Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

openvswitch: 2.14.0 -> 2.14.1 #110171

Merged
merged 1 commit into from Feb 2, 2021
Merged

openvswitch: 2.14.0 -> 2.14.1 #110171

merged 1 commit into from Feb 2, 2021

Conversation

r-ryantm
Copy link
Contributor

Automatic update generated by nixpkgs-update tools. This update was made based on information from https://repology.org/metapackage/openvswitch/versions.

meta.description for openvswitch is: "A multilayer virtual switch"

meta.homepage for openvswitch is: "https://www.openvswitch.org/"

meta.changelog for openvswitch is: ""

Updates performed
  • Version update
To inspect upstream changes
Impact
Checks done (click to expand)
Rebuild report (if merged into master) (click to expand) 
40 total rebuild path(s)

20 package rebuild(s)

20 x86_64-linux rebuild(s)
8 i686-linux rebuild(s)
4 x86_64-darwin rebuild(s)
8 aarch64-linux rebuild(s)


First fifty rebuilds by attrpath
libvmi
openvswitch
pipework
qemu_xen
qemu_xen-light
qemu_xen_4_10
qemu_xen_4_10-light
qubes-core-vchan-xen
xen
xen-light
xen-slim
xenPackages.xen-light
xenPackages.xen-slim
xenPackages.xen-vanilla
xenPackages.xen_4_10-light
xenPackages.xen_4_10-slim
xenPackages.xen_4_10-vanilla
xen_4_10
xen_4_10-light
xen_4_10-slim
Instructions to test this update (click to expand)

Either download from Cachix:

nix-store -r /nix/store/icjbgdmvm497390flcfmf25yk4ssh2rs-openvswitch-2.14.1 \
  --option binary-caches 'https://cache.nixos.org/ https://nix-community.cachix.org/' \
  --option trusted-public-keys '
  nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=
  cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY=
  '

(The Cachix cache is only trusted for this store-path realization.)
For the Cachix download to work, your user must be in the trusted-users list or you can use sudo since root is effectively trusted.

Or, build yourself:

nix-build -A openvswitch https://github.com/r-ryantm/nixpkgs/archive/ab04d96f2c9dc32dacafbd18feec6bc22397a97e.tar.gz

After you've downloaded or built it, look at the files and if there are any, run the binaries:

ls -la /nix/store/icjbgdmvm497390flcfmf25yk4ssh2rs-openvswitch-2.14.1
ls -la /nix/store/icjbgdmvm497390flcfmf25yk4ssh2rs-openvswitch-2.14.1/bin

Pre-merge build results

We have automatically built all packages that will get rebuilt due to
this change.

This gives evidence on whether the upgrade will break dependent packages.
Note sometimes packages show up as failed to build independent of the
change, simply because they are already broken on the target branch.

Result of nixpkgs-review run on x86_64-linux 1

7 packages failed to build:
  • libvmi
  • qemu_xen (qemu_xen_4_10)
  • qemu_xen-light (qemu_xen_4_10-light)
  • qubes-core-vchan-xen
  • xen
  • xen-light
  • xen-slim
2 packages built:
  • openvswitch
  • pipework
Maintainer pings

cc @netixx @kmcopper for testing.

@ofborg ofborg bot requested review from netixx and kmcopper January 20, 2021 14:20
@mweinelt
Copy link
Member

Labeled as security due to two CVEs. Quoting the Arch security list:

  • CVE-2015-8011 (arbitrary code execution)

    A buffer overflow in the lldp_decode function in
    daemon/protocols/lldp.c in lldpd before 0.8.0 allows remote attackers
    to cause a denial of service (daemon crash) and possibly execute
    arbitrary code via vectors involving large management addresses and TLV
    boundaries.

  • CVE-2020-27827 (information disclosure)

    A security issue was found in lldpd before version 1.0.8. A packet that
    contains multiple instances of certain TLVs will cause lldpd to
    continually allocate memory and leak the old memory. As an example,
    multiple instances of system name TLV will cause old values to be
    dropped by the decoding routine.

netixx
netixx approved these changes Feb 2, 2021
View reviewed changes
Copy link
Contributor

@netixx netixx left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tested the update on my setup without any problems.

@mweinelt mweinelt merged commit 4499ac8 into NixOS:master Feb 2, 2021
@mweinelt
Copy link
Member

mweinelt commented Feb 2, 2021

@netixx Can you take care of backporting the fixes?

@r-ryantm r-ryantm deleted the auto-update/openvswitch branch February 3, 2021 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@netixx netixx netixx approved these changes

@kmcopper kmcopper Awaiting requested review from kmcopper

Assignees
No one assigned
Labels
1.severity: security 10.rebuild-darwin: 1-10 10.rebuild-linux: 11-100
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@r-ryantm @mweinelt @netixx