~xnox/ubuntu-z-systems/+git/ovs:branch-2.7

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

fa907a6... by wilsonpeng <email address hidden> on 2021-09-30

datapath-windows:adjust Offset when processing packet in POP_VLAN action

In one typical setup, on the Windows VM running OVS Windows Kernel, a Geneva
packet with 8021.q VLAN tag is received. Then it may do POP_VLAN action
processing in Actions.c, if the packet does not have Ieee8021QNetBufferListInfo
in the oob of the packet, it will be processed by function OvsPopVlanInPktBuf().
In the function it will go on remove VLAN header present in the nbl, but related
layers is never readjusted for the offset value at this moment. As a result, it
will cause function OvsValidateIPChecksum drop the packet.

Reported-at:https://github.com/openvswitch/ovs-issues/issues/225
Signed-off-by: wilsonpeng <email address hidden>
Signed-off-by: Alin-Gabriel Serdean <email address hidden>

22db486... by Darragh O'Reilly on 2021-02-25

ofproto-dpif-xlate: Fix leak in learn action.

This is a backport of commit 1bddcb5dc (ofproto-dpif-xlate: Fix
bug that may leak ofproto_flow_mod) from branch-2.8. That commit
won't cherry-pick cleanly onto branch-2.7 as the addition of the
learn limit in 2.8 changed xlate_learn_action() a lot.

Neutron ml2/ovs uses a learn action to learn from tunnels and the
leak can grow to tens of GB after several months.

Valgrind after 10K up calls:

575,680 bytes in 8,995 blocks are definitely lost in loss record 373 of 373
malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
xmalloc (util.c:112)
miniflow_alloc (flow.c:2500)
minimatch_init (match.c:1387)
rule_criteria_init (ofproto.c:4060)
modify_flow_init_strict (ofproto.c:5431)
ofproto_flow_mod_init (ofproto.c:7432)
ofproto_flow_mod_init_for_learn (ofproto.c:4988)
xlate_learn_action (ofproto-dpif-xlate.c:4417)
do_xlate_actions (ofproto-dpif-xlate.c:5359)
xlate_recursively (ofproto-dpif-xlate.c:3453)
xlate_table_action (ofproto-dpif-xlate.c:3520)
xlate_ofpact_resubmit (ofproto-dpif-xlate.c:3810)
do_xlate_actions (ofproto-dpif-xlate.c:5248)
xlate_recursively (ofproto-dpif-xlate.c:3453)
xlate_table_action (ofproto-dpif-xlate.c:3520)
xlate_ofpact_resubmit (ofproto-dpif-xlate.c:3810)
do_xlate_actions (ofproto-dpif-xlate.c:5248)
xlate_actions (ofproto-dpif-xlate.c:5962)
upcall_xlate (ofproto-dpif-upcall.c:1132)
process_upcall (ofproto-dpif-upcall.c:1269)
recv_upcalls.isra.20 (ofproto-dpif-upcall.c:824)
udpif_upcall_handler (ofproto-dpif-upcall.c:746)
ovsthread_wrapper (ovs-thread.c:348)
start_thread (pthread_create.c:333)
clone (clone.S:109

Signed-off-by: Darragh O'Reilly <email address hidden>
Acked-by: Greg Rose <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

758d726... by Ilya Maximets on 2021-02-10

Prepare for 2.7.14.

Acked-by: Flavio Leitner <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

db92fd7... by Ilya Maximets on 2021-02-10

Set release date for 2.7.13.

Acked-by: Flavio Leitner <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

ad0d22f... by Flavio Leitner <email address hidden> on 2020-10-26

flow: Support extra padding length.

Although not required, padding can be optionally added until
the packet length is MTU bytes. A packet with extra padding
currently fails sanity checks.

Vulnerability: CVE-2020-35498
Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.")
Reported-by: Joakim Hindersson <email address hidden>
Acked-by: Ilya Maximets <email address hidden>
Signed-off-by: Flavio Leitner <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

024bfe3... by David Marchand on 2020-12-19

github: Fix Ubuntu package installation.

Before trying to install a package, APT cache must be updated to avoid
asking for an unavailable version of a package.

Fixes: 6cb2f5a630e3 ("github: Add GitHub Actions workflow.")
Signed-off-by: David Marchand <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

757b190... by Ilya Maximets on 2021-01-13

Prepare for 2.7.13.

Acked-by: Aaron Conole <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

ef9c255... by Ilya Maximets on 2021-01-13

Set release date for 2.7.12.

Acked-by: Aaron Conole <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

cf36f86... by aconole on 2021-01-13

lldp: do not leak memory on multiple instances of TLVs

Upstream commit:
    commit a8d3c90feca548fc0656d95b5d278713db86ff61
    Date: Tue, 17 Nov 2020 09:28:17 -0500

    lldp: avoid memory leak from bad packets

    A packet that contains multiple instances of certain TLVs will cause
    lldpd to continually allocate memory and leak the old memory. As an
    example, multiple instances of system name TLV will cause old values
    to be dropped by the decoding routine.

    Reported-at: https://github.com/openvswitch/ovs/pull/337
    Reported-by: Jonas Rudloff <email address hidden>
    Signed-off-by: Aaron Conole <email address hidden>

Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <email address hidden>
Signed-off-by: Ilya Maximets <email address hidden>

df4dc70... by Ilya Maximets on 2020-12-17

ovsdb-tool: Fix datum leak in the show-log command.

Fixes: 4e92542cefb7 ("ovsdb-tool: Make "show-log" convert raw JSON to easier-to-read syntax.")
Signed-off-by: Ilya Maximets <email address hidden>
Acked-by: Dumitru Ceara <email address hidden>