summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar Timo Gurr <tgurr@exherbo.org> 2017-07-24 19:53:56 +0200
committerAvatar Timo Gurr <tgurr@exherbo.org> 2017-08-21 12:27:53 +0200
commitab8ab351f375b04a7b787e3850f7975d48a20030 (patch)
treef9506b4de4693ba3e6579307f0cf131ae82c8731
parentcc013a24b9d23db404fca3f643e3c7cfcfb35b5f (diff)
downloadvirtualization-ab8ab351f375b04a7b787e3850f7975d48a20030.tar.gz
virtualization-ab8ab351f375b04a7b787e3850f7975d48a20030.tar.xz
openvswitch: version bump to 2.7.2, fixing multiple CVEs
Change-Id: Ifad95d7063467973e003f462787ae100e6f4e23f Reviewed-on: https://galileo.mailstation.de/gerrit/9622 Reviewed-by: Timo Gurr <tgurr@exherbo.org>
-rw-r--r--metadata/repository_mask.conf6
-rw-r--r--packages/net/openvswitch/files/01f92b743eb334d09bdeb511bf7d35e88a5e70f8.patch47
-rw-r--r--packages/net/openvswitch/files/fafbfa6ea46911aeb0083f166fed215ca71e22b6.patch30
-rw-r--r--packages/net/openvswitch/openvswitch-2.7.2.exheres-0 (renamed from packages/net/openvswitch/openvswitch-2.7.0.exheres-0)5
-rw-r--r--packages/net/openvswitch/openvswitch.exlib2
5 files changed, 5 insertions, 85 deletions
diff --git a/metadata/repository_mask.conf b/metadata/repository_mask.conf
index 9b5d38c..4953245 100644
--- a/metadata/repository_mask.conf
+++ b/metadata/repository_mask.conf
@@ -34,9 +34,9 @@ app-virtualization/qemu[<2.3.0-r1] [[
description = [ CVE-2015-3456 ]
]]
-net/openvswitch[<2.7.0] [[
+net/openvswitch[<2.7.2] [[
author = [ Timo Gurr <tgurr@exherbo.org> ]
- date = [ 31 May 2017 ]
+ date = [ 24 Jun 2017 ]
token = security
- description = [ CVE-2017-9214 ]
+ description = [ CVE-2016-10377, CVE-2017-9263, CVE-2017-9264, CVE-2017-9265 ]
]]
diff --git a/packages/net/openvswitch/files/01f92b743eb334d09bdeb511bf7d35e88a5e70f8.patch b/packages/net/openvswitch/files/01f92b743eb334d09bdeb511bf7d35e88a5e70f8.patch
deleted file mode 100644
index 8d207d6..0000000
--- a/packages/net/openvswitch/files/01f92b743eb334d09bdeb511bf7d35e88a5e70f8.patch
+++ /dev/null
@@ -1,47 +0,0 @@
-From 01f92b743eb334d09bdeb511bf7d35e88a5e70f8 Mon Sep 17 00:00:00 2001
-From: William Tu <u9012063@gmail.com>
-Date: Sat, 29 Apr 2017 06:08:43 -0700
-Subject: [PATCH] doc: Fix sphinx reference warning for windows.
-
-Footnote reference 5, 8, and 9 are not referenced in the windws.rst content,
-causing the following error:
-Warning, treated as error:
-/root/ovs/Documentation/topics/windows.rst:506:Footnote [5] is not referenced.
-
-Signed-off-by: William Tu <u9012063@gmail.com>
-Signed-off-by: Ben Pfaff <blp@ovn.org>
----
- Documentation/topics/windows.rst | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/Documentation/topics/windows.rst b/Documentation/topics/windows.rst
-index 6d7158ebfd..3a103b4e89 100644
---- a/Documentation/topics/windows.rst
-+++ b/Documentation/topics/windows.rst
-@@ -68,7 +68,7 @@ port. The workflow for the calls is similar in nature to the packets, where
- higher level layers call into the lower level layers. A good representational
- diagram of this architecture is in [4]_.
-
--Windows Filtering Platform (WFP)[5]_ is a platform implemented on Hyper-V that
-+Windows Filtering Platform (WFP) [5]_ is a platform implemented on Hyper-V that
- provides APIs and services for filtering packets. WFP has been utilized to
- filter on some of the packets that OVS is not equipped to handle directly. More
- details in later sections.
-@@ -253,7 +253,7 @@ Netlink Message Parser
- ~~~~~~~~~~~~~~~~~~~~~~
-
- The communication between OVS userspace and OVS kernel datapath is in the form
--of Netlink messages [1]_. More details about this are provided below. In the
-+of Netlink messages [1]_, [8]_. More details about this are provided below. In the
- kernel, a full fledged netlink message parser has been implemented along the
- lines of the netlink message parser in OVS userspace. In fact, a lot of the
- code is ported code.
-@@ -407,7 +407,7 @@ As has been mentioned in earlier sections, the netlink socket and netlink
- message based DPIF provider on Linux has been ported to Windows.
-
- Most of the code is common. Some divergence is in the code to receive packets.
--The Linux implementation uses epoll() which is not natively supported on
-+The Linux implementation uses epoll() [9]_ which is not natively supported on
- Windows.
-
- netdev-windows
diff --git a/packages/net/openvswitch/files/fafbfa6ea46911aeb0083f166fed215ca71e22b6.patch b/packages/net/openvswitch/files/fafbfa6ea46911aeb0083f166fed215ca71e22b6.patch
deleted file mode 100644
index 662ac91..0000000
--- a/packages/net/openvswitch/files/fafbfa6ea46911aeb0083f166fed215ca71e22b6.patch
+++ /dev/null
@@ -1,30 +0,0 @@
-From fafbfa6ea46911aeb0083f166fed215ca71e22b6 Mon Sep 17 00:00:00 2001
-From: Ben Pfaff <blp@ovn.org>
-Date: Sat, 20 May 2017 16:38:24 -0700
-Subject: [PATCH] ofp-util: Fix buffer overread in
- ofputil_pull_queue_get_config_reply10().
-
-msg->size isn't the relevant measurement here because we're only supposed
-to read 'len' bytes. Reading more than that causes 'len' to underflow to a
-large number at the end of the loop.
-
-Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
-Signed-off-by: Ben Pfaff <blp@ovn.org>
-Acked-by: Greg Rose <gvrose8192@gmail.com>
----
- lib/ofp-util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/ofp-util.c b/lib/ofp-util.c
-index bdf89b6c30..f05ca398c1 100644
---- a/lib/ofp-util.c
-+++ b/lib/ofp-util.c
-@@ -2610,7 +2610,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg,
-
- hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr);
- prop_len = ntohs(hdr->len);
-- if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) {
-+ if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) {
- return OFPERR_OFPBRC_BAD_LEN;
- }
-
diff --git a/packages/net/openvswitch/openvswitch-2.7.0.exheres-0 b/packages/net/openvswitch/openvswitch-2.7.2.exheres-0
index bc6a3cc..f79d4af 100644
--- a/packages/net/openvswitch/openvswitch-2.7.0.exheres-0
+++ b/packages/net/openvswitch/openvswitch-2.7.2.exheres-0
@@ -5,8 +5,3 @@ require openvswitch
PLATFORMS="~amd64 ~x86"
-DEFAULT_SRC_PREPARE_PATCHES=(
- "${FILES}"/01f92b743eb334d09bdeb511bf7d35e88a5e70f8.patch
- "${FILES}"/fafbfa6ea46911aeb0083f166fed215ca71e22b6.patch
-)
-
diff --git a/packages/net/openvswitch/openvswitch.exlib b/packages/net/openvswitch/openvswitch.exlib
index 5868cfb..02f8810 100644
--- a/packages/net/openvswitch/openvswitch.exlib
+++ b/packages/net/openvswitch/openvswitch.exlib
@@ -37,6 +37,7 @@ DEPENDENCIES="
build:
doc? ( dev-python/Sphinx[python_abis:*(-)?] )
build+run:
+ dev-python/six[python_abis:*(-)?]
sys-libs/libcap-ng
providers:libressl? ( dev-libs/libressl:= )
providers:openssl? ( dev-libs/openssl )
@@ -46,6 +47,7 @@ DEPENDENCIES="
dkms? ( sys-kernel/dkms )
ipsec? ( net-misc/ipsec-tools )
python? (
+ dev-python/pyopenssl[python_abis:*(-)?]
dev-python/zopeinterface[python_abis:*(-)?]
net-twisted/TwistedConch[python_abis:*(-)?]
)