Debian Patches
Status for ceph/16.2.15+ds-0+deb12u2
| Patch | Description | Author | Forwarded | Bugs | Origin | Last update |
|---|---|---|---|---|---|---|
| Check-if-HTTP_X_AMZ_COPY_SOURCE-header-is-empty.patch | Check if `HTTP_X_AMZ_COPY_SOURCE` header is empty The issue was that the `HTTP_X_AMZ_COPY_SOURCE` header could be present but empty (i.e., an empty string rather than NULL). The code only checked if the pointer was not NULL, but didn't verify that the string had content. When an empty string was passed to RGWCopyObj::parse_copy_location(), it would eventually try to access name_str[0] on an empty string, causing a crash. |
Suyash Dongre <suyashd999@gmail.com> | no | debian | https://github.com/ceph/ceph/commit/bef59f17293e6e93af025eba1e00646d0b1a2bf0 | 2025-08-20 |
| client-disallow-unprivileged-users-to-escalate-root-.patch | client: disallow unprivileged users to escalate root privileges An unprivileged user can `chmod 777` a directory owned by root and gain access. Fix this bug and also add a test case for the same. |
Xiubo Li <xiubli@redhat.com> | no | debian | https://github.com/ceph/ceph/commit/b6d85b595ea7c9e0fca10d5e77a48102110fe22c | 2024-04-03 |
| civetweb-755-1.8-somaxconn-configurable_test.patch | Adds max_connections to test display. | Jesse Williamson <jesse.williamson@canonical.com> | yes | upstream | upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0 | |
| debian-armel-armhf-buildflags.patch | no | |||||
| fix-bash-completion-location | no | |||||
| 32bit-fixes.patch | Misc fixes for 32 bit architecture builds. =================================================================== |
James Page <james.page@ubuntu.com> | no | |||
| add-option-to-disable-ceph-dencoder.patch | =================================================================== | no | ||||
| riscv64-link-pthread.patch | Link with -pthread instead of -lpthread to fix FTBFS on riscv64 =================================================================== |
no | 2020-03-01 | |||
| fix-ceph-osd-systemd-target.patch | Fix systemd ceph-osd.target This helps when rebooting. | Thomas Goirand <zigo@debian.org> | no | 2021-01-28 | ||
| fix-CheckCxxAtomic-riscv64.patch | Fix CheckCxxAtomic to detect more accurately Some platforms like riscv64 does not have full support for atomic primitives, yet passes the test. Adding operator++ fixes this issue. |
Eric Long <i@hack3r.moe> | no | 2022-08-30 | ||
| CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch | CVE-2022-3854: rgw: Guard against malformed bucket URLs Misplaced colons can result in radosgw thinking is has a bucket URL but with no bucket name, leading to a crash later on. =================================================================== |
"Adam C. Emerson" <aemerson@redhat.com> | no | debian | upstream, https://github.com/ceph/ceph/pull/47194/commits/9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch | 2022-01-09 |
| CVE-2024-48916.patch | [CVE-2024-48916] rgw/sts: fix to disallow unsupported JWT algorithms while authenticating AssumeRoleWithWebIdentity using JWT obtained from an external IDP. |
Pritha Srivastava <prsrivas@redhat.com> | no | 2024-11-05 | ||
| mgr-alerts-enforce-ssl-context-to-SMTP_SSL.patch | mgr/alerts: enforce ssl context to SMTP_SSL (cherry picked from commit 5f7fc5267e55089eeb1cfc87e9c1215c32439102) |
Nizamudeen A <nia@redhat.com> | no | debian | https://github.com/ceph/ceph/commit/5081933c9a0068fe9deba4fca2d943bda3168518 | 2025-10-30 |
| enable-strsignal.patch | This defines HAVE_REENTRANT_STRSIGNAL as sys_siglist no longer exists with glibc 2.32 and all programs should use strsignal instead. =================================================================== |
no | 2020-09-21 | |||
| update-java-source-target-flags.patch | use --release 7 instead of -source/-target Instead of -source/-target ceph should be build with --release for OpenJDK 9 or later so that the bootclasspath is also set, as per JEP-247, otherwise it risks incurring into binary incompatibility when run with an earlier OpenJDK. OpenJDK 11 minimum compatibility release has been updated to 7. |
Tiago Stürmer Daitx <tiago.daitx@ubuntu.com> | no | 2018-04-24 | ||
| disable-crypto.patch | =================================================================== | no | ||||
| civetweb-755-1.8-somaxconn-configurable_conf.patch | Adds max_connections to reference configuration. | Jesse Williamson <jesse.williamson@canonical.com> | yes | upstream | upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0 | |
| civetweb-755-1.8-somaxconn-configurable.patch | Makes SOMAXCONN user-configurable. | Jesse Williamson <jesse.williamson@canonical.com> | yes | upstream | upstream, https://github.com/civetweb/civetweb/pull/776/commits/febab7dc38c9671577603425c54c20f841e27f97 | |
| compile-ppc.c-on-all-powerpc-machines.patch | arch,cmake: compile ppc.c on all powerpc machines * cmake/modules/SIMDExt.cmake: define HAVE_PPC for 32-bit PowerPC. * src/arch/CMakeLists.txt: compile ppc.c for all PowerPC architectures, including powerpc (32-bit PowerPC), ppc64el (64-bit Little Endian PowerPC) and ppc64 (64-bit Big Endian PowerPC). before this change, ppc.c is only compiled if HAVE_POWER8 is defined. but Power8 is a 64-bit PowerPC architecture. while in src/arch/probe.cc, we check for `defined(__powerpc__) || defined(__ppc__)`, if this is true, ceph_arch_ppc_probe() is used to check for the support of Altivec. but on non-power8 PowerPC machines, the linker fails to find the symbols like ceph_arch_ppc_probe(), as ppc.c is not compiled on them. in this change, ppc.c is compiled on all PowerPC architectures, so that ceph_arch_ppc_probe() is also available on non-power8 machines. this change does not impact the behavior of non-power8 machines. because on them, the runtime check would fail to detect the existence of PPC_FEATURE2_VEC_CRYPTO instructions. |
Kefu Chai <tchaikov@gmail.com> | no | 2021-08-29 | ||
| bug1914584.patch | rgw/radosgw-admin clarify error when email address already in use The error message if you try and create an S3 user with an email address that is already associated with another S3 account is very confusing; this patch makes it much clearer To reproduce: radosgw-admin user create --uid=foo --display-name="Foo test" --email=bar@domain.invalid radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid could not create user: unable to parse parameters, user id mismatch, operation id: foo does not match: test With this patch: radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid could not create user: unable to create user test because user id foo already exists with email bar@domain.invalid (cherry picked from commit 05318d6f71e45a42a46518a0ef17047dfab83990) |
Matthew Vernon <mv3@sanger.ac.uk> | no | 2021-02-04 | ||
| cmake-test-for-16-bytes-atomic-support-on-mips-also.patch | cmake: test for 16-byte atomic support on mips also it's reported that a mips64el build host is able to pass the test of CheckCxxAtomic without linking against libatomic, while librbd.so fails to link due to failures like . /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_store_16' /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_load_16' /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_compare_exchange_16' . so we have to check the existence of __atomic_load_16 instruction on mips architecture. diff --git a/cmake/modules/CheckCxxAtomic.cmake b/cmake/modules/CheckCxxAtomic.cmake index f2d89cf3e0beb..da2be5206d634 100644 |
Kefu Chai <tchaikov@gmail.com> | no | upstream, https://github.com/ceph/ceph/commit/709a77f22010f03aee4a4c0ab930588944cb4a58 | 2021-11-24 | |
| only-yied-under-armv7-and-above.patch | Only yield under ARMv7 and above (#1176) | Rosen Penev <rosenp@gmail.com> | no | upstream, https://github.com/facebook/folly/commit/62d8e6e0b91ebd6f878f3066cd9b6e5f3c18a97b.patch | 2021-11-24 | |
| Fix-build-with-fmt-8-9.patch | Fix build with fmt 8/9 + changes in segment_manager.cc and segment_manager.h are backported from part of the large changes in https://github.com/ceph/ceph/commit/d5b0cd13 + change in node_extent_accessor.h is not forwarded to upstream since it's a workaround. However it doesn't harm since it's just a error message which shouldn't happen anyway. + changes in seastar is backported from https://github.com/scylladb/seastar/commit/dfb62861 + changes in crimson/osd/main.cc is backported from https://github.com/ceph/ceph/commit/58cb9bac |
Shengjing Zhu <zhushengjing@cambricon.com> | no | 2022-07-31 | ||
| client-prohibit-unprivileged-users-from-setting-sgid.patch | client: prohibit unprivileged users from setting sgid/suid bits Prior to fb1b72d, unprivileged users could add mode bits as long as S_ISUID and S_ISGID were not included in the change. After fb1b72d, unprivileged users were allowed to modify S_ISUID and S_ISGID bits only when no other mode bits were changed in the same operation. This inadvertently permitted unprivileged users to set S_ISUID and/or S_ISGID bits when they were the sole bits being modified. This behavior should not be allowed. Unprivileged users should be prohibited from setting S_ISUID and/or S_ISGID bits under any circumstances. This change tightens the permission check to prevent unprivileged users from setting these privileged bits in all cases. |
Kefu Chai <tchaikov@gmail.com> | no | https://github.com/ceph/ceph/commit/7028ed21138522495df1e9f8b01195a3c43d47ff | 2025-07-05 |
All known versions for source package 'ceph'
- 18.2.8+ds-2.1 (sid)
- 18.2.8+ds-2 (forky)
- 18.2.7+ds-1+deb13u1 (trixie-security)
- 18.2.7+ds-1 (trixie)
- 16.2.15+ds-0+deb12u2 (bookworm-security)
- 16.2.15+ds-0+deb12u1 (bookworm)