openvswitch: update to version 2.11.6 (security fix)
Fixes CVEs: - CVE-2020-35498 - In DPDK: CVE-2015-8011 and CVE-2020-27827 - In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724 Removed patches: - 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they are included in this release as it was backported - 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch included in this release as it was backported Other patches were refreshed. Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit is contained in:
Josef Schlehofer
Yousong Zhou
parent
3be5d565cf
commit
8e1b62d4bb
|
|
@ -15,11 +15,11 @@ include $(INCLUDE_DIR)/kernel.mk
|
|||
# - Check and update kmod dependencies when necessary (runtime module load check in the least)
|
||||
#
|
||||
PKG_NAME:=openvswitch
|
||||
PKG_VERSION:=2.11.3
|
||||
PKG_VERSION:=2.11.6
|
||||
PKG_RELEASE:=1
|
||||
PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz
|
||||
PKG_SOURCE_URL:=https://www.openvswitch.org/releases/
|
||||
PKG_HASH:=4f06935b13627171d133b7312d532e57df3e63d307d6f8c692836dde73d27e15
|
||||
PKG_HASH:=1d052272747a790abc51dfadf886a83f96dfdcad7bb4b21b407ae7530e3b9ea2
|
||||
|
||||
PKG_LICENSE:=Apache-2.0
|
||||
PKG_LICENSE_FILES:=LICENSE
|
||||
|
|
|
|||
|
|
@ -1,70 +0,0 @@
|
|||
From 6d90cbb44fd51e1cbb757107d2a86276a66c43df Mon Sep 17 00:00:00 2001
|
||||
From: Greg Rose <gvrose8192@gmail.com>
|
||||
Date: Mon, 6 Jan 2020 13:36:34 -0800
|
||||
Subject: [PATCH] compat: Include confirm_neigh parameter if needed
|
||||
|
||||
A change backported to the Linux 4.14.162 LTS kernel requires
|
||||
a boolean parameter. Check for the presence of the parameter
|
||||
and adjust the caller in that case.
|
||||
|
||||
Passes check-kmod test with no regressions.
|
||||
|
||||
Passes Travis build here:
|
||||
https://travis-ci.org/gvrose8192/ovs-experimental/builds/633461320
|
||||
|
||||
Signed-off-by: Greg Rose <gvrose8192@gmail.com>
|
||||
Signed-off-by: Simon Horman <simon.horman@netronome.com>
|
||||
(cherry picked from commit 6634cc8aed485967737ef7eda489b9d625a4ca74)
|
||||
Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
||||
---
|
||||
acinclude.m4 | 2 ++
|
||||
datapath/linux/compat/ip6_gre.c | 4 ++++
|
||||
datapath/linux/compat/ip_tunnel.c | 5 +++++
|
||||
3 files changed, 11 insertions(+)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index f15b1ff67..84098f2a5 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -967,6 +967,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
[OVS_DEFINE([HAVE_NF_CONNTRACK_IN_TAKES_NF_HOOK_STATE])])
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/ipv6_frag.h], [IP6_DEFRAG_CONNTRACK_IN],
|
||||
[OVS_DEFINE([HAVE_IPV6_FRAG_H])])
|
||||
+ OVS_GREP_IFELSE([$KSRC/include/net/dst_ops.h], [bool confirm_neigh],
|
||||
+ [OVS_DEFINE([HAVE_DST_OPS_CONFIRM_NEIGH])])
|
||||
|
||||
if cmp -s datapath/linux/kcompat.h.new \
|
||||
datapath/linux/kcompat.h >/dev/null 2>&1; then
|
||||
diff --git a/datapath/linux/compat/ip6_gre.c b/datapath/linux/compat/ip6_gre.c
|
||||
index 2ffdda5e1..89705d778 100644
|
||||
--- a/datapath/linux/compat/ip6_gre.c
|
||||
+++ b/datapath/linux/compat/ip6_gre.c
|
||||
@@ -1196,7 +1196,11 @@ static netdev_tx_t ip6erspan_tunnel_xmit(struct sk_buff *skb,
|
||||
|
||||
/* TooBig packet may have updated dst->dev's mtu */
|
||||
if (!t->parms.collect_md && dst && dst_mtu(dst) > dst->dev->mtu)
|
||||
+#ifndef HAVE_DST_OPS_CONFIRM_NEIGH
|
||||
dst->ops->update_pmtu(dst, NULL, skb, dst->dev->mtu);
|
||||
+#else
|
||||
+ dst->ops->update_pmtu(dst, NULL, skb, dst->dev->mtu, false);
|
||||
+#endif
|
||||
|
||||
err = ip6_tnl_xmit(skb, dev, dsfield, &fl6, encap_limit, &mtu,
|
||||
NEXTHDR_GRE);
|
||||
diff --git a/datapath/linux/compat/ip_tunnel.c b/datapath/linux/compat/ip_tunnel.c
|
||||
index d16e60fbf..f1c8ba7cd 100644
|
||||
--- a/datapath/linux/compat/ip_tunnel.c
|
||||
+++ b/datapath/linux/compat/ip_tunnel.c
|
||||
@@ -266,7 +266,12 @@ static int rpl_tnl_update_pmtu(struct net_device *dev, struct sk_buff *skb,
|
||||
mtu = skb_dst(skb) ? dst_mtu(skb_dst(skb)) : dev->mtu;
|
||||
|
||||
if (skb_dst(skb))
|
||||
+#ifndef HAVE_DST_OPS_CONFIRM_NEIGH
|
||||
skb_dst(skb)->ops->update_pmtu(skb_dst(skb), NULL, skb, mtu);
|
||||
+#else
|
||||
+ skb_dst(skb)->ops->update_pmtu(skb_dst(skb),
|
||||
+ NULL, skb, mtu, false);
|
||||
+#endif
|
||||
|
||||
if (skb->protocol == htons(ETH_P_IP)) {
|
||||
if (!skb_is_gso(skb) &&
|
||||
|
|
@ -27,11 +27,9 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|||
datapath/linux/compat/vxlan.c | 14 ++++++++------
|
||||
3 files changed, 18 insertions(+), 10 deletions(-)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index 84098f2a5..f124caefb 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -508,7 +508,10 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
@@ -510,7 +510,10 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/addrconf.h], [ipv6_dst_lookup.*net],
|
||||
[OVS_DEFINE([HAVE_IPV6_DST_LOOKUP_NET])])
|
||||
|
|
@ -42,11 +40,9 @@ index 84098f2a5..f124caefb 100644
|
|||
|
||||
OVS_GREP_IFELSE([$KSRC/include/linux/err.h], [ERR_CAST])
|
||||
OVS_GREP_IFELSE([$KSRC/include/linux/err.h], [IS_ERR_OR_NULL])
|
||||
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
|
||||
index c044b1489..4bdab6836 100644
|
||||
--- a/datapath/linux/compat/geneve.c
|
||||
+++ b/datapath/linux/compat/geneve.c
|
||||
@@ -962,14 +962,17 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
|
||||
@@ -962,15 +962,18 @@ static struct dst_entry *geneve_get_v6_d
|
||||
return dst;
|
||||
}
|
||||
|
||||
|
|
@ -64,15 +60,14 @@ index c044b1489..4bdab6836 100644
|
|||
if (ipv6_stub->ipv6_dst_lookup(gs6->sock->sk, &dst, fl6)) {
|
||||
#else
|
||||
if (ip6_dst_lookup(gs6->sock->sk, &dst, fl6)) {
|
||||
-#endif
|
||||
#endif
|
||||
-#endif
|
||||
netdev_dbg(dev, "no route to %pI6\n", &fl6->daddr);
|
||||
return ERR_PTR(-ENETUNREACH);
|
||||
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
|
||||
index 23118e8b6..ff10ae6f4 100644
|
||||
}
|
||||
--- a/datapath/linux/compat/vxlan.c
|
||||
+++ b/datapath/linux/compat/vxlan.c
|
||||
@@ -990,17 +990,19 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
||||
@@ -990,18 +990,20 @@ static struct dst_entry *vxlan6_get_rout
|
||||
fl6.fl6_dport = dport;
|
||||
fl6.fl6_sport = sport;
|
||||
|
||||
|
|
@ -94,7 +89,8 @@ index 23118e8b6..ff10ae6f4 100644
|
|||
&ndst, &fl6);
|
||||
#else
|
||||
err = ip6_dst_lookup(vxlan->vn6_sock->sock->sk, &ndst, &fl6);
|
||||
-#endif
|
||||
#endif
|
||||
-#endif
|
||||
if (err < 0)
|
||||
return ERR_PTR(err);
|
||||
|
||||
|
|
|
|||
|
|
@ -25,11 +25,9 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|||
datapath/linux/compat/vxlan.c | 18 +++++++++++++++++-
|
||||
3 files changed, 29 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index f124caefb..6d8340ce9 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -506,6 +506,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
@@ -508,6 +508,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/ip6_fib.h], [rt6_get_cookie],
|
||||
[OVS_DEFINE([HAVE_RT6_GET_COOKIE])])
|
||||
|
||||
|
|
@ -38,11 +36,9 @@ index f124caefb..6d8340ce9 100644
|
|||
OVS_GREP_IFELSE([$KSRC/include/net/addrconf.h], [ipv6_dst_lookup.*net],
|
||||
[OVS_DEFINE([HAVE_IPV6_DST_LOOKUP_NET])])
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/addrconf.h], [ipv6_dst_lookup_flow.*net],
|
||||
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
|
||||
index 4bdab6836..bf995aa83 100644
|
||||
--- a/datapath/linux/compat/geneve.c
|
||||
+++ b/datapath/linux/compat/geneve.c
|
||||
@@ -962,7 +962,16 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
|
||||
@@ -962,7 +962,16 @@ static struct dst_entry *geneve_get_v6_d
|
||||
return dst;
|
||||
}
|
||||
|
||||
|
|
@ -60,11 +56,9 @@ index 4bdab6836..bf995aa83 100644
|
|||
if (ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, &dst,
|
||||
fl6)) {
|
||||
#elif defined(HAVE_IPV6_DST_LOOKUP_FLOW)
|
||||
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
|
||||
index ff10ae6f4..05ccfb928 100644
|
||||
--- a/datapath/linux/compat/vxlan.c
|
||||
+++ b/datapath/linux/compat/vxlan.c
|
||||
@@ -967,7 +967,10 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
||||
@@ -967,7 +967,10 @@ static struct dst_entry *vxlan6_get_rout
|
||||
bool use_cache = (dst_cache && ip_tunnel_dst_cache_usable(skb, info));
|
||||
struct dst_entry *ndst;
|
||||
struct flowi6 fl6;
|
||||
|
|
@ -75,7 +69,7 @@ index ff10ae6f4..05ccfb928 100644
|
|||
|
||||
if (!sock6)
|
||||
return ERR_PTR(-EIO);
|
||||
@@ -990,7 +993,15 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
||||
@@ -990,7 +993,15 @@ static struct dst_entry *vxlan6_get_rout
|
||||
fl6.fl6_dport = dport;
|
||||
fl6.fl6_sport = sport;
|
||||
|
||||
|
|
@ -92,7 +86,7 @@ index ff10ae6f4..05ccfb928 100644
|
|||
err = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
|
||||
&ndst, &fl6);
|
||||
#elif defined(HAVE_IPV6_DST_LOOKUP_FLOW)
|
||||
@@ -1004,8 +1015,13 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
|
||||
@@ -1004,8 +1015,13 @@ static struct dst_entry *vxlan6_get_rout
|
||||
#else
|
||||
err = ip6_dst_lookup(vxlan->vn6_sock->sock->sk, &ndst, &fl6);
|
||||
#endif
|
||||
|
|
|
|||
|
|
@ -23,8 +23,6 @@ Signed-off-by: Ben Pfaff <blp@ovn.org>
|
|||
ovsdb/ovsdb-idlc.in | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/ovsdb/ovsdb-idlc.in b/ovsdb/ovsdb-idlc.in
|
||||
index 40fef39ed..22d0a4e22 100755
|
||||
--- a/ovsdb/ovsdb-idlc.in
|
||||
+++ b/ovsdb/ovsdb-idlc.in
|
||||
@@ -176,7 +176,7 @@ def replace_cplusplus_keyword(schema):
|
||||
|
|
|
|||
|
|
@ -16,11 +16,9 @@ Signed-off-by: Helmut Schaa <helmut.schaa@googlemail.com>
|
|||
lib/netdev-linux.c | 8 +++++++-
|
||||
1 file changed, 7 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/netdev-linux.c b/lib/netdev-linux.c
|
||||
index 4ab645953..cf23ca753 100644
|
||||
--- a/lib/netdev-linux.c
|
||||
+++ b/lib/netdev-linux.c
|
||||
@@ -3120,7 +3120,13 @@ update_flags(struct netdev_linux *netdev, enum netdev_flags off,
|
||||
@@ -3119,7 +3119,13 @@ update_flags(struct netdev_linux *netdev
|
||||
unsigned int old_flags, new_flags;
|
||||
int error = 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -12,8 +12,6 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|||
m4/openvswitch.m4 | 2 ++
|
||||
2 files changed, 3 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index ff1f94b48..417f53230 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -60,7 +60,7 @@ endif
|
||||
|
|
@ -25,8 +23,6 @@ index ff1f94b48..417f53230 100644
|
|||
|
||||
ALL_LOCAL =
|
||||
BUILT_SOURCES =
|
||||
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
|
||||
index 41042c98e..4a5f0a84a 100644
|
||||
--- a/m4/openvswitch.m4
|
||||
+++ b/m4/openvswitch.m4
|
||||
@@ -449,7 +449,9 @@ AC_DEFUN([OVS_CHECK_PYTHON],
|
||||
|
|
|
|||
|
|
@ -10,8 +10,6 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|||
utilities/ovs-lib.in | 5 ++++-
|
||||
1 file changed, 4 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/utilities/ovs-lib.in b/utilities/ovs-lib.in
|
||||
index 5f36b7d44..7ba18b532 100644
|
||||
--- a/utilities/ovs-lib.in
|
||||
+++ b/utilities/ovs-lib.in
|
||||
@@ -159,7 +159,10 @@ install_dir () {
|
||||
|
|
|
|||
|
|
@ -8,8 +8,6 @@ Signed-off-by: Yousong Zhou <zhouyousong@yunionyun.com>
|
|||
Makefile.am | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/Makefile.am b/Makefile.am
|
||||
index 417f53230..3fc630f33 100644
|
||||
--- a/Makefile.am
|
||||
+++ b/Makefile.am
|
||||
@@ -480,7 +480,6 @@ include m4/automake.mk
|
||||
|
|
|
|||
|
|
@ -18,8 +18,6 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
|
|||
datapath/linux/Makefile.in | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/datapath/linux/Makefile.in b/datapath/linux/Makefile.in
|
||||
index efc1663e4..61fcaa67e 100644
|
||||
--- a/datapath/linux/Makefile.in
|
||||
+++ b/datapath/linux/Makefile.in
|
||||
@@ -1,5 +1,6 @@
|
||||
|
|
|
|||
|
|
@ -1,43 +0,0 @@
|
|||
From 39d1f4598ce63558d0f6549d25745a4f83e0b165 Mon Sep 17 00:00:00 2001
|
||||
Message-Id: <39d1f4598ce63558d0f6549d25745a4f83e0b165.1597434251.git.mschiffer@universe-factory.net>
|
||||
From: Ilya Maximets <i.maximets@ovn.org>
|
||||
Date: Wed, 12 Aug 2020 10:57:07 +0200
|
||||
Subject: [PATCH] acinclude: Fix build with kernels with prandom* moved to
|
||||
prandom.h.
|
||||
|
||||
Recent commit c0842fbc1b18 ("random32: move the pseudo-random 32-bit
|
||||
definitions to prandom.h") in upstream kernel moved the definition
|
||||
of prandom_* functions from random.h to prandom.h. This change was
|
||||
also backported to stable kernels.
|
||||
|
||||
Fixing our configure script to look for these functions in a new
|
||||
location and avoid build failures:
|
||||
|
||||
datapath/linux/compat/include/linux/random.h:11:19:
|
||||
error: redefinition of 'prandom_u32_max'
|
||||
|
||||
Acked-by: Greg Rose <gvrose8192@gmail.com>
|
||||
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
|
||||
(cherry picked from commit e38b412dcb4f493e2b7a727557423eb5d4171a81)
|
||||
---
|
||||
acinclude.m4 | 4 ++++
|
||||
1 file changed, 4 insertions(+)
|
||||
|
||||
diff --git a/acinclude.m4 b/acinclude.m4
|
||||
index 6d8340ce99fd..fa39347bd85f 100644
|
||||
--- a/acinclude.m4
|
||||
+++ b/acinclude.m4
|
||||
@@ -690,6 +690,10 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
|
||||
|
||||
OVS_GREP_IFELSE([$KSRC/include/linux/random.h], [prandom_u32])
|
||||
OVS_GREP_IFELSE([$KSRC/include/linux/random.h], [prandom_u32_max])
|
||||
+ OVS_GREP_IFELSE([$KSRC/include/linux/prandom.h],
|
||||
+ [prandom_u32[[\(]]],
|
||||
+ [OVS_DEFINE([HAVE_PRANDOM_U32])])
|
||||
+ OVS_GREP_IFELSE([$KSRC/include/linux/prandom.h], [prandom_u32_max])
|
||||
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/rtnetlink.h], [get_link_net])
|
||||
OVS_GREP_IFELSE([$KSRC/include/net/rtnetlink.h], [name_assign_type])
|
||||
--
|
||||
2.28.0
|
||||
|
||||
Loading…
Reference in New Issue