July 2021 Security Releases:
Use after free on close http2 on stream canceling (High) (CVE-2021-22930)
Node.js is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.
You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
Signed-off-by: Hirokazu MORIKAWA <morikw2@gmail.com>
Changing a volume right after activation doesn't work well due to some
caching or race-condition issue.
Perform activation as last lvchange operation as a work-around.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Open vSwitch supports SSL to connect to an OpenFlow controller. This is
recommended for security. Expand the UCI ovs config section to allow
configuring SSL CA, certificate and private key.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
The Open vSwitch init script does not set USE_PROCD=1. Instead, it
defines most of the functions and variables that would be set when
USE_PROCD is set to 1, but with some minor changes.
The basescript variable however, which is used when calling
procd_open_service and procd_kill, is not set. As a result, basename of
the contents of the initscript variable is used as the service name. As
the service is automatically started via its symlink in /etc/rc.d,
S15openvswitch, the service name is S15openvswitch.
Set the basescript variable so that the service name is openvswitch.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>
By default, Open vSwitch will generate the OpenFlow datapath ID of a
bridge based on the MAC address of one of its ports. Due to this, it's
possible that the datapath ID changes when new ports are added. When the
datapath ID changes, Open vSwitch disconnects from the controller, as
there is no way to notify the controller that the datapath ID has
changed.
Add an option to set the datapath ID so that the above situation can be
avoided. The option takes either exactly 16 hex characters, or when
prefixed with 0x, between 1 and 16 hex characters.
Signed-off-by: Stijn Tintel <stijn@linux-ipv6.be>