[meta-virtualization][hardknott][PATCH] ovs: update to 2.15.3

Mon, 24 Jan 2022 18:55:50 -0800 

Drop the following backported patch.
0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch

Signed-off-by: He Zhe <[email protected]>
---
 ...use-after-free-while-decoding-RAW_EN.patch | 101 ------------------
 .../openvswitch/openvswitch_git.bb            |   7 +-
 2 files changed, 3 insertions(+), 105 deletions(-)
 delete mode 100644 
recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch

diff --git 
a/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch
 
b/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch
deleted file mode 100644
index c88c097d..00000000
--- 
a/recipes-networking/openvswitch/files/0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch
+++ /dev/null
@@ -1,101 +0,0 @@
-From 802a31a7070cea910b95d7e926c9da30a1f9e54f Mon Sep 17 00:00:00 2001
-From: Ilya Maximets <[email protected]>
-Date: Tue, 16 Feb 2021 23:27:30 +0100
-Subject: [PATCH] ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
-
-While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate
-ofpbuf if there is no enough space left.  However, function
-'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap'
-structure leading to write-after-free and incorrect decoding.
-
-  ==3549105==ERROR: AddressSanitizer: heap-use-after-free on address
-  0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408
-  WRITE of size 2 at 0x60600000011a thread T0
-    #0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20
-    #1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16
-    #2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21
-    #3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13
-    #4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12
-    #5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17
-    #6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13
-    #7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16
-    #8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21
-    #9 0x65a28c in ofp_print lib/ofp-print.c:1288:28
-    #10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9
-    #11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17
-    #12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5
-    #13 0x5391ae in main utilities/ovs-ofctl.c:179:9
-    #14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081)
-    #15 0x461fed in _start (utilities/ovs-ofctl+0x461fed)
-
-Fix that by getting a new pointer before using.
-
-Credit to OSS-Fuzz.
-
-Fuzzer regression test will fail only with AddressSanitizer enabled.
-
-Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
-Fixes: f839892a206a ("OF support and translation of generic encap and decap")
-Acked-by: William Tu <[email protected]>
-Signed-off-by: Ilya Maximets <[email protected]>
-
-Upstream-Status: Backport
-CVE: CVE-2021-36980
-Signed-off-by: Yanfei Xu <[email protected]>
----
- lib/ofp-actions.c                                       | 2 ++
- tests/automake.mk                                       | 3 ++-
- tests/fuzz-regression-list.at                           | 1 +
- tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 | 0
- 4 files changed, 5 insertions(+), 1 deletion(-)
- create mode 100644 tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
-
-diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
-index e2e829772..0342a228b 100644
---- a/lib/ofp-actions.c
-+++ b/lib/ofp-actions.c
-@@ -4431,6 +4431,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
- {
-     struct ofpact_encap *encap;
-     const struct ofp_ed_prop_header *ofp_prop;
-+    const size_t encap_ofs = out->size;
-     size_t props_len;
-     uint16_t n_props = 0;
-     int err;
-@@ -4458,6 +4459,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
-         }
-         n_props++;
-     }
-+    encap = ofpbuf_at_assert(out, encap_ofs, sizeof *encap);
-     encap->n_props = n_props;
-     out->header = &encap->ofpact;
-     ofpact_finish_ENCAP(out, &encap);
-diff --git a/tests/automake.mk b/tests/automake.mk
-index 677b99a6b..fc80e027d 100644
---- a/tests/automake.mk
-+++ b/tests/automake.mk
-@@ -134,7 +134,8 @@ FUZZ_REGRESSION_TESTS = \
-       tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \
-       tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \
-       tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \
--      tests/fuzz-regression/ofp_print_fuzzer-6502620041576448
-+      tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \
-+      tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
- $(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk
-       $(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \
-             basename=`echo $$name | sed 's,^.*/,,'`; \
-diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at
-index e3173fb88..2347c690e 100644
---- a/tests/fuzz-regression-list.at
-+++ b/tests/fuzz-regression-list.at
-@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296])
- TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128])
- TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312])
- TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448])
-+TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832])
-diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 
b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
-new file mode 100644
-index 000000000..e69de29bb
--- 
-2.27.0
-
diff --git a/recipes-networking/openvswitch/openvswitch_git.bb 
b/recipes-networking/openvswitch/openvswitch_git.bb
index d7f8e4b0..a66c9677 100644
--- a/recipes-networking/openvswitch/openvswitch_git.bb
+++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -14,12 +14,12 @@ RDEPENDS_${PN}-ptest += "\
        "
 
 S = "${WORKDIR}/git"
-PV = "2.15+${SRCPV}"
-CVE_VERSION = "2.13.0"
+PV = "2.15.3+${SRCPV}"
+CVE_VERSION = "2.15.3"
 
 FILESEXTRAPATHS_append := "${THISDIR}/${PN}-git:"
 
-SRCREV = "8dc1733eaea866dce033b3c44853e1b09bf59fc7"
+SRCREV = "e4d2df62e65a615e19f62e2fd294709be8d75cdc"
 SRC_URI += 
"git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15 \
             
file://openvswitch-add-ptest-71d553b995d0bd527d3ab1e9fbaf5a2ae34de2f3.patch \
             file://run-ptest \
@@ -28,7 +28,6 @@ SRC_URI += 
"git://github.com/openvswitch/ovs.git;protocol=git;branch=branch-2.15
             file://systemd-update-tool-paths.patch \
             file://systemd-create-runtime-dirs.patch \
             
file://0001-ovs-use-run-instead-of-var-run-for-in-systemd-units.patch \
-            
file://0001-ofp-actions-Fix-use-after-free-while-decoding-RAW_EN.patch \
            "
 
 LIC_FILES_CHKSUM = "file://LICENSE;md5=1ce5d23a6429dff345518758f13aaeab"
-- 
2.17.1


-=-=-=-=-=-=-=-=-=-=-=-
Links: You receive all messages sent to this group.
View/Reply Online (#7033): 
https://lists.yoctoproject.org/g/meta-virtualization/message/7033
Mute This Topic: https://lists.yoctoproject.org/mt/88664197/21656
Group Owner: [email protected]
Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub 
[[email protected]]
-=-=-=-=-=-=-=-=-=-=-=-

Reply via email to