Bug#1003058: marked as done (bullseye-pu: package openvswitch/2.15.0+ds1-2)

Debian Bug Tracking System Sat, 26 Mar 2022 05:05:45 -0700

Your message dated Sat, 26 Mar 2022 11:59:13 +0000
with message-id 
<c4d20274f6d76a43fb574d2177f6e3af4235e4be.ca...@adam-barratt.org.uk>
and subject line Closing p-u requests for updates in 11.3
has caused the Debian Bug report #1003058,
regarding bullseye-pu: package openvswitch/2.15.0+ds1-2
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
1003058: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003058
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: release.debian.org
Severity: normal
Tags: bullseye
User: release.debian....@packages.debian.org
Usertags: pu

Dear release team,

I'd like to update openvswitch.

[ Reason ]
Indeed, the updated version I would like to push contains a fix for
CVE-2021-36980 (Debian bug #991308), and a fix for having libofproto
properly installed if activating dpdk (which fixes #992406 and
#989585). This update-alternatives fix has been in Unstable for a long
time already.

[ Impact ]
- CVE-2021-36980.
- Non-working DPDK setup when using LLDP.

[ Tests ]
The OVS package has a test suite that's run at build time.
We also set it in real production and it worked for us.

[ Risks ]
IMO, code is rather trivial.

[ Checklist ]
  [x] *all* changes are documented in the d/changelog
  [x] I reviewed all changes and I approve them
  [x] attach debdiff against the package in (old)stable
  [x] the issue is verified as fixed in unstable

Cheers,

Thomas Goirand (zigo)

diff -Nru openvswitch-2.15.0+ds1/debian/changelog 
openvswitch-2.15.0+ds1/debian/changelog
--- openvswitch-2.15.0+ds1/debian/changelog     2021-02-20 21:58:03.000000000 
+0100
+++ openvswitch-2.15.0+ds1/debian/changelog     2022-01-03 13:53:38.000000000 
+0100
@@ -1,3 +1,14 @@
+openvswitch (2.15.0+ds1-2+deb11u1) bullseye; urgency=medium
+
+  * CVE-2021-36980: use-after-free in decode_NXAST_RAW_ENCAPAdd. Add upstream
+    patch (Closes: #991308).
+
+  [ Felix Moessbauer ]
+  * fix ABI incompatibility that crashes OVS when enabling LLDP
+    (Closes: #992406).
+
+ -- Thomas Goirand <z...@debian.org>  Mon, 03 Jan 2022 13:53:38 +0100
+
 openvswitch (2.15.0+ds1-2) unstable; urgency=medium
 
   * Mipsel64 and mipsel: blacklist more tests, as they are failing on these
diff -Nru openvswitch-2.15.0+ds1/debian/openvswitch-common.postinst.in 
openvswitch-2.15.0+ds1/debian/openvswitch-common.postinst.in
--- openvswitch-2.15.0+ds1/debian/openvswitch-common.postinst.in        
2021-02-20 21:58:03.000000000 +0100
+++ openvswitch-2.15.0+ds1/debian/openvswitch-common.postinst.in        
2022-01-03 13:53:38.000000000 +0100
@@ -4,7 +4,8 @@
 
 if [ "${1}" = "configure" ] ; then
        update-alternatives --install /usr/sbin/ovs-vswitchd ovs-vswitchd 
/usr/lib/openvswitch-common/ovs-vswitchd 100 \
-        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libopenvswitch-2.15.so.0.0.0 
libopenvswitch.so /usr/lib/openvswitch-common/libopenvswitch-2.15.so.0.0.0
+        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libopenvswitch-2.15.so.0.0.0 
libopenvswitch.so /usr/lib/openvswitch-common/libopenvswitch-2.15.so.0.0.0 \
+        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libofproto-2.15.so.0.0.0 
libofproto.so /usr/lib/openvswitch-common/libofproto-2.15.so.0.0.0
 fi
 
 #DEBHELPER#
diff -Nru openvswitch-2.15.0+ds1/debian/openvswitch-switch-dpdk.postinst.in 
openvswitch-2.15.0+ds1/debian/openvswitch-switch-dpdk.postinst.in
--- openvswitch-2.15.0+ds1/debian/openvswitch-switch-dpdk.postinst.in   
2021-02-20 21:58:03.000000000 +0100
+++ openvswitch-2.15.0+ds1/debian/openvswitch-switch-dpdk.postinst.in   
2022-01-03 13:53:38.000000000 +0100
@@ -4,7 +4,8 @@
 
 if [ "${1}" = "configure" ] ; then
        update-alternatives --install /usr/sbin/ovs-vswitchd ovs-vswitchd 
/usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk 200 \
-        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libopenvswitch-2.15.so.0.0.0 
libopenvswitch.so /usr/lib/openvswitch-switch-dpdk/libopenvswitch-2.15.so.0.0.0
+        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libopenvswitch-2.15.so.0.0.0 
libopenvswitch.so /usr/lib/openvswitch-switch-dpdk/libopenvswitch-2.15.so.0.0.0 
\
+        --slave /usr/lib/%%MULTIARCH_TRIPLETT%%/libofproto-2.15.so.0.0.0 
libofproto.so /usr/lib/openvswitch-switch-dpdk/libofproto-2.15.so.0.0.0
 fi
 
 #DEBHELPER#
diff -Nru 
openvswitch-2.15.0+ds1/debian/patches/CVE-2021-36980_Fix_use-after-free_while_decoding_RAW_ENCAP.patch
 
openvswitch-2.15.0+ds1/debian/patches/CVE-2021-36980_Fix_use-after-free_while_decoding_RAW_ENCAP.patch
--- 
openvswitch-2.15.0+ds1/debian/patches/CVE-2021-36980_Fix_use-after-free_while_decoding_RAW_ENCAP.patch
      1970-01-01 01:00:00.000000000 +0100
+++ 
openvswitch-2.15.0+ds1/debian/patches/CVE-2021-36980_Fix_use-after-free_while_decoding_RAW_ENCAP.patch
      2022-01-03 13:53:38.000000000 +0100
@@ -0,0 +1,87 @@
+Description: CVE-2021-36980: ofp-actions: Fix use-after-free while decoding 
RAW_ENCAP.
+ While decoding RAW_ENCAP action, decode_ed_prop() might re-allocate
+ ofpbuf if there is no enough space left.  However, function
+ 'decode_NXAST_RAW_ENCAP' continues to use old pointer to 'encap'
+ structure leading to write-after-free and incorrect decoding.
+ .
+   ==3549105==ERROR: AddressSanitizer: heap-use-after-free on address
+   0x60600000011a at pc 0x0000005f6cc6 bp 0x7ffc3a2d4410 sp 0x7ffc3a2d4408
+   WRITE of size 2 at 0x60600000011a thread T0
+     #0 0x5f6cc5 in decode_NXAST_RAW_ENCAP lib/ofp-actions.c:4461:20
+     #1 0x5f0551 in ofpact_decode ./lib/ofp-actions.inc2:4777:16
+     #2 0x5ed17c in ofpacts_decode lib/ofp-actions.c:7752:21
+     #3 0x5eba9a in ofpacts_pull_openflow_actions__ lib/ofp-actions.c:7791:13
+     #4 0x5eb9fc in ofpacts_pull_openflow_actions lib/ofp-actions.c:7835:12
+     #5 0x64bb8b in ofputil_decode_packet_out lib/ofp-packet.c:1113:17
+     #6 0x65b6f4 in ofp_print_packet_out lib/ofp-print.c:148:13
+     #7 0x659e3f in ofp_to_string__ lib/ofp-print.c:1029:16
+     #8 0x659b24 in ofp_to_string lib/ofp-print.c:1244:21
+     #9 0x65a28c in ofp_print lib/ofp-print.c:1288:28
+     #10 0x540d11 in ofctl_ofp_parse utilities/ovs-ofctl.c:2814:9
+     #11 0x564228 in ovs_cmdl_run_command__ lib/command-line.c:247:17
+     #12 0x56408a in ovs_cmdl_run_command lib/command-line.c:278:5
+     #13 0x5391ae in main utilities/ovs-ofctl.c:179:9
+     #14 0x7f6911ce9081 in __libc_start_main (/lib64/libc.so.6+0x27081)
+     #15 0x461fed in _start (utilities/ovs-ofctl+0x461fed)
+ .
+ Fix that by getting a new pointer before using.
+ .
+ Credit to OSS-Fuzz.
+ .
+ Fuzzer regression test will fail only with AddressSanitizer enabled.
+Author: Ilya Maximets <i.maxim...@ovn.org>
+Date: Tue, 16 Feb 2021 23:27:30 +0100
+Reported-at: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27851
+Fixes: f839892a206a ("OF support and translation of generic encap and decap")
+Acked-by: William Tu <u9012...@gmail.com>
+Signed-off-by: Ilya Maximets <i.maxim...@ovn.org>
+Bug-Debian: https://bugs.debian.org/991308
+Origin: upstream, 
https://github.com/openvswitch/ovs/commit/38744b1bcb022c611712527f039722115300f58f.patch
+Last-Update: 2021-07-21
+
+diff --git a/lib/ofp-actions.c b/lib/ofp-actions.c
+index e2e829772a5..0342a228b70 100644
+--- a/lib/ofp-actions.c
++++ b/lib/ofp-actions.c
+@@ -4431,6 +4431,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
+ {
+     struct ofpact_encap *encap;
+     const struct ofp_ed_prop_header *ofp_prop;
++    const size_t encap_ofs = out->size;
+     size_t props_len;
+     uint16_t n_props = 0;
+     int err;
+@@ -4458,6 +4459,7 @@ decode_NXAST_RAW_ENCAP(const struct nx_action_encap *nae,
+         }
+         n_props++;
+     }
++    encap = ofpbuf_at_assert(out, encap_ofs, sizeof *encap);
+     encap->n_props = n_props;
+     out->header = &encap->ofpact;
+     ofpact_finish_ENCAP(out, &encap);
+diff --git a/tests/automake.mk b/tests/automake.mk
+index 677b99a6b48..fc80e027dfc 100644
+--- a/tests/automake.mk
++++ b/tests/automake.mk
+@@ -134,7 +134,8 @@ FUZZ_REGRESSION_TESTS = \
+       tests/fuzz-regression/ofp_print_fuzzer-5722747668791296 \
+       tests/fuzz-regression/ofp_print_fuzzer-6285128790704128 \
+       tests/fuzz-regression/ofp_print_fuzzer-6470117922701312 \
+-      tests/fuzz-regression/ofp_print_fuzzer-6502620041576448
++      tests/fuzz-regression/ofp_print_fuzzer-6502620041576448 \
++      tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
+ $(srcdir)/tests/fuzz-regression-list.at: tests/automake.mk
+       $(AM_V_GEN)for name in $(FUZZ_REGRESSION_TESTS); do \
+             basename=`echo $$name | sed 's,^.*/,,'`; \
+diff --git a/tests/fuzz-regression-list.at b/tests/fuzz-regression-list.at
+index e3173fb88f0..2347c690eff 100644
+--- a/tests/fuzz-regression-list.at
++++ b/tests/fuzz-regression-list.at
+@@ -21,3 +21,4 @@ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-5722747668791296])
+ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6285128790704128])
+ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6470117922701312])
+ TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6502620041576448])
++TEST_FUZZ_REGRESSION([ofp_print_fuzzer-6540965472632832])
+diff --git a/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832 
b/tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
+new file mode 100644
+index 00000000000..e69de29bb2d
diff -Nru openvswitch-2.15.0+ds1/debian/patches/series 
openvswitch-2.15.0+ds1/debian/patches/series
--- openvswitch-2.15.0+ds1/debian/patches/series        2021-02-20 
21:58:03.000000000 +0100
+++ openvswitch-2.15.0+ds1/debian/patches/series        2022-01-03 
13:53:38.000000000 +0100
@@ -1,2 +1,3 @@
 remove-include-debian-automake.mk.patch
 py3-compat.patch
+CVE-2021-36980_Fix_use-after-free_while_decoding_RAW_ENCAP.patch
diff -Nru openvswitch-2.15.0+ds1/debian/rules 
openvswitch-2.15.0+ds1/debian/rules
--- openvswitch-2.15.0+ds1/debian/rules 2021-02-20 21:58:03.000000000 +0100
+++ openvswitch-2.15.0+ds1/debian/rules 2022-01-03 13:53:38.000000000 +0100
@@ -181,6 +181,7 @@
 endif # nocheck
 
 override_dh_auto_build:
+       touch tests/fuzz-regression/ofp_print_fuzzer-6540965472632832
        set -e ; set -x ; for MYMAINTSCRIPT in openvswitch-common.postinst 
openvswitch-switch-dpdk.postinst ; do \
                sed s/%%MULTIARCH_TRIPLETT%%/$$(dpkg-architecture 
-qDEB_HOST_MULTIARCH)/ debian/$$MYMAINTSCRIPT.in >debian/$$MYMAINTSCRIPT ; \
        done
@@ -207,6 +208,9 @@
                
$(CURDIR)/debian/openvswitch-common/usr/lib/openvswitch-common/ovs-vswitchd
        mv $(CURDIR)/debian/tmp/usr/lib/*/libopenvswitch-2.15.so.0.0.0 \
                
$(CURDIR)/debian/openvswitch-common/usr/lib/openvswitch-common/libopenvswitch-2.15.so.0.0.0
+       mv $(CURDIR)/debian/tmp/usr/lib/*/libofproto-2.15.so.0.0.0 \
+               
$(CURDIR)/debian/openvswitch-common/usr/lib/openvswitch-common/libofproto-2.15.so.0.0.0
+
 
 override_dh_auto_install-indep:
        $(MAKE) -C _debian DESTDIR=$(CURDIR)/debian/tmp install
@@ -218,7 +222,10 @@
 
 override_dh_install:
        install -D -m 0644 utilities/ovs-vsctl-bashcomp.bash 
$(CURDIR)/debian/openvswitch-switch/usr/share/bash-completion/completions/ovs-vsctl
-       dh_install --exclude=usr/sbin/ovs-vswitchd 
--exclude=usr/lib/`dpkg-architecture 
-qDEB_HOST_MULTIARCH`/libopenvswitch-2.15.so.0.0.0
+       dh_install --exclude=usr/sbin/ovs-vswitchd \
+                  --exclude=usr/lib/`dpkg-architecture 
-qDEB_HOST_MULTIARCH`/libopenvswitch-2.15.so.0.0.0 \
+                  --exclude=usr/lib/`dpkg-architecture 
-qDEB_HOST_MULTIARCH`/libofproto-2.15.so.0.0.0
+
 
        rm -f $(CURDIR)/debian/tmp/usr/lib/*/*.la
        dh_installman --language=C
@@ -227,6 +234,7 @@
        # remove the files managed via update-alternatives
        rm -f $(CURDIR)/debian/tmp/usr/sbin/ovs-vswitchd
        rm -f $(CURDIR)/debian/tmp/usr/lib/*/libopenvswitch-2.15.so.0.0.0
+       rm -f $(CURDIR)/debian/tmp/usr/lib/*/libofproto-2.15.so.0.0.0
 
        dh_missing --fail-missing
        # openvswitch-switch
@@ -238,6 +246,8 @@
                
$(CURDIR)/debian/openvswitch-switch-dpdk/usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
        install -v -D _dpdk/lib/.libs/libopenvswitch-2.15.so.0.0.0 \
                
$(CURDIR)/debian/openvswitch-switch-dpdk/usr/lib/openvswitch-switch-dpdk/libopenvswitch-2.15.so.0.0.0
+       install -v -D _dpdk/ofproto/.libs/libofproto-2.15.so.0.0.0 \
+               
$(CURDIR)/debian/openvswitch-switch-dpdk/usr/lib/openvswitch-switch-dpdk/libofproto-2.15.so.0.0.0
 endif
 
 override_dh_installinit:
@@ -254,7 +264,7 @@
        dh_strip --dbg-package=openvswitch-dbg
 
 override_dh_shlibdeps:
-       dh_shlibdeps -l$(CURDIR)/_debian/lib/.libs
+       dh_shlibdeps 
-l$(CURDIR)/_debian/lib/.libs:$(CURDIR)/_debian/ofproto/.libs
 
 override_dh_installman:
        echo "Do nothing..."

--- End Message ---

--- Begin Message ---

Package: release.debian.org
Version: 11.3

Hi,

The updates referenced by these bugs were included in stable as part of
this morning's 11.3 point release.

Regards,

Adam

--- End Message ---

Bug#1003058: marked as done (bullseye-pu: package openvswitch/2.15.0+ds1-2)

Reply via email to