Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Ceph CVE Fixes - Removing "jaegertracing/opentelemetry-cpp" as it was not being built #11999

Open
wants to merge 3 commits into
base: fasttrack/3.0
Choose a base branch
from
Open

Ceph CVE Fixes - Removing "jaegertracing/opentelemetry-cpp" as it was not being built #11999

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
2b4e307
Remove opentelemetry as it is not being built in ceph
cyberbandya007 Jan 19, 2025
409ae1a
Add changelog and bump version
cyberbandya007 Jan 23, 2025
9917177
Merge branch 'fasttrack/3.0' into skarambelkar/cephCVEFix
cyberbandya007 Jan 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 8 additions & 1 deletion SPECS/ceph/ceph.spec
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
Summary: User space components of the Ceph file system
Name: ceph
Version: 18.2.2
Release: 2%{?dist}
Release: 3%{?dist}
License: LGPLv2 and LGPLv3 and CC-BY-SA and GPLv2 and Boost and BSD and MIT and Public Domain and GPLv3 and ASL-2.0
URL: https://ceph.io/
Vendor: Microsoft Corporation
Expand Down Expand Up @@ -898,6 +898,10 @@ This package provides a Ceph hardware monitoring agent.
%autosetup -p1

%build
pwd
# CVE-2022-24736 and CVE-2022-24735 Remove opentelemetry-cpp which uses LUA
# This subsystem is not getting built in ceph
rm -rf src/jaegertracing/opentelemetry-cpp/*
cyberbandya007 marked this conversation as resolved.
Show resolved Hide resolved
# LTO can be enabled as soon as the following GCC bug is fixed:
# https://gcc.gnu.org/bugzilla/show_bug.cgi?id=48200
%define _lto_cflags %{nil}
Expand Down Expand Up @@ -2000,6 +2004,9 @@ exit 0


%changelog
* Tue Jan 01 2025 Sandeep Karambelkar <[email protected]> - 18.2.2-3
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What CVE's is this fixing? Best Practice is to state this in the PR Commit title and explain the implementation details in the commit details section.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

and then close out the PR's that are not needed so it's clear on our end which ones to take.

- Remove opentelemetry-cpp as it is not being built to address multiple CVEs

* Wed Dec 4 2024 Bhagyashri Pathak <[email protected]> - 18.2.2-2
- Fix for CVE-2024-52338

Expand Down
Loading