cubixle/packages
1
0
Fork 0
mirror of https://github.com/novatiq/packages.git synced 2026-04-30 15:38:40 +01:00
Code Issues Packages Projects Releases Wiki Activity

openvswitch: update to version 2.11.6 (security fix)

Browse Source 
Fixes CVEs:
- CVE-2020-35498
- In DPDK: CVE-2015-8011 and CVE-2020-27827
- In LLDP: CVE-2019-14818, CVE-2020-10722, CVE-2020-10723 and CVE-2020-10724

Removed patches:
- 0001-compat-Include-confirm_neigh-parameter-if-needed.patch because they
are included in this release as it was backported
- 0010-acinclude-Fix-build-with-kernels-with-prandom-moved-.patch
included in this release as it was backported

Other patches were refreshed.

Signed-off-by: Josef Schlehofer <pepe.schlehofer@gmail.com>
This commit is contained in:
Josef Schlehofer
2021-02-23 07:28:13 +01:00
committed by Yousong Zhou
parent 3be5d565cf
commit 8e1b62d4bb
11 changed files with 15 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files
net/openvswitch/patches/0003-compat-Backport-ipv6_stub-change.patch
+5 -11
View File
@@ -25,11 +25,9 @@ Signed-off-by: Yousong Zhou <yszhou4tech@gmail.com>
datapath/linux/compat/vxlan.c | 18 +++++++++++++++++-
3 files changed, 29 insertions(+), 2 deletions(-)
diff --git a/acinclude.m4 b/acinclude.m4
index f124caefb..6d8340ce9 100644
--- a/acinclude.m4
+++ b/acinclude.m4
@@ -506,6 +506,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
@@ -508,6 +508,8 @@ AC_DEFUN([OVS_CHECK_LINUX_COMPAT], [
OVS_GREP_IFELSE([$KSRC/include/net/ip6_fib.h], [rt6_get_cookie],
[OVS_DEFINE([HAVE_RT6_GET_COOKIE])])
@@ -38,11 +36,9 @@ index f124caefb..6d8340ce9 100644
OVS_GREP_IFELSE([$KSRC/include/net/addrconf.h], [ipv6_dst_lookup.*net],
[OVS_DEFINE([HAVE_IPV6_DST_LOOKUP_NET])])
OVS_GREP_IFELSE([$KSRC/include/net/addrconf.h], [ipv6_dst_lookup_flow.*net],
diff --git a/datapath/linux/compat/geneve.c b/datapath/linux/compat/geneve.c
index 4bdab6836..bf995aa83 100644
--- a/datapath/linux/compat/geneve.c
+++ b/datapath/linux/compat/geneve.c
@@ -962,7 +962,16 @@ static struct dst_entry *geneve_get_v6_dst(struct sk_buff *skb,
@@ -962,7 +962,16 @@ static struct dst_entry *geneve_get_v6_d
return dst;
}
@@ -60,11 +56,9 @@ index 4bdab6836..bf995aa83 100644
if (ipv6_stub->ipv6_dst_lookup_flow(geneve->net, gs6->sock->sk, &dst,
fl6)) {
#elif defined(HAVE_IPV6_DST_LOOKUP_FLOW)
diff --git a/datapath/linux/compat/vxlan.c b/datapath/linux/compat/vxlan.c
index ff10ae6f4..05ccfb928 100644
--- a/datapath/linux/compat/vxlan.c
+++ b/datapath/linux/compat/vxlan.c
@@ -967,7 +967,10 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
@@ -967,7 +967,10 @@ static struct dst_entry *vxlan6_get_rout
bool use_cache = (dst_cache && ip_tunnel_dst_cache_usable(skb, info));
struct dst_entry *ndst;
struct flowi6 fl6;
@@ -75,7 +69,7 @@ index ff10ae6f4..05ccfb928 100644
if (!sock6)
return ERR_PTR(-EIO);
@@ -990,7 +993,15 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
@@ -990,7 +993,15 @@ static struct dst_entry *vxlan6_get_rout
fl6.fl6_dport = dport;
fl6.fl6_sport = sport;
@@ -92,7 +86,7 @@ index ff10ae6f4..05ccfb928 100644
err = ipv6_stub->ipv6_dst_lookup_flow(vxlan->net, sock6->sock->sk,
&ndst, &fl6);
#elif defined(HAVE_IPV6_DST_LOOKUP_FLOW)
@@ -1004,8 +1015,13 @@ static struct dst_entry *vxlan6_get_route(struct vxlan_dev *vxlan,
@@ -1004,8 +1015,13 @@ static struct dst_entry *vxlan6_get_rout
#else
err = ip6_dst_lookup(vxlan->vn6_sock->sock->sk, &ndst, &fl6);
#endif