[Bug 1836713] Re: upgrade of openvswitch packages resets alternative binaries to auto
Launchpad Bug Tracker
1836713 at bugs.launchpad.net
Wed Feb 10 15:13:49 UTC 2021
This bug was fixed in the package openvswitch - 2.9.8-0ubuntu0.18.04.2
---------------
openvswitch (2.9.8-0ubuntu0.18.04.2) bionic-security; urgency=medium
* SECURITY UPDATE: packet parsing vulnerability
- debian/patches/CVE-2020-35498.patch: support extra padding length in
lib/conntrack.c, lib/dp-packet.h, lib/flow.c, tests/classifier.at.
- CVE-2020-35498
-- Marc Deslauriers <marc.deslauriers at ubuntu.com> Thu, 28 Jan 2021
14:49:10 -0500
** Changed in: openvswitch (Ubuntu Bionic)
Status: Fix Committed => Fix Released
** CVE added: https://cve.mitre.org/cgi-bin/cvename.cgi?name=2020-35498
--
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to openvswitch in Ubuntu.
https://bugs.launchpad.net/bugs/1836713
Title:
upgrade of openvswitch packages resets alternative binaries to auto
Status in Ubuntu Cloud Archive:
Fix Released
Status in Ubuntu Cloud Archive queens series:
Fix Committed
Status in Ubuntu Cloud Archive stein series:
Fix Committed
Status in Ubuntu Cloud Archive train series:
Fix Released
Status in openvswitch package in Ubuntu:
Fix Released
Status in openvswitch source package in Bionic:
Fix Released
Status in openvswitch source package in Disco:
Won't Fix
Status in openvswitch source package in Eoan:
Fix Released
Bug description:
[Impact]
Package upgrades on installations using the dpdk binary will be automatically switched back to the non-dpdk binary on upgrade.
This will break all configured networking within openvswitch.
[Test Case]
sudo apt install openvswitch-switch-dpdk
sudo update-alternatives --set ovs-vswitchd /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
sudo update-alternatives --query ovs-vswitchd
Name: ovs-vswitchd
Link: /usr/sbin/ovs-vswitchd
Status: manual
Best: /usr/lib/openvswitch-switch/ovs-vswitchd
Value: /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
Alternative: /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
Priority: 50
Alternative: /usr/lib/openvswitch-switch/ovs-vswitchd
Priority: 100
sudo apt install --reinstall openvswitch-switch-dpdk
sudo update-alternatives --query ovs-vswitchd
Name: ovs-vswitchd
Link: /usr/sbin/ovs-vswitchd
Status: auto
Best: /usr/lib/openvswitch-switch/ovs-vswitchd
Value: /usr/lib/openvswitch-switch/ovs-vswitchd
Alternative: /usr/lib/openvswitch-switch-dpdk/ovs-vswitchd-dpdk
Priority: 50
Alternative: /usr/lib/openvswitch-switch/ovs-vswitchd
Priority: 100
[Regression Potential]
Low - the fix was been in Ubuntu since Eoan and the maintainer script usage of update-alternatives was broken since the -dpdk binary was introducted.
The main challenge is actually upgrading a -dpdk installation without
disabling the -dpdk binary with the existing prerm script.
To avoid this:
sudo sed -i "/update-alternatives/d" /var/lib/dpkg/info/openvswitch-
switch-dpdk.prerm
before completing the package upgrade thus ensuring the -dpdk version
of the binary never gets removed.
[Original Bug Report]
Upgrading and existing openvswitch installation which has been manually configured to use the DPDK alternative binary using:
sudo update-alternatives --set ovs-vswitchd /usr/lib/openvswitch-
switch-dpdk/ovs-vswitchd-dpdk
results in the ovs-vswitchd being reset back to 'auto':
Setting up openvswitch-switch (2.11.0-0ubuntu2~cloud0) ...
update-alternatives: using /usr/lib/openvswitch-switch/ovs-vswitchd to provide /usr/sbin/ovs-vswitchd (ovs-vswitchd) in auto mode
The prerm maintainer scripts always remove the alternatives, which
purges any manual setting done of the binaries.
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1836713/+subscriptions
More information about the Ubuntu-openstack-bugs
mailing list