Bug 248673

Summary: net/ceph14: Update to 14.2.11
Product: Ports & Packages Reporter: Willem Jan Withagen <wjw>
Component: Individual Port(s)Assignee: Florian Smeets <flo>
Status: Closed FIXED    
Severity: Affects Many People CC: flo, joneum, ports-secteam, wjw
Priority: Normal Keywords: needs-patch, needs-qa, security
Version: LatestFlags: koobs: maintainer-feedback+
koobs: merge-quarterly?
Hardware: Any   
OS: Any   
URL: https://ceph.io/releases/v14-2-11-nautilus-released/
Attachments:
Description Flags
svn diff of the upgrade
none
Upgrades diff, this time with correct sha1 ID
wjw: maintainer-approval+
vuxml description for CVE-2020-20753
wjw: maintainer-approval+
Upgrades diff, this time with extra files none

Description Willem Jan Withagen 2020-08-15 18:15:35 UTC
Created attachment 217234 [details]
svn diff of the upgrade

Has passed:
    portline -A
    poudriere testport

Release info:
We're happy to announce the availability of the eleventh release in the
Nautilus series. This release brings a number of bugfixes across all
major components of Ceph. We recommend that all Nautilus users upgrade
to this release.

Notable Changes
---------------
* RGW: The `radosgw-admin` sub-commands dealing with orphans --
  `radosgw-admin orphans find`, `radosgw-admin orphans finish`,
  `radosgw-admin orphans list-jobs` -- have been deprecated. They
  have not been actively maintained and they store intermediate
  results on the cluster, which could fill a nearly-full cluster.
  They have been replaced by a tool, currently considered
  experimental, `rgw-orphan-list`.

* Now when noscrub and/or nodeep-scrub flags are set globally or per pool,
  scheduled scrubs of the type disabled will be aborted. All user initiated
  scrubs are NOT interrupted.

* Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode
  the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443

For the detailed changelog please refer to the blog entry at
https://ceph.io/releases/v14-2-11-nautilus-released/
Comment 1 Willem Jan Withagen 2020-08-15 18:38:31 UTC
Created attachment 217235 [details]
Upgrades diff, this time with correct sha1 ID

Forgot to update the final sha, which is compiled in for ceph -v
Comment 2 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-16 02:20:45 UTC
^Triage: Please set the maintainer-approval attachment flag (to +) on patches for ports you maintain to signify approval

Attachment -> Details -> maintainer-approval [+]

Also, If you could obsolete the prior patch that would be great

Additionally, the 14.2.10 changelog notes a security fix:

CVE-2020-10753: rgw: sanitize newlines in s3 CORSConfiguration’s ExposeHeader (William Bowling, Adam Mohammed, Casey Bodley)

If this .9 -> .11 cannot/shouldn't be merged to quarterly (it is a bugfix release), then a separate patch for .9 -> .10 should be produced such that that update can be committed first and merged to quarterly

I would opt for merging the .9 -> .11 update unless there is a good reason not to.

Pending security/VuXML entry
Comment 3 Willem Jan Withagen 2020-08-16 11:44:05 UTC
(In reply to Kubilay Kocak from comment #2)

Update patch 1 obsoletion, and maintainer approval.

Further I did not have time to import 14.2.10 when it was released.
So I more or less missed the release of that, including the CVE.

I hope that this patch can go in as one, since making it build in both ports and poudriere, and doing so basic QA takes quite some time.

From the pending, I conclude that I also need to add that CVE to security/VuXML??
Comment 4 Florian Smeets freebsd_committer 2020-08-16 11:49:25 UTC
(In reply to Willem Jan Withagen from comment #3)
I'm with koobs here, we should just request MFH for the .11

If you could update the PR with vuxml diff that'd be great, otherwise I'll take care of that before committing.
Comment 5 Willem Jan Withagen 2020-08-16 17:56:03 UTC
Created attachment 217265 [details]
vuxml description for CVE-2020-20753

Describes the CVE which was fixed in Ceph 14.2.10
Comment 6 Jochen Neumeister freebsd_committer 2020-08-16 18:05:21 UTC
Approved for 2020Q3

joneum (ports-secteam)
Comment 7 Florian Smeets freebsd_committer 2020-08-16 20:12:13 UTC
(In reply to Willem Jan Withagen from comment #5)

With the patch in this PR I get build failures.

https://packages.smeets.xyz/logs/bulk/111amd64-ports-dev/2020-08-16_20h11m14s/logs/errors/ceph14-14.2.11.log
https://packages.smeets.xyz/logs/bulk/12amd64-ports-dev/2020-08-16_20h12m49s/logs/errors/ceph14-14.2.11.log

JAILNAME     VERSION                      ARCH          METHOD TIMESTAMP           PATH
111amd64     11.4-RELEASE                 amd64         ftp    2020-06-17 16:42:41 /usr/local/poudriere/jails/111amd64
12amd64      12.1-RELEASE-p6              amd64         ftp    2020-06-17 16:49:41 /usr/local/poudriere/jails/12amd64
Comment 8 Willem Jan Withagen 2020-08-16 22:17:05 UTC
(In reply to Florian Smeets from comment #7)

Arrrg, sorry about that

I send the diff the second time against the /usr/ports/ version, instead of what I had in poudriere.
That had the fix for repairing the odd way that the Linux version has incorporated libfmt....

I'll upload a new patch
Comment 9 Willem Jan Withagen 2020-08-16 22:46:10 UTC
Created attachment 217269 [details]
Upgrades diff, this time with extra files
Comment 10 Kubilay Kocak freebsd_committer freebsd_triage 2020-08-17 04:08:07 UTC
^Triage: Leave merge-quarterly flag open (?) until merge
Comment 11 commit-hook freebsd_committer 2020-08-17 20:10:09 UTC
A commit references this bug:

Author: flo
Date: Mon Aug 17 20:10:05 UTC 2020
New revision: 545184
URL: https://svnweb.freebsd.org/changeset/ports/545184

Log:
  Document ceph vulnerability

  PR:		248673
  Submitted by:	Willem Jan Withagen <wjw@digiware.nl>

Changes:
  head/security/vuxml/vuln.xml
Comment 12 commit-hook freebsd_committer 2020-08-17 20:16:11 UTC
A commit references this bug:

Author: flo
Date: Mon Aug 17 20:15:52 UTC 2020
New revision: 545185
URL: https://svnweb.freebsd.org/changeset/ports/545185

Log:
  Update to 14.2.11

  Release info:
  We're happy to announce the availability of the eleventh release in the
  Nautilus series. This release brings a number of bugfixes across all
  major components of Ceph. We recommend that all Nautilus users upgrade
  to this release.

  Notable Changes
  ---------------
  * RGW: The `radosgw-admin` sub-commands dealing with orphans --
    `radosgw-admin orphans find`, `radosgw-admin orphans finish`,
    `radosgw-admin orphans list-jobs` -- have been deprecated. They
    have not been actively maintained and they store intermediate
    results on the cluster, which could fill a nearly-full cluster.
    They have been replaced by a tool, currently considered
    experimental, `rgw-orphan-list`.

  * Now when noscrub and/or nodeep-scrub flags are set globally or per pool,
    scheduled scrubs of the type disabled will be aborted. All user initiated
    scrubs are NOT interrupted.

  * Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode
    the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443

  For the detailed changelog please refer to the blog entry at
  https://ceph.io/releases/v14-2-11-nautilus-released/

  PR:		248673
  Submitted by:	Willem Jan Withagen <wjw@digiware.nl>
  MFH:		2020Q3
  Security:	f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621

Changes:
  head/net/ceph14/Makefile
  head/net/ceph14/distinfo
  head/net/ceph14/files/file-git_version
  head/net/ceph14/files/patch-src_msg_async_frames_v2.cc.diff
  head/net/ceph14/files/patch-src_rgw_rgw_lc.cc.diff
  head/net/ceph14/files/patch-src_rgw_rgw_main.cc.diff
  head/net/ceph14/pkg-plist
Comment 13 commit-hook freebsd_committer 2020-08-17 20:20:13 UTC
A commit references this bug:

Author: flo
Date: Mon Aug 17 20:19:13 UTC 2020
New revision: 545186
URL: https://svnweb.freebsd.org/changeset/ports/545186

Log:
  MFH: r545185

  Update to 14.2.11

  Release info:
  We're happy to announce the availability of the eleventh release in the
  Nautilus series. This release brings a number of bugfixes across all
  major components of Ceph. We recommend that all Nautilus users upgrade
  to this release.

  Notable Changes
  ---------------
  * RGW: The `radosgw-admin` sub-commands dealing with orphans --
    `radosgw-admin orphans find`, `radosgw-admin orphans finish`,
    `radosgw-admin orphans list-jobs` -- have been deprecated. They
    have not been actively maintained and they store intermediate
    results on the cluster, which could fill a nearly-full cluster.
    They have been replaced by a tool, currently considered
    experimental, `rgw-orphan-list`.

  * Now when noscrub and/or nodeep-scrub flags are set globally or per pool,
    scheduled scrubs of the type disabled will be aborted. All user initiated
    scrubs are NOT interrupted.

  * Fixed a ceph-osd crash in _committed_osd_maps when there is a failure to encode
    the first incremental map. issue#46443: https://github.com/ceph/ceph/pull/46443

  For the detailed changelog please refer to the blog entry at
  https://ceph.io/releases/v14-2-11-nautilus-released/

  PR:		248673
  Submitted by:	Willem Jan Withagen <wjw@digiware.nl>
  Security:	f20eb9a4-dfea-11ea-a9b8-9c5c8e84d621
  Approved by:	ports-secteam (joneum)

Changes:
_U  branches/2020Q3/
  branches/2020Q3/net/ceph14/Makefile
  branches/2020Q3/net/ceph14/distinfo
  branches/2020Q3/net/ceph14/files/file-git_version
  branches/2020Q3/net/ceph14/files/patch-src_msg_async_frames_v2.cc.diff
  branches/2020Q3/net/ceph14/files/patch-src_rgw_rgw_lc.cc.diff
  branches/2020Q3/net/ceph14/files/patch-src_rgw_rgw_main.cc.diff
  branches/2020Q3/net/ceph14/pkg-plist