Created attachment 217234 [details] svn diff of the upgrade Has passed: portline -A poudriere testport Release info: We're happy to announce the availability of the eleventh release in the Nautilus series. This release brings a number of bugfixes across all major components of Ceph. We recommend that all Nautilus users upgrade to this release. Notable Changes --------------- * RGW: The `radosgw-admin` sub-commands dealing with orphans -- `radosgw-admin orphans find`, `radosgw-admin orphans finish`, `radosgw-admin orphans list-jobs` -- have been deprecated. They have not been actively maintained and they store intermediate results on the cluster, which could fill a nearly-full cluster. They have been replaced by a tool, currently considered experimental, `rgw-orphan-list`. * Now when noscrub and/or nodeep-scrub flags are set globally or per pool, scheduled scrubs of the type disabled will be aborted. All user initiated scrubs are NOT interrupted. * Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443 For the detailed changelog please refer to the blog entry at https://ceph.io/releases/v14-2-11-nautilus-released/
Created attachment 217235 [details] Upgrades diff, this time with correct sha1 ID Forgot to update the final sha, which is compiled in for ceph -v
^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval Attachment -> Details -> maintainer-approval [+] Also, If you could obsolete the prior patch that would be great Additionally, the 14.2.10 changelog notes a security fix: CVE-2020-10753: rgw: sanitize newlines in s3 CORSConfiguration’s ExposeHeader (William Bowling, Adam Mohammed, Casey Bodley) If this .9 -> .11 cannot/shouldn't be merged to quarterly (it is a bugfix release), then a separate patch for .9 -> .10 should be produced such that that update can be committed first and merged to quarterly I would opt for merging the .9 -> .11 update unless there is a good reason not to. Pending security/VuXML entry
(In reply to Kubilay Kocak from comment #2) Update patch 1 obsoletion, and maintainer approval. Further I did not have time to import 14.2.10 when it was released. So I more or less missed the release of that, including the CVE. I hope that this patch can go in as one, since making it build in both ports and poudriere, and doing so basic QA takes quite some time. From the pending, I conclude that I also need to add that CVE to security/VuXML??
(In reply to Willem Jan Withagen from comment #3) I'm with koobs here, we should just request MFH for the .11 If you could update the PR with vuxml diff that'd be great, otherwise I'll take care of that before committing.
Created attachment 217265 [details] vuxml description for CVE-2020-20753 Describes the CVE which was fixed in Ceph 14.2.10
Approved for 2020Q3 joneum (ports-secteam)
(In reply to Willem Jan Withagen from comment #5) With the patch in this PR I get build failures. https://packages.smeets.xyz/logs/bulk/111amd64-ports-dev/2020-08-16_20h11m14s/logs/errors/ceph14-14.2.11.log https://packages.smeets.xyz/logs/bulk/12amd64-ports-dev/2020-08-16_20h12m49s/logs/errors/ceph14-14.2.11.log JAILNAME VERSION ARCH METHOD TIMESTAMP PATH 111amd64 11.4-RELEASE amd64 ftp 2020-06-17 16:42:41 /usr/local/poudriere/jails/111amd64 12amd64 12.1-RELEASE-p6 amd64 ftp 2020-06-17 16:49:41 /usr/local/poudriere/jails/12amd64
(In reply to Florian Smeets from comment #7) Arrrg, sorry about that I send the diff the second time against the /usr/ports/ version, instead of what I had in poudriere. That had the fix for repairing the odd way that the Linux version has incorporated libfmt.... I'll upload a new patch
Created attachment 217269 [details] Upgrades diff, this time with extra files
^Triage: Leave merge-quarterly flag open (?) until merge
A commit references this bug: Author: flo Date: Mon Aug 17 20:10:05 UTC 2020 New revision: 545184 URL: https://svnweb.freebsd.org/changeset/ports/545184 Log: Document ceph vulnerability PR: 248673 Submitted by: Willem Jan Withagen <wjw@digiware.nl> Changes: head/security/vuxml/vuln.xml
A commit references this bug: Author: flo Date: Mon Aug 17 20:15:52 UTC 2020 New revision: 545185 URL: https://svnweb.freebsd.org/changeset/ports/545185 Log: Update to 14.2.11 Release info: We're happy to announce the availability of the eleventh release in the Nautilus series. This release brings a number of bugfixes across all major components of Ceph. We recommend that all Nautilus users upgrade to this release. Notable Changes --------------- * RGW: The `radosgw-admin` sub-commands dealing with orphans -- `radosgw-admin orphans find`, `radosgw-admin orphans finish`, `radosgw-admin orphans list-jobs` -- have been deprecated. They have not been actively maintained and they store intermediate results on the cluster, which could fill a nearly-full cluster. They have been replaced by a tool, currently considered experimental, `rgw-orphan-list`. * Now when noscrub and/or nodeep-scrub flags are set globally or per pool, scheduled scrubs of the type disabled will be aborted. All user initiated scrubs are NOT interrupted. * Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443 For the detailed changelog please refer to the blog entry at https://ceph.io/releases/v14-2-11-nautilus-released/ PR: 248673 Submitted by: Willem Jan Withagen <wjw@digiware.nl> MFH: 2020Q3 Security: f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621 Changes: head/net/ceph14/Makefile head/net/ceph14/distinfo head/net/ceph14/files/file-git_version head/net/ceph14/files/patch-src_msg_async_frames_v2.cc.diff head/net/ceph14/files/patch-src_rgw_rgw_lc.cc.diff head/net/ceph14/files/patch-src_rgw_rgw_main.cc.diff head/net/ceph14/pkg-plist
A commit references this bug: Author: flo Date: Mon Aug 17 20:19:13 UTC 2020 New revision: 545186 URL: https://svnweb.freebsd.org/changeset/ports/545186 Log: MFH: r545185 Update to 14.2.11 Release info: We're happy to announce the availability of the eleventh release in the Nautilus series. This release brings a number of bugfixes across all major components of Ceph. We recommend that all Nautilus users upgrade to this release. Notable Changes --------------- * RGW: The `radosgw-admin` sub-commands dealing with orphans -- `radosgw-admin orphans find`, `radosgw-admin orphans finish`, `radosgw-admin orphans list-jobs` -- have been deprecated. They have not been actively maintained and they store intermediate results on the cluster, which could fill a nearly-full cluster. They have been replaced by a tool, currently considered experimental, `rgw-orphan-list`. * Now when noscrub and/or nodeep-scrub flags are set globally or per pool, scheduled scrubs of the type disabled will be aborted. All user initiated scrubs are NOT interrupted. * Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443 For the detailed changelog please refer to the blog entry at https://ceph.io/releases/v14-2-11-nautilus-released/ PR: 248673 Submitted by: Willem Jan Withagen <wjw@digiware.nl> Security: f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621 Approved by: ports-secteam (joneum) Changes: _U branches/2020Q3/ branches/2020Q3/net/ceph14/Makefile branches/2020Q3/net/ceph14/distinfo branches/2020Q3/net/ceph14/files/file-git_version branches/2020Q3/net/ceph14/files/patch-src_msg_async_frames_v2.cc.diff branches/2020Q3/net/ceph14/files/patch-src_rgw_rgw_lc.cc.diff branches/2020Q3/net/ceph14/files/patch-src_rgw_rgw_main.cc.diff branches/2020Q3/net/ceph14/pkg-plist