From 7050cdb205fd1b1b847c148092a8548f00a061c0 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Sun, 7 Apr 2024 20:46:10 +0200 Subject: Adding debian version 16.2.11+ds-2. Signed-off-by: Daniel Baumann --- debian/patches/32bit-fixes.patch | 164 +++++++++++++++++++++ ...eges_to_run_as_ceph_user_rather_than_root.patch | 65 ++++++++ ...022-3650_2_ceph-crash_fix_stderr_handling.patch | 26 ++++ ...1_rgw_Guard_against_malformed_bucket_URLs.patch | 29 ++++ debian/patches/Fix-build-with-fmt-8-9.patch | 134 +++++++++++++++++ .../add-option-to-disable-ceph-dencoder.patch | 12 ++ debian/patches/bug1914584.patch | 49 ++++++ debian/patches/bug1917414.patch | 143 ++++++++++++++++++ .../civetweb-755-1.8-somaxconn-configurable.patch | 53 +++++++ ...etweb-755-1.8-somaxconn-configurable_conf.patch | 18 +++ ...etweb-755-1.8-somaxconn-configurable_test.patch | 17 +++ ...-for-16-bytes-atomic-support-on-mips-also.patch | 29 ++++ .../compile-ppc.c-on-all-powerpc-machines.patch | 92 ++++++++++++ debian/patches/debian-armel-armhf-buildflags.patch | 45 ++++++ debian/patches/disable-crypto.patch | 16 ++ debian/patches/enable-strsignal.patch | 18 +++ debian/patches/fix-CheckCxxAtomic-riscv64.patch | 16 ++ debian/patches/fix-bash-completion-location | 9 ++ debian/patches/fix-ceph-osd-systemd-target.patch | 17 +++ .../patches/only-yied-under-armv7-and-above.patch | 17 +++ debian/patches/riscv64-link-pthread.patch | 16 ++ debian/patches/series | 25 ++++ .../patches/update-java-source-target-flags.patch | 23 +++ 23 files changed, 1033 insertions(+) create mode 100644 debian/patches/32bit-fixes.patch create mode 100644 debian/patches/CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch create mode 100644 debian/patches/CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch create mode 100644 debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch create mode 100644 debian/patches/Fix-build-with-fmt-8-9.patch create mode 100644 debian/patches/add-option-to-disable-ceph-dencoder.patch create mode 100644 debian/patches/bug1914584.patch create mode 100644 debian/patches/bug1917414.patch create mode 100644 debian/patches/civetweb-755-1.8-somaxconn-configurable.patch create mode 100644 debian/patches/civetweb-755-1.8-somaxconn-configurable_conf.patch create mode 100644 debian/patches/civetweb-755-1.8-somaxconn-configurable_test.patch create mode 100644 debian/patches/cmake-test-for-16-bytes-atomic-support-on-mips-also.patch create mode 100644 debian/patches/compile-ppc.c-on-all-powerpc-machines.patch create mode 100644 debian/patches/debian-armel-armhf-buildflags.patch create mode 100644 debian/patches/disable-crypto.patch create mode 100644 debian/patches/enable-strsignal.patch create mode 100644 debian/patches/fix-CheckCxxAtomic-riscv64.patch create mode 100644 debian/patches/fix-bash-completion-location create mode 100644 debian/patches/fix-ceph-osd-systemd-target.patch create mode 100644 debian/patches/only-yied-under-armv7-and-above.patch create mode 100644 debian/patches/riscv64-link-pthread.patch create mode 100644 debian/patches/series create mode 100644 debian/patches/update-java-source-target-flags.patch (limited to 'debian/patches') diff --git a/debian/patches/32bit-fixes.patch b/debian/patches/32bit-fixes.patch new file mode 100644 index 000000000..1d2fcb660 --- /dev/null +++ b/debian/patches/32bit-fixes.patch @@ -0,0 +1,164 @@ +Description: Misc fixes for 32 bit architecture builds. +Author: James Page +Forwarded: no + +Index: ceph/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.cc +=================================================================== +--- ceph.orig/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.cc ++++ ceph/src/tools/rbd_mirror/image_replayer/snapshot/Replayer.cc +@@ -253,7 +253,8 @@ bool Replayer::get_replay_status(std: + + json_spirit::mObject root_obj; + root_obj["replay_state"] = replay_state; +- root_obj["remote_snapshot_timestamp"] = remote_snap_info->timestamp.sec(); ++ root_obj["remote_snapshot_timestamp"] = static_cast( ++ remote_snap_info->timestamp.sec()); + + auto matching_remote_snap_id = util::compute_remote_snap_id( + m_state_builder->local_image_ctx->image_lock, +@@ -267,8 +268,8 @@ bool Replayer::get_replay_status(std: + // use the timestamp from the matching remote image since + // the local snapshot would just be the time the snapshot was + // synced and not the consistency point in time. +- root_obj["local_snapshot_timestamp"] = +- matching_remote_snap_it->second.timestamp.sec(); ++ root_obj["local_snapshot_timestamp"] = static_cast( ++ matching_remote_snap_it->second.timestamp.sec()); + } + + matching_remote_snap_it = m_state_builder->remote_image_ctx->snap_info.find( +@@ -276,7 +277,8 @@ bool Replayer::get_replay_status(std: + if (m_remote_snap_id_end != CEPH_NOSNAP && + matching_remote_snap_it != + m_state_builder->remote_image_ctx->snap_info.end()) { +- root_obj["syncing_snapshot_timestamp"] = remote_snap_info->timestamp.sec(); ++ root_obj["syncing_snapshot_timestamp"] = static_cast( ++ remote_snap_info->timestamp.sec()); + root_obj["syncing_percent"] = static_cast( + 100 * m_local_mirror_snap_ns.last_copied_object_number / + static_cast(std::max(1U, m_local_object_count))); +Index: ceph/src/common/buffer.cc +=================================================================== +--- ceph.orig/src/common/buffer.cc ++++ ceph/src/common/buffer.cc +@@ -2272,7 +2272,7 @@ MEMPOOL_DEFINE_OBJECT_FACTORY(buffer::ra + + void ceph::buffer::list::page_aligned_appender::_refill(size_t len) { + const size_t alloc = \ +- std::max((size_t)min_alloc, (len + CEPH_PAGE_SIZE - 1) & CEPH_PAGE_MASK); ++ std::max((size_t)min_alloc, (size_t)((len + CEPH_PAGE_SIZE - 1) & CEPH_PAGE_MASK)); + auto new_back = \ + ptr_node::create(buffer::create_page_aligned(alloc)); + new_back->set_length(0); // unused, so far. +Index: ceph/src/s3select/include/s3select_functions.h +=================================================================== +--- ceph.orig/src/s3select/include/s3select_functions.h ++++ ceph/src/s3select/include/s3select_functions.h +@@ -585,7 +585,7 @@ struct _fn_diff_timestamp : public base_ + { + boost::gregorian::date_period dp = + boost::gregorian::date_period( val_dt1.timestamp()->date(), val_dt2.timestamp()->date()); +- result->set_value( dp.length().days() ); ++ result->set_value( (int64_t)dp.length().days() ); + } + else if (strcmp(val_date_part.str(), "hours") == 0) + { +Index: ceph/src/os/bluestore/BlueFS.cc +=================================================================== +--- ceph.orig/src/os/bluestore/BlueFS.cc ++++ ceph/src/os/bluestore/BlueFS.cc +@@ -3831,11 +3831,11 @@ int BlueFS::do_replay_recovery_read(File + + size_t BlueFS::probe_alloc_avail(int dev, uint64_t alloc_size) + { +- size_t total = 0; +- auto iterated_allocation = [&](size_t off, size_t len) { ++ uint64_t total = 0; ++ auto iterated_allocation = [&](uint64_t off, uint64_t len) { + //only count in size that is alloc_size aligned +- size_t dist_to_alignment; +- size_t offset_in_block = off & (alloc_size - 1); ++ uint64_t dist_to_alignment; ++ uint64_t offset_in_block = off & (alloc_size - 1); + if (offset_in_block == 0) + dist_to_alignment = 0; + else +Index: ceph/src/tools/neorados.cc +=================================================================== +--- ceph.orig/src/tools/neorados.cc ++++ ceph/src/tools/neorados.cc +@@ -146,7 +146,7 @@ void create(R::RADOS& r, const std::vect + obj, pname)); + } + +-inline constexpr std::size_t io_size = 4 << 20; ++inline constexpr std::uint64_t io_size = 4 << 20; + + void write(R::RADOS& r, const std::vector& p, s::yield_context y) + { +@@ -156,7 +156,7 @@ void write(R::RADOS& r, const std::vecto + + bs::error_code ec; + std::unique_ptr buf = std::make_unique(io_size); +- std::size_t off = 0; ++ std::uint64_t off = 0; + boost::io::ios_exception_saver ies(std::cin); + + std::cin.exceptions(std::istream::badbit); +@@ -203,7 +203,7 @@ void read(R::RADOS& r, const std::vector + obj, pname)); + } + +- std::size_t off = 0; ++ std::uint64_t off = 0; + ceph::buffer::list bl; + while (auto toread = std::max(len - off, io_size)) { + R::ReadOp op; +Index: ceph/src/tools/cephfs_mirror/FSMirror.cc +=================================================================== +--- ceph.orig/src/tools/cephfs_mirror/FSMirror.cc ++++ ceph/src/tools/cephfs_mirror/FSMirror.cc +@@ -345,7 +345,7 @@ void FSMirror::handle_acquire_directory( + std::scoped_lock locker(m_lock); + m_directories.emplace(dir_path); + m_service_daemon->add_or_update_fs_attribute(m_filesystem.fscid, SERVICE_DAEMON_DIR_COUNT_KEY, +- m_directories.size()); ++ static_cast(m_directories.size())); + + for (auto &[peer, peer_replayer] : m_peer_replayers) { + dout(10) << ": peer=" << peer << dendl; +@@ -363,7 +363,7 @@ void FSMirror::handle_release_directory( + if (it != m_directories.end()) { + m_directories.erase(it); + m_service_daemon->add_or_update_fs_attribute(m_filesystem.fscid, SERVICE_DAEMON_DIR_COUNT_KEY, +- m_directories.size()); ++ static_cast(m_directories.size())); + for (auto &[peer, peer_replayer] : m_peer_replayers) { + dout(10) << ": peer=" << peer << dendl; + peer_replayer->remove_directory(dir_path); +Index: ceph/src/librbd/object_map/DiffRequest.cc +=================================================================== +--- ceph.orig/src/librbd/object_map/DiffRequest.cc ++++ ceph/src/librbd/object_map/DiffRequest.cc +@@ -175,7 +175,7 @@ void DiffRequest::handle_load_object_ + m_object_map.resize(num_objs); + } + +- size_t prev_object_diff_state_size = m_object_diff_state->size(); ++ uint64_t prev_object_diff_state_size = m_object_diff_state->size(); + if (prev_object_diff_state_size < num_objs) { + // the diff state should be the largest of all snapshots in the set + m_object_diff_state->resize(num_objs); +Index: ceph/src/SimpleRADOSStriper.cc +=================================================================== +--- ceph.orig/src/SimpleRADOSStriper.cc ++++ ceph/src/SimpleRADOSStriper.cc +@@ -140,7 +140,7 @@ int SimpleRADOSStriper::remove() + return 0; + } + +-int SimpleRADOSStriper::truncate(uint64_t size) ++int SimpleRADOSStriper::truncate(size_t size) + { + d(5) << size << dendl; + diff --git a/debian/patches/CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch b/debian/patches/CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch new file mode 100644 index 000000000..43f5e72df --- /dev/null +++ b/debian/patches/CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch @@ -0,0 +1,65 @@ +Description: CVE-2022-3650: ceph-crash: drop privleges to run as "ceph" user, rather than root + If privileges cannot be dropped, log an error and exit. This commit + also catches and logs exceptions when scraping the crash path, without + which ceph-crash would just exit if it encountered an error. +Author: Tim Serong +Date: Wed, 2 Nov 2022 14:27:47 +1100 +Bug: https://tracker.ceph.com/issues/57967 +Signed-off-by: Tim Serong +Origin: upstream, https://github.com/ceph/ceph/commit/130c9626598bc3a75942161e6cce7c664c447382 +Bug-Debian: https://bugs.debian.org/1024932 +Last-Update: 2022-11-28 + +Index: ceph/src/ceph-crash.in +=================================================================== +--- ceph.orig/src/ceph-crash.in ++++ ceph/src/ceph-crash.in +@@ -3,8 +3,10 @@ + # vim: ts=4 sw=4 smarttab expandtab + + import argparse ++import grp + import logging + import os ++import pwd + import signal + import socket + import subprocess +@@ -83,8 +85,25 @@ def handler(signum): + print('*** Interrupted with signal %d ***' % signum) + sys.exit(0) + ++def drop_privs(): ++ if os.getuid() == 0: ++ try: ++ ceph_uid = pwd.getpwnam("ceph").pw_uid ++ ceph_gid = grp.getgrnam("ceph").gr_gid ++ os.setgroups([]) ++ os.setgid(ceph_gid) ++ os.setuid(ceph_uid) ++ except Exception as e: ++ log.error(f"Unable to drop privileges: {e}") ++ sys.exit(1) ++ ++ + def main(): + global auth_names ++ ++ # run as unprivileged ceph user ++ drop_privs() ++ + # exit code 0 on SIGINT, SIGTERM + signal.signal(signal.SIGINT, handler) + signal.signal(signal.SIGTERM, handler) +@@ -103,7 +122,10 @@ def main(): + + log.info("monitoring path %s, delay %ds" % (args.path, args.delay * 60.0)) + while True: +- scrape_path(args.path) ++ try: ++ scrape_path(args.path) ++ except Exception as e: ++ log.error(f"Error scraping {args.path}: {e}") + if args.delay == 0: + sys.exit(0) + time.sleep(args.delay * 60) diff --git a/debian/patches/CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch b/debian/patches/CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch new file mode 100644 index 000000000..b49030904 --- /dev/null +++ b/debian/patches/CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch @@ -0,0 +1,26 @@ +Description: CVE-2022-3650: ceph-crash: fix stderr handling + Popen.communicate() returns a tuple (stdout, stderr), and stderr + will be of type bytes, hence the need to decode it before checking + if it's an empty string or not. +Author: Tim Serong +Date: Wed, 2 Nov 2022 14:23:20 +1100 +Bug: a77b47eeeb5770eeefcf4619ab2105ee7a6a003e +Signed-off-by: Tim Serong +Bug-Debian: https://bugs.debian.org/1024932 +Origin: upstream, https://github.com/ceph/ceph/commit/45915540559126a652f8d9d105723584cfc63439 +Last-Update: 2022-11-28 + +diff --git a/src/ceph-crash.in b/src/ceph-crash.in +index 0fffd59a96df5..e2a7be59da701 100755 +--- a/src/ceph-crash.in ++++ b/src/ceph-crash.in +@@ -50,7 +50,8 @@ def post_crash(path): + stderr=subprocess.PIPE, + ) + f = open(os.path.join(path, 'meta'), 'rb') +- stderr = pr.communicate(input=f.read()) ++ (_, stderr) = pr.communicate(input=f.read()) ++ stderr = stderr.decode() + rc = pr.wait() + f.close() + if rc != 0 or stderr != "": diff --git a/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch b/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch new file mode 100644 index 000000000..f06997a85 --- /dev/null +++ b/debian/patches/CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch @@ -0,0 +1,29 @@ +Description: CVE-2022-3854: rgw: Guard against malformed bucket URLs + Misplaced colons can result in radosgw thinking is has a bucket URL + but with no bucket name, leading to a crash later on. +Author: "Adam C. Emerson" +Date: Fri, 8 Jul 2022 14:58:16 -0400 +Fixes: https://tracker.ceph.com/issues/55765 +Signed-off-by: Adam C. Emerson +Fixes: https://tracker.ceph.com/issues/56586 +Signed-off-by: Adam C. Emerson +Origin: upstream, https://github.com/ceph/ceph/pull/47194/commits/9746e8011ff1de6de7dba9c0041e28a16c8f6828.patch +Bug-Debian: https://bugs.debian.org/1027151 +Last-Update: 2022-01-09 + +Index: ceph/src/rgw/rgw_common.cc +=================================================================== +--- ceph.orig/src/rgw/rgw_common.cc ++++ ceph/src/rgw/rgw_common.cc +@@ -1265,6 +1265,11 @@ bool verify_bucket_permission_no_policy( + + bool verify_bucket_permission_no_policy(const DoutPrefixProvider* dpp, struct req_state * const s, const int perm) + { ++ if (rgw::sal::RGWBucket::empty(s->bucket)) { ++ // request is missing a bucket name ++ return false; ++ } ++ + perm_state_from_req_state ps(s); + + if (!verify_requester_payer_permission(&ps)) diff --git a/debian/patches/Fix-build-with-fmt-8-9.patch b/debian/patches/Fix-build-with-fmt-8-9.patch new file mode 100644 index 000000000..1cb0d2f2c --- /dev/null +++ b/debian/patches/Fix-build-with-fmt-8-9.patch @@ -0,0 +1,134 @@ +From: Shengjing Zhu +Date: Sun, 31 Jul 2022 15:27:17 +0800 +Subject: Fix build with fmt 8/9 + ++ changes in segment_manager.cc and segment_manager.h are backported from + part of the large changes in https://github.com/ceph/ceph/commit/d5b0cd13 ++ change in node_extent_accessor.h is not forwarded to upstream since it's + a workaround. However it doesn't harm since it's just a error message + which shouldn't happen anyway. ++ changes in seastar is backported from + https://github.com/scylladb/seastar/commit/dfb62861 ++ changes in crimson/osd/main.cc is backported from + https://github.com/ceph/ceph/commit/58cb9bac +--- + src/crimson/os/seastore/CMakeLists.txt | 1 + + .../staged-fltree/node_extent_accessor.h | 2 +- + src/crimson/os/seastore/segment_manager.cc | 19 +++++++++++++++++++ + src/crimson/os/seastore/segment_manager.h | 3 +++ + src/crimson/osd/main.cc | 6 +++--- + src/seastar/include/seastar/core/print.hh | 4 ++++ + 6 files changed, 31 insertions(+), 4 deletions(-) + create mode 100644 src/crimson/os/seastore/segment_manager.cc + +diff --git a/src/crimson/os/seastore/CMakeLists.txt b/src/crimson/os/seastore/CMakeLists.txt +index 77f8465..c6d4e93 100644 +--- a/src/crimson/os/seastore/CMakeLists.txt ++++ b/src/crimson/os/seastore/CMakeLists.txt +@@ -1,6 +1,7 @@ + add_library(crimson-seastore STATIC + cached_extent.cc + seastore_types.cc ++ segment_manager.cc + segment_manager/ephemeral.cc + segment_manager/block.cc + transaction_manager.cc +diff --git a/src/crimson/os/seastore/onode_manager/staged-fltree/node_extent_accessor.h b/src/crimson/os/seastore/onode_manager/staged-fltree/node_extent_accessor.h +index 94782f5..3c45861 100644 +--- a/src/crimson/os/seastore/onode_manager/staged-fltree/node_extent_accessor.h ++++ b/src/crimson/os/seastore/onode_manager/staged-fltree/node_extent_accessor.h +@@ -169,7 +169,7 @@ class DeltaRecorderT final: public DeltaRecorder { + } + default: + logger().error("OTree::Extent::Replay: got unknown op {} when replay {:#x}", +- op, node.get_laddr()); ++ static_cast(op), node.get_laddr()); + ceph_abort(); + } + } catch (buffer::error& e) { +diff --git a/src/crimson/os/seastore/segment_manager.cc b/src/crimson/os/seastore/segment_manager.cc +new file mode 100644 +index 0000000..d4a7132 +--- /dev/null ++++ b/src/crimson/os/seastore/segment_manager.cc +@@ -0,0 +1,19 @@ ++#include "crimson/os/seastore/segment_manager.h" ++ ++namespace crimson::os::seastore { ++ ++ std::ostream& operator<<(std::ostream &out, Segment::segment_state_t s) ++ { ++ using state_t = Segment::segment_state_t; ++ switch (s) { ++ case state_t::EMPTY: ++ return out << "EMPTY"; ++ case state_t::OPEN: ++ return out << "OPEN"; ++ case state_t::CLOSED: ++ return out << "CLOSED"; ++ default: ++ return out << "INVALID_SEGMENT_STATE!"; ++ } ++ } ++} +diff --git a/src/crimson/os/seastore/segment_manager.h b/src/crimson/os/seastore/segment_manager.h +index 61c6509..30bdbc4 100644 +--- a/src/crimson/os/seastore/segment_manager.h ++++ b/src/crimson/os/seastore/segment_manager.h +@@ -73,6 +73,9 @@ public: + + virtual ~Segment() {} + }; ++ ++std::ostream& operator<<(std::ostream& out, Segment::segment_state_t); ++ + using SegmentRef = boost::intrusive_ptr; + + constexpr size_t PADDR_SIZE = sizeof(paddr_t); +diff --git a/src/crimson/osd/main.cc b/src/crimson/osd/main.cc +index a90903e..0db6496 100644 +--- a/src/crimson/osd/main.cc ++++ b/src/crimson/osd/main.cc +@@ -88,7 +88,7 @@ seastar::future<> make_keyring() + if (exists && + keyring.load(nullptr, path) == 0 && + keyring.get_auth(name, auth)) { +- seastar::fprint(std::cerr, "already have key in keyring: %s\n", path); ++ fmt::print(std::cerr, "already have key in keyring: %s\n", path); + return seastar::now(); + } else { + auth.key.create(std::make_unique().get(), CEPH_CRYPTO_AES); +@@ -100,7 +100,7 @@ seastar::future<> make_keyring() + return crimson::write_file(std::move(bl), path, permissions); + } + }).handle_exception_type([path](const std::filesystem::filesystem_error& e) { +- seastar::fprint(std::cerr, "FATAL: writing new keyring to %s: %s\n", path, e.what()); ++ fmt::print(std::cerr, "FATAL: writing new keyring to %s: %s\n", path, e.what()); + throw e; + }); + } +@@ -216,7 +216,7 @@ int main(int argc, char* argv[]) + }); + }); + } catch (...) { +- seastar::fprint(std::cerr, "FATAL: Exception during startup, aborting: %s\n", std::current_exception()); ++ fmt::print(std::cerr, "FATAL: Exception during startup, aborting: %s\n", std::current_exception()); + return EXIT_FAILURE; + } + } +diff --git a/src/seastar/include/seastar/core/print.hh b/src/seastar/include/seastar/core/print.hh +index 72e3934..c1868e8 100644 +--- a/src/seastar/include/seastar/core/print.hh ++++ b/src/seastar/include/seastar/core/print.hh +@@ -133,7 +133,11 @@ template + sstring + format(const char* fmt, A&&... a) { + fmt::memory_buffer out; ++#if FMT_VERSION >= 80000 ++ fmt::format_to(fmt::appender(out), fmt::runtime(fmt), std::forward(a)...); ++#else + fmt::format_to(out, fmt, std::forward(a)...); ++#endif + return sstring{out.data(), out.size()}; + } + diff --git a/debian/patches/add-option-to-disable-ceph-dencoder.patch b/debian/patches/add-option-to-disable-ceph-dencoder.patch new file mode 100644 index 000000000..ef813e505 --- /dev/null +++ b/debian/patches/add-option-to-disable-ceph-dencoder.patch @@ -0,0 +1,12 @@ +Index: ceph/src/tools/CMakeLists.txt +=================================================================== +--- ceph.orig/src/tools/CMakeLists.txt ++++ ceph/src/tools/CMakeLists.txt +@@ -151,5 +151,7 @@ if(WITH_SEASTAR) + endif() + + add_subdirectory(immutable_object_cache) ++if(NOT DISABLE_DENCODER) + add_subdirectory(ceph-dencoder) ++endif(DISABLE_DENCODER) + add_subdirectory(erasure-code) diff --git a/debian/patches/bug1914584.patch b/debian/patches/bug1914584.patch new file mode 100644 index 000000000..763a948f9 --- /dev/null +++ b/debian/patches/bug1914584.patch @@ -0,0 +1,49 @@ +From a8c1aec073fc8364818027a26fa1ddb5d34c58af Mon Sep 17 00:00:00 2001 +From: Matthew Vernon +Date: Thu, 4 Feb 2021 11:41:14 +0000 +Subject: [PATCH] rgw/radosgw-admin clarify error when email address already in + use + +The error message if you try and create an S3 user with an email +address that is already associated with another S3 account is very +confusing; this patch makes it much clearer + +To reproduce: + +radosgw-admin user create --uid=foo --display-name="Foo test" --email=bar@domain.invalid +radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid +could not create user: unable to parse parameters, user id mismatch, operation id: foo does not match: test + +With this patch: + +radosgw-admin user create --uid=test --display-name="AN test" --email=bar@domain.invalid +could not create user: unable to create user test because user id foo already exists with email bar@domain.invalid + +Fixes: https://tracker.ceph.com/issues/49137 +Fixes: https://tracker.ceph.com/issues/19411 +Signed-off-by: Matthew Vernon +(cherry picked from commit 05318d6f71e45a42a46518a0ef17047dfab83990) +--- + src/rgw/rgw_user.cc | 9 ++++++++- + 1 file changed, 8 insertions(+), 1 deletion(-) + +Index: ceph/src/rgw/rgw_user.cc +=================================================================== +--- ceph.orig/src/rgw/rgw_user.cc ++++ ceph/src/rgw/rgw_user.cc +@@ -1970,7 +1970,14 @@ int RGWUser::remove(const DoutPrefixProv + + ret = check_op(op_state, &subprocess_msg); + if (ret < 0) { +- set_err_msg(err_msg, "unable to parse parameters, " + subprocess_msg); ++ if (is_populated() && (user_id.compare(op_state.get_user_id()) != 0)) { ++ set_err_msg(err_msg, "unable to create user " + user_id.to_str() ++ + " because user id " + op_state.get_user_id().to_str() ++ + " already exists with email " ++ + op_state.get_user_email()); ++ } else { ++ set_err_msg(err_msg, "unable to parse parameters, " + subprocess_msg); ++ } + return ret; + } + diff --git a/debian/patches/bug1917414.patch b/debian/patches/bug1917414.patch new file mode 100644 index 000000000..aca739fb9 --- /dev/null +++ b/debian/patches/bug1917414.patch @@ -0,0 +1,143 @@ +From db463aa139aa0f3eb996062bd7c65f0d10a7932b Mon Sep 17 00:00:00 2001 +From: luo rixin +Date: Fri, 8 Jan 2021 16:16:02 +0800 +Subject: [PATCH] src/isa-l/erasure_code: Fix text relocation on aarch64 + +Here is the bug report on ceph. https://tracker.ceph.com/issues/48681 + +Signed-off-by: luo rixin +--- + src/isa-l/erasure_code/aarch64/gf_2vect_mad_neon.S | 5 +++-- + src/isa-l/erasure_code/aarch64/gf_3vect_mad_neon.S | 5 +++-- + src/isa-l/erasure_code/aarch64/gf_4vect_mad_neon.S | 5 +++-- + src/isa-l/erasure_code/aarch64/gf_5vect_mad_neon.S | 5 +++-- + src/isa-l/erasure_code/aarch64/gf_6vect_mad_neon.S | 5 +++-- + src/isa-l/erasure_code/aarch64/gf_vect_mad_neon.S | 5 +++-- + 6 files changed, 18 insertions(+), 12 deletions(-) + +--- a/src/isa-l/erasure_code/aarch64/gf_2vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_2vect_mad_neon.S +@@ -360,7 +360,8 @@ gf_2vect_mad_neon: + sub x_dest1, x_dest1, x_tmp + sub x_dest2, x_dest2, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -394,7 +395,7 @@ gf_2vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 +--- a/src/isa-l/erasure_code/aarch64/gf_3vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_3vect_mad_neon.S +@@ -332,7 +332,8 @@ gf_3vect_mad_neon: + sub x_dest2, x_dest2, x_tmp + sub x_dest3, x_dest3, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -374,7 +375,7 @@ gf_3vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 +--- a/src/isa-l/erasure_code/aarch64/gf_4vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_4vect_mad_neon.S +@@ -397,7 +397,8 @@ gf_4vect_mad_neon: + sub x_dest3, x_dest3, x_tmp + sub x_dest4, x_dest4, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -448,7 +449,7 @@ gf_4vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 +--- a/src/isa-l/erasure_code/aarch64/gf_5vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_5vect_mad_neon.S +@@ -463,7 +463,8 @@ gf_5vect_mad_neon: + sub x_dest4, x_dest4, x_tmp + sub x_dest5, x_dest5, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -527,7 +528,7 @@ gf_5vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 +--- a/src/isa-l/erasure_code/aarch64/gf_6vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_6vect_mad_neon.S +@@ -526,7 +526,8 @@ gf_6vect_mad_neon: + sub x_dest5, x_dest5, x_tmp + sub x_dest6, x_dest6, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -602,7 +603,7 @@ gf_6vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 +--- a/src/isa-l/erasure_code/aarch64/gf_vect_mad_neon.S ++++ b/src/isa-l/erasure_code/aarch64/gf_vect_mad_neon.S +@@ -281,7 +281,8 @@ gf_vect_mad_neon: + mov x_src, x_src_end + sub x_dest1, x_dest1, x_tmp + +- ldr x_const, =const_tbl ++ adrp x_const, const_tbl ++ add x_const, x_const, :lo12:const_tbl + sub x_const, x_const, x_tmp + ldr q_tmp, [x_const, #16] + +@@ -307,7 +308,7 @@ gf_vect_mad_neon: + mov w_ret, #1 + ret + +-.section .data ++.section .rodata + .balign 8 + const_tbl: + .dword 0x0000000000000000, 0x0000000000000000 diff --git a/debian/patches/civetweb-755-1.8-somaxconn-configurable.patch b/debian/patches/civetweb-755-1.8-somaxconn-configurable.patch new file mode 100644 index 000000000..8313b3ece --- /dev/null +++ b/debian/patches/civetweb-755-1.8-somaxconn-configurable.patch @@ -0,0 +1,53 @@ +Description: Makes SOMAXCONN user-configurable. +Author: Jesse Williamson +Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/febab7dc38c9671577603425c54c20f841e27f97 +Bug: https://github.com/civetweb/civetweb/issues/775 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/civetweb/src/civetweb.c ++++ b/src/civetweb/src/civetweb.c +@@ -1541,10 +1541,6 @@ typedef int socklen_t; + #define MSG_NOSIGNAL (0) + #endif + +-#if !defined(SOMAXCONN) +-#define SOMAXCONN (100) +-#endif +- + /* Size of the accepted socket queue */ + #if !defined(MGSQLEN) + #define MGSQLEN (20) +@@ -2063,6 +2059,7 @@ enum { + SSL_CERTIFICATE, + SSL_CERTIFICATE_CHAIN, + NUM_THREADS, ++ SO_MAX_CONNECTIONS, + RUN_AS_USER, + URL_REWRITE_PATTERN, + HIDE_FILES, +@@ -2165,6 +2162,7 @@ static struct mg_option config_options[] + {"ssl_certificate", CONFIG_TYPE_FILE, NULL}, + {"ssl_certificate_chain", CONFIG_TYPE_FILE, NULL}, + {"num_threads", CONFIG_TYPE_NUMBER, "50"}, ++ {"max_connections", CONFIG_TYPE_NUMBER, "100"}, + {"run_as_user", CONFIG_TYPE_STRING, NULL}, + {"url_rewrite_patterns", CONFIG_TYPE_STRING_LIST, NULL}, + {"hide_files_patterns", CONFIG_TYPE_EXT_PATTERN, NULL}, +@@ -13340,7 +13338,15 @@ set_ports_option(struct mg_context *ctx) + continue; + } + +- if (listen(so.sock, SOMAXCONN) != 0) { ++ char *p = ctx->config[SO_MAX_CONNECTIONS]; ++ long opt_max_connections = strtol(p, NULL, 10); ++ if(opt_max_connections > INT_MAX || opt_max_connections < 1) { ++ mg_cry(fc(ctx), ++ "max_connections value \"%s\" is invalid", p); ++ continue; ++ } ++ ++ if (listen(so.sock, (int)opt_max_connections) != 0) { + + mg_cry(fc(ctx), + "cannot listen to %.*s: %d (%s)", diff --git a/debian/patches/civetweb-755-1.8-somaxconn-configurable_conf.patch b/debian/patches/civetweb-755-1.8-somaxconn-configurable_conf.patch new file mode 100644 index 000000000..e8e3b0b0f --- /dev/null +++ b/debian/patches/civetweb-755-1.8-somaxconn-configurable_conf.patch @@ -0,0 +1,18 @@ +Description: Adds max_connections to reference configuration. +Author: Jesse Williamson +Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0 +Bug: https://github.com/civetweb/civetweb/issues/775 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/civetweb/resources/civetweb.conf ++++ b/src/civetweb/resources/civetweb.conf +@@ -8,6 +8,8 @@ + document_root . + listening_ports 8080 + ++#so_max_connections 100 ++ + # cgi_pattern **.cgi$|**.pl$|**.php$ + # cgi_environment + # put_delete_auth_file diff --git a/debian/patches/civetweb-755-1.8-somaxconn-configurable_test.patch b/debian/patches/civetweb-755-1.8-somaxconn-configurable_test.patch new file mode 100644 index 000000000..cdd27b5ab --- /dev/null +++ b/debian/patches/civetweb-755-1.8-somaxconn-configurable_test.patch @@ -0,0 +1,17 @@ +Description: Adds max_connections to test display. +Author: Jesse Williamson +Origin: upstream, https://github.com/civetweb/civetweb/pull/776/commits/3b8eb36676f70d06f8918ccf62029207c49cdda0 +Bug: https://github.com/civetweb/civetweb/issues/775 +Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/ceph/+bug/1838109 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/src/civetweb/test/page3.ssjs ++++ b/src/civetweb/test/page3.ssjs +@@ -21,6 +21,7 @@ opts = [ + "document_root", + "ssl_certificate", + "num_threads", ++"max_connections", + "run_as_user", + "url_rewrite_patterns", + "hide_files_patterns", diff --git a/debian/patches/cmake-test-for-16-bytes-atomic-support-on-mips-also.patch b/debian/patches/cmake-test-for-16-bytes-atomic-support-on-mips-also.patch new file mode 100644 index 000000000..c9712311a --- /dev/null +++ b/debian/patches/cmake-test-for-16-bytes-atomic-support-on-mips-also.patch @@ -0,0 +1,29 @@ +Description: cmake: test for 16-byte atomic support on mips also + it's reported that a mips64el build host is able to pass the test of + CheckCxxAtomic without linking against libatomic, while librbd.so + fails to link due to failures like + . + /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_store_16' + /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_load_16' + /usr/bin/ld: ../../../lib/librbd.so.1.16.0: undefined reference to `__atomic_compare_exchange_16' + . + so we have to check the existence of __atomic_load_16 instruction on + mips architecture. +Author: Kefu Chai +Date: Wed, 24 Nov 2021 00:40:54 +0800 +Origin: upstream, https://github.com/ceph/ceph/commit/709a77f22010f03aee4a4c0ab930588944cb4a58 +Last-Update: 2021-11-24 + +diff --git a/cmake/modules/CheckCxxAtomic.cmake b/cmake/modules/CheckCxxAtomic.cmake +index f2d89cf3e0beb..da2be5206d634 100644 +--- a/cmake/modules/CheckCxxAtomic.cmake ++++ b/cmake/modules/CheckCxxAtomic.cmake +@@ -11,7 +11,7 @@ function(check_cxx_atomics var) + #include + #include + +-#if __s390x__ ++#if defined(__s390x__) || (defined(__mips__) && _MIPS_SIM ==_ABI64 ) + // Boost needs 16-byte atomics for tagged pointers. + // These are implemented via inline instructions on the platform + // if 16-byte alignment can be proven, and are delegated to libatomic diff --git a/debian/patches/compile-ppc.c-on-all-powerpc-machines.patch b/debian/patches/compile-ppc.c-on-all-powerpc-machines.patch new file mode 100644 index 000000000..888d58919 --- /dev/null +++ b/debian/patches/compile-ppc.c-on-all-powerpc-machines.patch @@ -0,0 +1,92 @@ +From 1b9ad6ca971d2c6222f1fb405ae620a32159cd5d Mon Sep 17 00:00:00 2001 +From: Kefu Chai +Date: Sun, 29 Aug 2021 22:24:30 +0800 +Subject: [PATCH] arch,cmake: compile ppc.c on all powerpc machines + +* cmake/modules/SIMDExt.cmake: define HAVE_PPC for 32-bit PowerPC. +* src/arch/CMakeLists.txt: compile ppc.c for all PowerPC architectures, + including powerpc (32-bit PowerPC), ppc64el (64-bit Little Endian + PowerPC) and ppc64 (64-bit Big Endian PowerPC). + +before this change, ppc.c is only compiled if HAVE_POWER8 is defined. +but Power8 is a 64-bit PowerPC architecture. while in src/arch/probe.cc, +we check for `defined(__powerpc__) || defined(__ppc__)`, if this is +true, ceph_arch_ppc_probe() is used to check for the support of +Altivec. but on non-power8 PowerPC machines, the linker fails to find the +symbols like ceph_arch_ppc_probe(), as ppc.c is not compiled on them. + +in this change, ppc.c is compiled on all PowerPC architectures, so that +ceph_arch_ppc_probe() is also available on non-power8 machines. this +change does not impact the behavior of non-power8 machines. because +on them, the runtime check would fail to detect the existence of +PPC_FEATURE2_VEC_CRYPTO instructions. + +Reported-by: Mattias Ellert +Signed-off-by: Kefu Chai +--- + cmake/modules/SIMDExt.cmake | 17 ++++++++++++++--- + src/arch/CMakeLists.txt | 2 +- + 2 files changed, 15 insertions(+), 4 deletions(-) + +Index: ceph/cmake/modules/SIMDExt.cmake +=================================================================== +--- ceph.orig/cmake/modules/SIMDExt.cmake ++++ ceph/cmake/modules/SIMDExt.cmake +@@ -1,8 +1,13 @@ + # detect SIMD extensions + # ++# HAVE_ARM + # HAVE_ARMV8_CRC ++# HAVE_ARMV8_CRC_CRYPTO_INTRINSICS ++# HAVE_ARMV8_CRYPTO + # HAVE_ARMV8_SIMD + # HAVE_ARM_NEON ++# ++# HAVE_INTEL + # HAVE_INTEL_SSE + # HAVE_INTEL_SSE2 + # HAVE_INTEL_SSE3 +@@ -11,6 +16,10 @@ + # HAVE_INTEL_SSE4_1 + # HAVE_INTEL_SSE4_2 + # ++# HAVE_PPC64LE ++# HAVE_PPC64 ++# HAVE_PPC ++# + # SIMD_COMPILE_FLAGS + # + +@@ -82,14 +91,16 @@ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "i + endif() + endif(CMAKE_SYSTEM_PROCESSOR MATCHES "amd64|x86_64|AMD64") + endif(CMAKE_SYSTEM_PROCESSOR MATCHES "i686|amd64|x86_64|AMD64") +-elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)64|(powerpc|ppc)64le") ++elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)") + if(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)64le") + set(HAVE_PPC64LE 1) + message(STATUS " we are ppc64le") +- else() ++ elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)64") + set(HAVE_PPC64 1) + message(STATUS " we are ppc64") +- endif(CMAKE_SYSTEM_PROCESSOR MATCHES "(powerpc|ppc)64le") ++ else() ++ set(HAVE_PPC 1) ++ endif() + CHECK_C_COMPILER_FLAG("-maltivec" HAS_ALTIVEC) + if(HAS_ALTIVEC) + message(STATUS " HAS_ALTIVEC yes") +Index: ceph/src/arch/CMakeLists.txt +=================================================================== +--- ceph.orig/src/arch/CMakeLists.txt ++++ ceph/src/arch/CMakeLists.txt +@@ -5,7 +5,7 @@ if(HAVE_ARM) + list(APPEND arch_srcs arm.c) + elseif(HAVE_INTEL) + list(APPEND arch_srcs intel.c) +-elseif(HAVE_POWER8) ++elseif(HAVE_PPC64LE OR HAVE_PPC64 OR HAVE_PPC) + list(APPEND arch_srcs ppc.c) + endif() + diff --git a/debian/patches/debian-armel-armhf-buildflags.patch b/debian/patches/debian-armel-armhf-buildflags.patch new file mode 100644 index 000000000..e9a450aa5 --- /dev/null +++ b/debian/patches/debian-armel-armhf-buildflags.patch @@ -0,0 +1,45 @@ +--- a/cmake/modules/SIMDExt.cmake ++++ b/cmake/modules/SIMDExt.cmake +@@ -40,11 +40,14 @@ if(CMAKE_SYSTEM_PROCESSOR MATCHES "aarch + + elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "arm|ARM") + set(HAVE_ARM 1) +- CHECK_C_COMPILER_FLAG(-mfpu=neon HAVE_ARM_NEON) +- if(HAVE_ARM_NEON) +- set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mfpu=neon") ++ if(CMAKE_LIBRARY_ARCHITECTURE EQUAL "arm-linux-gnueabi") ++ set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} --with-arch=armv5te --with-float=soft") ++ else() ++ CHECK_C_COMPILER_FLAG(-mfpu=neon HAVE_ARM_NEON) ++ if(HAVE_ARM_NEON) ++ set(SIMD_COMPILE_FLAGS "${SIMD_COMPILE_FLAGS} -mfpu=neon") ++ endif() + endif() +- + elseif(CMAKE_SYSTEM_PROCESSOR MATCHES "i386|i686|amd64|x86_64|AMD64") + set(HAVE_INTEL 1) + if(CMAKE_SYSTEM_PROCESSOR MATCHES "i686|amd64|x86_64|AMD64") +--- a/src/erasure-code/jerasure/gf-complete/m4/ax_ext.m4 ++++ b/src/erasure-code/jerasure/gf-complete/m4/ax_ext.m4 +@@ -19,10 +19,17 @@ AC_DEFUN([AX_EXT], + ;; + + arm*) +- AC_CACHE_CHECK([whether NEON is enabled], [ax_cv_have_neon_ext], [ax_cv_have_neon_ext=yes]) +- if test "$ax_cv_have_neon_ext" = yes; then +- AX_CHECK_COMPILE_FLAG(-mfpu=neon, [SIMD_FLAGS="$SIMD_FLAGS -mfpu=neon -DARM_NEON"], [ax_cv_have_neon_ext=no]) +- fi ++ case $host_cpu in ++ arm-linux-gnueabi) ++ AX_CHECK_COMPILE_FLAG(-mfpu=soft, [SIMD_FLAGS="$SIMD_FLAGS -mfpu=soft -march=armv5te"], [ax_cv_have_neon_ext=no]) ++ ;; ++ *) ++ AC_CACHE_CHECK([whether NEON is enabled], [ax_cv_have_neon_ext], [ax_cv_have_neon_ext=yes]) ++ if test "$ax_cv_have_neon_ext" = yes; then ++ AX_CHECK_COMPILE_FLAG(-mfpu=neon, [SIMD_FLAGS="$SIMD_FLAGS -mfpu=neon -DARM_NEON"], [ax_cv_have_neon_ext=no]) ++ fi ++ ;; ++ esac + ;; + + powerpc*) diff --git a/debian/patches/disable-crypto.patch b/debian/patches/disable-crypto.patch new file mode 100644 index 000000000..b25aaac1b --- /dev/null +++ b/debian/patches/disable-crypto.patch @@ -0,0 +1,16 @@ +Index: ceph/src/os/CMakeLists.txt +=================================================================== +--- ceph.orig/src/os/CMakeLists.txt ++++ ceph/src/os/CMakeLists.txt +@@ -98,8 +98,9 @@ endif() + target_link_libraries(os kv) + + add_dependencies(os compressor_plugins) +-add_dependencies(os crypto_plugins) +- ++if(HAVE_INTEL AND HAVE_BETTER_YASM_ELF64 AND (NOT APPLE)) ++ add_dependencies(os crypto_plugins) ++endif() + + if(WITH_BLUESTORE) + add_executable(ceph-bluestore-tool diff --git a/debian/patches/enable-strsignal.patch b/debian/patches/enable-strsignal.patch new file mode 100644 index 000000000..dacd6ded0 --- /dev/null +++ b/debian/patches/enable-strsignal.patch @@ -0,0 +1,18 @@ +Description: This defines HAVE_REENTRANT_STRSIGNAL as sys_siglist no longer + exists with glibc 2.32 and all programs should use strsignal instead. +Forwarded: no +Last-Update: 2020-09-21 + +Index: ceph/CMakeLists.txt +=================================================================== +--- ceph.orig/CMakeLists.txt ++++ ceph/CMakeLists.txt +@@ -505,7 +505,7 @@ if(WITH_THREAD_SAFE_RES_QUERY) + set(HAVE_THREAD_SAFE_RES_QUERY 1 CACHE INTERNAL "Thread safe res_query supported.") + endif() + +-option(WITH_REENTRANT_STRSIGNAL "strsignal is reentrant" OFF) ++option(WITH_REENTRANT_STRSIGNAL "strsignal is reentrant" ON) + if(WITH_REENTRANT_STRSIGNAL) + set(HAVE_REENTRANT_STRSIGNAL 1 CACHE INTERNAL "Reentrant strsignal is supported.") + endif() diff --git a/debian/patches/fix-CheckCxxAtomic-riscv64.patch b/debian/patches/fix-CheckCxxAtomic-riscv64.patch new file mode 100644 index 000000000..52d3ad7f3 --- /dev/null +++ b/debian/patches/fix-CheckCxxAtomic-riscv64.patch @@ -0,0 +1,16 @@ +Description: Fix CheckCxxAtomic to detect more accurately + Some platforms like riscv64 does not have full support for atomic primitives, + yet passes the test. Adding operator++ fixes this issue. +Author: Eric Long +Last-Update: 2022-08-30 +--- a/cmake/modules/CheckCxxAtomic.cmake ++++ b/cmake/modules/CheckCxxAtomic.cmake +@@ -32,7 +32,7 @@ + std::atomic w2; + std::atomic w4; + std::atomic w8; +- return w1 + w2 + w4 + w8; ++ return ++w1 + ++w2 + ++w4 + ++w8; + } + " ${var}) + endfunction(check_cxx_atomics) diff --git a/debian/patches/fix-bash-completion-location b/debian/patches/fix-bash-completion-location new file mode 100644 index 000000000..916ff8a79 --- /dev/null +++ b/debian/patches/fix-bash-completion-location @@ -0,0 +1,9 @@ +--- a/src/bash_completion/CMakeLists.txt ++++ b/src/bash_completion/CMakeLists.txt +@@ -11,5 +11,5 @@ if(WITH_RADOSGW) + endif() + + install(FILES ${completions} +- DESTINATION ${CMAKE_INSTALL_SYSCONFDIR}/bash_completion.d) ++ DESTINATION /usr/share/bash-completion/completions) + diff --git a/debian/patches/fix-ceph-osd-systemd-target.patch b/debian/patches/fix-ceph-osd-systemd-target.patch new file mode 100644 index 000000000..9f42077ba --- /dev/null +++ b/debian/patches/fix-ceph-osd-systemd-target.patch @@ -0,0 +1,17 @@ +Description: Fix systemd ceph-osd.target + This helps when rebooting. +Author: Thomas Goirand +Forwarded: no +Last-Update: 2021-01-28 + +--- ceph-14.2.16.orig/systemd/ceph-osd.target ++++ ceph-14.2.16/systemd/ceph-osd.target +@@ -1,7 +1,7 @@ + [Unit] + Description=ceph target allowing to start/stop all ceph-osd@.service instances at once + PartOf=ceph.target +-After=ceph-mon.target ++After=ceph-mon.target systemd-udev-settle.service + Before=ceph.target + Wants=ceph.target ceph-mon.target + diff --git a/debian/patches/only-yied-under-armv7-and-above.patch b/debian/patches/only-yied-under-armv7-and-above.patch new file mode 100644 index 000000000..f5a9206b6 --- /dev/null +++ b/debian/patches/only-yied-under-armv7-and-above.patch @@ -0,0 +1,17 @@ +Description: Only yield under ARMv7 and above (#1176) +Author: Rosen Penev +Date: Tue, 12 Nov 2019 13:56:53 -0800 +Origin: upstream, https://github.com/facebook/folly/commit/62d8e6e0b91ebd6f878f3066cd9b6e5f3c18a97b.patch +Last-Update: 2021-11-24 + +--- ceph-16.2.6+ds.orig/src/rocksdb/third-party/folly/folly/portability/Asm.h ++++ ceph-16.2.6+ds/src/rocksdb/third-party/folly/folly/portability/Asm.h +@@ -19,7 +19,7 @@ inline void asm_volatile_pause() { + ::_mm_pause(); + #elif defined(__i386__) || FOLLY_X64 + asm volatile("pause"); +-#elif FOLLY_AARCH64 || defined(__arm__) ++#elif FOLLY_AARCH64 || (defined(__arm__) && !(__ARM_ARCH < 7)) + asm volatile("yield"); + #elif FOLLY_PPC64 + asm volatile("or 27,27,27"); diff --git a/debian/patches/riscv64-link-pthread.patch b/debian/patches/riscv64-link-pthread.patch new file mode 100644 index 000000000..18b6eed93 --- /dev/null +++ b/debian/patches/riscv64-link-pthread.patch @@ -0,0 +1,16 @@ +Description: Link with -pthread instead of -lpthread to fix FTBFS on riscv64 +Forwarded: no +Last-Update: 2020-03-01 + +Index: ceph/CMakeLists.txt +=================================================================== +--- ceph.orig/CMakeLists.txt ++++ ceph/CMakeLists.txt +@@ -25,6 +25,7 @@ list(APPEND CMAKE_MODULE_PATH "${CMAKE_S + + if(CMAKE_SYSTEM_NAME MATCHES "Linux") + set(LINUX ON) ++ set(THREADS_PREFER_PTHREAD_FLAG ON) + FIND_PACKAGE(Threads) + elseif(CMAKE_SYSTEM_NAME MATCHES "FreeBSD") + set(FREEBSD ON) diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 000000000..a4cec842c --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,25 @@ +enable-strsignal.patch +update-java-source-target-flags.patch +disable-crypto.patch +# Ubuntu: civetweb max connections +civetweb-755-1.8-somaxconn-configurable_conf.patch +civetweb-755-1.8-somaxconn-configurable.patch +civetweb-755-1.8-somaxconn-configurable_test.patch +# Upstream: py3 +# Upstream: 32bit +debian-armel-armhf-buildflags.patch +fix-bash-completion-location +32bit-fixes.patch +add-option-to-disable-ceph-dencoder.patch +riscv64-link-pthread.patch +fix-ceph-osd-systemd-target.patch +compile-ppc.c-on-all-powerpc-machines.patch +bug1914584.patch +bug1917414.patch +cmake-test-for-16-bytes-atomic-support-on-mips-also.patch +only-yied-under-armv7-and-above.patch +Fix-build-with-fmt-8-9.patch +fix-CheckCxxAtomic-riscv64.patch +CVE-2022-3650_1_ceph-crash_drop_privleges_to_run_as_ceph_user_rather_than_root.patch +CVE-2022-3650_2_ceph-crash_fix_stderr_handling.patch +CVE-2022-3854_1_rgw_Guard_against_malformed_bucket_URLs.patch diff --git a/debian/patches/update-java-source-target-flags.patch b/debian/patches/update-java-source-target-flags.patch new file mode 100644 index 000000000..6c8b79228 --- /dev/null +++ b/debian/patches/update-java-source-target-flags.patch @@ -0,0 +1,23 @@ +Description: use --release 7 instead of -source/-target + Instead of -source/-target ceph should be build with --release for OpenJDK 9 + or later so that the bootclasspath is also set, as per JEP-247, otherwise it + risks incurring into binary incompatibility when run with an earlier OpenJDK. + OpenJDK 11 minimum compatibility release has been updated to 7. +Author: Tiago Stürmer Daitx +Bug-Ubuntu: https://launchpad.net/bugs/1756854 +Bug-Ubuntu: https://launchpad.net/bugs/1766998 +Forwarded: no +Last-Update: 2018-04-24 +--- + +--- a/src/java/CMakeLists.txt ++++ b/src/java/CMakeLists.txt +@@ -21,7 +21,7 @@ set(java_srcs + # warning: [options] bootstrap class path not set in conjunction with -source 1.7 + # as per + # https://blogs.oracle.com/darcy/entry/bootclasspath_older_source +-set(CMAKE_JAVA_COMPILE_FLAGS "-source" "1.8" "-target" "1.8" "-Xlint:-options") ++set(CMAKE_JAVA_COMPILE_FLAGS "--release" "7" "-Xlint:-options") + set(jni_header_dir "${CMAKE_CURRENT_BINARY_DIR}/native") + if(CMAKE_VERSION VERSION_LESS 3.11) + set(CMAKE_JAVA_COMPILE_FLAGS ${CMAKE_JAVA_COMPILE_FLAGS} "-h" ${jni_header_dir}) -- cgit v1.2.3