diff --git a/0001-fix-dict-change-during-iteration.patch b/0001-fix-dict-change-during-iteration.patch deleted file mode 100644 index 3b64ab94ecebced99a5ffc3e5805c6d737c15c0c..0000000000000000000000000000000000000000 --- a/0001-fix-dict-change-during-iteration.patch +++ /dev/null @@ -1,13 +0,0 @@ -diff --git a/ovsdb/ovsdb-idlc.in b/ovsdb/ovsdb-idlc.in -index 40fef39..22d0a4e 100755 ---- a/ovsdb/ovsdb-idlc.in -+++ b/ovsdb/ovsdb-idlc.in -@@ -176,7 +176,7 @@ def replace_cplusplus_keyword(schema): - 'wchar_t', 'while', 'xor', 'xor_eq'} - - for tableName, table in schema.tables.items(): -- for columnName in table.columns: -+ for columnName in list(table.columns): - if columnName in keywords: - table.columns[columnName + '_'] = table.columns.pop(columnName) - diff --git a/CVE-2015-8011.patch b/CVE-2015-8011.patch deleted file mode 100644 index b79c9f1cd0dab7ae6d9212ea5b7717b48a3d7a38..0000000000000000000000000000000000000000 --- a/CVE-2015-8011.patch +++ /dev/null @@ -1,55 +0,0 @@ -From bb5a9937fa8e04e71052fb50e23894448d19678f Mon Sep 17 00:00:00 2001 -From: Vincent Bernat -Date: Thu, 12 Nov 2020 19:54:52 -0500 -Subject: [PATCH] lldp: fix a buffer overflow when handling management address - TLV - -Upstream commit: - commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b - Author: Vincent Bernat - Date: Sun, 4 Oct 2015 01:50:38 +0200 - - lldp: fix a buffer overflow when handling management address TLV - - When a remote device was advertising a too large management address - while still respecting TLV boundaries, lldpd would crash due to a buffer - overflow. However, the buffer being a static one, this buffer overflow - is not exploitable if hardening was not disabled. This bug exists since - version 0.5.6. - -Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard") -Reported-by: Jonas Rudloff -Reported-at: https://github.com/openvswitch/ovs/pull/335 -Co-authored-by: Fabrizio D'Angelo -Signed-off-by: Fabrizio D'Angelo -Acked-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 7 ++++++- - 1 file changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index 593c5e1c34..628d0f863d 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -530,6 +530,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - case LLDP_TLV_MGMT_ADDR: - CHECK_TLV_SIZE(1, "Management address"); - addr_str_length = PEEK_UINT8; -+ if (addr_str_length > sizeof(addr_str_buffer)) { -+ VLOG_WARN("too large management address on %s", -+ hardware->h_ifname); -+ goto malformed; -+ } - CHECK_TLV_SIZE(1 + addr_str_length, "Management address"); - PEEK_BYTES(addr_str_buffer, addr_str_length); - addr_length = addr_str_length - 1; -@@ -554,7 +559,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - break; - - case LLDP_TLV_ORG: -- CHECK_TLV_SIZE(4, "Organisational"); -+ CHECK_TLV_SIZE(1 + sizeof orgid, "Organisational"); - PEEK_BYTES(orgid, sizeof orgid); - tlv_subtype = PEEK_UINT8; - if (memcmp(dot1, orgid, sizeof orgid) == 0) { diff --git a/CVE-2020-27827.patch b/CVE-2020-27827.patch deleted file mode 100644 index 1ac368517b068263805a216cdffbdfe90f433418..0000000000000000000000000000000000000000 --- a/CVE-2020-27827.patch +++ /dev/null @@ -1,45 +0,0 @@ -From 78e712c0b1dacc2f12d2a03d98f083d8672867f0 Mon Sep 17 00:00:00 2001 -From: Aaron Conole -Date: Wed, 13 Jan 2021 10:47:19 -0500 -Subject: [PATCH] lldp: do not leak memory on multiple instances of TLVs - -Upstream commit: - commit a8d3c90feca548fc0656d95b5d278713db86ff61 - Date: Tue, 17 Nov 2020 09:28:17 -0500 - - lldp: avoid memory leak from bad packets - - A packet that contains multiple instances of certain TLVs will cause - lldpd to continually allocate memory and leak the old memory. As an - example, multiple instances of system name TLV will cause old values - to be dropped by the decoding routine. - - Reported-at: https://github.com/openvswitch/ovs/pull/337 - Reported-by: Jonas Rudloff - Signed-off-by: Aaron Conole - -Vulnerability: CVE-2020-27827 -Signed-off-by: Aaron Conole -Signed-off-by: Ilya Maximets ---- - lib/lldp/lldp.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c -index e5755307fb..18afbab9a7 100644 ---- a/lib/lldp/lldp.c -+++ b/lib/lldp/lldp.c -@@ -513,10 +513,13 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s, - b = xzalloc(tlv_size + 1); - PEEK_BYTES(b, tlv_size); - if (tlv_type == LLDP_TLV_PORT_DESCR) { -+ free(port->p_descr); - port->p_descr = b; - } else if (tlv_type == LLDP_TLV_SYSTEM_NAME) { -+ free(chassis->c_name); - chassis->c_name = b; - } else { -+ free(chassis->c_descr); - chassis->c_descr = b; - } - break; diff --git a/CVE-2020-35498-pre.patch b/CVE-2020-35498-pre.patch deleted file mode 100644 index b33981a464caa69f8236d8198914cc47c5f752f2..0000000000000000000000000000000000000000 --- a/CVE-2020-35498-pre.patch +++ /dev/null @@ -1,53 +0,0 @@ -From b7d0c1a5842d59d7413cb9c079fe25b1ad2b6602 Mon Sep 17 00:00:00 2001 -From: wang_yue111 <648774160@qq.com> -Date: Fri, 26 Feb 2021 17:59:44 +0800 -Subject: [PATCH] conntrack: Fix 'reverse_nat_packet()' variable -datatype. - -The datatype 'pad' in the function 'reverse_nat_packet()' was incorrectly -declared as 'char' instead of 'uint8_t'. This can affect reverse natting -of icmpX packets with padding > 127 bytes. At the same time, add some -comments regarding 'extract_l3_ipvX' usage in this function. Found by -inspection. - -Fixes: edd1bef468c0 ("dpdk: Add more ICMP Related NAT support.") -Signed-off-by: Darrell Ball -Signed-off-by: Ben Pfaff ---- - lib/conntrack.c | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/lib/conntrack.c b/lib/conntrack.c -index e5266e5..59df332 100644 ---- a/lib/conntrack.c -+++ b/lib/conntrack.c -@@ -688,7 +688,7 @@ static void - reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn) - { - char *tail = dp_packet_tail(pkt); -- char pad = dp_packet_l2_pad_size(pkt); -+ uint8_t pad = dp_packet_l2_pad_size(pkt); - struct conn_key inner_key; - const char *inner_l4 = NULL; - uint16_t orig_l3_ofs = pkt->l3_ofs; -@@ -698,6 +698,8 @@ reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn) - struct ip_header *nh = dp_packet_l3(pkt); - struct icmp_header *icmp = dp_packet_l4(pkt); - struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1); -+ /* This call is already verified to succeed during the code path from -+ * 'conn_key_extract()' which calls 'extract_l4_icmp()'. */ - extract_l3_ipv4(&inner_key, inner_l3, tail - ((char *)inner_l3) - pad, - &inner_l4, false); - pkt->l3_ofs += (char *) inner_l3 - (char *) nh; -@@ -719,6 +721,8 @@ reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn) - struct icmp6_error_header *icmp6 = dp_packet_l4(pkt); - struct ovs_16aligned_ip6_hdr *inner_l3_6 = - (struct ovs_16aligned_ip6_hdr *) (icmp6 + 1); -+ /* This call is already verified to succeed during the code path from -+ * 'conn_key_extract()' which calls 'extract_l4_icmp6()'. */ - extract_l3_ipv6(&inner_key, inner_l3_6, - tail - ((char *)inner_l3_6) - pad, - &inner_l4); --- -2.23.0 - diff --git a/CVE-2020-35498.patch b/CVE-2020-35498.patch deleted file mode 100644 index 8ab2dd519e922d0e4b4743e62a290df603e2550e..0000000000000000000000000000000000000000 --- a/CVE-2020-35498.patch +++ /dev/null @@ -1,100 +0,0 @@ -From 45e941a17b605cc61e7c3ed8cffed5b3a5b608a6 Mon Sep 17 00:00:00 2001 -From: wang_yue111 <648774160@qq.com> -Date: Fri, 26 Feb 2021 18:20:58 +0800 -Subject: [PATCH] flow: Support extra padding length. - -Although not required, padding can be optionally added until -the packet length is MTU bytes. A packet with extra padding -currently fails sanity checks. - -Vulnerability: CVE-2020-35498 -Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.") -Reported-by: Joakim Hindersson -Acked-by: Ilya Maximets -Signed-off-by: Flavio Leitner -Signed-off-by: Ilya Maximets - ---- - lib/conntrack.c | 2 +- - lib/dp-packet.h | 10 +++++----- - lib/flow.c | 6 +++--- - 3 files changed, 9 insertions(+), 9 deletions(-) - -diff --git a/lib/conntrack.c b/lib/conntrack.c -index 47ebc8e..9a59ef6 100644 ---- a/lib/conntrack.c -+++ b/lib/conntrack.c -@@ -688,7 +688,7 @@ static void - reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn) - { - char *tail = dp_packet_tail(pkt); -- uint8_t pad = dp_packet_l2_pad_size(pkt); -+ uint16_t pad = dp_packet_l2_pad_size(pkt); - struct conn_key inner_key; - const char *inner_l4 = NULL; - uint16_t orig_l3_ofs = pkt->l3_ofs; -diff --git a/lib/dp-packet.h b/lib/dp-packet.h -index 14f0897..c607247 100644 ---- a/lib/dp-packet.h -+++ b/lib/dp-packet.h -@@ -76,7 +76,7 @@ struct dp_packet { - - /* All the following elements of this struct are copied in a single call - * of memcpy in dp_packet_clone_with_headroom. */ -- uint8_t l2_pad_size; /* Detected l2 padding size. -+ uint16_t l2_pad_size; /* Detected l2 padding size. - * Padding is non-pullable. */ - uint16_t l2_5_ofs; /* MPLS label stack offset, or UINT16_MAX */ - uint16_t l3_ofs; /* Network-level header offset, -@@ -113,8 +113,8 @@ void *dp_packet_resize_l2(struct dp_packet *, int increment); - void *dp_packet_resize_l2_5(struct dp_packet *, int increment); - static inline void *dp_packet_eth(const struct dp_packet *); - static inline void dp_packet_reset_offsets(struct dp_packet *); --static inline uint8_t dp_packet_l2_pad_size(const struct dp_packet *); --static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint8_t); -+static inline uint16_t dp_packet_l2_pad_size(const struct dp_packet *); -+static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint16_t); - static inline void *dp_packet_l2_5(const struct dp_packet *); - static inline void dp_packet_set_l2_5(struct dp_packet *, void *); - static inline void *dp_packet_l3(const struct dp_packet *); -@@ -320,14 +320,14 @@ dp_packet_reset_offsets(struct dp_packet *b) - b->l4_ofs = UINT16_MAX; - } - --static inline uint8_t -+static inline uint16_t - dp_packet_l2_pad_size(const struct dp_packet *b) - { - return b->l2_pad_size; - } - - static inline void --dp_packet_set_l2_pad_size(struct dp_packet *b, uint8_t pad_size) -+dp_packet_set_l2_pad_size(struct dp_packet *b, uint16_t pad_size) - { - ovs_assert(pad_size <= dp_packet_size(b)); - b->l2_pad_size = pad_size; -diff --git a/lib/flow.c b/lib/flow.c -index e54fd2e..354b441 100644 ---- a/lib/flow.c -+++ b/lib/flow.c -@@ -660,7 +660,7 @@ ipv4_sanity_check(const struct ip_header *nh, size_t size, - - tot_len = ntohs(nh->ip_tot_len); - if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len || -- size - tot_len > UINT8_MAX)) { -+ size - tot_len > UINT16_MAX)) { - return false; - } - -@@ -698,8 +698,8 @@ ipv6_sanity_check(const struct ovs_16aligned_ip6_hdr *nh, size_t size) - if (OVS_UNLIKELY(plen + IPV6_HEADER_LEN > size)) { - return false; - } -- /* Jumbo Payload option not supported yet. */ -- if (OVS_UNLIKELY(size - plen > UINT8_MAX)) { -+ -+ if (OVS_UNLIKELY(size - (plen + IPV6_HEADER_LEN) > UINT16_MAX)) { - return false; - } - diff --git a/CVE-2021-3905.patch b/CVE-2021-3905.patch deleted file mode 100644 index c3db7ae4cdfde7f38420311d87aa4e8d8dc53238..0000000000000000000000000000000000000000 --- a/CVE-2021-3905.patch +++ /dev/null @@ -1,63 +0,0 @@ -From a5e7296363137b4d77d1ae1ffb7bc2be5980bd9c Mon Sep 17 00:00:00 2001 -From: qz_cx -Date: Fri, 8 Jul 2022 13:59:53 +0800 -Subject: [PATCH] ipf: release unhandled packets from the batch Since 640d4db - ("ipf: Fix a use-after-free error, ...") the ipf framework unconditionally - allocates a new dp_packet to track individual fragments. This prevents a - use-after-free. However, an additional issue was present - even when the - packet buffer is cloned, if the ip fragment handling code keeps it, the - original buffer is leaked during the refill loop. Even in the original - processing code, the hardcoded dnsteal branches would always leak a packet - buffer from the refill loop. - -This can be confirmed with valgrind: - -==717566== 16,672 (4,480 direct, 12,192 indirect) bytes in 8 blocks are definitely lost in loss record 390 of 390 -==717566== at 0x484086F: malloc (vg_replace_malloc.c:380) -==717566== by 0x537BFD: xmalloc__ (util.c:137) -==717566== by 0x537BFD: xmalloc (util.c:172) -==717566== by 0x46DDD4: dp_packet_new (dp-packet.c:153) -==717566== by 0x46DDD4: dp_packet_new_with_headroom (dp-packet.c:163) -==717566== by 0x550AA6: netdev_linux_batch_rxq_recv_sock.constprop.0 (netdev-linux.c:1262) -==717566== by 0x5512AF: netdev_linux_rxq_recv (netdev-linux.c:1511) -==717566== by 0x4AB7E0: netdev_rxq_recv (netdev.c:727) -==717566== by 0x47F00D: dp_netdev_process_rxq_port (dpif-netdev.c:4699) -==717566== by 0x47FD13: dpif_netdev_run (dpif-netdev.c:5957) -==717566== by 0x4331D2: type_run (ofproto-dpif.c:370) -==717566== by 0x41DFD8: ofproto_type_run (ofproto.c:1768) -==717566== by 0x40A7FB: bridge_run__ (bridge.c:3245) -==717566== by 0x411269: bridge_run (bridge.c:3310) -==717566== by 0x406E6C: main (ovs-vswitchd.c:127) - -The fix is to delete the original packet when it isn't able to be -reinserted into the packet batch. Subsequent valgrind runs show that -the packets are not leaked from the batch any longer. - -Fixes: 640d4db ("ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.") -Fixes: 4ea9669 ("Userspace datapath: Add fragmentation handling.") -Reported-by: Wan Junjie -Reported-at: openvswitch/ovs-issues#226 -Signed-off-by: Aaron Conole -Reviewed-by: David Marchand -Tested-by: Wan Junjie -Signed-off-by: Alin-Gabriel Serdean ---- - lib/ipf.c | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/lib/ipf.c b/lib/ipf.c -index 4cc0f2d..e8858d2 100644 ---- a/lib/ipf.c -+++ b/lib/ipf.c -@@ -941,6 +941,8 @@ ipf_extract_frags_from_batch(struct ipf *ipf, struct dp_packet_batch *pb, - if (!ipf_handle_frag(ipf, pkt, dl_type, zone, now, hash_basis, - pb->do_not_steal)) { - dp_packet_batch_refill(pb, pkt, pb_idx); -+ } else { -+ dp_packet_delete(pkt); - } - ovs_mutex_unlock(&ipf->ipf_lock); - } else { --- -2.33.0 - diff --git a/backport-CVE-2021-36980.patch b/backport-CVE-2021-36980.patch deleted file mode 100644 index c75cbeb40870de2cd3f01a41e0c96fa82f645437..0000000000000000000000000000000000000000 --- a/backport-CVE-2021-36980.patch +++ /dev/null @@ -1,94 +0,0 @@ -From 9926637a80d0d243dbf9c49761046895e9d1a8e2 Mon Sep 17 00:00:00 2001 -From: Ilya Maximets -Date: Tue, 16 Feb 2021 23:27:30 +0100 -Subject: [PATCH] ofp-actions: Fix use-after-free while decoding RAW_ENCAP. - -While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate -ofpbuf if there is no enough space left. However, function -'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap' -structure leading to write-after-free and incorrect decoding. - - ==3549105==ERROR: AddressSanitizer: heap-use-after-free on address - 0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408 - WRITE of size 2 at 0x60600000011a thread T0 - #0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20 - #1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16 - #2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21 - #3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13 - #4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12 - #5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17 - #6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13 - #7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16 - #8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21 - #9 0x65a28c in ofp_print lib/ofp-print.c:1288:28 - #10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9 - #11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17 - #12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5 - #13 0x5391ae in main utilities/ovs-ofctl.c:179:9 - #14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081) - #15 0x461fed in _start (utilities/ovs-ofctl+0x461fed) - -Fix that by getting a new pointer before using. - -Credit to OSS-Fuzz. - -Fuzzer regression test will fail only with AddressSanitizer enabled. - -Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851 -Fixes: f839892a206a ("OF support and translation of generic encap and decap") -Acked-by: William Tu -Signed-off-by: Ilya Maximets ---- - lib/ofp-actions.c | 2 ++ - tests/automake.mk | 3 ++- - tests/fuzz-regression-list.at | 1 + - tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 | 0 - 4 files changed, 5 insertions(+), 1 deletion(-) - create mode 100644 tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 - -diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c -index ddef3b0c878..11b841732df 100644 ---- a/lib/ofp-actions.c -+++ b/lib/ofp-actions.c -@@ -4346,6 +4346,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae, - { - struct ofpact_encap *encap; - const struct ofp_ed_prop_header *ofp_prop; -+ const size_t encap_ofs = out->size; - size_t props_len; - uint16_t n_props = 0; - int err; -@@ -4373,6 +4374,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae, - } - n_props++; - } -+ encap = ofpbuf_at_assert(out, encap_ofs, sizeof *encap); - encap->n_props = n_props; - out->header = &encap->ofpact; - ofpact_finish_ENCAP(out, &encap); -diff --git a/tests/automake.mk b/tests/automake.mk -index 2d5f7d1a6ef..e199bcc4ad3 100644 ---- a/tests/automake.mk -+++ b/tests/automake.mk -@@ -139,7 +139,8 @@ FUZZ_REGRESSION_TESTS = \ - tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \ - tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \ - tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \ -- tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 -+ tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \ -+ tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 - $(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk - $(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \ - basename=`echo $$name | sed 's,^.*/,,'`; \ -diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at -index e3173fb88f0..2347c690eff 100644 ---- a/tests/fuzz-regression-list.at -+++ b/tests/fuzz-regression-list.at -@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312]) - TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448]) -+TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832]) -diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 -new file mode 100644 -index 00000000000..e69de29bb2d \ No newline at end of file diff --git a/openvswitch-2.12.0.tar.gz b/openvswitch-2.12.4.tar.gz similarity index 51% rename from openvswitch-2.12.0.tar.gz rename to openvswitch-2.12.4.tar.gz index 5159726406762f8b6a8908fb67f2f68aac3e902d..37e2bba9b12f4c4a1731c066f4a24e6eff0faad4 100644 Binary files a/openvswitch-2.12.0.tar.gz and b/openvswitch-2.12.4.tar.gz differ diff --git a/openvswitch.spec b/openvswitch.spec index 426a91acfa33ef2c1779036cfcc1d69ce095c436..5a0714e56c1ebcd1a80645cdec76566c69cb4614 100644 --- a/openvswitch.spec +++ b/openvswitch.spec @@ -4,21 +4,14 @@ Name: openvswitch Summary: Production Quality, Multilayer Open Virtual Switch URL: http://www.openvswitch.org/ -Version: 2.12.0 +Version: 2.12.4 License: ASL 2.0 and ISC -Release: 22 +Release: 1 Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz Buildroot: /tmp/openvswitch-rpm Patch0000: 0000-openvswitch-add-stack-protector-strong.patch -Patch0001: 0001-fix-dict-change-during-iteration.patch Patch0002: 0002-Remove-unsupported-permission-names.patch Patch0003: 0003-Fallback-to-read-proc-net-dev-on-linux.patch -Patch0004: CVE-2020-35498-pre.patch -Patch0005: CVE-2020-35498.patch -Patch0006: CVE-2020-27827.patch -Patch0007: CVE-2015-8011.patch -Patch0008: backport-CVE-2021-36980.patch -Patch0009: CVE-2021-3905.patch Patch9000: fix-selinux-err.patch @@ -291,6 +284,9 @@ exit 0 %doc README.rst NEWS rhel/README.RHEL.rst %changelog +* Wed Sep 28 2022 zhouwenpei - 2.12.4-1 +- upgrade to 2.12.4 + * Mon Jul 25 2022 zhouwenpei - 2.12.0-22 - revent "Add ovn-central ovn-central and ovn-host subpackage"