[pve-devel] [PATCH ovs 2/2] remove old patches

Fabian Grünbichler f.gruenbichler at proxmox.com
Fri Aug 26 12:14:21 CEST 2016 

---
 pvepatches/CVE-2016-2074.patch           | 54 -----------------------------
 pvepatches/fix-init-depends.patch        | 59 --------------------------------
 pvepatches/fix-init-script-patch         | 24 -------------
 pvepatches/use-log-cons-for-syslog.patch | 20 -----------
 4 files changed, 157 deletions(-)
 delete mode 100644 pvepatches/CVE-2016-2074.patch
 delete mode 100644 pvepatches/fix-init-depends.patch
 delete mode 100644 pvepatches/fix-init-script-patch
 delete mode 100644 pvepatches/use-log-cons-for-syslog.patch

diff --git a/pvepatches/CVE-2016-2074.patch b/pvepatches/CVE-2016-2074.patch
deleted file mode 100644
index 5cf703b..0000000
--- a/pvepatches/CVE-2016-2074.patch
+++ /dev/null
@@ -1,54 +0,0 @@
-From: Ben Pfaff <blp at ovn.org>
-Date: Mon, 7 Mar 2016 15:30:39 -0800
-Subject: [PATCH branch-2.3] flow: Fix buffer overflow for crafted MPLS packets.
-
-A bug in MPLS parsing could cause a crafted MPLS packet to overflow the
-buffer reserved for MPLS labels in the OVS internal flow structure.  This
-fixes the problem.
-
-This commit also fixes a secondary problem where an MPLS packet with zero
-labels could cause an out-of-range shift that would overwrite memory.
-There is no obvious way to control the data used in the overwrite, so this
-is harder to exploit.
-
-Vulnerability: CVE-2016-2074
-Reported-by: Kashyap Thimmaraju <kashyap.thimmaraju at sec.t-labs.tu-berlin.de>
-Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
-Signed-off-by: Ben Pfaff <blp at ovn.org>
-Acked-by: Jesse Gross <jesse at kernel.org>
----
- lib/flow.c | 6 +++---
- 1 file changed, 3 insertions(+), 3 deletions(-)
-
-diff --git a/lib/flow.c b/lib/flow.c
-index 52a384e..61a66ec 100644
---- a/lib/flow.c
-+++ b/lib/flow.c
-@@ -1,5 +1,5 @@
- /*
-- * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014 Nicira, Inc.
-+ * Copyright (c) 2008, 2009, 2010, 2011, 2012, 2013, 2014, 2016 Nicira, Inc.
-  *
-  * Licensed under the Apache License, Version 2.0 (the "License");
-  * you may not use this file except in compliance with the License.
-@@ -159,7 +159,7 @@ struct mf_ctx {
- 
- /* Data at 'valuep' may be unaligned. */
- #define miniflow_push_words_(MF, OFS, VALUEP, N_WORDS)          \
--{                                                               \
-+if (N_WORDS) {                                                  \
-     int ofs32 = (OFS) / 4;                                      \
-                                                                         \
-     MINIFLOW_ASSERT(MF.data + (N_WORDS) <= MF.end && (OFS) % 4 == 0     \
-@@ -210,7 +210,7 @@ parse_mpls(void **datap, size_t *sizep)
-             break;
-         }
-     }
--    return MAX(count, FLOW_MAX_MPLS_LABELS);
-+    return MIN(count, FLOW_MAX_MPLS_LABELS);
- }
- 
- static inline ovs_be16
--- 
-2.1.3
-
diff --git a/pvepatches/fix-init-depends.patch b/pvepatches/fix-init-depends.patch
deleted file mode 100644
index d77b701..0000000
--- a/pvepatches/fix-init-depends.patch
+++ /dev/null
@@ -1,59 +0,0 @@
-Index: new/debian/openvswitch-switch.init
-===================================================================
---- new.orig/debian/openvswitch-switch.init	2014-09-18 08:09:17.000000000 +0200
-+++ new/debian/openvswitch-switch.init	2014-09-18 08:09:23.000000000 +0200
-@@ -16,10 +16,12 @@
- #
- ### BEGIN INIT INFO
- # Provides:          openvswitch-switch
--# Required-Start:    $network $named $remote_fs $syslog
--# Required-Stop:     $remote_fs
--# Default-Start:     2 3 4 5
--# Default-Stop:      0 1 6
-+# Required-Start:    $local_fs
-+# Required-Stop:     $local_fs
-+# X-Start-Before:    networking
-+# X-Stop-After:      networking
-+# Default-Start:     S
-+# Default-Stop:      0 6
- # Short-Description: Open vSwitch switch
- # Description:       openvswitch-switch provides the userspace components and utilities for
- #                    the Open vSwitch kernel-based switch.
-@@ -38,6 +40,13 @@
-     [ -n "${bridges}" ] && $1 --allow=ovs ${bridges}
- }
- 
-+sendsigs_omit() {
-+	OMITDIR=/run/sendsigs.omit.d
-+	mkdir -p $OMITDIR
-+	ln -sf /var/run/openvswitch/ovs-vswitchd.pid $OMITDIR/ovs-vswitchd.pid
-+	ln -sf /var/run/openvswitch/ovsdb-server.pid $OMITDIR/ovsdb-server.pid
-+}
-+
- load_kmod () {
-     ovs_ctl load-kmod || exit $?
- }
-@@ -61,6 +70,9 @@
- 	    exit 0
- 	fi
-     fi
-+
-+    sendsigs_omit
-+
-     set ovs_ctl ${1-start} --system-id=random
-     if test X"$FORCE_COREFILES" != X; then
- 	set "$@" --force-corefiles="$FORCE_COREFILES"
-Index: new/debian/rules
-===================================================================
---- a/debian/rules
-+++ b/debian/rules
-@@ -82,7 +82,8 @@ override_dh_install:
- 		debian/$(PACKAGE_DKMS)/usr/src/$(PACKAGE)-$(DEB_UPSTREAM_VERSION)/xenserver/LICENSE
- 
- override_dh_installinit:
--	dh_installinit -R
-+        dh_installinit -p "openvswitch-switch" -R -- start 20 S . stop 80 0 6 .
-+        dh_installinit --remaining-packages -R
- 
- override_dh_strip:
- 	dh_strip --dbg-package=openvswitch-dbg
diff --git a/pvepatches/fix-init-script-patch b/pvepatches/fix-init-script-patch
deleted file mode 100644
index 014896f..0000000
--- a/pvepatches/fix-init-script-patch
+++ /dev/null
@@ -1,24 +0,0 @@
-Index: new/debian/openvswitch-switch.init
-===================================================================
---- new.orig/debian/openvswitch-switch.init	2013-12-18 07:59:19.000000000 +0100
-+++ new/debian/openvswitch-switch.init	2013-12-18 09:16:04.138935573 +0100
-@@ -85,17 +85,14 @@
- 
-         if [ -e /sys/module/openvswitch ]; then
-             LOADED_SRCVERSION=`cat /sys/module/openvswitch/srcversion`
--            LOADED_VERSION=`cat /sys/module/openvswitch/version`
-         elif [ -e /sys/module/openvswitch_mod ]; then
-             LOADED_SRCVERSION=`cat /sys/module/openvswitch_mod/srcversion`
--            LOADED_VERSION=`cat /sys/module/openvswitch_mod/version`
-         fi
-         SRCVERSION=`modinfo -F srcversion openvswitch 2>/dev/null`
--        VERSION=`modinfo -F version openvswitch 2>/dev/null`
- 
-         ovs_ctl_log "Package upgrading:\n"\
--                    "Loaded version: ${LOADED_VERSION} ${LOADED_SRCVERSION}.\n"\
--                    "Version on disk: ${VERSION} ${SRCVERSION}."
-+                    "Loaded version: ${LOADED_SRCVERSION}.\n"\
-+                    "Version on disk: ${SRCVERSION}."
- 
-         # If the kernel module was previously loaded and it is different than
-         # the kernel module on disk, then do a 'force-reload-kmod'.
diff --git a/pvepatches/use-log-cons-for-syslog.patch b/pvepatches/use-log-cons-for-syslog.patch
deleted file mode 100644
index d92eb26..0000000
--- a/pvepatches/use-log-cons-for-syslog.patch
+++ /dev/null
@@ -1,20 +0,0 @@
-use LOG_CONS for syslog
-
-We start vswitch deamon early in runlevel S when syslog service is not
-available. So we log to console if syslog fails.
-
---
-
-Index: new/lib/vlog.c
-===================================================================
---- new.orig/lib/vlog.c	2014-08-14 22:28:37.000000000 +0200
-+++ new/lib/vlog.c	2014-09-18 08:12:27.000000000 +0200
-@@ -613,7 +613,7 @@
-          * a pointer to the private copy to suppress memory leak warnings in
-          * case openlog() does make its own copy.) */
-         program_name_copy = program_name ? xstrdup(program_name) : NULL;
--        openlog(program_name_copy, LOG_NDELAY, LOG_DAEMON);
-+        openlog(program_name_copy, LOG_NDELAY|LOG_CONS, LOG_DAEMON);
-         ovsthread_once_done(&once);
- 
-         /* Now do anything that we want to happen only once but doesn't have to
-- 
2.1.4

More information about the pve-devel mailing list