6 changed files with 92 additions and 62 deletions
--- a/.dpdk.metadata
+++ b/.dpdk.metadata
@ -0,0 +1,2 @@
 061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz
 3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 SOURCES/dpdk-23.11.tar.xz
 SOURCES/pyelftools-0.27.tar.gz
--- a/SOURCES/0001-net-virtio-fix-Rx-checksum-calculation.patch
+++ b/SOURCES/0001-net-virtio-fix-Rx-checksum-calculation.patch
@ -0,0 +1,37 @@
 From 606fd08b1bfce6d81c9532a9ecbbbe88aa266793 Mon Sep 17 00:00:00 2001
 From: Olivier Matz <olivier.matz@6wind.com>
 Date: Thu, 28 Nov 2024 12:09:56 +0100
 Subject: [PATCH] net/virtio: fix Rx checksum calculation
 If hdr->csum_start is larger than packet length, the len argument passed
 to rte_raw_cksum_mbuf() overflows and causes a segmentation fault.
 Ignore checksum computation in this case.
 CVE-2024-11614
 Fixes: ca7036b4af3a ("vhost: fix offload flags in Rx path")
 Signed-off-by: Maxime Gouin <maxime.gouin@6wind.com>
 Signed-off-by: Olivier Matz <olivier.matz@6wind.com>
 Reviewed-by: Maxime Coquelin <maxime.coquelin@redhat.com>
 ---
 lib/vhost/virtio_net.c | 3 +++
 1 file changed, 3 insertions(+)
 diff --git a/lib/vhost/virtio_net.c b/lib/vhost/virtio_net.c
 index 6d53ff932d..e42aabf126 100644
 --- a/lib/vhost/virtio_net.c
 +++ b/lib/vhost/virtio_net.c
@@ -2831,6 +2831,9 @@ vhost_dequeue_offload(struct virtio_net *dev, struct virtio_net_hdr *hdr,
 			 */
 			uint16_t csum = 0, off;
 +			if (hdr->csum_start >= rte_pktmbuf_pkt_len(m))
 +				return;
 +
 			if (rte_raw_cksum_mbuf(m, hdr->csum_start,
 					rte_pktmbuf_pkt_len(m) - hdr->csum_start, &csum) < 0)
 				return;
 -- 
 2.47.0
--- a/SOURCES/dpdk-22.11.tar.xz
+++ b/SOURCES/dpdk-22.11.tar.xz
--- a/SOURCES/pyelftools-0.27.tar.gz
+++ b/SOURCES/pyelftools-0.27.tar.gz
--- a/SPECS/dpdk.spec
+++ b/SPECS/dpdk.spec
@ -8,8 +8,8 @@
 #% define date 20191128
 #% define shortcommit0 %(c=%{commit0}; echo ${c:0:7})
-%define ver 22.11
+%define ver 23.11
-%define rel 3
+%define rel 2
 %define srcname dpdk%(awk -F. '{ if (NF > 2) print "-stable" }' <<<%{version})
@ -23,14 +23,17 @@ Epoch: 2
 %endif
 URL: http://dpdk.org
 %if 0%{?commit0:1}
-Source: http://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz
+Source: https://dpdk.org/browse/dpdk/snapshot/dpdk-%{commit0}.tar.xz
 %else
-Source: http://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
+Source: https://fast.dpdk.org/rel/dpdk-%{ver}.tar.xz
 %endif
 # Only needed for creating snapshot tarballs, not used in build itself
 Source100: dpdk-snapshot.sh
 # CVE-2024-11614
 Patch1: 0001-net-virtio-fix-Rx-checksum-calculation.patch
 Summary: Set of libraries and drivers for fast packet processing
 #
@ -151,11 +154,11 @@ ENABLED_DRIVERS+=(
    bus/vmbus
    common/iavf
    common/mlx5
    common/nfp
    net/bnxt
    net/enic
    net/iavf
    net/ice
    net/mlx4
    net/mlx5
    net/netvsc
    net/nfp
@ -175,48 +178,40 @@ for driver in "${ENABLED_DRIVERS[@]}"; do
    enable_drivers="${enable_drivers:+$enable_drivers,}"$driver
 done
 # As of 22.11, following libraries can be disabled:
 # optional_libs = [
 #         'bitratestats',
 #         'cfgfile',
 #         'flow_classify',
 #         'gpudev',
 #         'gro',
 #         'gso',
 #         'kni',
 #         'jobstats',
 #         'latencystats',
 #         'metrics',
 #         'node',
 #         'pdump',
 #         'pipeline',
 #         'port',
 #         'power',
 #         'table',
 #         'vhost',
 # ]
 # If doing any updates, this must be aligned with:
 # https://access.redhat.com/articles/3538141
-DISABLED_LIBS=(
+ENABLED_LIBS=(
-    cfgfile
+    bbdev
-    flow_classify
+    bitratestats
-    gpudev
+    bpf
-    kni
+    cmdline
-    jobstats
+    cryptodev
-    node
+    dmadev
-    pipeline
+    gro
-    port
+    gso
-    power
+    hash
-    table
+    ip_frag
    latencystats
    member
    meter
    metrics
    pcapng
    pdump
    security
    stack
    vhost
 )
-for lib in "${DISABLED_LIBS[@]}"; do
+for lib in "${ENABLED_LIBS[@]}"; do
-    disable_libs="${disable_libs:+$disable_libs,}"$lib
+    enable_libs="${enable_libs:+$enable_libs,}"$lib
 done
 ln -s /usr/bin/true mandb
 export PATH=$(pwd):$PATH
 %meson --includedir=include/dpdk \
       --default-library=shared \
-       -Ddisable_libs="$disable_libs" \
+       -Ddeveloper_mode=disabled \
       -Denable_libs="$enable_libs" \
       -Ddrivers_install_subdir=dpdk-pmds \
       -Denable_apps="$enable_apps" \
       -Denable_docs=true \
@ -233,10 +228,10 @@ for driver in "${ENABLED_DRIVERS[@]}"; do
 	echo "!!! Could not find $driver in rte_build_config.h, please check dependencies. !!!"
 	false
 done
-for lib in "${DISABLED_LIBS[@]}"; do
+for lib in "${ENABLED_LIBS[@]}"; do
 	config_token="RTE_LIB_$(echo "$lib" | tr [a-z/] [A-Z_])"
-	grep -Fqw "$config_token" */rte_build_config.h || continue
+	! grep -Fqw "$config_token" */rte_build_config.h || continue
-	echo "!!! Found $lib in rte_build_config.h. !!!"
+	echo "!!! Could not find $lib in rte_build_config.h, please check dependencies. !!!"
 	false
 done
 %meson_build
@ -246,9 +241,10 @@ done
 rm -f %{buildroot}%{_libdir}/*.a
 # Taken from debian/rules
-rm -f %{docdir}/html/.buildinfo
+rm -f %{buildroot}%{docdir}/html/.buildinfo
-rm -f %{docdir}/html/objects.inv
+rm -f %{buildroot}%{docdir}/html/objects.inv
-rm -rf %{docdir}/html/.doctrees
+rm -rf %{buildroot}%{docdir}/html/.doctrees
 find %{buildroot}%{_datadir}/man/ -type f -a ! -iname "*rte_*" -exec rm {} \;
 %files
 # BSD
@ -279,6 +275,7 @@ rm -rf %{docdir}/html/.doctrees
 %{pmddir}/*.so
 %{_libdir}/pkgconfig/libdpdk.pc
 %{_libdir}/pkgconfig/libdpdk-libs.pc
 %{_datadir}/man
 %if %{with examples}
 %files examples
 %{_bindir}/dpdk-*
@ -291,28 +288,20 @@ rm -rf %{docdir}/html/.doctrees
 %endif
 %changelog
-* Thu Mar 23 2023 Timothy Redaelli <tredaelli@redhat.com> - 22.11-3
+* Tue Dec 17 2024 Kevin Traynor <ktraynor@redhat.com> - 23.11-2
- Add support to load compressed firmware (#2179024)
+- Backport fixes for CVE-2024-11614 (RHEL-68600)
-* Fri Mar 03 2023 Maxime Coquelin <maxime.coquelin@redhat.com> - 22.11-2
+* Fri Dec 15 2023 David Marchand <david.marchand@redhat.com> - 23.11-1
- Add ACC100/ACC200 and related test-bbdev application (#2106526, #2138398)
+- Rebase to 23.11 (RHEL-19584)
-* Mon Jan 23 2023 Timothy Redaelli <tredaelli@redhat.com> - 22.11-1
+* Fri Dec 23 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-3
- Rebase to 22.11 (#2129066)
+- Version bump just to be sure it's updated from dpdk-21.11-2.el8_7
-* Mon Sep 12 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11.2-1
+* Wed Oct 26 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11-2
- Rebase to 21.11.2 (#2126159)
+- Backport fixes for CVE-2022-2132 (#2107171)
 - Includes fixes for CVE-2022-2132 (#2107173) and CVE-2022-28199 (#2123616)
 * Wed Jul 13 2022 Timothy Redaelli <tredaelli@redhat.com> - 21.11.1-1
 - Rebase to 21.11.1 (#2106856)
 - Includes fix for CVE-2021-3839 (#2026642)
 * Tue Nov 23 2021 David Marchand <david.marchand@redhat.com> - 21.11-1
- Rebase to 21.11 (#2030616)
+- Rebase to 21.11 (#2029497)
 * Fri Nov 19 2021 Timothy Redaelli <tredaelli@redhat.com> - 20.11.1-1
 - Rebase to 20.11.1 (#2024994)
 * Tue Feb 16 2021 Timothy Redaelli <tredaelli@redhat.com> - 20.11-3
 - Fix gating since on DPDK 20.11 testpmd is called dpdk-testpmd
		`@ -0,0 +1,2 @@`
							`061198752d3d8b64d33113b7c8c1e272c973403d SOURCES/dpdk-23.11.tar.xz`
							`3cc45b133677fbff08e89e65a2120be52ebb27a5 SOURCES/pyelftools-0.27.tar.gz`
		`@ -0,0 +1,2 @@`
							`SOURCES/dpdk-23.11.tar.xz`
							`SOURCES/pyelftools-0.27.tar.gz`