commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-09-04 13:22:02 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.10096 (New) Package is "openvswitch" Wed Sep 4 13:22:02 2024 rev:77 rq:1198352 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-08-05 17:20:18.920764091 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.10096/openvswitch.changes 2024-09-04 13:22:04.115350737 +0200 @@ -1,0 +2,16 @@ +Wed Aug 28 05:18:36 UTC 2024 - Duraisankar P + +- Update openvswitch to 3.3.1. For a list of changes, check + https://github.com/openvswitch/ovs/blob/v3.3.1/NEWS +- Update OVN to 24.03.3. For a list of changes, check + https://github.com/ovn-org/ovn/blob/v24.03.3/NEWS +- Drop upstream fixed patches, +* CVE-2023-1668.patch +* CVE-2023-3152.patch +* CVE-2023-5366.patch +* openvswitch-2.17.8-gcc14-build-fix.patch +* openvswitch-CVE-2023-3966.patch +- Updated the patch for version v3.3.1 +* install-ovsdb-tools.patch + +--- Old: CVE-2023-1668.patch CVE-2023-3152.patch CVE-2023-5366.patch openvswitch-2.17.8-gcc14-build-fix.patch openvswitch-3.1.0.tar.gz openvswitch-CVE-2023-3966.patch ovn-23.03.0.tar.gz New: openvswitch-3.3.1.tar.gz ovn-24.03.3.tar.gz BETA DEBUG BEGIN: Old:- Drop upstream fixed patches, * CVE-2023-1668.patch * CVE-2023-3152.patch Old:* CVE-2023-1668.patch * CVE-2023-3152.patch * CVE-2023-5366.patch Old:* CVE-2023-3152.patch * CVE-2023-5366.patch * openvswitch-2.17.8-gcc14-build-fix.patch Old:* CVE-2023-5366.patch * openvswitch-2.17.8-gcc14-build-fix.patch * openvswitch-CVE-2023-3966.patch Old:* openvswitch-2.17.8-gcc14-build-fix.patch * openvswitch-CVE-2023-3966.patch - Updated the patch for version v3.3.1 BETA DEBUG END: Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.tn6iGI/_old 2024-09-04 13:22:07.027472592 +0200 +++ /var/tmp/diff_new_pack.tn6iGI/_new 2024-09-04 13:22:07.043473261 +0200 @@ -18,14 +18,14 @@ %define skip_python2 1 -%define ovs_lname libopenvswitch-3_1-0 -%define ovn_lname libovn-23_03-0 -%define ovs_version 3.1.0 -%define ovn_version 23.03.0 +%define ovs_lname libopenvswitch-3_3-0 +%define ovn_lname libovn-24_03-0 +%define ovs_version 3.3.1 +%define ovn_version 24.03.3 %define ovs_dir ovs-%{ovs_version} %define ovn_dir ovn-%{ovn_version} %define rpmstate %{_rundir}/openvswitch-rpm-state- -%define _dpdkv 22.11.1 +%define _dpdkv 23.11.1 %define name_tag ${nil} #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} @@ -77,20 +77,9 @@ Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch # PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools required for building OVN Patch4: install-ovsdb-tools.patch -# PATCH-FIX-UPSTREAM CVE-2023-1668.patch -Patch5: CVE-2023-1668.patch -# PATCH-FIX-UPSTREAM CVE-2023-5366.patch -Patch6: CVE-2023-5366.patch -# Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW offload -Patch7: openvswitch-CVE-2023-3966.patch -# boo#1225906: Restore build with gcc14 -Patch8: openvswitch-2.17.8-gcc14-build-fix.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch -# PATCH-FIX-UPSTREAM CVE-2023-3152 [bsc#1212125] -- service monitor MAC flow is not rate limited -Patch21:CVE-2023-3152.patch -# CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP BuildRequires: autoconf BuildRequires: %{python_module setuptools} BuildRequires: automake @@ -183,7 +172,7 @@ Group: System/Libraries %if %{with dpdk} Requires: dpdk >= %{_dpdkv} -Requires: libdpdk-23 >= %{_dpdkv} +Requires: libdpdk-24 >= %{_dpdkv} %endif %description -n %{ovs_lname} @@ -424,15 +413,10 @@ %patch -P 2 -p1 %patch -P 3 -p1 %patch -P 4 -p1 -%patch -P 5 -p1 -%patch -P 6 -p1 -%patch -P 7 -p1 -%patch -P 8 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} %patch -P 20 -p1 -%patch -P 21 -p1 %build mkdir %ovs_dir @@ -1285,6 +1269,7 @@ %{_bindir}/ovn-appctl %{_bindir}/ovn-ic-nbctl %{_bindir}/ovn-ic-sbctl +%{_bindir}/ovn-debug %dir %{_datadir}/ovn %dir %{_datadir}/ovn/scripts %{_datadir}/ovn/scripts/ovn-ctl @@ -1307,6 +1292,7 @@ %{_mandir}/man8/ovn-nbctl.8%{?ext_ma
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-08-05 17:20:17 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.7232 (New) Package is "openvswitch" Mon Aug 5 17:20:17 2024 rev:76 rq:1191002 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-06-07 15:02:25.841726701 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.7232/openvswitch.changes 2024-08-05 17:20:18.920764091 +0200 @@ -1,0 +2,6 @@ +Tue Jul 30 13:50:21 UTC 2024 - pgaj...@suse.com + +- remove dependency on /usr/bin/python3 using + %python3_fix_shebang_path macro, [bsc#1212476] + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.XLOnsF/_old 2024-08-05 17:20:19.828801331 +0200 +++ /var/tmp/diff_new_pack.XLOnsF/_new 2024-08-05 17:20:19.828801331 +0200 @@ -743,6 +743,13 @@ install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/openvswitch.conf +%if %{suse_version} >= 1600 +%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/ovsdb/* +%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/* +%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/usdt/* +%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/ovsdb/* +%endif + %pre -f openvswitch.pre %if 0%{?suse_version} %service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-06-07 15:02:15 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.24587 (New) Package is "openvswitch" Fri Jun 7 15:02:15 2024 rev:75 rq:1178928 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-03-03 20:19:05.577334762 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.24587/openvswitch.changes 2024-06-07 15:02:25.841726701 +0200 @@ -1,0 +2,8 @@ +Tue Jun 4 09:48:39 UTC 2024 - Martin Jambor + +- GCC 14 started to advertise c_atomic extension, older versions + didn't do that. Add check for __clang__, so GCC doesn't include + headers designed for Clang + (openvswitch-2.17.8-gcc14-build-fix.patch) [boo#1225906] + +--- New: openvswitch-2.17.8-gcc14-build-fix.patch BETA DEBUG BEGIN: New: headers designed for Clang (openvswitch-2.17.8-gcc14-build-fix.patch) [boo#1225906] BETA DEBUG END: Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.6vJL30/_old 2024-06-07 15:02:27.149774353 +0200 +++ /var/tmp/diff_new_pack.6vJL30/_new 2024-06-07 15:02:27.153774499 +0200 @@ -83,6 +83,8 @@ Patch6: CVE-2023-5366.patch # Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW offload Patch7: openvswitch-CVE-2023-3966.patch +# boo#1225906: Restore build with gcc14 +Patch8: openvswitch-2.17.8-gcc14-build-fix.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -133,9 +135,9 @@ BuildRequires: python3-rpm-macros BuildRequires: systemd-units Requires(post): systemd-units -Requires(postun):systemd-units +Requires(postun): systemd-units Requires(pre): shadow-utils -Requires(preun):systemd-units +Requires(preun): systemd-units %endif # Needed by the testsuite %if %{with check} @@ -425,6 +427,7 @@ %patch -P 5 -p1 %patch -P 6 -p1 %patch -P 7 -p1 +%patch -P 8 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} ++ openvswitch-2.17.8-gcc14-build-fix.patch ++ >From 335a5deac3ff91448ca14651e92f39dfdd512fcf Mon Sep 17 00:00:00 2001 From: Ilya Maximets Date: Thu, 18 Jan 2024 15:59:05 +0100 Subject: [PATCH] ovs-atomic: Fix inclusion of Clang header by GCC 14. GCC 14 started to advertise c_atomic extension, older versions didn't do that. Add check for __clang__, so GCC doesn't include headers designed for Clang. Another option would be to prefer stdatomic implementation instead, but some older versions of Clang are not able to use stdatomic.h supplied by GCC as described in commit: 07ece367fb5f ("ovs-atomic: Prefer Clang intrinsics over .") This change fixes OVS build with GCC on Fedora Rawhide (40). Reported-by: Jakob Meng Acked-by: Jakob Meng Acked-by: Eelco Chaudron Acked-by: Simon Horman Signed-off-by: Ilya Maximets --- lib/ovs-atomic.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ovs-atomic.h b/lib/ovs-atomic.h index ab9ce6b2e0f..f140d25feba 100644 --- a/lib/ovs-atomic.h +++ b/lib/ovs-atomic.h @@ -328,7 +328,7 @@ #if __CHECKER__ /* sparse doesn't understand some GCC extensions we use. */ #include "ovs-atomic-pthreads.h" -#elif __has_extension(c_atomic) +#elif __clang__ && __has_extension(c_atomic) #include "ovs-atomic-clang.h" #elif HAVE_ATOMIC && __cplusplus >= 201103L #include "ovs-atomic-c++.h"
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-03-03 20:18:51 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1770 (New) Package is "openvswitch" Sun Mar 3 20:18:51 2024 rev:74 rq:1153975 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-02-27 22:43:40.808382517 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1770/openvswitch.changes 2024-03-03 20:19:05.577334762 +0100 @@ -1,0 +2,5 @@ +Mon Feb 26 12:38:17 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.Drdha8/_old 2024-03-03 20:19:08.101426076 +0100 +++ /var/tmp/diff_new_pack.Drdha8/_new 2024-03-03 20:19:08.101426076 +0100 @@ -417,19 +417,19 @@ %prep %setup -q -n %{name}-%{ovs_version} -a 1 -%patch0 -p1 -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 +%patch -P 0 -p1 +%patch -P 1 -p1 +%patch -P 2 -p1 +%patch -P 3 -p1 +%patch -P 4 -p1 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} -%patch20 -p1 -%patch21 -p1 +%patch -P 20 -p1 +%patch -P 21 -p1 %build mkdir %ovs_dir
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-02-27 22:43:34 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1770 (New) Package is "openvswitch" Tue Feb 27 22:43:34 2024 rev:73 rq:1150566 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-02-06 16:33:13.276159948 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1770/openvswitch.changes 2024-02-27 22:43:40.808382517 +0100 @@ -1,0 +2,7 @@ +Thu Feb 15 06:53:54 UTC 2024 - Duraisankar P + +- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in Geneve with HW offload +- Added patch, + +openvswitch-CVE-2023-3966.patch + +--- New: openvswitch-CVE-2023-3966.patch BETA DEBUG BEGIN: New:- Added patch, +openvswitch-CVE-2023-3966.patch BETA DEBUG END: Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.OiiWJv/_old 2024-02-27 22:43:41.576410359 +0100 +++ /var/tmp/diff_new_pack.OiiWJv/_new 2024-02-27 22:43:41.576410359 +0100 @@ -81,6 +81,8 @@ Patch5: CVE-2023-1668.patch # PATCH-FIX-UPSTREAM CVE-2023-5366.patch Patch6: CVE-2023-5366.patch +# Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW offload +Patch7: openvswitch-CVE-2023-3966.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -422,6 +424,7 @@ %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} ++ openvswitch-CVE-2023-3966.patch ++ --- openvswitch-3.1.0.orig/lib/netdev-offload-tc.c 2024-02-13 11:52:45.356063229 +0530 +++ openvswitch-3.1.0/lib/netdev-offload-tc.c 2024-02-13 12:09:48.472094452 +0530 @@ -1719,12 +1719,12 @@ test_key_and_mask(struct match *match) return 0; } -static void +static int flower_match_to_tun_opt(struct tc_flower *flower, const struct flow_tnl *tnl, struct flow_tnl *tnl_mask) { struct geneve_opt *opt, *opt_mask; -int len, cnt = 0; +int tot_opt_len, len, cnt = 0; /* 'flower' always has an exact match on tunnel metadata length, so having * it in a wrong format is not acceptable unless it is empty. */ @@ -1740,7 +1740,7 @@ flower_match_to_tun_opt(struct tc_flower memset(&tnl_mask->metadata.present.map, 0, sizeof tnl_mask->metadata.present.map); } -return; +return 0; } tnl_mask->flags &= ~FLOW_TNL_F_UDPIF; @@ -1754,7 +1754,7 @@ flower_match_to_tun_opt(struct tc_flower sizeof tnl_mask->metadata.present.len); if (!tnl->metadata.present.len) { -return; +return 0; } memcpy(flower->key.tunnel.metadata.opts.gnv, tnl->metadata.opts.gnv, @@ -1768,7 +1768,16 @@ flower_match_to_tun_opt(struct tc_flower * also not masks, but actual lengths in the 'flower' structure. */ len = flower->key.tunnel.metadata.present.len; while (len) { +if (len < sizeof *opt) { +return EOPNOTSUPP; +} + opt = &flower->key.tunnel.metadata.opts.gnv[cnt]; +tot_opt_len = sizeof *opt + opt->length * 4; +if (len < tot_opt_len) { +return EOPNOTSUPP; +} + opt_mask = &flower->mask.tunnel.metadata.opts.gnv[cnt]; opt_mask->length = opt->length; @@ -1776,6 +1785,7 @@ flower_match_to_tun_opt(struct tc_flower cnt += sizeof(struct geneve_opt) / 4 + opt->length; len -= sizeof(struct geneve_opt) + opt->length * 4; } +return 0; } static void @@ -2213,7 +2223,11 @@ netdev_tc_flow_put(struct netdev *netdev tnl_mask->flags &= ~(FLOW_TNL_F_DONT_FRAGMENT | FLOW_TNL_F_CSUM); if (!strcmp(netdev_get_type(netdev), "geneve")) { -flower_match_to_tun_opt(&flower, tnl, tnl_mask); +err = flower_match_to_tun_opt(&flower, tnl, tnl_mask); +if (err) { +VLOG_WARN_RL(&warn_rl, "Unable to parse geneve options"); +return err; +} } flower.tunnel = true; } else { --- openvswitch-3.1.0.orig/tests/system-offloads-traffic.at 2024-02-13 11:52:45.364063229 +0530 +++ openvswitch-3.1.0/tests/system-offloads-traffic.at 2024-02-13 12:21:58.880116742 +0530 @@ -742,3 +742,35 @@ recirc_id(),in_port(3),eth_type( OVS_TRAFFIC_VSWITCHD_STOP AT_CLEANUP +AT
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2024-02-06 16:33:01 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1815 (New) Package is "openvswitch" Tue Feb 6 16:33:01 2024 rev:72 rq:1144341 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-12-15 21:47:01.961609382 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1815/openvswitch.changes 2024-02-06 16:33:13.276159948 +0100 @@ -1,0 +2,7 @@ +Thu Feb 1 19:34:16 UTC 2024 - Duraisankar P + +- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage with ports trie +- Added patch, + * CVE-2023-5366.patch + +--- New: CVE-2023-5366.patch BETA DEBUG BEGIN: New:- Added patch, * CVE-2023-5366.patch BETA DEBUG END: Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.L3PYUj/_old 2024-02-06 16:33:13.876181791 +0100 +++ /var/tmp/diff_new_pack.L3PYUj/_new 2024-02-06 16:33:13.880181937 +0100 @@ -1,7 +1,7 @@ # # spec file for package openvswitch # -# Copyright (c) 2023 SUSE LLC +# Copyright (c) 2024 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -79,6 +79,8 @@ Patch4: install-ovsdb-tools.patch # PATCH-FIX-UPSTREAM CVE-2023-1668.patch Patch5: CVE-2023-1668.patch +# PATCH-FIX-UPSTREAM CVE-2023-5366.patch +Patch6: CVE-2023-5366.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -419,6 +421,7 @@ %patch3 -p1 %patch4 -p1 %patch5 -p1 +%patch6 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} ++ CVE-2023-5366.patch ++ commit 322c15598a483ba80d2ba3ced9a62f9e7a9a14a9 Author: Ilya Maximets Date: Fri Feb 17 21:09:59 2023 +0100 classifier: Fix missing masks on a final stage with ports trie. Flow lookup doesn't include masks of the final stage in a resulting flow wildcards in case that stage had L4 ports match. Only the result of ports trie lookup is added to the mask. It might be sufficient in many cases, but it's not correct, because ports trie is not how we decided that the packet didn't match in this subtable. In fact, we used a full subtable mask in order to determine that, so all the subtable mask bits has to be added. Ports trie can still be used to adjust ports' mask, but it is not sufficient to determine that the packet didn't match. Assuming we have following 2 OpenFlow rules on the bridge: table=0, priority=10,tcp,tp_dst=80,tcp_flags=+psh actions=drop table=0, priority=0 actions=output(1) The first high priority rule supposed to drop all the TCP data traffic sent on port 80. The handshake, however, is allowed for forwarding. Both 'tcp_flags' and 'tp_dst' are on the final stage in the flow. Since the stage mask from that stage is not incorporated into the flow wildcards and only ports mask is getting updated, we have the following megaflow for the SYN packet that has no match on 'tcp_flags': $ ovs-appctl ofproto/trace br0 "in_port=br0,tcp,tp_dst=80,tcp_flags=syn" Megaflow: recirc_id=0,eth,tcp,in_port=LOCAL,nw_frag=no,tp_dst=80 Datapath actions: 1 If this flow is getting installed into datapath flow table, all the packets for port 80, regardless of TCP flags, will be forwarded. Incorporating all the looked at bits from the final stage into the stages map in order to get all the necessary wildcards. Ports mask has to be updated as a last step, because it doesn't cover the full 64-bit slot in the flowmap. With this change, in the example above, OVS is producing correct flow wildcards including match on TCP flags: Megaflow: recirc_id=0,eth,tcp,in_port=LOCAL,nw_frag=no,tp_dst=80,tcp_flags=-psh Datapath actions: 1 This way only -psh packets will be forwarded, as expected. This issue affects all other fields on stage 4, not only TCP flags. Tests included to cover tcp_flags, nd_target and ct_tp_src/dst. First two are frequently used, ct ones are sharing the same flowmap slot with L4 ports, so important to test. Before the pre-computation of stage masks, flow wildcards were updated during lookup, so there was no issu
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-12-15 21:46:52 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.25432 (New) Package is "openvswitch" Fri Dec 15 21:46:52 2023 rev:71 rq:1133086 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-12-06 23:52:21.084353365 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.25432/openvswitch.changes 2023-12-15 21:47:01.961609382 +0100 @@ -1,0 +2,5 @@ +Thu Dec 14 11:55:19 UTC 2023 - Dirk Müller + +- convert to sysuser generated users + +--- New: openvswitch-user.conf Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.1foVru/_old 2023-12-15 21:47:03.049649151 +0100 +++ /var/tmp/diff_new_pack.1foVru/_new 2023-12-15 21:47:03.053649298 +0100 @@ -63,6 +63,7 @@ Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source1: https://github.com/ovn-org/ovn/archive/v%{ovn_version}.tar.gz#/ovn-%{ovn_version}.tar.gz Source2:preamble +Source10: openvswitch-user.conf Source89: Module.supported.updates Source99: openvswitch-rpmlintrc # OVS patches @@ -116,10 +117,12 @@ %if 0%{?suse_version} BuildRequires: libopenssl-devel BuildRequires: python-rpm-macros +BuildRequires: sysuser-tools Requires(post): %fillup_prereq Requires(pre): shadow Suggests: logrotate %{?systemd_ordering} +%sysusers_requires %else BuildRequires: environment-modules BuildRequires: openssl-devel @@ -507,6 +510,8 @@ PYTHON3=%{_bindir}/python3 \ LDFLAGS=-L../%{ovs_dir}/lib/.libs %make_build +popd +%sysusers_generate_pre %{SOURCE10} openvswitch openvswitch.conf %check %if %{with check} @@ -727,7 +732,9 @@ # Done with OVN additional files. popd -%pre +install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/openvswitch.conf + +%pre -f openvswitch.pre %if 0%{?suse_version} %service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service %endif @@ -736,17 +743,10 @@ # ownership of openvswitch.service from openvswitch-switch to # openvswitch. if [ x$(systemctl is-enabled openvswitch.service 2>/dev/null ||:) = "xenabled" ]; then -touch %{rpmstate}openvswitch +touch %{rpmstate}openvswitch || : fi fi -getent group openvswitch >/dev/null || groupadd -r openvswitch -getent passwd openvswitch >/dev/null || \ -useradd -r -g openvswitch -d / -s /sbin/nologin \ --c "Open vSwitch Daemons" openvswitch - -exit 0 - %pre ipsec %if 0%{?suse_version} %service_add_pre openvswitch-ipsec.service @@ -1171,6 +1171,7 @@ %{_fillupdir}/sysconfig.openvswitch %{_datadir}/bash-completion/completions/ovs-appctl-bashcomp.bash %{_datadir}/bash-completion/completions/ovs-vsctl-bashcomp.bash +%{_sysusersdir}/openvswitch.conf %else %config(noreplace) %{_sysconfdir}/sysconfig/openvswitch %{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash ++ openvswitch-user.conf ++ # Type Name ID GECOS [HOME] g openvswitch - - u openvswitch - "Open vSwitch Daemons" / /sbin/nologin
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-12-06 23:52:19 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.25432 (New) Package is "openvswitch" Wed Dec 6 23:52:19 2023 rev:70 rq:1130936 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-09-07 21:12:46.829389980 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.25432/openvswitch.changes 2023-12-06 23:52:21.084353365 +0100 @@ -1,0 +2,6 @@ +Mon Dec 4 15:52:33 UTC 2023 - Ana Guerrero + +- Add BuildRequires on python-setuptools. Previously this was pulled + by python-Sphinx in the build environment. + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.Rh8H0d/_old 2023-12-06 23:52:21.996386988 +0100 +++ /var/tmp/diff_new_pack.Rh8H0d/_new 2023-12-06 23:52:22.000387135 +0100 @@ -85,6 +85,7 @@ Patch21:CVE-2023-3152.patch # CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP BuildRequires: autoconf +BuildRequires: %{python_module setuptools} BuildRequires: automake BuildRequires: fdupes BuildRequires: graphviz
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-09-07 21:12:22 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1766 (New) Package is "openvswitch" Thu Sep 7 21:12:22 2023 rev:69 rq:1109539 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-05-19 11:54:54.599053210 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1766/openvswitch.changes 2023-09-07 21:12:46.829389980 +0200 @@ -1,0 +2,7 @@ +Thu Sep 7 07:55:29 UTC 2023 - Duraisankar P + +- Fix CVE-2023-3153 [bsc#1212125], VUL-0: CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited +- Added patch, + CVE-2023-3152.patch + +--- New: CVE-2023-3152.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.dauvuu/_old 2023-09-07 21:12:48.673455901 +0200 +++ /var/tmp/diff_new_pack.dauvuu/_new 2023-09-07 21:12:48.673455901 +0200 @@ -81,6 +81,8 @@ #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch +# PATCH-FIX-UPSTREAM CVE-2023-3152 [bsc#1212125] -- service monitor MAC flow is not rate limited +Patch21:CVE-2023-3152.patch # CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP BuildRequires: autoconf BuildRequires: automake @@ -417,6 +419,7 @@ rm python/ovs/dirs.py cd %{ovn_dir} %patch20 -p1 +%patch21 -p1 %build mkdir %ovs_dir ++ CVE-2023-3152.patch ++ commit 9a3f7ed905e525ebdcb14541e775211cbb0203bd Author: Ales Musil Date: Wed Jul 12 07:12:29 2023 +0200 northd, controller: Add CoPP for SVC monitor The SVC monitor was exposed without any limitation. Add CoPP for the SVC monitor flow, which adds a way for CMSs to limit the traffic that this flow accepts. Signed-off-by: Ales Musil diff --git a/lib/copp.c b/lib/copp.c index 603e3f5bf..11dd9029d 100644 --- a/lib/copp.c +++ b/lib/copp.c @@ -38,6 +38,7 @@ static char *copp_proto_names[COPP_PROTO_MAX] = { [COPP_ND_RA_OPTS]= "nd-ra-opts", [COPP_TCP_RESET] = "tcp-reset", [COPP_REJECT]= "reject", +[COPP_SVC_MONITOR] = "svc-monitor", [COPP_BFD] = "bfd", }; diff --git a/lib/copp.h b/lib/copp.h index f03004aa6..b99737220 100644 --- a/lib/copp.h +++ b/lib/copp.h @@ -37,6 +37,7 @@ enum copp_proto { COPP_TCP_RESET, COPP_BFD, COPP_REJECT, +COPP_SVC_MONITOR, COPP_PROTO_MAX, COPP_PROTO_INVALID = COPP_PROTO_MAX, }; diff --git a/northd/northd.c b/northd/northd.c index 7ad4cdfad..1e05b8f22 100644 --- a/northd/northd.c +++ b/northd/northd.c @@ -8876,9 +8876,11 @@ build_lswitch_destination_lookup_bmcast(struct ovn_datapath *od, { if (od->nbs) { -ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110, - "eth.dst == $svc_monitor_mac", - "handle_svc_check(inport);"); +ovn_lflow_metered(lflows, od, S_SWITCH_IN_L2_LKUP, 110, "eth.dst == " + "$svc_monitor_mac && (tcp || icmp || icmp6)", + "handle_svc_check(inport);", + copp_meter_get(COPP_SVC_MONITOR, od->nbs->copp, + meter_groups)); struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw; diff --git a/ovn-nb.xml b/ovn-nb.xml index 35acda107..59ac42dbd 100644 --- a/ovn-nb.xml +++ b/ovn-nb.xml @@ -466,6 +466,10 @@ Rate limiting meter for packets that trigger a reject action + + Rate limiting meter for packets that are arriving to service + monitor MAC address. + See External IDs at the beginning of this document. diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at index b8376991b..70350a781 100644 --- a/tests/ovn-northd.at +++ b/tests/ovn-northd.at @@ -3544,7 +3544,7 @@ AT_CHECK([ovn-sbctl list logical_flow | grep trigger_event -A 2 | grep -q meter0 # let's try to add an usupported protocol "dhcp" AT_CHECK([ovn-nbctl --wait=hv copp-add copp5 dhcp meter1],[1],[],[dnl -ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject. +ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve, dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp, nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reje
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-05-19 11:54:48 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1533 (New) Package is "openvswitch" Fri May 19 11:54:48 2023 rev:68 rq:1087788 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-05-04 17:09:26.399966397 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1533/openvswitch.changes 2023-05-19 11:54:54.599053210 +0200 @@ -1,0 +2,7 @@ +Wed May 17 09:46:44 UTC 2023 - Duraisankar P + +- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0 +- Added patch, + CVE-2023-1668.patch + +--- New: CVE-2023-1668.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.7d2nyr/_old 2023-05-19 11:54:55.319057331 +0200 +++ /var/tmp/diff_new_pack.7d2nyr/_new 2023-05-19 11:54:55.327057377 +0200 @@ -76,6 +76,8 @@ Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch # PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools required for building OVN Patch4: install-ovsdb-tools.patch +# PATCH-FIX-UPSTREAM CVE-2023-1668.patch +Patch5: CVE-2023-1668.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -410,6 +412,7 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +%patch5 -p1 # remove python/ovs/dirs.py - this is generated from template to have proper paths rm python/ovs/dirs.py cd %{ovn_dir} ++ CVE-2023-1668.patch ++ commit 9d840923d32124fe427de76e8234c49d64e4bb77 Author: Aaron Conole Date: Fri Mar 31 17:17:27 2023 -0400 ofproto-dpif-xlate: Always mask ip proto field. The ofproto layer currently treats nw_proto field as overloaded to mean both that a proper nw layer exists, as well as the value contained in the header for the nw proto. However, this is incorrect behavior as relevant standards permit that any value, including '0' should be treated as a valid value. Because of this overload, when the ofproto layer builds action list for a packet with nw_proto of 0, it won't build the complete action list that we expect to be built for the packet. That will cause a bad behavior where all packets passing the datapath will fall into an incomplete action set. The fix here is to unwildcard nw_proto, allowing us to preserve setting actions for protocols which we know have support for the actions we program. This means that a traffic which contains nw_proto == 0 cannot cause connectivity breakage with other traffic on the link. Reported-by: David Marchand Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2134873 Acked-by: Ilya Maximets Signed-off-by: Aaron Conole Signed-off-by: Ilya Maximets diff --git a/include/openvswitch/meta-flow.h b/include/openvswitch/meta-flow.h index 045dce8f5..3b0220aaa 100644 --- a/include/openvswitch/meta-flow.h +++ b/include/openvswitch/meta-flow.h @@ -2366,6 +2366,10 @@ void mf_format_subvalue(const union mf_subvalue *subvalue, struct ds *s); void field_array_set(enum mf_field_id id, const union mf_value *, struct field_array *); +/* Mask the required l3 prerequisites if a 'set' action occurs. */ +void mf_set_mask_l3_prereqs(const struct mf_field *, const struct flow *, +struct flow_wildcards *); + #ifdef __cplusplus } #endif diff --git a/lib/meta-flow.c b/lib/meta-flow.c index c576ae620..474344194 100644 --- a/lib/meta-flow.c +++ b/lib/meta-flow.c @@ -3676,3 +3676,28 @@ mf_bitmap_not(struct mf_bitmap x) bitmap_not(x.bm, MFF_N_IDS); return x; } + +void +mf_set_mask_l3_prereqs(const struct mf_field *mf, const struct flow *fl, + struct flow_wildcards *wc) +{ +if (is_ip_any(fl) && +((mf->id == MFF_IPV4_SRC) || + (mf->id == MFF_IPV4_DST) || + (mf->id == MFF_IPV6_SRC) || + (mf->id == MFF_IPV6_DST) || + (mf->id == MFF_IPV6_LABEL) || + (mf->id == MFF_IP_DSCP) || + (mf->id == MFF_IP_ECN) || + (mf->id == MFF_IP_TTL))) { +WC_MASK_FIELD(wc, nw_proto); +} else if ((fl->dl_type == htons(ETH_TYPE_ARP)) && + ((mf->id == MFF_ARP_OP) || +(mf->id == MFF_ARP_SHA) || +(mf->id == MFF_ARP_THA) || +(mf->id == MFF_ARP_SPA) || +(mf
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-05-04 17:09:21 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1533 (New) Package is "openvswitch" Thu May 4 17:09:21 2023 rev:67 rq:1084458 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-04-14 13:12:35.371396203 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1533/openvswitch.changes 2023-05-04 17:09:26.399966397 +0200 @@ -1,0 +2,6 @@ +Tue May 2 07:48:43 UTC 2023 - Dominique Leuenberger + +- Remove python/ovs/dirs.py prior to building: have this + re-generated based on the shipped template (boo#1210479). + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.jMG75T/_old 2023-05-04 17:09:27.071970331 +0200 +++ /var/tmp/diff_new_pack.jMG75T/_new 2023-05-04 17:09:27.079970378 +0200 @@ -410,6 +410,8 @@ %patch2 -p1 %patch3 -p1 %patch4 -p1 +# remove python/ovs/dirs.py - this is generated from template to have proper paths +rm python/ovs/dirs.py cd %{ovn_dir} %patch20 -p1
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-04-14 13:12:27 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.19717 (New) Package is "openvswitch" Fri Apr 14 13:12:27 2023 rev:66 rq:1079120 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-10-10 18:43:18.754707229 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.19717/openvswitch.changes 2023-04-14 13:12:35.371396203 +0200 @@ -1,0 +2,67 @@ +Wed Apr 5 21:14:59 UTC 2023 - Duraisankar P + +- Update OVS version to v3.1.0 and OVN version to v23.03.0 + Some of the features are, + - ovs-vswitchd now detects changes in CPU affinity and adjusts the number + of handler and revalidator threads if necessary. + - AF_XDP: + * Added support for building with libxdp and libbpf >= 0.7. + * Support for AF_XDP is now enabled by default if all dependencies are + available at the build time. Use --disable-afxdp to disable. + Use --enable-afxdp to fail the build if dependencies are not present. + - ovs-appctl: + * "ovs-appctl ofproto/trace" command can now display port names with the + "--names" option. + - OVSDB-IDL: + * Add the support to specify the persistent uuid for row insert in both + C and Python IDLs. + - Windows: + * Conntrack IPv6 fragment support. + - DPDK: + * Add support for DPDK 22.11.1. + - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes + 10 Gbps link speed by default in case the actual link speed cannot be + determined. Previously it was 10 Mbps. Values can still be overridden + by specifying 'max-rate' or '[r]stp-path-cost' accordingly. + - OpenFlow: + * New OpenFlow extension NXT_CT_FLUSH to flush connections matching + the specified fields. + - ovs-ctl: + * New option '--dump-hugepages' to include hugepages in core dumps. This + can assist with postmortem analysis involving DPDK, but may also produce + significantly larger core dump files. + - ovs-dpctl and 'ovs-appctl dpctl/' commands: + * 'flush-conntrack' is now capable of handling partial 5-tuple, +with additional optional parameter to specify the reply direction. + - ovs-ofctl: + * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial + 5-tuple) for both directions. + - Support for travis-ci.org based continuous integration builds has been + dropped. + - Userspace datapath: + * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show + the pmd usage of an Rx queue over a configurable time period. + * Add new experimental PMD load based sleeping feature. PMD threads can + request to sleep up to a user configured 'pmd-maxsleep' value under + low load conditions. + -For more details, check + https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS + -Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) + - Removed patches, + * 0001-Replace-deprecated-var-run-with-run.patch + * 0001-openvswitch-merge-compiler.h-files-into-one-file.patch + * openvswitch-CVE-2021-36980.patch + * 0002-build-Seperated-common-used-headers.patch + * a77ad9693c8b49055389559187fe74eddb619746.patch + * 0001-m4-Test-avx512-for-x86-only.patch + * openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch + - Renamed and rebased patches, + * 0001-Don-t-change-permissions-of-dev-hugepages.patch + * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch + * 0001-Run-ovn-as-openvswitch-openvswitch.patch + * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch + * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch + - Added ovsb tool install patch, + * install-ovsdb-tools.patch + +--- Old: 0001-m4-Test-avx512-for-x86-only.patch 0001-openvswitch-merge-compiler.h-files-into-one-file.patch 0002-build-Seperated-common-used-headers.patch Don-t-change-permissions-of-dev-hugepages.patch Run-openvswitch-as-openvswitch-openvswitch.patch Use-double-hash-for-OVS_USER_ID-comment.patch Use-strongswan-for-openvswitch-ipsec-service.patch a77ad9693c8b49055389559187fe74eddb619746.patch openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch openvswitch-2.17.2.tar.gz New: 0001-Don-t-change-permissions-of-dev-hugepages.patch 0001-Run-openvswitch-as-openvswitch-openvswitch.patch 0001-Run-ovn-as-openvswitch-openvswitch.patch 0001-Use-double-hash-for-OVS_USER_ID-comment.patch 0001-Use-strongswan-for-openvswitch-ipsec-service.patch openvswitch-3.1.0.tar.gz ovn-23.0
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-10-10 18:43:14 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.2275 (New) Package is "openvswitch" Mon Oct 10 18:43:14 2022 rev:65 rq:1008394 version:2.17.2 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-10-01 17:42:57.741648951 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.2275/openvswitch.changes 2022-10-10 18:43:18.754707229 +0200 @@ -5,0 +6 @@ +- add 0001-m4-Test-avx512-for-x86-only.patch New: 0001-m4-Test-avx512-for-x86-only.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.5YKY3b/_old 2022-10-10 18:43:20.330710621 +0200 +++ /var/tmp/diff_new_pack.5YKY3b/_new 2022-10-10 18:43:20.334710630 +0200 @@ -62,6 +62,7 @@ Patch6: 0002-build-Seperated-common-used-headers.patch Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch Patch8: a77ad9693c8b49055389559187fe74eddb619746.patch +Patch9: 0001-m4-Test-avx512-for-x86-only.patch # Python subpackage BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} ++ 0001-m4-Test-avx512-for-x86-only.patch ++ >From edf699ec6404da3612b58aab85d7da12f0dc9733 Mon Sep 17 00:00:00 2001 From: Cheng Li Date: Fri, 16 Sep 2022 09:56:18 + Subject: [PATCH] m4: Test avx512 for x86 only. 'as' command of arm version may don't support option '--64', this patch is to move the avx512 test into x86 branch to avoid this. Fixes: 352b6c7116cd ("dpif-lookup: add avx512 gather implementation.") Tested-by: Harry van Haaren Signed-off-by: Cheng Li Signed-off-by: Ilya Maximets --- m4/openvswitch.m4 | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4 index 21808483e..09134feca 100644 --- a/m4/openvswitch.m4 +++ b/m4/openvswitch.m4 @@ -436,8 +436,8 @@ AC_DEFUN([OVS_CHECK_BINUTILS_AVX512], mkdir -p build-aux OBJFILE=build-aux/binutils_avx512_check.o GATHER_PARAMS='0x8(,%ymm1,1),%ymm0{%k2}' - echo "vpgatherqq $GATHER_PARAMS" | as --64 -o $OBJFILE - if ($CC -dumpmachine | grep x86_64) >/dev/null 2>&1; then + echo "vpgatherqq $GATHER_PARAMS" | as --64 -o $OBJFILE - if (objdump -d --no-show-raw-insn $OBJFILE | grep -q $GATHER_PARAMS) >/dev/null 2>&1; then ovs_cv_binutils_avx512_good=yes else @@ -446,11 +446,11 @@ AC_DEFUN([OVS_CHECK_BINUTILS_AVX512], dnl and causing zmm usage with buggy binutils versions. CFLAGS="$CFLAGS -mno-avx512f" fi + rm $OBJFILE else dnl non x86_64 architectures don't have avx512, so not affected ovs_cv_binutils_avx512_good=no fi]) - rm $OBJFILE if test "$ovs_cv_binutils_avx512_good" = yes; then AC_DEFINE([HAVE_LD_AVX512_GOOD], [1], [Define to 1 if binutils correctly supports AVX512.]) -- 2.37.3
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-10-01 17:42:46 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.2275 (New) Package is "openvswitch" Sat Oct 1 17:42:46 2022 rev:64 rq:1006932 version:2.17.2 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-09-14 13:44:31.245824561 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.2275/openvswitch.changes 2022-10-01 17:42:57.741648951 +0200 @@ -1,0 +2,6 @@ +Thu Sep 29 11:58:47 UTC 2022 - Dirk M??ller + +- add a77ad9693c8b49055389559187fe74eddb619746.patch to avoid + the cpu detection code being compiled with AVX512 enabled + +--- New: a77ad9693c8b49055389559187fe74eddb619746.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.3M9c0C/_old 2022-10-01 17:42:59.493652137 +0200 +++ /var/tmp/diff_new_pack.3M9c0C/_new 2022-10-01 17:42:59.497652144 +0200 @@ -61,6 +61,7 @@ Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch Patch6: 0002-build-Seperated-common-used-headers.patch Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch +Patch8: a77ad9693c8b49055389559187fe74eddb619746.patch # Python subpackage BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} ++ a77ad9693c8b49055389559187fe74eddb619746.patch ++ >From a77ad9693c8b49055389559187fe74eddb619746 Mon Sep 17 00:00:00 2001 From: David Marchand Date: Wed, 29 Jun 2022 09:32:24 +0200 Subject: [PATCH] dpif-netdev: Refactor AVX512 runtime checks. As described in the bugzilla below, cpu_has_isa code may be compiled with some AVX512 instructions in it, because cpu.c is built as part of the libopenvswitchavx512. This is a problem when this function (supposed to probe for AVX512 instructions availability) is invoked from generic OVS code, on older CPUs that don't support them. For the same reason, dpcls_subtable_avx512_gather_probe, dp_netdev_input_outer_avx512_probe, mfex_avx512_probe and mfex_avx512_vbmi_probe are potential runtime bombs and can't either be built as part of libopenvswitchavx512. Move cpu.c to be part of the "normal" libopenvswitch. And move other helpers in generic OVS code. Note: - dpcls_subtable_avx512_gather_probe is split in two, because it also needs to do its own magic, - while moving those helpers, prefer direct calls to cpu_has_isa and avoid cast to intermediate integer variables when a simple boolean is enough, Fixes: 352b6c7116cd ("dpif-lookup: add avx512 gather implementation.") Fixes: abb807e27dd4 ("dpif-netdev: Add command to switch dpif implementation.") Fixes: 250ceddcc2d0 ("dpif-netdev/mfex: Add AVX512 based optimized miniflow extract") Fixes: b366fa2f4947 ("dpif-netdev: Call cpuid for x86 isa availability.") Reported-at: https://bugzilla.redhat.com/2100393 Reported-by: Ales Musil Co-authored-by: Ales Musil Signed-off-by: Ales Musil Signed-off-by: David Marchand Acked-by: Sunil Pai G Acked-by: Ales Musil Signed-off-by: Ilya Maximets --- lib/automake.mk| 4 +-- lib/dpif-netdev-avx512.c | 14 - lib/dpif-netdev-extract-avx512.c | 43 -- lib/dpif-netdev-lookup-avx512-gather.c | 12 ++- lib/dpif-netdev-lookup.c | 15 + lib/dpif-netdev-lookup.h | 3 +- lib/dpif-netdev-private-dpif.c | 14 + lib/dpif-netdev-private-dpif.h | 5 +-- lib/dpif-netdev-private-extract.c | 38 +++ lib/dpif-netdev-private-extract.h | 4 +-- 10 files changed, 75 insertions(+), 77 deletions(-) Index: openvswitch-2.17.2/lib/automake.mk === --- openvswitch-2.17.2.orig/lib/automake.mk +++ openvswitch-2.17.2/lib/automake.mk @@ -38,8 +38,6 @@ lib_libopenvswitchavx512_la_CFLAGS = \ -fPIC \ $(AM_CFLAGS) lib_libopenvswitchavx512_la_SOURCES = \ - lib/cpu.c \ - lib/cpu.h \ lib/dpif-netdev-lookup-avx512-gather.c \ lib/dpif-netdev-extract-avx512.c \ lib/dpif-netdev-avx512.c @@ -89,6 +87,8 @@ lib_libopenvswitch_la_SOURCES = \ lib/conntrack.h \ lib/coverage.c \ lib/coverage.h \ + lib/cpu.c \ + lib/cpu.h \ lib/crc32c.c \ lib/crc32c.h \ lib/csum.c \ Index: openvswitch-2.17.2/lib/dpif-netdev-avx512.c === --- openvswitch-2.17.2.orig/lib/dpif-netdev-avx512.
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-09-14 13:44:30 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.2083 (New) Package is "openvswitch" Wed Sep 14 13:44:30 2022 rev:63 rq:1003119 version:2.17.2 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-08-10 17:13:30.797741395 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.2083/openvswitch.changes 2022-09-14 13:44:31.245824561 +0200 @@ -1,0 +2,6 @@ +Mon Sep 12 19:55:30 UTC 2022 - Andreas Stieger + +- fix tests with GNU grep 3.8 boo#1203239 + add openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch + +--- New: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.1a3WCV/_old 2022-09-14 13:44:31.897826203 +0200 +++ /var/tmp/diff_new_pack.1a3WCV/_new 2022-09-14 13:44:31.901826213 +0200 @@ -60,6 +60,7 @@ Patch4: install-ovsdb-tools.patch Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch Patch6: 0002-build-Seperated-common-used-headers.patch +Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch # Python subpackage BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} ++ openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch ++ >From 28fec7e88f0faf877a1da4fcfb4b629211fff84c Mon Sep 17 00:00:00 2001 From: Andreas Stieger Date: Mon, 12 Sep 2022 21:38:46 +0200 Subject: [PATCH] Fix tests with GNU grep 3.8 GNU grep 3.8 started to emit warnings when invoking egrep/fgrep. In some cases this breaks tests that check stderr. Replace the commands with their grep -E and grep -F counterparts throughout. Signed-off-by: Andreas Stieger Reported-at: https://bugzilla.opensuse.org/show_bug.cgi?id=1203239 https://github.com/openvswitch/ovs/pull/395 https://bugzilla.opensuse.org/show_bug.cgi?id=1203239 --- tests/ofproto-dpif.at| 12 +-- tests/ovs-macros.at | 2 +- tests/ovs-ofctl.at | 6 +- tests/system-dpdk-macros.at | 2 +- tests/system-dpdk.at | 48 - tests/system-offloads-traffic.at | 4 +- tests/system-traffic.at | 162 +++ tests/tunnel-push-pop.at | 6 +- 8 files changed, 121 insertions(+), 121 deletions(-) Index: openvswitch-2.17.2/tests/ofproto-dpif.at === --- openvswitch-2.17.2.orig/tests/ofproto-dpif.at +++ openvswitch-2.17.2/tests/ofproto-dpif.at @@ -126,7 +126,7 @@ dnl bring the primary back and verify th dnl primary. ovs-appctl netdev-dummy/set-admin-state p1 down ovs-appctl time/warp 100 -OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | fgrep 'member p1: disabled'`"]) +OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | grep -F 'member p1: disabled'`"]) ovs-appctl netdev-dummy/set-admin-state p1 up ovs-appctl time/warp 100 OVS_WAIT_UNTIL_EQUAL([ovs-appctl bond/show | STRIP_RECIRC_ID | STRIP_ACTIVE_MEMBER_MAC], [dnl @@ -157,7 +157,7 @@ dnl Now delete the primary and verify th dnl primary is no longer an member ovs-vsctl --id=@p1 get Interface p1 -- remove Port bond0 interfaces @p1 ovs-appctl time/warp 100 -OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | fgrep 'active-backup primary: p1 (no such member)'`"]) +OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | grep -F 'active-backup primary: p1 (no such member)'`"]) dnl Now re-add the primary and verify that the output shows that the dnl primary is available again. @@ -336,9 +336,9 @@ ovs-appctl time/warp 100 AT_CHECK([ovs-appctl dpif/dump-flows br1 > br1_flows.txt]) # Make sure there is resonable distribution to all three ports. # We don't want to make this check precise, in case hash function changes. -AT_CHECK([test `egrep 'in_port\(4\)' br1_flows.txt |wc -l` -gt 3]) -AT_CHECK([test `egrep 'in_port\(5\)' br1_flows.txt |wc -l` -gt 3]) -AT_CHECK([test `egrep 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3]) +AT_CHECK([test `grep -E 'in_port\(4\)' br1_flows.txt |wc -l` -gt 3]) +AT_CHECK([test `grep -E 'in_port\(5\)' br1_flows.txt |wc -l` -gt 3]) +AT_CHECK([test `grep -E 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3]) OVS_VSWITCHD_STOP AT_CLEANUP @@ -5464,7 +5464,7 @@ ovs-vsctl \ flow="in_port=1" AT_CHECK([ovs-appctl ofproto/trace br0 "$flow"], [0], [stdout]) -AT_CHECK([tail -1 stdout | egrep "trunc\(200\),2,trunc\(300\),3,100|trunc\(300\),3,trunc\(200\),2,100"], [0], [stdout]) +AT_CHECK([tail -1 stdout | grep -E
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-08-10 17:13:02 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1521 (New) Package is "openvswitch" Wed Aug 10 17:13:02 2022 rev:62 rq:993959 version:2.17.2 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-05-14 22:59:06.191511417 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1521/openvswitch.changes 2022-08-10 17:13:30.797741395 +0200 @@ -1,0 +2,23 @@ +Wed Aug 3 11:11:36 UTC 2022 - Dirk M??ller + +- update to 2.17.2: + - Bug fixes + - DPDK: +* OVS validated with DPDK 21.11.1. It is recommended to use this version + until further releases. + - Bug fixes + - libopenvswitch API change: +* To fix the Undefined Behavior issue causing the compiler to incorrectly + optimize important parts of code, container iteration macros (e.g., + LIST_FOR_EACH) have been re-implemented in a UB-safe way. +* Backwards compatibility has mostly been preserved, however the + user-provided pointer is now set to NULL after the loop (unless it + exited via "break;") +* Users of libopenvswitch will need to double-check the use of such loop + macros before compiling with a new version. +* Since the change is limited to the definitions within the headers, the + ABI is not affected. +- refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch + 0002-build-Seperated-common-used-headers.patch + +--- Old: openvswitch-2.17.0.tar.gz New: openvswitch-2.17.2.tar.gz Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.XLrhtM/_old 2022-08-10 17:13:31.665743661 +0200 +++ /var/tmp/diff_new_pack.XLrhtM/_new 2022-08-10 17:13:31.669743671 +0200 @@ -35,7 +35,7 @@ %bcond_with kmp %define lname libopenvswitch-2_17-0 Name: openvswitch -Version:2.17.0 +Version:2.17.2 Release:0 Summary:A multilayer virtual network switch # All code is Apache-2.0 except @@ -43,8 +43,8 @@ # - utilities/bugtool which is LGPL-2.1 License:Apache-2.0 AND LGPL-2.1-only AND SISSL Group: Productivity/Networking/System -URL:http://openvswitch.org/ -Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz +URL:https://www.openvswitch.org/ +Source0: https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz Source2:preamble Source89: Module.supported.updates Source99: openvswitch-rpmlintrc ++ 0001-openvswitch-merge-compiler.h-files-into-one-file.patch ++ 1138 lines (skipped) between /work/SRC/openSUSE:Factory/openvswitch/0001-openvswitch-merge-compiler.h-files-into-one-file.patch and /work/SRC/openSUSE:Factory/.openvswitch.new.1521/0001-openvswitch-merge-compiler.h-files-into-one-file.patch ++ 0002-build-Seperated-common-used-headers.patch ++ 42143 lines (skipped) between /work/SRC/openSUSE:Factory/openvswitch/0002-build-Seperated-common-used-headers.patch and /work/SRC/openSUSE:Factory/.openvswitch.new.1521/0002-build-Seperated-common-used-headers.patch ++ openvswitch-2.17.0.tar.gz -> openvswitch-2.17.2.tar.gz ++ /work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.17.0.tar.gz /work/SRC/openSUSE:Factory/.openvswitch.new.1521/openvswitch-2.17.2.tar.gz differ: char 5, line 1
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-05-14 22:57:14 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1538 (New) Package is "openvswitch" Sat May 14 22:57:14 2022 rev:61 rq:977255 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-04-26 20:18:08.248787470 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1538/openvswitch.changes 2022-05-14 22:59:06.191511417 +0200 @@ -1,0 +2,5 @@ +Fri May 13 15:52:24 UTC 2022 - Dominique Leuenberger + +- Allow dpdk version 21.11. + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.Hq4QuP/_old 2022-05-14 22:59:06.743512107 +0200 +++ /var/tmp/diff_new_pack.Hq4QuP/_new 2022-05-14 22:59:06.747512112 +0200 @@ -107,7 +107,7 @@ # We need to be a bit strict with the dpdk version since # it's very possible for DPDK to change it's API between # releases. -BuildRequires: dpdk-devel <= 21.11 +BuildRequires: dpdk-devel <= 21.12 BuildRequires: dpdk-devel >= 20.11.0 BuildRequires: libmnl-devel BuildRequires: libnuma-devel
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-04-26 20:16:20 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1538 (New) Package is "openvswitch" Tue Apr 26 20:16:20 2022 rev:60 rq:972941 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-04-11 23:49:50.662659187 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1538/openvswitch.changes 2022-04-26 20:18:08.248787470 +0200 @@ -1,0 +2,6 @@ +Fri Apr 22 20:42:31 UTC 2022 - Ferdinand Thiessen + +- Python package: Do not use C json parser on 32bit as large numbers + will overflow. + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.v66pvV/_old 2022-04-26 20:18:08.848788196 +0200 +++ /var/tmp/diff_new_pack.v66pvV/_new 2022-04-26 20:18:08.848788196 +0200 @@ -402,6 +402,10 @@ %python_build %python_install popd +# Currently (version 2.17) the c parser for json is broken on 32bit (int overflow for number parsing) +%ifarch i386 i586 i686 +%python_expand rm -v %{buildroot}%{$python_sitearch}/ovs/_json*.so +%endif %python_expand %fdupes %{buildroot}%{$python_sitearch}
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-04-11 23:48:08 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1900 (New) Package is "openvswitch" Mon Apr 11 23:48:08 2022 rev:59 rq:967690 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-03-14 19:37:49.598181076 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1900/openvswitch.changes 2022-04-11 23:49:50.662659187 +0200 @@ -1,0 +2,27 @@ +Sun Apr 3 13:12:28 UTC 2022 - Ferdinand Thiessen + +- Mention openvswitch-rpmlintrc as Source in spec file + +--- +Mon Mar 14 13:55:07 UTC 2022 - Ferdinand Thiessen + +- Fix installation of files shared with OVN (required for building + OVN without openvswitch sources), remove custom installation + of internal headers from SPEC-install section and use patches + (for upstreaming) instead. + * install-ovsdb-tools.patch + * Added 0001-openvswitch-merge-compiler.h-files-into-one-file.patch + * Added 0002-build-Seperated-common-used-headers.patch +- Enabled check section / running testsuite by default to validate + build result. There must no problems with the testsuite anymore as + upstream runs it by CI and checked before release of a new version. +- Renamed 0001-Don-t-change-permissions-of-dev-hugepages.patch to + Don-t-change-permissions-of-dev-hugepages.patch +- Renamed 0001-Run-openvswitch-as-openvswitch-openvswitch.patch to + Run-openvswitch-as-openvswitch-openvswitch.patch +- Renamed 0001-Use-double-hash-for-OVS_USER_ID-comment.patch to + Use-double-hash-for-OVS_USER_ID-comment.patch +- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch to + Use-strongswan-for-openvswitch-ipsec-service.patch + +--- Old: 0001-Don-t-change-permissions-of-dev-hugepages.patch 0001-Run-openvswitch-as-openvswitch-openvswitch.patch 0001-Use-double-hash-for-OVS_USER_ID-comment.patch 0001-Use-strongswan-for-openvswitch-ipsec-service.patch New: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch 0002-build-Seperated-common-used-headers.patch Don-t-change-permissions-of-dev-hugepages.patch Run-openvswitch-as-openvswitch-openvswitch.patch Use-double-hash-for-OVS_USER_ID-comment.patch Use-strongswan-for-openvswitch-ipsec-service.patch openvswitch-rpmlintrc Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.5CqUkO/_old 2022-04-11 23:49:51.434650380 +0200 +++ /var/tmp/diff_new_pack.5CqUkO/_new 2022-04-11 23:49:51.438650334 +0200 @@ -30,8 +30,7 @@ %bcond_with dpdk %endif # The testsuite is somewhat fragile for continuous testing in OBS -# but keep it here as an option -%bcond_with check +%bcond_without check # Disable building the external kernel datapath by default %bcond_with kmp %define lname libopenvswitch-2_17-0 @@ -48,30 +47,35 @@ Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source2:preamble Source89: Module.supported.updates +Source99: openvswitch-rpmlintrc # PATCH-FIX-OPENSUSE: Use-strongswan-for-openvswitch-ipsec-service.patch -Patch0: 0001-Use-strongswan-for-openvswitch-ipsec-service.patch -# PATCH-FIX-OPENSUSE: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch -Patch1: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch -# PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch -Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch -# PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch -Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch +Patch0: Use-strongswan-for-openvswitch-ipsec-service.patch +# PATCH-FIX-OPENSUSE: Run-openvswitch-as-openvswitch-openvswitch.patch +Patch1: Run-openvswitch-as-openvswitch-openvswitch.patch +# PATCH-FIX-OPENSUSE: Don-t-change-permissions-of-dev-hugepages.patch +Patch2: Don-t-change-permissions-of-dev-hugepages.patch +# PATCH-FIX-OPENSUSE: Use-double-hash-for-OVS_USER_ID-comment.patch +Patch3: Use-double-hash-for-OVS_USER_ID-comment.patch # PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools required for building OVN Patch4: install-ovsdb-tools.patch +Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch +Patch6: 0002-build-Seperated-common-used-headers.patch +# Python subpackage +BuildRequires: %{python_module devel} BuildRequires: %{python_module setuptools} +BuildRequires: pyt
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-03-14 19:35:44 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.25692 (New) Package is "openvswitch" Mon Mar 14 19:35:44 2022 rev:58 rq:961646 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-03-07 17:47:36.371108319 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.25692/openvswitch.changes 2022-03-14 19:37:49.598181076 +0100 @@ -1,0 +2,6 @@ +Fri Mar 11 11:33:18 UTC 2022 - Ferdinand Thiessen + +- Fix OVS location for python bindings (dirs.py), boo#1196978 + Make sure dirs.py is freshly generated + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.vBshsc/_old 2022-03-14 19:37:50.146181733 +0100 +++ /var/tmp/diff_new_pack.vBshsc/_new 2022-03-14 19:37:50.150181737 +0100 @@ -389,25 +389,26 @@ rm %{buildroot}%{_docdir}/%{name}/automake.mk rm %{buildroot}%{_docdir}/%{name}/conf.py -# Tests +# Python subpackage +# Install python tests package mkdir -p %{buildroot}%{python3_sitelib} cp -a %{buildroot}%{_datadir}/openvswitch/python/ovstest \ %{buildroot}%{python3_sitelib} - -# Python subpackage -# Some build files are in sources while others are generated directly on -# buildroot as part of make_install (dirs.py). Copy them first. -pushd python -cp -an %{buildroot}%{_datadir}/openvswitch/python/* . +# Remove non standard location python package rm -rf %{buildroot}%{_datadir}/openvswitch/python - +# Install python package, some files are generated by make install +# make sure dirs.py is freshly generated +rm -f python/ovs/dirs.py +make python/ovs/dirs.py +pushd python export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}" export CPPFLAGS="-I ../../include" - %python_build %python_install popd +%python_expand %fdupes %{buildroot}%{$python_sitearch} + %pre %service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service ovs-delete-transient-ports.service if [ "$1" -ge 1 ]; then
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-03-07 17:47:26 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1958 (New) Package is "openvswitch" Mon Mar 7 17:47:26 2022 rev:57 rq:959873 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-05-10 15:42:06.528915237 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1958/openvswitch.changes 2022-03-07 17:47:36.371108319 +0100 @@ -1,0 +2,105 @@ +Mon Mar 7 12:04:30 UTC 2022 - Dirk M??ller + +- fix python3 requires (bsc#1196758) + +--- +Sun Feb 27 19:24:57 UTC 2022 - Ferdinand Thiessen + +- Added install-ovsdb-tools.patch to install ovsdb tools required + for building OVN + +--- +Sat Feb 26 22:11:06 UTC 2022 - Ferdinand Thiessen + +- Enable multiple python3 flavor subpackages on Tumbleweed / Factory + +--- +Sat Feb 26 00:56:03 UTC 2022 - Ferdinand Thiessen + +- Update OVS to version 2.17.0 + * Userspace datapath: +* Optimized flow lookups for datapath flows with simple match criteria. +* New per-interface configuration knob 'other_config:tx-steering'. +* Removed experimental tag for PMD Auto Load Balance. +* New configuration knob 'other_config:n-offload-threads' to change the + number of HW offloading threads. + * DPDK: +* EAL argument --socket-mem is no longer configured by default upon + start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified, + DPDK defaults will be used. +* EAL argument --socket-limit no longer takes on the value of --socket-mem + by default. 'other_config:dpdk-socket-limit' can be set equal to + the 'other_config:dpdk-socket-mem' to preserve the legacy memory + limiting behavior. +* EAL argument --in-memory is applied by default if supported. +* Add support for DPDK 21.11. +* Forbid use of DPDK multiprocess feature. +* Add support for running threads on cores >= RTE_MAX_LCORE. + * Python: For SSL support, the use of the pyOpenSSL library has + been replaced with the native 'ssl' module. + * OVSDB: +* Python library for OVSDB clients now also supports faster + resynchronization with a clustered database after a brief disconnection, + i.e. 'monitor_cond_since' monitoring method. +* Major improvement in the performance of the OVSDB server. + * OpenFlow: +* Default selection method for select groups with up to 256 buckets is + now dp_hash. Previously this was limited to 64 buckets. This change + is mainly for the benefit of OVN load balancing configurations. +* Encap & Decap action support for MPLS packet type. +- Update OVS to version 2.16.0 + * Fix CVE-2021-36980 (boo#1188524) +openvswitch 2.11.0 through 2.15.0 has a use-after-free in +decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode) +during the decoding of a RAW_ENCAP action + * Removed support for 1024-bit Diffie-Hellman key exchange + * Rate limiting configuration now supports setting packet-per-second +limits in addition to the previously configurable byte rate settings. + * OVSDB: +* Introduced new database service model - "relay". +* New command line options --record/--replay for ovsdb-server and + ovsdb-client to record and replay all the incoming transactions, + monitors, etc. +* The Python Idl class now has a cooperative_yield() method + * In ovs-vsctl and vtep-ctl, the "find" command now accept new +operators {in} and {not-in}. + * Various Userspace datapath improvements + * ovs-ctl: +* New option '--no-record-hostname' to disable hostname configuration + in ovsdb on startup. +* New command 'record-hostname-if-not-set' to update hostname in ovsdb. + * ovs-appctl: Added ability to add and delete static mac entries using: +'ovs-appctl fdb/add' +'ovs-appctl fdb/del ' + * Linux datapath: +* ovs-vswitchd will configure the kernel module using per-cpu dispatch + mode (if available). This changes the way upcalls are delivered to + user space in order to resolve a number of issues with per-vport dispatch. +* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return + the current dispatch mode for each datapath. +- Update OVS to version 2.15.0 + * OVSDB: + * Changed format in which ovsdb transactions are stored in + database files. Now each transaction contains diff of data + instead of the whole new value of a column. + * New unixctl command 'o
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2021-05-10 15:39:20 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.2988 (New) Package is "openvswitch" Mon May 10 15:39:20 2021 rev:56 rq:892002 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-05-01 00:46:43.299445870 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.2988/openvswitch.changes 2021-05-10 15:42:06.528915237 +0200 @@ -1,0 +2,5 @@ +Mon May 10 10:28:32 UTC 2021 - Dirk M??ller + +- add openssl(cli) dependency on pki (bsc#1185839) + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.68MARl/_old 2021-05-10 15:42:07.072913110 +0200 +++ /var/tmp/diff_new_pack.68MARl/_new 2021-05-10 15:42:07.076913094 +0200 @@ -114,9 +114,9 @@ BuildRequires: python3-sphinx BuildRequires: systemd-units Requires(post): systemd-units -Requires(postun): systemd-units +Requires(postun):systemd-units Requires(pre): shadow-utils -Requires(preun): systemd-units +Requires(preun):systemd-units %endif # Needed by the testsuite %if %{with check} @@ -190,6 +190,7 @@ License:Apache-2.0 Group: Productivity/Networking/System Requires: %{name} = %{version} +Requires: openssl(cli) Provides: %{name}-dpdk-pki = %{version} Obsoletes: %{name}-dpdk-pki < 2.7.0 @@ -259,6 +260,7 @@ performance and connectivity issues in Open vSwitch setup. # OVN preambles from now on, overwrites Version and URL + %package -n ovn Version:%{ovn_version} Release:0
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2021-05-01 00:46:38 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1947 (New) Package is "openvswitch" Sat May 1 00:46:38 2021 rev:55 rq:889415 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-02-15 23:19:40.363698026 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1947/openvswitch.changes 2021-05-01 00:46:43.299445870 +0200 @@ -1,0 +2,6 @@ +Thu Apr 29 16:05:49 UTC 2021 - Jaime Caama??o Ruiz + +- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177). + * 0001-Replace-deprecated-var-run-with-run.patch + +--- New: 0001-Replace-deprecated-var-run-with-run.patch Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.p9h8aa/_old 2021-05-01 00:46:44.075442413 +0200 +++ /var/tmp/diff_new_pack.p9h8aa/_new 2021-05-01 00:46:44.075442413 +0200 @@ -68,6 +68,8 @@ Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch # PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch +# PATCH-FIX-OPENSUSE: 0001-Replace-deprecated-var-run-with-run.patch +Patch4: 0001-Replace-deprecated-var-run-with-run.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -395,6 +397,7 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 +%patch4 -p1 cd %{ovn_dir} %patch20 -p1 ++ 0001-Replace-deprecated-var-run-with-run.patch ++ >From 89ddd0707175de0f56b605a45afd9926cb80826f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= Date: Thu, 29 Apr 2021 18:00:12 +0200 Subject: [PATCH] Replace deprecated /var/run with /run --- rhel/etc_logrotate.d_openvswitch| 4 ++-- rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +- ...sr_lib_systemd_system_ovs-delete-transient-ports.service | 2 +- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 6 +++--- rhel/usr_lib_systemd_system_ovsdb-server.service| 4 ++-- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch index eaf1fd5bf..fa6303873 100644 --- a/rhel/etc_logrotate.d_openvswitch +++ b/rhel/etc_logrotate.d_openvswitch @@ -13,8 +13,8 @@ missingok postrotate # Tell Open vSwitch daemons to reopen their log files -if [ -d /var/run/openvswitch ]; then -for ctl in /var/run/openvswitch/*.ctl; do +if [ -d /run/openvswitch ]; then +for ctl in /run/openvswitch/*.ctl; do ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || : done fi diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service index 3c4a40138..ec86874cb 100644 --- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service +++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service @@ -5,7 +5,7 @@ After=openvswitch.service [Service] Type=forking -PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid +PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \ --ike-daemon=strongswan start-ovs-ipsec ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec diff --git a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service index 4cd4d7f57..d4d7b204b 100644 --- a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service +++ b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service @@ -2,7 +2,7 @@ Description=Open vSwitch Delete Transient Ports After=ovsdb-server.service Before=ovs-vswitchd.service -AssertPathExists=/var/run/openvswitch/db.sock +AssertPathExists=/run/openvswitch/db.sock [Service] Type=oneshot diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in index 08355d950..71c49dc59 100644 --- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in +++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in @@ -4,14 +4,14 @@ After=ovsdb-server.service network-pre.target systemd-udev-settle.service Before=network.target network.service Requires=ovsdb-server.service ReloadPropagatedFrom=ovsdb-server.service -AssertPathIsReadWrite=/var/run/openvswitch/db.sock +AssertPathIsReadWrite=/run/openv
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2021-02-15 23:17:11 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.28504 (New) Package is "openvswitch" Mon Feb 15 23:17:11 2021 rev:54 rq:871483 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2020-11-04 18:31:19.468289753 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.28504/openvswitch.changes 2021-02-15 23:19:40.363698026 +0100 @@ -1,0 +2,11 @@ +Fri Feb 12 10:36:03 UTC 2021 - Jaime Caama??o Ruiz + +- Update openvswitch to 2.14.2. For a list of changes, check + https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS + Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498 + (bsc#1181742). +- Removed patches no longer applying to code base: + * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch + * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch + +--- Old: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch openvswitch-2.14.0.tar.gz New: openvswitch-2.14.2.tar.gz Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.Om9qyB/_old 2021-02-15 23:19:40.979698945 +0100 +++ /var/tmp/diff_new_pack.Om9qyB/_new 2021-02-15 23:19:40.983698952 +0100 @@ -1,7 +1,7 @@ # # spec file for package openvswitch # -# Copyright (c) 2020 SUSE LLC +# Copyright (c) 2021 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -19,7 +19,7 @@ %define ovs_lname libopenvswitch-2_14-0 %define ovn_lname libovn-20_06-0 -%define ovs_version 2.14.0 +%define ovs_version 2.14.2 %define ovn_version 20.06.2 %define ovs_dir ovs-%{ovs_version} %define ovn_dir ovn-%{ovn_version} @@ -66,12 +66,8 @@ Patch1: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch # PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch -# PATCH-FIX-UPSTREAM: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch -Patch3: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch # PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch -Patch4: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch -# PATCH-FIX-UPSTREAM: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch -Patch5: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch +Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch #OVN patches # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch @@ -399,8 +395,6 @@ %patch1 -p1 %patch2 -p1 %patch3 -p1 -%patch4 -p1 -%patch5 -p1 cd %{ovn_dir} %patch20 -p1 ++ openvswitch-2.14.0.tar.gz -> openvswitch-2.14.2.tar.gz ++ /work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.14.0.tar.gz /work/SRC/openSUSE:Factory/.openvswitch.new.28504/openvswitch-2.14.2.tar.gz differ: char 5, line 1