diff --git a/.gitignore b/.gitignore index 477a509..06ec758 100644 --- a/.gitignore +++ b/.gitignore @@ -14,3 +14,4 @@ /dpdk-21.11.2.tar.xz /dpdk-22.11.tar.xz /dpdk-23.11.tar.xz +/dpdk-24.11.1.tar.xz diff --git a/0001-net-virtio-fix-Rx-checksum-calculation.patch b/0001-net-virtio-fix-Rx-checksum-calculation.patch deleted file mode 100644 index 88c61d7..0000000 --- a/0001-net-virtio-fix-Rx-checksum-calculation.patch +++ /dev/null @@ -1,37 +0,0 @@ -From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001 -From: Olivier Matz -Date: Thu, 28 Nov 2024 12:09:56 +0100 -Subject: [PATCH] net/virtio: fix Rx checksum calculation - -If hdr->csum_start is larger than packet length, the len argument passed -to rte_raw_cksum_mbuf() overflows and causes a segmentation fault. - -Ignore checksum computation in this case. - -CVE-2024-11614 - -Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path") -Signed-off-by: Maxime Gouin -Signed-off-by: Olivier Matz -Reviewed-by: Maxime Coquelin ---- - lib/vhost/virtio_net.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c -index 6d53ff932d..e42aabf126 100644 ---- a/lib/vhost/virtio_net.c -+++ b/lib/vhost/virtio_net.c -@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr, - */ - uint16_t csum = 0, off; - -+ if (hdr->csum_start >= rte_pktmbuf_pkt_len(m)) -+ return; -+ - if (rte_raw_cksum_mbuf(m, hdr->csum_start, - rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0) - return; --- -2.47.0 - diff --git a/dpdk.spec b/dpdk.spec index d4e03ec..35dba2e 100644 --- a/dpdk.spec +++ b/dpdk.spec @@ -8,8 +8,8 @@ #% define date 20191128 #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7}) -%define ver 23.11 -%define rel 2 +%define ver 24.11.1 +%define rel 1 %define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version}) @@ -31,9 +31,6 @@ Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz # Only needed for creating snapshot tarballs, not used in build itself Source100: dpdk-snapshot.sh -# CVE-2024-11614 -Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch - Summary: Set of libraries and drivers for fast packet processing # @@ -288,6 +285,9 @@ find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \; %endif %changelog +* Wed Dec 18 2024 David Marchand - 24.11.1-1 +- Rebase to 24.11.1 (RHEL-71133) + * Tue Dec 17 2024 Kevin Traynor - 23.11-2 - Backport fixes for CVE-2024-11614 (RHEL-68605) diff --git a/sources b/sources index 00d73e2..7fe7061 100644 --- a/sources +++ b/sources @@ -1,2 +1,2 @@ -SHA512 (dpdk-23.11.tar.xz) = e5177d658fca8df55090a92ea1a8932aac5847314fed7c686b8a36e709f34b14c05e68d6c4c433ff5371b67a39c4324b4eefab8c138f417468f57092bf269b4c +SHA512 (dpdk-24.11.1.tar.xz) = ad6a3b8a4dc2e89de685917679c23e73c6f8b29a544b517a9036fa257c65e49a5a68c8db81119bfa4aabca393f1cd9cd5eda9aa1700d017b2fbbe7e9a50cff73 SHA512 (pyelftools-0.27.tar.gz) = bb0a00e5500016e3d4f64be0a728e190f84b11a805f78d668b5a74716a30400e6794946f198ef4a3f3b8f64a63deb1b5a96180b09e56b7357b988b28e25fad0a