* Mon Sep 12 2022 pgajdos@suse.com
- security update
- added patches
fix CVE-2022-2132 [bsc#1202903], DoS when a Vhost header crosses more than two descriptors and exhausts all mbufs
+ dpdk-CVE-2022-2132.patch
* Mon Sep 21 2020 jcaamano@suse.com
- Update to 18.11.9. For a list of fixes check:
* https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes
- Add patches to fix vulnerability where malicious guest can harm the host
using vhost crypto, this includes executing code in host (VM Escape),
reading host application memory space to guest and causing partially
denial of service in the host (CVE-2020-14374,CVE-2020-14375,CVE-2020-14376,
CVE-2020-14377,CVE-2020-14378bsc#1176590):
* 0001-vhost-crypto-fix-pool-allocation.patch
* 0002-vhost-crypto-fix-incorrect-descriptor-deduction.patch
* 0003-vhost-crypto-fix-missed-request-check-for-copy-mode.patch
* 0004-vhost-crypto-fix-incorrect-write-back-source.patch
* 0005-vhost-crypto-fix-data-length-check.patch
* 0006-vhost-crypto-fix-possible-TOCTOU-attack.patch
- Removed patches that no longer apply to the code base:
* 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch
* 0003-vhost-crypto-validate-keys-lengths.patch
* 0001-vhost-check-log-mmap-offset-and-size-overflow.patch
* 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch
* 0002-vhost-fix-vring-index-check.patch
* Tue May 12 2020 jcaamano@suse.com
- Add patches to fix vulnerability where malicious guest/container can
cause resource leak resulting a Denial-of-Service, or memory corruption
and crash, or information leak in vhost-user backend application
(bsc#1171477, CVE-2020-10722, CVE-2020-10723, CVE-2020-10724,
CVE-2020-10725, CVE-2020-10726).
* 0001-vhost-check-log-mmap-offset-and-size-overflow.patch
* 0002-vhost-fix-vring-index-check.patch
* 0003-vhost-crypto-validate-keys-lengths.patch
- Change constraint to ssse3 to fix build issues on x86_64 and i586
* Mon Jan 27 2020 jcaamano@suse.com
- Add version to the PMD driver directory to avoid loading previous
version drivers (bsc#1157179).
- Update to 18.11.3 (bsc#1156146). For a list of fixes check:
* https://doc.dpdk.org/guides-18.11/rel_notes/release_18_11.html#fixes
- Add patches to fix vulnerability where malicious container can trigger
a denial of service (CVE-2019-14818, bsc#1156146)
* 0001-vhost-fix-possible-denial-of-service-on-SET_VRING_NU.patch
* 0002-vhost-fix-possible-denial-of-service-by-leaking-FDs.patch
- Changed to multibuild (bsc#1151455).
* Wed Feb 20 2019 marco.varlese@suse.com
- Added 0002-fix-cpu-compatibility.patch to address issue with older
CPUs (bsc#1125961)
* Thu Jan 24 2019 ndas@suse.de
- Update to 18.11; some of the changes are(fate#325916, fate#325951 fate#326025, fate#326992):
* Added support for using externally allocated memory in DPDK.
* Added check for ensuring allocated memory is addressable by devices.
* Updated the C11 memory model version of the ring library.
* Added NXP CAAM JR PMD.
* Added support for GEN3 devices to Intel QAT driver.
* Added Distributed Software Eventdev PMD.
* Updated KNI kernel module, rte_kni library, and KNI sample application.
* Add a new sample application for vDPA.
* Updated mlx5 driver.
* * Improved security of PMD to prevent the NIC from getting stuck when the application misbehaves.
* * Reworked flow engine to supported e-switch flow rules (transfer attribute).
* * Added support for header re-write(L2-L4), VXLAN encap/decap, count, match on TCP flags and multiple flow groups with e-switch flow rules.
* * Added support for match on metadata, VXLAN and MPLS encap/decap with flow rules.
* * Added support for RTE_ETH_DEV_CLOSE_REMOVE flag to provide better support for representors.
* * Added support for meson build.
* * Fixed build issue with PPC.
* * Added support for BlueField VF.
* * Added support for externally allocated static memory for DMA.
all the changes can be viwed in http://doc.dpdk.org/guides/rel_notes/release_18_11.html
[- 0001-enic-fix-Type-punning-and-strict-aliasing-warning.patch,
- - 0002-fix-cpu-compatibility.patch]
* Mon Sep 24 2018 marco.varlese@suse.com
- Fixed a problem with ABI compatibility; API/ABI compatibility is
guaranteed by DPDK upstream community across subsequent bug-fix
releases. However, the .spec file broke it by defining the wrong
version which included also the bug-fix release number.
- Fixed a naming issue with library: did not reflect soname
* Mon Sep 03 2018 marco.varlese@suse.com
- Update to 17.11.4 stable release. Some of the fixes include:
* app/testpmd: fix buffer leak in TM command, fix DCB config,
fix VLAN TCI mask set error for FDIR
* bus/dpaa: fix buffer offset setting in FMAN, fix build,
fix phandle support for Linux 4.16
* doc: fix bonding command in testpmd, update qede management
firmware guide
* eal: fix bitmap documentation, fix return codes on thread naming
failure, fix invalid syntax in interrupts, fix uninitialized value
* eventdev: add event buffer flush in Rx adapter, fix internal
port logic in Rx adapter, fix missing update to Rx adaper
WRR position, fix port in Rx adapter internal function, fix Rx SW
adapter stop
* hash: fix a multi-writer race condition, fix doxygen of return
values, fix key slot size accuracy, fix multiwriter lock memory
allocation
* kni:fix build with gcc 8.1, fix crash with null name
* vhost: fix missing increment of log cache count, flush IOTLB
cache on new mem table handling, improve dirty pages logging
performance, release locks on RARP packet failure, retranslate
vring addr when memory table changes
* PMD drivers: various fixes fro bnxt, dpaa2, mlx5
- Fixed a syntax error affecting csh environment configuration(bsc#1102310)
* Tue Jul 03 2018 ndas@suse.de
- do proper cpu compatibility test(bsc#1099474)
[+ 0002-fix-cpu-compatibility.patch]
- change %doc to %license
* Wed May 16 2018 msuchanek@suse.com
- workaround kernelrelease error
* Mon May 14 2018 ndas@suse.de
- Sync dpdk for SLE15 with SLE12-SP4(fate#324872)
* Fri May 11 2018 ndas@suse.de
- use gcc-7 to remove EXTRA_CFLAGS hack that was required for gcc-6
in the previous change(bsc#1090668)
* Tue Apr 24 2018 ndas@suse.de
- Remove fstack-clash-protection from EXTRA_CFLAGS as gcc-6 cant
recognize it(bsc#1090668)
* Mon Apr 23 2018 ndas@suse.de
- Update to 17.11.2
restrict untrusted guest to misuse virtio to corrupt
host application(ovs-dpdk) memory which can lead all VM to lose
connectivity(CVE-2018-1059,bsc#1089638).
Changes:
* Add deprecation notice for rte_vhost_gpa_to_vva()
* Patch vhost-net and vhost-scsi examples
* Fixes checkpatch warnings
* Take VIRTIO_RING_F_EVENT_IDX into account when ring size (Tiwei)
* Fix next chuncks translation access rights in Rx paths (Tiwei)
* vhost: fix indirect descriptors table translation size
* vhost: check all range is mapped when translating GPAs
* vhost: introduce safe API for GPA translation
* vhost: ensure all range is mapped when translating QVAs
* vhost: add support for non-contiguous indirect descs tables
* vhost: handle virtually non-contiguous buffers in Tx
* vhost: handle virtually non-contiguous buffers in Rx
* vhost: handle virtually non-contiguous buffers in Rx-mrg
* examples/vhost: move to safe GPA translation API
* examples/vhost_scsi: move to safe GPA translation API
* vhost/crypto: move to safe GPA translation API
* vhost: deprecate unsafe GPA translation API
* Wed Feb 28 2018 marco.varlese@suse.de
- The vm_power example does not work for ppc64le since it uses the
IXGBE PMD driver which is not available for that platform(bsc#1082154):
* Disable CONFIG_RTE_LIBRTE_POWER for the sample application;
* Disable CONFIG_RTE_LIBRTE_IXGBE_PMD for the actual PMD driver;
* Tue Feb 27 2018 marco.varlese@suse.de
- Upgraded to latest stable release 17.11.1 (LTS): some of the fixes include:
* location changes of the GPL and LGPL licenses;
* net/mlx4:
- fix drop flow resources leak
* net/bnxt:
- double increment of idx during Tx ring alloc
- group info usage
- check for ether type
- size of Tx ring in HW
- number of pools for RSS
- return code in MAC address set
- link speed setting with autoneg off
* net/nfp:
- MTU settings
- jumbo settings
- CRC strip check behaviour
* net/sfc:
- multicast address list copy memory leak
- DMA memory leak after kvarg processing failure
- fix label name to be consistent
* net/i40e:
- VLAN offload setting issue
- FDIR input set conflict
- FDIR rule confiliction issue
- setting MAC address of VF
- flow director Rx resource defect
- warn when writing global registers
- multiple driver support
- interrupt conflict with multi-driver
- Rx interrupt
- check multi-driver option parsing
- flow director filter
* net/qede:
- enable LRO over tunnels
- reject config with no Rx queue
- check tunnel L3 header
- tunnel header size in Tx BD configuration
- VF LRO tunnel configuration
* net/mlx5:
- Tx checksum offloads
- un-supported RSS hash fields use
- device operation type
- pedantic compilation
- fix pedantic compilation
- flow item validation
- flow RSS configuration
- UAR remapping on non configured queues
- secondary process verification
- port stop by verify flows are still present
- flow priority on queue action
* Mon Jan 15 2018 ndas@suse.de
- Enable(disabled by default) MLX4 and MLX5 pmd(fate#322609)
* Tue Jan 09 2018 marco.varlese@suse.de
- Upgraded to latest major 17.11(fate#322609); some of the fixes include:
* Extended port_id range from uint8_t to uint16_t
* Added a new driver for Marvell Armada 7k/8k devices
* Updated mlx4 driver
* Updated mlx5 driver
* Added SoftNIC PMD
* Added support for NXP DPAA Devices
* Updated support for Cavium OCTEONTX Device
* Added PF support to the Netronome NFP PMD
* Updated bnxt PMD
* Added bus agnostic functions to cryptodev for PMD initialization
* Updated QAT crypto PMD
* Updated the AESNI MB PMD
* Updated the OpenSSL PMD
* Added NXP DPAA SEC crypto PMD
* Add new benchmarking mode to dpdk-test-crypto-perf application
* Added IOMMU support to libvhost-user
* Added the Generic Segmentation Offload Library
* Added the Flow Classification Library
- Removed 0002-kni-fix-build-on-SLE12-SP3.patch since patch merged upstream and available in 17.11
* Fri Dec 22 2017 marco.varlese@suse.de
- Added missing supported broadcom chipset family Broadcom NetXtreme II BCM57810
* Mon Dec 11 2017 marco.varlese@suse.de
- Upgraded to latest stable 17.08.1; some of the fixes include:
* net/qede: disable per-VF Tx switching feature
* revert "net/virtio: flush Rx queues on start"
* various fixes for mlx5 PMD drivers
* various fixes for bnxt PMD drivers
* various fixes for i40e PMD drivers
* various fixes for crypto PMD drivers
* testpmd: fix for non-consecutive ports
* ethdev: fix ABI version