and ceph-create-keys - service restart
should be handled outside of the packaging as it is under upstart
and for all other systemd unit files installed (LP: #1563330).
-- James Page <email address hidden> Wed, 06 Apr 2016 09:17:59 +0100
-
ceph (10.0.5-0ubuntu1) xenial; urgency=medium
* New upstream point release, in preparation for Ceph Jewel.
- d/p/*: Refresh patches
- d/control: Enable rbd-mirror(-dbg) packages.
- d/control: Add BD on libboost-iostreams-dev.
- d/p/skip-setup.py-makefiles.patch,rules: Avoid use of virtualenv
to install ceph-disk and ceph-detect-init python modules.
-- James Page <email address hidden> Wed, 23 Mar 2016 14:07:58 +0000
-
ceph (10.0.3-0ubuntu1) xenial; urgency=medium
* New upstream point release, in preparation for Ceph Jewel.
- d/p/*: Refresh patches
- d/rules,d/p/rocksdb-flags.patch: Enable rocksdb build for
experimental bluestore support, add patch to set g++ flags
correctly across all Ubuntu archs.
- d/rules: Enable gperftools use on arm64 architecture.
- d/ceph.install: Add ceph-bluefs-tool to install.
* d/*: wrap-and-sort.
-- James Page <email address hidden> Fri, 18 Mar 2016 10:41:37 +0000
-
ceph (10.0.2-0ubuntu1) xenial; urgency=medium
* New upstream release, in preparation for Ceph Jewel stable release:
- d/control: Add python-dev to BD's.
- d/p/pybind-flags.patch: Ensure that python flags are correct
set for cython rbd build.
- d/python-rbd.install: Switch rbd python binding to cython.
- d/p/modules.patch: Dropped, no longer required as upstream.
- d/control,rbd-nbd.*,rules: Add rbd-nbd package.
- d/p/*: Tidy old redundant patches.
-- James Page <email address hidden> Thu, 18 Feb 2016 08:07:30 +0000
-
ceph (9.2.0-0ubuntu6) xenial; urgency=medium
* d/ceph-mds.dirs: Actually create /var/lib/ceph/mds prior to changing
permissions (LP: #1544647).
* d/ceph.init: Restore link to init-ceph, resolving un-install failures
due to missing init script (LP: #1546112).
-- James Page <email address hidden> Wed, 17 Feb 2016 10:33:24 +0000
-
ceph (9.2.0-0ubuntu5) xenial; urgency=medium
[ guessi ]
* d/ceph-mds.postinst: Fixup syntax error (LP: #1544647).
-- James Page <email address hidden> Tue, 16 Feb 2016 12:54:16 +0000
-
ceph (9.2.0-0ubuntu4) xenial; urgency=medium
* d/p/fix-systemd-escaping.patch: Ensure that leading '/' is stripped
from block device paths when escaping for use in systemd unit
names.
-- James Page <email address hidden> Tue, 09 Feb 2016 11:03:03 +0000
-
ceph (9.2.0-0ubuntu3) xenial; urgency=medium
* d/ceph{-common}.install: Move ceph_daemon module to common package
as its required to use the ceph command.
* d/rules: Disable parallel builds on arm64, resolving FTBFS due to
memory constraints in builders.
-- James Page <email address hidden> Fri, 15 Jan 2016 10:00:47 +0200
-
ceph (9.2.0-0ubuntu2) xenial; urgency=medium
* d/control: Fixup broken Breaks/Replaces for backports to 14.04.
-- James Page <email address hidden> Wed, 06 Jan 2016 10:46:19 +0000
-
ceph (9.2.0-0ubuntu1) xenial; urgency=medium
* [754935] Imported Upstream version 9.2.0
- [df85c3] Resync relevant packaging changes with upstream.
- [be5f82] Refresh patches.
- [d1f3fe] Add python-setuptools to BD's for ceph-detect-init.
- [b2f926] Add lsb-release to BD's to ensure that python modules are
installed to correct locations.
- [e4d702] Add python-sphinx to BD's to ensure man pages get generated
and installed.
- [3ead6e] Correct install location for ceph-monstore-update tool.
- [269754] [177b7a] Update symbols for new release.
* [4c45629] Update NEWS file for infernalis changes.
* [940491e] Limit number of parallel builds to 2 to reduce memory footprint
on builders.
-- James Page <email address hidden> Wed, 09 Dec 2015 18:02:30 +0000
-
ceph (0.94.5-0ubuntu1) xenial; urgency=medium
* New upstream release (LP: #1512292):
- d/p/*: Refresh.
- d/p/ceph-radosgw-init.patch: Dropped, included upstream.
- d/*.symbols: Refresh.
* d/p/modules.patch: Add jerasure_neon and shec erasure coding plugins
to generate unversioned so's for plugin loading (LP: #1507244).
* d/rules: Ensure that any remaining versioned so's are dropped from
the packaging - this is all test code (LP: #1507244).
-- James Page <email address hidden> Mon, 02 Nov 2015 14:47:31 +0000
-
ceph (0.94.3-0ubuntu2) wily; urgency=medium
* d/ceph.install: Drop ceph-deploy manpage from packaging, provided
by ceph-deploy itself (LP: #1475910).
-- James Page <email address hidden> Mon, 07 Sep 2015 14:42:03 +0100