From 74024c5b4e27e0af9409c19a8d628be719d4714f Mon Sep 17 00:00:00 2001 From: Timothy Redaelli Date: Wed, 17 Feb 2021 19:37:48 +0100 Subject: [PATCH] Updated to 2.15.0 --- .gitignore | 1 + ...date-a-bit-more-received-LLDP-frames.patch | 132 ------------------ ...lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch | 40 ------ ...r-overflow-when-handling-management-.patch | 58 -------- ...atsTLVsUnrecognizedTotal-on-unknown-.patch | 37 ----- ...p-correctly-increase-discarded-count.patch | 48 ------- openvswitch.spec | 16 +-- sources | 2 +- 8 files changed, 7 insertions(+), 327 deletions(-) delete mode 100644 0001-lldp-validate-a-bit-more-received-LLDP-frames.patch delete mode 100644 0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch delete mode 100644 0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch delete mode 100644 0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch delete mode 100644 0005-lldp-correctly-increase-discarded-count.patch diff --git a/.gitignore b/.gitignore index 49c4479..b0159e2 100644 --- a/.gitignore +++ b/.gitignore @@ -39,3 +39,4 @@ /openvswitch-2.12.0.tar.gz /openvswitch-2.13.0.tar.gz /openvswitch-2.14.0.tar.gz +/openvswitch-2.15.0.tar.gz diff --git a/0001-lldp-validate-a-bit-more-received-LLDP-frames.patch b/0001-lldp-validate-a-bit-more-received-LLDP-frames.patch deleted file mode 100644 index 0752856..0000000 --- a/0001-lldp-validate-a-bit-more-received-LLDP-frames.patch +++ /dev/null @@ -1,132 +0,0 @@ -From d0e86f3353677fd9432608c7189928467767a109 Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Thu, 12 Nov 2020 19:54:50 -0500 -Subject: [PATCH 1/5] lldp: validate a bit more received LLDP frames - -Upstream commit: - commit 3aeae72b97716fddac290634fad02b952d981f17 - Author: Vincent Bernat - Date: Tue, 1 Oct 2019 21:42:42 +0200 - - lldp: validate a bit more received LLDP frames - - Notably, we ensure the order and unicity of Chassis ID, Port ID and - TTL TLV. For Chassis ID and Port ID, we also ensure the maximum size - does not exceed 256. - - Fix https://github.com/vincentbernat/lldpd/issues/351 - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Signed-off-by: Aaron Conole -Co-authored-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 53 +++++++++++++++++++++++++++++++++++++++++++++++-- - 1 file changed, 51 insertions(+), 2 deletions(-) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index 74f747fcd..e61ce6774 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -341,6 +341,12 @@ lldp_send(struct lldpd *global OVS_UNUSED, - - return dp_packet_size(p); - } -+#define CHECK_TLV_MAX_SIZE(x, name) \ -+ do { if (tlv_size > (x)) { \ -+ VLOG_WARN(name " TLV too large received on %s", \ -+ hardware->h_ifname); \ -+ goto malformed; \ -+ } } while (0) - - int - lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, -@@ -359,7 +365,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - int length, af; - bool gotend = false; - bool ttl_received = false; -- int tlv_size, tlv_type, tlv_subtype; -+ int tlv_size, tlv_type, tlv_subtype, tlv_count = 0; - u_int8_t *pos, *tlv; - void *b; - struct lldpd_aa_isid_vlan_maps_tlv *isid_vlan_map = NULL; -@@ -411,6 +417,31 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - hardware->h_ifname); - goto malformed; - } -+ /* Check order for mandatory TLVs */ -+ tlv_count++; -+ switch (tlv_type) { -+ case LLDP_TLV_CHASSIS_ID: -+ if (tlv_count != 1) { -+ VLOG_WARN("first TLV should be a chassis ID on %s, not %d", -+ hardware->h_ifname, tlv_type); -+ goto malformed; -+ } -+ break; -+ case LLDP_TLV_PORT_ID: -+ if (tlv_count != 2) { -+ VLOG_WARN("second TLV should be a port ID on %s, not %d", -+ hardware->h_ifname, tlv_type); -+ goto malformed; -+ } -+ break; -+ case LLDP_TLV_TTL: -+ if (tlv_count != 3) { -+ VLOG_WARN("third TLV should be a TTL on %s, not %d", -+ hardware->h_ifname, tlv_type); -+ goto malformed; -+ } -+ break; -+ } - - switch (tlv_type) { - case LLDP_TLV_END: -@@ -428,7 +459,8 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - - case LLDP_TLV_CHASSIS_ID: - case LLDP_TLV_PORT_ID: -- CHECK_TLV_SIZE(2, "Port Id"); -+ CHECK_TLV_SIZE(2, "Port/Chassis Id"); -+ CHECK_TLV_MAX_SIZE(256, "Port/Chassis Id"); - tlv_subtype = PEEK_UINT8; - if (tlv_subtype == 0 || tlv_subtype > 7) { - VLOG_WARN("unknown subtype for tlv id received on %s", -@@ -438,10 +470,22 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - b = xzalloc(tlv_size - 1); - PEEK_BYTES(b, tlv_size - 1); - if (tlv_type == LLDP_TLV_PORT_ID) { -+ if (port->p_id != NULL) { -+ VLOG_WARN("Port ID TLV received twice on %s", -+ hardware->h_ifname); -+ free(b); -+ goto malformed; -+ } - port->p_id_subtype = tlv_subtype; - port->p_id = b; - port->p_id_len = tlv_size - 1; - } else { -+ if (chassis->c_id != NULL) { -+ VLOG_WARN("Chassis ID TLV received twice on %s", -+ hardware->h_ifname); -+ free(b); -+ goto malformed; -+ } - chassis->c_id_subtype = tlv_subtype; - chassis->c_id = b; - chassis->c_id_len = tlv_size - 1; -@@ -449,6 +493,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - break; - - case LLDP_TLV_TTL: -+ if (ttl_received) { -+ VLOG_WARN("TTL TLV received twice on %s", -+ hardware->h_ifname); -+ goto malformed; -+ } - CHECK_TLV_SIZE(2, "TTL"); - chassis->c_ttl = PEEK_UINT16; - ttl_received = true; --- -2.28.0 - diff --git a/0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch b/0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch deleted file mode 100644 index e4a2a4d..0000000 --- a/0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch +++ /dev/null @@ -1,40 +0,0 @@ -From 800ce88f52c68e9754d9d9085daf47cf90bb10cf Mon Sep 17 00:00:00 2001 -From: Jonas Johansson -Date: Thu, 12 Nov 2020 19:54:51 -0500 -Subject: [PATCH 2/5] lldp: Fix size of PEEK_DISCARD_UINT32() - -Upstream commit: - commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b - Author: Jonas Johansson - Date: Thu, 21 Apr 2016 11:50:06 +0200 - - Fix size of PEEK_DISCARD_UINT32() - - Signed-off-by: Jonas Johansson - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Reported-by: Jonas Rudloff -Reported-at: https://github.com/openvswitch/ovs/pull/336 -Signed-off-by: Fabrizio D'Angelo -Acked-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index e61ce6774..593c5e1c3 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -59,7 +59,7 @@ VLOG_DEFINE_THIS_MODULE(lldp); - } while (0) - #define PEEK_DISCARD_UINT8 PEEK_DISCARD(1) - #define PEEK_DISCARD_UINT16 PEEK_DISCARD(2) --#define PEEK_DISCARD_UINT32 PEEK_DISCARD(3) -+#define PEEK_DISCARD_UINT32 PEEK_DISCARD(4) - #define PEEK_CMP(value, bytes) \ - (length -= (bytes), \ - pos += (bytes), \ --- -2.28.0 - diff --git a/0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch b/0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch deleted file mode 100644 index 47d427f..0000000 --- a/0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch +++ /dev/null @@ -1,58 +0,0 @@ -From ec51fc90669e5fe1a2096581296d55b3acda6711 Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Thu, 12 Nov 2020 19:54:52 -0500 -Subject: [PATCH 3/5] lldp: fix a buffer overflow when handling management - address TLV - -Upstream commit: - commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b - Author: Vincent Bernat - Date: Sun, 4 Oct 2015 01:50:38 +0200 - - lldp: fix a buffer overflow when handling management address TLV - - When a remote device was advertising a too large management address - while still respecting TLV boundaries, lldpd would crash due to a buffer - overflow. However, the buffer being a static one, this buffer overflow - is not exploitable if hardening was not disabled. This bug exists since - version 0.5.6. - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Reported-by: Jonas Rudloff -Reported-at: https://github.com/openvswitch/ovs/pull/335 -Co-authored-by: Fabrizio D'Angelo -Signed-off-by: Fabrizio D'Angelo -Acked-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index 593c5e1c3..628d0f863 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -530,6 +530,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - case LLDP_TLV_MGMT_ADDR: - CHECK_TLV_SIZE(1, "Management address"); - addr_str_length = PEEK_UINT8; -+ if (addr_str_length > sizeof(addr_str_buffer)) { -+ VLOG_WARN("too large management address on %s", -+ hardware->h_ifname); -+ goto malformed; -+ } - CHECK_TLV_SIZE(1 + addr_str_length, "Management address"); - PEEK_BYTES(addr_str_buffer, addr_str_length); - addr_length = addr_str_length - 1; -@@ -554,7 +559,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - break; - - case LLDP_TLV_ORG: -- CHECK_TLV_SIZE(4, "Organisational"); -+ CHECK_TLV_SIZE(1 + sizeof orgid, "Organisational"); - PEEK_BYTES(orgid, sizeof orgid); - tlv_subtype = PEEK_UINT8; - if (memcmp(dot1, orgid, sizeof orgid) == 0) { --- -2.28.0 - diff --git a/0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch b/0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch deleted file mode 100644 index 84e8ebd..0000000 --- a/0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch +++ /dev/null @@ -1,37 +0,0 @@ -From d9140c3fd0bcba05a9e33fc7b1e042b86e31ae37 Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Thu, 12 Nov 2020 19:54:53 -0500 -Subject: [PATCH 4/5] lldp: increase statsTLVsUnrecognizedTotal on unknown TLV - -Upstream commit: - commit 109bcd423cd560545ec7940d73a50c5584aebb0c - Author: Vincent Bernat - Date: Sat, 6 Apr 2019 21:17:25 +0200 - - This was done for organization TLVs, but not for other TLVs. - - Fix https://github.com/vincentbernat/lldpd/issues/323 - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Signed-off-by: Fabrizio D'Angelo -Acked-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index 628d0f863..e5755307f 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -679,6 +679,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - VLOG_WARN("unknown tlv (%d) received on %s", - tlv_type, - hardware->h_ifname); -+ hardware->h_rx_unrecognized_cnt++; - goto malformed; - } - if (pos > tlv + tlv_size) { --- -2.28.0 - diff --git a/0005-lldp-correctly-increase-discarded-count.patch b/0005-lldp-correctly-increase-discarded-count.patch deleted file mode 100644 index 67b34f1..0000000 --- a/0005-lldp-correctly-increase-discarded-count.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 45fd5e7ea1a63a62b70fdf05de782c31222696ad Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Thu, 12 Nov 2020 19:54:54 -0500 -Subject: [PATCH 5/5] lldp: correctly increase discarded count - -Upstream commit: - commit 32f0deeebc9172c3f5f4a4d02aab32e6904947f6 - Date: Sat, 18 Feb 2017 20:11:47 +0100 - - lldpd: correctly increase discarded count - - When a frame cannot be decoded but has been guessed, increase the - discarded count. - - Fix https://github.com/vincentbernat/lldpd/issues/223 - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Co-authored-by: Fabrizio D'Angelo -Signed-off-by: Fabrizio D'Angelo -Acked-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldpd.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/lldp/lldpd.c b/lib/lldp/lldpd.c -index 19e930526..34738535d 100644 ---- a/lib/lldp/lldpd.c -+++ b/lib/lldp/lldpd.c -@@ -244,6 +244,7 @@ lldpd_decode(struct lldpd *cfg, char *frame, int s, - - if (s < sizeof(struct eth_header) + 4) { - /* Too short, just discard it */ -+ hw->h_rx_discarded_cnt++; - return; - } - -@@ -284,6 +285,7 @@ lldpd_decode(struct lldpd *cfg, char *frame, int s, - VLOG_DBG("function for %s protocol did not " - "decode this frame", - cfg->g_protocols[i].name); -+ hw->h_rx_discarded_cnt++; - return; - } - chassis->c_protocol = port->p_protocol = cfg->g_protocols[i].mode; --- -2.28.0 - diff --git a/openvswitch.spec b/openvswitch.spec index 73bde9e..4fcd00a 100644 --- a/openvswitch.spec +++ b/openvswitch.spec @@ -44,8 +44,8 @@ Epoch: 1 Name: openvswitch Summary: Open vSwitch daemon/database/utilities URL: http://www.openvswitch.org/ -Version: 2.14.0 -Release: 4%{?commit0:.%{date}git%{shortcommit0}}%{?dist} +Version: 2.15.0 +Release: 1%{?commit0:.%{date}git%{shortcommit0}}%{?dist} # Nearly all of openvswitch is ASL 2.0. The bugtool is LGPLv2+, and the # lib/sflow*.[ch] files are SISSL @@ -65,13 +65,6 @@ Source: http://openvswitch.org/releases/%{name}-%{version}.tar.gz # OVS (including OVN) backports (0 - 300) -# 1899303 - CVE-2015-8011 -Patch10: 0001-lldp-validate-a-bit-more-received-LLDP-frames.patch -Patch11: 0002-lldp-Fix-size-of-PEEK_DISCARD_UINT32.patch -Patch12: 0003-lldp-fix-a-buffer-overflow-when-handling-management-.patch -Patch13: 0004-lldp-increase-statsTLVsUnrecognizedTotal-on-unknown-.patch -Patch14: 0005-lldp-correctly-increase-discarded-count.patch - BuildRequires: gcc gcc-c++ make BuildRequires: autoconf automake libtool BuildRequires: systemd-units openssl openssl-devel @@ -102,10 +95,8 @@ BuildRequires: libcap-ng libcap-ng-devel BuildRequires: dpdk-devel libpcap-devel numactl-devel # Currently DPDK on Extras/AppStream includes the mlx{4,5} glue libraries, so # libibverbs is needed to run the tests (make check). -# Starting from DPDK 18.11 also libmnl{,-devel} are needed %if 0%{?rhel} BuildRequires: libibverbs >= 15 -BuildRequires: libmnl-devel %endif %endif %endif @@ -481,6 +472,9 @@ chown -R openvswitch:openvswitch /etc/openvswitch %endif %changelog +* Wed Feb 17 2021 Timothy Redaelli - 2.15.0-1 +- Updated to 2.15.0 + * Tue Jan 26 2021 Fedora Release Engineering - 2.14.0-4 - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild diff --git a/sources b/sources index 252eb79..164b66b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (openvswitch-2.14.0.tar.gz) = 5fe377f9b2857e238e3d40e4452e8b36c80283230f1d0f4b983324532beba725913da817e545c8d7630762f170bb5b0dfe810fd1b8b559994d5eae828beb8ec1 +SHA512 (openvswitch-2.15.0.tar.gz) = a4e49268d6dd7d9d8fbf2005e8ffe45ede0998d21c98d7018474142656c65c05b14c8a7e4c7d8e0eea36e28d87550826225205e1fa03055d35a8cb048617c832