packages/openvswitch
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

upgrade to 2.12.4

Browse Source
This commit is contained in:
zhouwenpei 2022-09-28 10:57:23 +00:00
parent 9b51f0dfec
commit b9ae55cb6a
9 changed files with 5 additions and 432 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
0001-fix-dict-change-during-iteration.patch
View File

@ -1,13 +0,0 @@
diff --git a/ovsdb/ovsdb-idlc.in b/ovsdb/ovsdb-idlc.in
index 40fef39..22d0a4e 100755
--- a/ovsdb/ovsdb-idlc.in
+++ b/ovsdb/ovsdb-idlc.in
@@ -176,7 +176,7 @@ def replace_cplusplus_keyword(schema):
'wchar_t', 'while', 'xor', 'xor_eq'}
for tableName, table in schema.tables.items():
- for columnName in table.columns:
+ for columnName in list(table.columns):
if columnName in keywords:
table.columns[columnName + '_'] = table.columns.pop(columnName)

55
CVE-2015-8011.patch
View File

@ -1,55 +0,0 @@
From bb5a9937fa8e04e71052fb50e23894448d19678f Mon Sep 17 00:00:00 2001
From: Vincent Bernat <vincent@bernat.im>
Date: Thu, 12 Nov 2020 19:54:52 -0500
Subject: [PATCH] lldp: fix a buffer overflow when handling management address
TLV
Upstream commit:
commit a8d8006c06d9ac16ebcf33295cbd625c0847ca9b
Author: Vincent Bernat <vincent@bernat.im>
Date: Sun, 4 Oct 2015 01:50:38 +0200
lldp: fix a buffer overflow when handling management address TLV
When a remote device was advertising a too large management address
while still respecting TLV boundaries, lldpd would crash due to a buffer
overflow. However, the buffer being a static one, this buffer overflow
is not exploitable if hardening was not disabled. This bug exists since
version 0.5.6.
Fixes: be53a5c447c3 ("auto-attach: Initial support for Auto-Attach standard")
Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
Reported-at: https://github.com/openvswitch/ovs/pull/335
Co-authored-by: Fabrizio D'Angelo <fdangelo@redhat.com>
Signed-off-by: Fabrizio D'Angelo <fdangelo@redhat.com>
Acked-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/lldp/lldp.c | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
index 593c5e1c34..628d0f863d 100644
--- a/lib/lldp/lldp.c
+++ b/lib/lldp/lldp.c
@@ -530,6 +530,11 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
case LLDP_TLV_MGMT_ADDR:
CHECK_TLV_SIZE(1, "Management address");
addr_str_length = PEEK_UINT8;
+ if (addr_str_length > sizeof(addr_str_buffer)) {
+ VLOG_WARN("too large management address on %s",
+ hardware->h_ifname);
+ goto malformed;
+ }
CHECK_TLV_SIZE(1 + addr_str_length, "Management address");
PEEK_BYTES(addr_str_buffer, addr_str_length);
addr_length = addr_str_length - 1;
@@ -554,7 +559,7 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
break;
case LLDP_TLV_ORG:
- CHECK_TLV_SIZE(4, "Organisational");
+ CHECK_TLV_SIZE(1 + sizeof orgid, "Organisational");
PEEK_BYTES(orgid, sizeof orgid);
tlv_subtype = PEEK_UINT8;
if (memcmp(dot1, orgid, sizeof orgid) == 0) {

45
CVE-2020-27827.patch
View File

@ -1,45 +0,0 @@
From 78e712c0b1dacc2f12d2a03d98f083d8672867f0 Mon Sep 17 00:00:00 2001
From: Aaron Conole <aconole@redhat.com>
Date: Wed, 13 Jan 2021 10:47:19 -0500
Subject: [PATCH] lldp: do not leak memory on multiple instances of TLVs
Upstream commit:
commit a8d3c90feca548fc0656d95b5d278713db86ff61
Date: Tue, 17 Nov 2020 09:28:17 -0500
lldp: avoid memory leak from bad packets
A packet that contains multiple instances of certain TLVs will cause
lldpd to continually allocate memory and leak the old memory. As an
example, multiple instances of system name TLV will cause old values
to be dropped by the decoding routine.
Reported-at: https://github.com/openvswitch/ovs/pull/337
Reported-by: Jonas Rudloff <jonas.t.rudloff@gmail.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
Vulnerability: CVE-2020-27827
Signed-off-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/lldp/lldp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/lib/lldp/lldp.c b/lib/lldp/lldp.c
index e5755307fb..18afbab9a7 100644
--- a/lib/lldp/lldp.c
+++ b/lib/lldp/lldp.c
@@ -513,10 +513,13 @@ lldp_decode(struct lldpd *cfg OVS_UNUSED, char *frame, int s,
b = xzalloc(tlv_size + 1);
PEEK_BYTES(b, tlv_size);
if (tlv_type == LLDP_TLV_PORT_DESCR) {
+ free(port->p_descr);
port->p_descr = b;
} else if (tlv_type == LLDP_TLV_SYSTEM_NAME) {
+ free(chassis->c_name);
chassis->c_name = b;
} else {
+ free(chassis->c_descr);
chassis->c_descr = b;
}
break;

53
CVE-2020-35498-pre.patch
View File

@ -1,53 +0,0 @@
From b7d0c1a5842d59d7413cb9c079fe25b1ad2b6602 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Fri, 26 Feb 2021 17:59:44 +0800
Subject: [PATCH] conntrack: Fix 'reverse_nat_packet()' variable
datatype.
The datatype 'pad' in the function 'reverse_nat_packet()' was incorrectly
declared as 'char' instead of 'uint8_t'. This can affect reverse natting
of icmpX packets with padding > 127 bytes. At the same time, add some
comments regarding 'extract_l3_ipvX' usage in this function. Found by
inspection.
Fixes: edd1bef468c0 ("dpdk: Add more ICMP Related NAT support.")
Signed-off-by: Darrell Ball <dlu998@gmail.com>
Signed-off-by: Ben Pfaff <blp@ovn.org>
---
lib/conntrack.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index e5266e5..59df332 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -688,7 +688,7 @@ static void
reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
{
char *tail = dp_packet_tail(pkt);
- char pad = dp_packet_l2_pad_size(pkt);
+ uint8_t pad = dp_packet_l2_pad_size(pkt);
struct conn_key inner_key;
const char *inner_l4 = NULL;
uint16_t orig_l3_ofs = pkt->l3_ofs;
@@ -698,6 +698,8 @@ reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
struct ip_header *nh = dp_packet_l3(pkt);
struct icmp_header *icmp = dp_packet_l4(pkt);
struct ip_header *inner_l3 = (struct ip_header *) (icmp + 1);
+ /* This call is already verified to succeed during the code path from
+ * 'conn_key_extract()' which calls 'extract_l4_icmp()'. */
extract_l3_ipv4(&inner_key, inner_l3, tail - ((char *)inner_l3) - pad,
&inner_l4, false);
pkt->l3_ofs += (char *) inner_l3 - (char *) nh;
@@ -719,6 +721,8 @@ reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
struct icmp6_error_header *icmp6 = dp_packet_l4(pkt);
struct ovs_16aligned_ip6_hdr *inner_l3_6 =
(struct ovs_16aligned_ip6_hdr *) (icmp6 + 1);
+ /* This call is already verified to succeed during the code path from
+ * 'conn_key_extract()' which calls 'extract_l4_icmp6()'. */
extract_l3_ipv6(&inner_key, inner_l3_6,
tail - ((char *)inner_l3_6) - pad,
&inner_l4);
--
2.23.0

100
CVE-2020-35498.patch
View File

@ -1,100 +0,0 @@
From 45e941a17b605cc61e7c3ed8cffed5b3a5b608a6 Mon Sep 17 00:00:00 2001
From: wang_yue111 <648774160@qq.com>
Date: Fri, 26 Feb 2021 18:20:58 +0800
Subject: [PATCH] flow: Support extra padding length.
Although not required, padding can be optionally added until
the packet length is MTU bytes. A packet with extra padding
currently fails sanity checks.
Vulnerability: CVE-2020-35498
Fixes: fa8d9001a624 ("miniflow_extract: Properly handle small IP packets.")
Reported-by: Joakim Hindersson <joakim.hindersson@elastx.se>
Acked-by: Ilya Maximets <i.maximets@ovn.org>
Signed-off-by: Flavio Leitner <fbl@sysclose.org>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/conntrack.c | 2 +-
lib/dp-packet.h | 10 +++++-----
lib/flow.c | 6 +++---
3 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/lib/conntrack.c b/lib/conntrack.c
index 47ebc8e..9a59ef6 100644
--- a/lib/conntrack.c
+++ b/lib/conntrack.c
@@ -688,7 +688,7 @@ static void
reverse_nat_packet(struct dp_packet *pkt, const struct conn *conn)
{
char *tail = dp_packet_tail(pkt);
- uint8_t pad = dp_packet_l2_pad_size(pkt);
+ uint16_t pad = dp_packet_l2_pad_size(pkt);
struct conn_key inner_key;
const char *inner_l4 = NULL;
uint16_t orig_l3_ofs = pkt->l3_ofs;
diff --git a/lib/dp-packet.h b/lib/dp-packet.h
index 14f0897..c607247 100644
--- a/lib/dp-packet.h
+++ b/lib/dp-packet.h
@@ -76,7 +76,7 @@ struct dp_packet {
/* All the following elements of this struct are copied in a single call
* of memcpy in dp_packet_clone_with_headroom. */
- uint8_t l2_pad_size; /* Detected l2 padding size.
+ uint16_t l2_pad_size; /* Detected l2 padding size.
* Padding is non-pullable. */
uint16_t l2_5_ofs; /* MPLS label stack offset, or UINT16_MAX */
uint16_t l3_ofs; /* Network-level header offset,
@@ -113,8 +113,8 @@ void *dp_packet_resize_l2(struct dp_packet *, int increment);
void *dp_packet_resize_l2_5(struct dp_packet *, int increment);
static inline void *dp_packet_eth(const struct dp_packet *);
static inline void dp_packet_reset_offsets(struct dp_packet *);
-static inline uint8_t dp_packet_l2_pad_size(const struct dp_packet *);
-static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint8_t);
+static inline uint16_t dp_packet_l2_pad_size(const struct dp_packet *);
+static inline void dp_packet_set_l2_pad_size(struct dp_packet *, uint16_t);
static inline void *dp_packet_l2_5(const struct dp_packet *);
static inline void dp_packet_set_l2_5(struct dp_packet *, void *);
static inline void *dp_packet_l3(const struct dp_packet *);
@@ -320,14 +320,14 @@ dp_packet_reset_offsets(struct dp_packet *b)
b->l4_ofs = UINT16_MAX;
}
-static inline uint8_t
+static inline uint16_t
dp_packet_l2_pad_size(const struct dp_packet *b)
{
return b->l2_pad_size;
}
static inline void
-dp_packet_set_l2_pad_size(struct dp_packet *b, uint8_t pad_size)
+dp_packet_set_l2_pad_size(struct dp_packet *b, uint16_t pad_size)
{
ovs_assert(pad_size <= dp_packet_size(b));
b->l2_pad_size = pad_size;
diff --git a/lib/flow.c b/lib/flow.c
index e54fd2e..354b441 100644
--- a/lib/flow.c
+++ b/lib/flow.c
@@ -660,7 +660,7 @@ ipv4_sanity_check(const struct ip_header *nh, size_t size,
tot_len = ntohs(nh->ip_tot_len);
if (OVS_UNLIKELY(tot_len > size || ip_len > tot_len ||
- size - tot_len > UINT8_MAX)) {
+ size - tot_len > UINT16_MAX)) {
return false;
}
@@ -698,8 +698,8 @@ ipv6_sanity_check(const struct ovs_16aligned_ip6_hdr *nh, size_t size)
if (OVS_UNLIKELY(plen + IPV6_HEADER_LEN > size)) {
return false;
}
- /* Jumbo Payload option not supported yet. */
- if (OVS_UNLIKELY(size - plen > UINT8_MAX)) {
+
+ if (OVS_UNLIKELY(size - (plen + IPV6_HEADER_LEN) > UINT16_MAX)) {
return false;
}

63
CVE-2021-3905.patch
View File

@ -1,63 +0,0 @@
From a5e7296363137b4d77d1ae1ffb7bc2be5980bd9c Mon Sep 17 00:00:00 2001
From: qz_cx <wangqingzheng@kylinos.cn>
Date: Fri, 8 Jul 2022 13:59:53 +0800
Subject: [PATCH] ipf: release unhandled packets from the batch Since 640d4db
("ipf: Fix a use-after-free error, ...") the ipf framework unconditionally
allocates a new dp_packet to track individual fragments. This prevents a
use-after-free. However, an additional issue was present - even when the
packet buffer is cloned, if the ip fragment handling code keeps it, the
original buffer is leaked during the refill loop. Even in the original
processing code, the hardcoded dnsteal branches would always leak a packet
buffer from the refill loop.
This can be confirmed with valgrind:
==717566== 16,672 (4,480 direct, 12,192 indirect) bytes in 8 blocks are definitely lost in loss record 390 of 390
==717566== at 0x484086F: malloc (vg_replace_malloc.c:380)
==717566== by 0x537BFD: xmalloc__ (util.c:137)
==717566== by 0x537BFD: xmalloc (util.c:172)
==717566== by 0x46DDD4: dp_packet_new (dp-packet.c:153)
==717566== by 0x46DDD4: dp_packet_new_with_headroom (dp-packet.c:163)
==717566== by 0x550AA6: netdev_linux_batch_rxq_recv_sock.constprop.0 (netdev-linux.c:1262)
==717566== by 0x5512AF: netdev_linux_rxq_recv (netdev-linux.c:1511)
==717566== by 0x4AB7E0: netdev_rxq_recv (netdev.c:727)
==717566== by 0x47F00D: dp_netdev_process_rxq_port (dpif-netdev.c:4699)
==717566== by 0x47FD13: dpif_netdev_run (dpif-netdev.c:5957)
==717566== by 0x4331D2: type_run (ofproto-dpif.c:370)
==717566== by 0x41DFD8: ofproto_type_run (ofproto.c:1768)
==717566== by 0x40A7FB: bridge_run__ (bridge.c:3245)
==717566== by 0x411269: bridge_run (bridge.c:3310)
==717566== by 0x406E6C: main (ovs-vswitchd.c:127)
The fix is to delete the original packet when it isn't able to be
reinserted into the packet batch. Subsequent valgrind runs show that
the packets are not leaked from the batch any longer.
Fixes: 640d4db ("ipf: Fix a use-after-free error, and remove the 'do_not_steal' flag.")
Fixes: 4ea9669 ("Userspace datapath: Add fragmentation handling.")
Reported-by: Wan Junjie <wanjunjie@bytedance.com>
Reported-at: openvswitch/ovs-issues#226
Signed-off-by: Aaron Conole <aconole@redhat.com>
Reviewed-by: David Marchand <david.marchand@redhat.com>
Tested-by: Wan Junjie <wanjunjie@bytedance.com>
Signed-off-by: Alin-Gabriel Serdean <aserdean@ovn.org>
---
lib/ipf.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/lib/ipf.c b/lib/ipf.c
index 4cc0f2d..e8858d2 100644
--- a/lib/ipf.c
+++ b/lib/ipf.c
@@ -941,6 +941,8 @@ ipf_extract_frags_from_batch(struct ipf *ipf, struct dp_packet_batch *pb,
if (!ipf_handle_frag(ipf, pkt, dl_type, zone, now, hash_basis,
pb->do_not_steal)) {
dp_packet_batch_refill(pb, pkt, pb_idx);
+ } else {
+ dp_packet_delete(pkt);
}
ovs_mutex_unlock(&ipf->ipf_lock);
} else {
--
2.33.0

94
backport-CVE-2021-36980.patch
View File

@ -1,94 +0,0 @@
From 9926637a80d0d243dbf9c49761046895e9d1a8e2 Mon Sep 17 00:00:00 2001
From: Ilya Maximets <i.maximets@ovn.org>
Date: Tue, 16 Feb 2021 23:27:30 +0100
Subject: [PATCH] ofp-actions: Fix use-after-free while decoding RAW_ENCAP.
While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate
ofpbuf if there is no enough space left. However, function
'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap'
structure leading to write-after-free and incorrect decoding.
==3549105==ERROR: AddressSanitizer: heap-use-after-free on address
0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408
WRITE of size 2 at 0x60600000011a thread T0
#0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20
#1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16
#2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21
#3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13
#4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12
#5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17
#6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13
#7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16
#8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21
#9 0x65a28c in ofp_print lib/ofp-print.c:1288:28
#10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9
#11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17
#12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5
#13 0x5391ae in main utilities/ovs-ofctl.c:179:9
#14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081)
#15 0x461fed in _start (utilities/ovs-ofctl+0x461fed)
Fix that by getting a new pointer before using.
Credit to OSS-Fuzz.
Fuzzer regression test will fail only with AddressSanitizer enabled.
Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
Fixes: f839892a206a ("OF support and translation of generic encap and decap")
Acked-by: William Tu <u9012063@gmail.com>
Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
lib/ofp-actions.c | 2 ++
tests/automake.mk | 3 ++-
tests/fuzz-regression-list.at | 1 +
tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 | 0
4 files changed, 5 insertions(+), 1 deletion(-)
create mode 100644 tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
index ddef3b0c878..11b841732df 100644
--- a/lib/ofp-actions.c
+++ b/lib/ofp-actions.c
@@ -4346,6 +4346,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
{
struct ofpact_encap *encap;
const struct ofp_ed_prop_header *ofp_prop;
+ const size_t encap_ofs = out->size;
size_t props_len;
uint16_t n_props = 0;
int err;
@@ -4373,6 +4374,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
}
n_props++;
}
+ encap = ofpbuf_at_assert(out, encap_ofs, sizeof *encap);
encap->n_props = n_props;
out->header = &encap->ofpact;
ofpact_finish_ENCAP(out, &encap);
diff --git a/tests/automake.mk b/tests/automake.mk
index 2d5f7d1a6ef..e199bcc4ad3 100644
--- a/tests/automake.mk
+++ b/tests/automake.mk
@@ -139,7 +139,8 @@ FUZZ_REGRESSION_TESTS = \
tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \
tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \
tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \
- tests/fuzz-regression/ofp_print_fuzzer-6502620041576448
+ tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \
+ tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
$(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk
$(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \
basename=`echo $$name | sed 's,^.*/,,'`; \
diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at
index e3173fb88f0..2347c690eff 100644
--- a/tests/fuzz-regression-list.at
+++ b/tests/fuzz-regression-list.at
@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312])
TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448])
+TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832])
diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
new file mode 100644
index 00000000000..e69de29bb2d

BIN
openvswitch-2.12.0.tar.gz → openvswitch-2.12.4.tar.gz
View File

Binary file not shown.

14
openvswitch.spec
View File

@ -4,21 +4,14 @@
Name: openvswitch Name: openvswitch
Summary: Production Quality, Multilayer Open Virtual Switch Summary: Production Quality, Multilayer Open Virtual Switch
URL: http://www.openvswitch.org/ URL: http://www.openvswitch.org/
Version: 2.12.0 Version: 2.12.4
License: ASL 2.0 and ISC License: ASL 2.0 and ISC
Release: 22 Release: 1
Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz Source: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
Buildroot: /tmp/openvswitch-rpm Buildroot: /tmp/openvswitch-rpm
Patch0000: 0000-openvswitch-add-stack-protector-strong.patch Patch0000: 0000-openvswitch-add-stack-protector-strong.patch
Patch0001: 0001-fix-dict-change-during-iteration.patch
Patch0002: 0002-Remove-unsupported-permission-names.patch Patch0002: 0002-Remove-unsupported-permission-names.patch
Patch0003: 0003-Fallback-to-read-proc-net-dev-on-linux.patch Patch0003: 0003-Fallback-to-read-proc-net-dev-on-linux.patch
Patch0004: CVE-2020-35498-pre.patch
Patch0005: CVE-2020-35498.patch
Patch0006: CVE-2020-27827.patch
Patch0007: CVE-2015-8011.patch
Patch0008: backport-CVE-2021-36980.patch
Patch0009: CVE-2021-3905.patch
Patch9000: fix-selinux-err.patch Patch9000: fix-selinux-err.patch
@ -291,6 +284,9 @@ exit 0
%doc README.rst NEWS rhel/README.RHEL.rst %doc README.rst NEWS rhel/README.RHEL.rst
%changelog %changelog
* Wed Sep 28 2022 zhouwenpei <zhouwenpei1@h-pattners.com> - 2.12.4-1
- upgrade to 2.12.4
* Mon Jul 25 2022 zhouwenpei <zhouwenpei1@h-pattners.com> - 2.12.0-22 * Mon Jul 25 2022 zhouwenpei <zhouwenpei1@h-pattners.com> - 2.12.0-22
- revent "Add ovn-central ovn-central and ovn-host subpackage" - revent "Add ovn-central ovn-central and ovn-host subpackage"