commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-09-04 13:22:02
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.10096 (New)
Package is "openvswitch"
Wed Sep 4 13:22:02 2024 rev:77 rq:1198352 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-08-05
17:20:18.920764091 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.10096/openvswitch.changes
2024-09-04 13:22:04.115350737 +0200
@@ -1,0 +2,16 @@
+Wed Aug 28 05:18:36 UTC 2024 - Duraisankar P
+
+- Update openvswitch to 3.3.1. For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/v3.3.1/NEWS
+- Update OVN to 24.03.3. For a list of changes, check
+ https://github.com/ovn-org/ovn/blob/v24.03.3/NEWS
+- Drop upstream fixed patches,
+* CVE-2023-1668.patch
+* CVE-2023-3152.patch
+* CVE-2023-5366.patch
+* openvswitch-2.17.8-gcc14-build-fix.patch
+* openvswitch-CVE-2023-3966.patch
+- Updated the patch for version v3.3.1
+* install-ovsdb-tools.patch
+
+---
Old:
CVE-2023-1668.patch
CVE-2023-3152.patch
CVE-2023-5366.patch
openvswitch-2.17.8-gcc14-build-fix.patch
openvswitch-3.1.0.tar.gz
openvswitch-CVE-2023-3966.patch
ovn-23.03.0.tar.gz
New:
openvswitch-3.3.1.tar.gz
ovn-24.03.3.tar.gz
BETA DEBUG BEGIN:
Old:- Drop upstream fixed patches,
* CVE-2023-1668.patch
* CVE-2023-3152.patch
Old:* CVE-2023-1668.patch
* CVE-2023-3152.patch
* CVE-2023-5366.patch
Old:* CVE-2023-3152.patch
* CVE-2023-5366.patch
* openvswitch-2.17.8-gcc14-build-fix.patch
Old:* CVE-2023-5366.patch
* openvswitch-2.17.8-gcc14-build-fix.patch
* openvswitch-CVE-2023-3966.patch
Old:* openvswitch-2.17.8-gcc14-build-fix.patch
* openvswitch-CVE-2023-3966.patch
- Updated the patch for version v3.3.1
BETA DEBUG END:
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.tn6iGI/_old 2024-09-04 13:22:07.027472592 +0200
+++ /var/tmp/diff_new_pack.tn6iGI/_new 2024-09-04 13:22:07.043473261 +0200
@@ -18,14 +18,14 @@
%define skip_python2 1
-%define ovs_lname libopenvswitch-3_1-0
-%define ovn_lname libovn-23_03-0
-%define ovs_version 3.1.0
-%define ovn_version 23.03.0
+%define ovs_lname libopenvswitch-3_3-0
+%define ovn_lname libovn-24_03-0
+%define ovs_version 3.3.1
+%define ovn_version 24.03.3
%define ovs_dir ovs-%{ovs_version}
%define ovn_dir ovn-%{ovn_version}
%define rpmstate %{_rundir}/openvswitch-rpm-state-
-%define _dpdkv 22.11.1
+%define _dpdkv 23.11.1
%define name_tag ${nil}
#Compat macro for new _fillupdir macro introduced in Nov 2017
%if ! %{defined _fillupdir}
@@ -77,20 +77,9 @@
Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
# PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools
required for building OVN
Patch4: install-ovsdb-tools.patch
-# PATCH-FIX-UPSTREAM CVE-2023-1668.patch
-Patch5: CVE-2023-1668.patch
-# PATCH-FIX-UPSTREAM CVE-2023-5366.patch
-Patch6: CVE-2023-5366.patch
-# Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW
offload
-Patch7: openvswitch-CVE-2023-3966.patch
-# boo#1225906: Restore build with gcc14
-Patch8: openvswitch-2.17.8-gcc14-build-fix.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
-# PATCH-FIX-UPSTREAM CVE-2023-3152 [bsc#1212125] -- service monitor MAC flow
is not rate limited
-Patch21:CVE-2023-3152.patch
-# CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP
BuildRequires: autoconf
BuildRequires: %{python_module setuptools}
BuildRequires: automake
@@ -183,7 +172,7 @@
Group: System/Libraries
%if %{with dpdk}
Requires: dpdk >= %{_dpdkv}
-Requires: libdpdk-23 >= %{_dpdkv}
+Requires: libdpdk-24 >= %{_dpdkv}
%endif
%description -n %{ovs_lname}
@@ -424,15 +413,10 @@
%patch -P 2 -p1
%patch -P 3 -p1
%patch -P 4 -p1
-%patch -P 5 -p1
-%patch -P 6 -p1
-%patch -P 7 -p1
-%patch -P 8 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
%patch -P 20 -p1
-%patch -P 21 -p1
%build
mkdir %ovs_dir
@@ -1285,6 +1269,7 @@
%{_bindir}/ovn-appctl
%{_bindir}/ovn-ic-nbctl
%{_bindir}/ovn-ic-sbctl
+%{_bindir}/ovn-debug
%dir %{_datadir}/ovn
%dir %{_datadir}/ovn/scripts
%{_datadir}/ovn/scripts/ovn-ctl
@@ -1307,6 +1292,7 @@
%{_mandir}/man8/ovn-nbctl.8%{?ext_ma
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-08-05 17:20:17
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.7232 (New)
Package is "openvswitch"
Mon Aug 5 17:20:17 2024 rev:76 rq:1191002 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-06-07
15:02:25.841726701 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.7232/openvswitch.changes
2024-08-05 17:20:18.920764091 +0200
@@ -1,0 +2,6 @@
+Tue Jul 30 13:50:21 UTC 2024 - pgaj...@suse.com
+
+- remove dependency on /usr/bin/python3 using
+ %python3_fix_shebang_path macro, [bsc#1212476]
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.XLOnsF/_old 2024-08-05 17:20:19.828801331 +0200
+++ /var/tmp/diff_new_pack.XLOnsF/_new 2024-08-05 17:20:19.828801331 +0200
@@ -743,6 +743,13 @@
install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/openvswitch.conf
+%if %{suse_version} >= 1600
+%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/ovsdb/*
+%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/*
+%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/usdt/*
+%python3_fix_shebang_path %{buildroot}%{_datadir}/%{name}/scripts/ovsdb/*
+%endif
+
%pre -f openvswitch.pre
%if 0%{?suse_version}
%service_add_pre ovsdb-server.service ovs-vswitchd.service
openvswitch.service ovs-delete-transient-ports.service
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-06-07 15:02:15
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.24587 (New)
Package is "openvswitch"
Fri Jun 7 15:02:15 2024 rev:75 rq:1178928 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-03-03
20:19:05.577334762 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.24587/openvswitch.changes
2024-06-07 15:02:25.841726701 +0200
@@ -1,0 +2,8 @@
+Tue Jun 4 09:48:39 UTC 2024 - Martin Jambor
+
+- GCC 14 started to advertise c_atomic extension, older versions
+ didn't do that. Add check for __clang__, so GCC doesn't include
+ headers designed for Clang
+ (openvswitch-2.17.8-gcc14-build-fix.patch) [boo#1225906]
+
+---
New:
openvswitch-2.17.8-gcc14-build-fix.patch
BETA DEBUG BEGIN:
New: headers designed for Clang
(openvswitch-2.17.8-gcc14-build-fix.patch) [boo#1225906]
BETA DEBUG END:
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.6vJL30/_old 2024-06-07 15:02:27.149774353 +0200
+++ /var/tmp/diff_new_pack.6vJL30/_new 2024-06-07 15:02:27.153774499 +0200
@@ -83,6 +83,8 @@
Patch6: CVE-2023-5366.patch
# Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW
offload
Patch7: openvswitch-CVE-2023-3966.patch
+# boo#1225906: Restore build with gcc14
+Patch8: openvswitch-2.17.8-gcc14-build-fix.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -133,9 +135,9 @@
BuildRequires: python3-rpm-macros
BuildRequires: systemd-units
Requires(post): systemd-units
-Requires(postun):systemd-units
+Requires(postun): systemd-units
Requires(pre): shadow-utils
-Requires(preun):systemd-units
+Requires(preun): systemd-units
%endif
# Needed by the testsuite
%if %{with check}
@@ -425,6 +427,7 @@
%patch -P 5 -p1
%patch -P 6 -p1
%patch -P 7 -p1
+%patch -P 8 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
++ openvswitch-2.17.8-gcc14-build-fix.patch ++
>From 335a5deac3ff91448ca14651e92f39dfdd512fcf Mon Sep 17 00:00:00 2001
From: Ilya Maximets
Date: Thu, 18 Jan 2024 15:59:05 +0100
Subject: [PATCH] ovs-atomic: Fix inclusion of Clang header by GCC 14.
GCC 14 started to advertise c_atomic extension, older versions didn't
do that. Add check for __clang__, so GCC doesn't include headers
designed for Clang.
Another option would be to prefer stdatomic implementation instead,
but some older versions of Clang are not able to use stdatomic.h
supplied by GCC as described in commit:
07ece367fb5f ("ovs-atomic: Prefer Clang intrinsics over .")
This change fixes OVS build with GCC on Fedora Rawhide (40).
Reported-by: Jakob Meng
Acked-by: Jakob Meng
Acked-by: Eelco Chaudron
Acked-by: Simon Horman
Signed-off-by: Ilya Maximets
---
lib/ovs-atomic.h | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/ovs-atomic.h b/lib/ovs-atomic.h
index ab9ce6b2e0f..f140d25feba 100644
--- a/lib/ovs-atomic.h
+++ b/lib/ovs-atomic.h
@@ -328,7 +328,7 @@
#if __CHECKER__
/* sparse doesn't understand some GCC extensions we use. */
#include "ovs-atomic-pthreads.h"
-#elif __has_extension(c_atomic)
+#elif __clang__ && __has_extension(c_atomic)
#include "ovs-atomic-clang.h"
#elif HAVE_ATOMIC && __cplusplus >= 201103L
#include "ovs-atomic-c++.h"
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-03-03 20:18:51
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1770 (New)
Package is "openvswitch"
Sun Mar 3 20:18:51 2024 rev:74 rq:1153975 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-02-27
22:43:40.808382517 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1770/openvswitch.changes
2024-03-03 20:19:05.577334762 +0100
@@ -1,0 +2,5 @@
+Mon Feb 26 12:38:17 UTC 2024 - Dominique Leuenberger
+
+- Use %patch -P N instead of deprecated %patchN.
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.Drdha8/_old 2024-03-03 20:19:08.101426076 +0100
+++ /var/tmp/diff_new_pack.Drdha8/_new 2024-03-03 20:19:08.101426076 +0100
@@ -417,19 +417,19 @@
%prep
%setup -q -n %{name}-%{ovs_version} -a 1
-%patch0 -p1
-%patch1 -p1
-%patch2 -p1
-%patch3 -p1
-%patch4 -p1
-%patch5 -p1
-%patch6 -p1
-%patch7 -p1
+%patch -P 0 -p1
+%patch -P 1 -p1
+%patch -P 2 -p1
+%patch -P 3 -p1
+%patch -P 4 -p1
+%patch -P 5 -p1
+%patch -P 6 -p1
+%patch -P 7 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
-%patch20 -p1
-%patch21 -p1
+%patch -P 20 -p1
+%patch -P 21 -p1
%build
mkdir %ovs_dir
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-02-27 22:43:34
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1770 (New)
Package is "openvswitch"
Tue Feb 27 22:43:34 2024 rev:73 rq:1150566 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2024-02-06
16:33:13.276159948 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1770/openvswitch.changes
2024-02-27 22:43:40.808382517 +0100
@@ -1,0 +2,7 @@
+Thu Feb 15 06:53:54 UTC 2024 - Duraisankar P
+
+- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in
Geneve with HW offload
+- Added patch,
+ +openvswitch-CVE-2023-3966.patch
+
+---
New:
openvswitch-CVE-2023-3966.patch
BETA DEBUG BEGIN:
New:- Added patch,
+openvswitch-CVE-2023-3966.patch
BETA DEBUG END:
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.OiiWJv/_old 2024-02-27 22:43:41.576410359 +0100
+++ /var/tmp/diff_new_pack.OiiWJv/_new 2024-02-27 22:43:41.576410359 +0100
@@ -81,6 +81,8 @@
Patch5: CVE-2023-1668.patch
# PATCH-FIX-UPSTREAM CVE-2023-5366.patch
Patch6: CVE-2023-5366.patch
+# Fix CVE-2023-3966 [bsc#1219465] -- Invalid memory access in Geneve with HW
offload
+Patch7: openvswitch-CVE-2023-3966.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -422,6 +424,7 @@
%patch4 -p1
%patch5 -p1
%patch6 -p1
+%patch7 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
++ openvswitch-CVE-2023-3966.patch ++
--- openvswitch-3.1.0.orig/lib/netdev-offload-tc.c 2024-02-13
11:52:45.356063229 +0530
+++ openvswitch-3.1.0/lib/netdev-offload-tc.c 2024-02-13 12:09:48.472094452
+0530
@@ -1719,12 +1719,12 @@ test_key_and_mask(struct match *match)
return 0;
}
-static void
+static int
flower_match_to_tun_opt(struct tc_flower *flower, const struct flow_tnl *tnl,
struct flow_tnl *tnl_mask)
{
struct geneve_opt *opt, *opt_mask;
-int len, cnt = 0;
+int tot_opt_len, len, cnt = 0;
/* 'flower' always has an exact match on tunnel metadata length, so having
* it in a wrong format is not acceptable unless it is empty. */
@@ -1740,7 +1740,7 @@ flower_match_to_tun_opt(struct tc_flower
memset(&tnl_mask->metadata.present.map, 0,
sizeof tnl_mask->metadata.present.map);
}
-return;
+return 0;
}
tnl_mask->flags &= ~FLOW_TNL_F_UDPIF;
@@ -1754,7 +1754,7 @@ flower_match_to_tun_opt(struct tc_flower
sizeof tnl_mask->metadata.present.len);
if (!tnl->metadata.present.len) {
-return;
+return 0;
}
memcpy(flower->key.tunnel.metadata.opts.gnv, tnl->metadata.opts.gnv,
@@ -1768,7 +1768,16 @@ flower_match_to_tun_opt(struct tc_flower
* also not masks, but actual lengths in the 'flower' structure. */
len = flower->key.tunnel.metadata.present.len;
while (len) {
+if (len < sizeof *opt) {
+return EOPNOTSUPP;
+}
+
opt = &flower->key.tunnel.metadata.opts.gnv[cnt];
+tot_opt_len = sizeof *opt + opt->length * 4;
+if (len < tot_opt_len) {
+return EOPNOTSUPP;
+}
+
opt_mask = &flower->mask.tunnel.metadata.opts.gnv[cnt];
opt_mask->length = opt->length;
@@ -1776,6 +1785,7 @@ flower_match_to_tun_opt(struct tc_flower
cnt += sizeof(struct geneve_opt) / 4 + opt->length;
len -= sizeof(struct geneve_opt) + opt->length * 4;
}
+return 0;
}
static void
@@ -2213,7 +2223,11 @@ netdev_tc_flow_put(struct netdev *netdev
tnl_mask->flags &= ~(FLOW_TNL_F_DONT_FRAGMENT | FLOW_TNL_F_CSUM);
if (!strcmp(netdev_get_type(netdev), "geneve")) {
-flower_match_to_tun_opt(&flower, tnl, tnl_mask);
+err = flower_match_to_tun_opt(&flower, tnl, tnl_mask);
+if (err) {
+VLOG_WARN_RL(&warn_rl, "Unable to parse geneve options");
+return err;
+}
}
flower.tunnel = true;
} else {
--- openvswitch-3.1.0.orig/tests/system-offloads-traffic.at 2024-02-13
11:52:45.364063229 +0530
+++ openvswitch-3.1.0/tests/system-offloads-traffic.at 2024-02-13
12:21:58.880116742 +0530
@@ -742,3 +742,35 @@ recirc_id(),in_port(3),eth_type(
OVS_TRAFFIC_VSWITCHD_STOP
AT_CLEANUP
+AT
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2024-02-06 16:33:01
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1815 (New)
Package is "openvswitch"
Tue Feb 6 16:33:01 2024 rev:72 rq:1144341 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-12-15
21:47:01.961609382 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1815/openvswitch.changes
2024-02-06 16:33:13.276159948 +0100
@@ -1,0 +2,7 @@
+Thu Feb 1 19:34:16 UTC 2024 - Duraisankar P
+
+- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage
with ports trie
+- Added patch,
+ * CVE-2023-5366.patch
+
+---
New:
CVE-2023-5366.patch
BETA DEBUG BEGIN:
New:- Added patch,
* CVE-2023-5366.patch
BETA DEBUG END:
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.L3PYUj/_old 2024-02-06 16:33:13.876181791 +0100
+++ /var/tmp/diff_new_pack.L3PYUj/_new 2024-02-06 16:33:13.880181937 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvswitch
#
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -79,6 +79,8 @@
Patch4: install-ovsdb-tools.patch
# PATCH-FIX-UPSTREAM CVE-2023-1668.patch
Patch5: CVE-2023-1668.patch
+# PATCH-FIX-UPSTREAM CVE-2023-5366.patch
+Patch6: CVE-2023-5366.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -419,6 +421,7 @@
%patch3 -p1
%patch4 -p1
%patch5 -p1
+%patch6 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
++ CVE-2023-5366.patch ++
commit 322c15598a483ba80d2ba3ced9a62f9e7a9a14a9
Author: Ilya Maximets
Date: Fri Feb 17 21:09:59 2023 +0100
classifier: Fix missing masks on a final stage with ports trie.
Flow lookup doesn't include masks of the final stage in a resulting
flow wildcards in case that stage had L4 ports match. Only the result
of ports trie lookup is added to the mask. It might be sufficient in
many cases, but it's not correct, because ports trie is not how we
decided that the packet didn't match in this subtable. In fact, we
used a full subtable mask in order to determine that, so all the
subtable mask bits has to be added.
Ports trie can still be used to adjust ports' mask, but it is not
sufficient to determine that the packet didn't match.
Assuming we have following 2 OpenFlow rules on the bridge:
table=0, priority=10,tcp,tp_dst=80,tcp_flags=+psh actions=drop
table=0, priority=0 actions=output(1)
The first high priority rule supposed to drop all the TCP data traffic
sent on port 80. The handshake, however, is allowed for forwarding.
Both 'tcp_flags' and 'tp_dst' are on the final stage in the flow.
Since the stage mask from that stage is not incorporated into the flow
wildcards and only ports mask is getting updated, we have the following
megaflow for the SYN packet that has no match on 'tcp_flags':
$ ovs-appctl ofproto/trace br0 "in_port=br0,tcp,tp_dst=80,tcp_flags=syn"
Megaflow: recirc_id=0,eth,tcp,in_port=LOCAL,nw_frag=no,tp_dst=80
Datapath actions: 1
If this flow is getting installed into datapath flow table, all the
packets for port 80, regardless of TCP flags, will be forwarded.
Incorporating all the looked at bits from the final stage into the
stages map in order to get all the necessary wildcards. Ports mask
has to be updated as a last step, because it doesn't cover the full
64-bit slot in the flowmap.
With this change, in the example above, OVS is producing correct
flow wildcards including match on TCP flags:
Megaflow:
recirc_id=0,eth,tcp,in_port=LOCAL,nw_frag=no,tp_dst=80,tcp_flags=-psh
Datapath actions: 1
This way only -psh packets will be forwarded, as expected.
This issue affects all other fields on stage 4, not only TCP flags.
Tests included to cover tcp_flags, nd_target and ct_tp_src/dst.
First two are frequently used, ct ones are sharing the same flowmap
slot with L4 ports, so important to test.
Before the pre-computation of stage masks, flow wildcards were updated
during lookup, so there was no issu
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2023-12-15 21:46:52
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.25432 (New)
Package is "openvswitch"
Fri Dec 15 21:46:52 2023 rev:71 rq:1133086 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-12-06
23:52:21.084353365 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.25432/openvswitch.changes
2023-12-15 21:47:01.961609382 +0100
@@ -1,0 +2,5 @@
+Thu Dec 14 11:55:19 UTC 2023 - Dirk Müller
+
+- convert to sysuser generated users
+
+---
New:
openvswitch-user.conf
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.1foVru/_old 2023-12-15 21:47:03.049649151 +0100
+++ /var/tmp/diff_new_pack.1foVru/_new 2023-12-15 21:47:03.053649298 +0100
@@ -63,6 +63,7 @@
Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source1:
https://github.com/ovn-org/ovn/archive/v%{ovn_version}.tar.gz#/ovn-%{ovn_version}.tar.gz
Source2:preamble
+Source10: openvswitch-user.conf
Source89: Module.supported.updates
Source99: openvswitch-rpmlintrc
# OVS patches
@@ -116,10 +117,12 @@
%if 0%{?suse_version}
BuildRequires: libopenssl-devel
BuildRequires: python-rpm-macros
+BuildRequires: sysuser-tools
Requires(post): %fillup_prereq
Requires(pre): shadow
Suggests: logrotate
%{?systemd_ordering}
+%sysusers_requires
%else
BuildRequires: environment-modules
BuildRequires: openssl-devel
@@ -507,6 +510,8 @@
PYTHON3=%{_bindir}/python3 \
LDFLAGS=-L../%{ovs_dir}/lib/.libs
%make_build
+popd
+%sysusers_generate_pre %{SOURCE10} openvswitch openvswitch.conf
%check
%if %{with check}
@@ -727,7 +732,9 @@
# Done with OVN additional files.
popd
-%pre
+install -D -m 0644 %{SOURCE10} %{buildroot}%{_sysusersdir}/openvswitch.conf
+
+%pre -f openvswitch.pre
%if 0%{?suse_version}
%service_add_pre ovsdb-server.service ovs-vswitchd.service
openvswitch.service ovs-delete-transient-ports.service
%endif
@@ -736,17 +743,10 @@
# ownership of openvswitch.service from openvswitch-switch to
# openvswitch.
if [ x$(systemctl is-enabled openvswitch.service 2>/dev/null ||:) =
"xenabled" ]; then
-touch %{rpmstate}openvswitch
+touch %{rpmstate}openvswitch || :
fi
fi
-getent group openvswitch >/dev/null || groupadd -r openvswitch
-getent passwd openvswitch >/dev/null || \
-useradd -r -g openvswitch -d / -s /sbin/nologin \
--c "Open vSwitch Daemons" openvswitch
-
-exit 0
-
%pre ipsec
%if 0%{?suse_version}
%service_add_pre openvswitch-ipsec.service
@@ -1171,6 +1171,7 @@
%{_fillupdir}/sysconfig.openvswitch
%{_datadir}/bash-completion/completions/ovs-appctl-bashcomp.bash
%{_datadir}/bash-completion/completions/ovs-vsctl-bashcomp.bash
+%{_sysusersdir}/openvswitch.conf
%else
%config(noreplace) %{_sysconfdir}/sysconfig/openvswitch
%{_sysconfdir}/bash_completion.d/ovs-appctl-bashcomp.bash
++ openvswitch-user.conf ++
# Type Name ID GECOS [HOME]
g openvswitch - -
u openvswitch - "Open vSwitch Daemons" / /sbin/nologin
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2023-12-06 23:52:19
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.25432 (New)
Package is "openvswitch"
Wed Dec 6 23:52:19 2023 rev:70 rq:1130936 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-09-07
21:12:46.829389980 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.25432/openvswitch.changes
2023-12-06 23:52:21.084353365 +0100
@@ -1,0 +2,6 @@
+Mon Dec 4 15:52:33 UTC 2023 - Ana Guerrero
+
+- Add BuildRequires on python-setuptools. Previously this was pulled
+ by python-Sphinx in the build environment.
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.Rh8H0d/_old 2023-12-06 23:52:21.996386988 +0100
+++ /var/tmp/diff_new_pack.Rh8H0d/_new 2023-12-06 23:52:22.000387135 +0100
@@ -85,6 +85,7 @@
Patch21:CVE-2023-3152.patch
# CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP
BuildRequires: autoconf
+BuildRequires: %{python_module setuptools}
BuildRequires: automake
BuildRequires: fdupes
BuildRequires: graphviz
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2023-09-07 21:12:22
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1766 (New)
Package is "openvswitch"
Thu Sep 7 21:12:22 2023 rev:69 rq:1109539 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-05-19
11:54:54.599053210 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1766/openvswitch.changes
2023-09-07 21:12:46.829389980 +0200
@@ -1,0 +2,7 @@
+Thu Sep 7 07:55:29 UTC 2023 - Duraisankar P
+
+- Fix CVE-2023-3153 [bsc#1212125], VUL-0: CVE-2023-3153:
openvswitch,openvswitch3: service monitor MAC flow is not rate limited
+- Added patch,
+ CVE-2023-3152.patch
+
+---
New:
CVE-2023-3152.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.dauvuu/_old 2023-09-07 21:12:48.673455901 +0200
+++ /var/tmp/diff_new_pack.dauvuu/_new 2023-09-07 21:12:48.673455901 +0200
@@ -81,6 +81,8 @@
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
+# PATCH-FIX-UPSTREAM CVE-2023-3152 [bsc#1212125] -- service monitor MAC flow
is not rate limited
+Patch21:CVE-2023-3152.patch
# CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP
BuildRequires: autoconf
BuildRequires: automake
@@ -417,6 +419,7 @@
rm python/ovs/dirs.py
cd %{ovn_dir}
%patch20 -p1
+%patch21 -p1
%build
mkdir %ovs_dir
++ CVE-2023-3152.patch ++
commit 9a3f7ed905e525ebdcb14541e775211cbb0203bd
Author: Ales Musil
Date: Wed Jul 12 07:12:29 2023 +0200
northd, controller: Add CoPP for SVC monitor
The SVC monitor was exposed without any limitation.
Add CoPP for the SVC monitor flow, which adds a way
for CMSs to limit the traffic that this flow accepts.
Signed-off-by: Ales Musil
diff --git a/lib/copp.c b/lib/copp.c
index 603e3f5bf..11dd9029d 100644
--- a/lib/copp.c
+++ b/lib/copp.c
@@ -38,6 +38,7 @@ static char *copp_proto_names[COPP_PROTO_MAX] = {
[COPP_ND_RA_OPTS]= "nd-ra-opts",
[COPP_TCP_RESET] = "tcp-reset",
[COPP_REJECT]= "reject",
+[COPP_SVC_MONITOR] = "svc-monitor",
[COPP_BFD] = "bfd",
};
diff --git a/lib/copp.h b/lib/copp.h
index f03004aa6..b99737220 100644
--- a/lib/copp.h
+++ b/lib/copp.h
@@ -37,6 +37,7 @@ enum copp_proto {
COPP_TCP_RESET,
COPP_BFD,
COPP_REJECT,
+COPP_SVC_MONITOR,
COPP_PROTO_MAX,
COPP_PROTO_INVALID = COPP_PROTO_MAX,
};
diff --git a/northd/northd.c b/northd/northd.c
index 7ad4cdfad..1e05b8f22 100644
--- a/northd/northd.c
+++ b/northd/northd.c
@@ -8876,9 +8876,11 @@ build_lswitch_destination_lookup_bmcast(struct
ovn_datapath *od,
{
if (od->nbs) {
-ovn_lflow_add(lflows, od, S_SWITCH_IN_L2_LKUP, 110,
- "eth.dst == $svc_monitor_mac",
- "handle_svc_check(inport);");
+ovn_lflow_metered(lflows, od, S_SWITCH_IN_L2_LKUP, 110, "eth.dst == "
+ "$svc_monitor_mac && (tcp || icmp || icmp6)",
+ "handle_svc_check(inport);",
+ copp_meter_get(COPP_SVC_MONITOR, od->nbs->copp,
+ meter_groups));
struct mcast_switch_info *mcast_sw_info = &od->mcast_info.sw;
diff --git a/ovn-nb.xml b/ovn-nb.xml
index 35acda107..59ac42dbd 100644
--- a/ovn-nb.xml
+++ b/ovn-nb.xml
@@ -466,6 +466,10 @@
Rate limiting meter for packets that trigger a reject action
+
+ Rate limiting meter for packets that are arriving to service
+ monitor MAC address.
+
See External IDs at the beginning of this document.
diff --git a/tests/ovn-northd.at b/tests/ovn-northd.at
index b8376991b..70350a781 100644
--- a/tests/ovn-northd.at
+++ b/tests/ovn-northd.at
@@ -3544,7 +3544,7 @@ AT_CHECK([ovn-sbctl list logical_flow | grep
trigger_event -A 2 | grep -q meter0
# let's try to add an usupported protocol "dhcp"
AT_CHECK([ovn-nbctl --wait=hv copp-add copp5 dhcp meter1],[1],[],[dnl
-ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve,
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp,
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reject.
+ovn-nbctl: Invalid control protocol. Allowed values: arp, arp-resolve,
dhcpv4-opts, dhcpv6-opts, dns, event-elb, icmp4-error, icmp6-error, igmp,
nd-na, nd-ns, nd-ns-resolve, nd-ra-opts, tcp-reset, bfd, reje
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2023-05-19 11:54:48
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1533 (New)
Package is "openvswitch"
Fri May 19 11:54:48 2023 rev:68 rq:1087788 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-05-04
17:09:26.399966397 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1533/openvswitch.changes
2023-05-19 11:54:54.599053210 +0200
@@ -1,0 +2,7 @@
+Wed May 17 09:46:44 UTC 2023 - Duraisankar P
+
+- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of
service via crafted packets with IP proto 0
+- Added patch,
+ CVE-2023-1668.patch
+
+---
New:
CVE-2023-1668.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.7d2nyr/_old 2023-05-19 11:54:55.319057331 +0200
+++ /var/tmp/diff_new_pack.7d2nyr/_new 2023-05-19 11:54:55.327057377 +0200
@@ -76,6 +76,8 @@
Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
# PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools
required for building OVN
Patch4: install-ovsdb-tools.patch
+# PATCH-FIX-UPSTREAM CVE-2023-1668.patch
+Patch5: CVE-2023-1668.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -410,6 +412,7 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+%patch5 -p1
# remove python/ovs/dirs.py - this is generated from template to have proper
paths
rm python/ovs/dirs.py
cd %{ovn_dir}
++ CVE-2023-1668.patch ++
commit 9d840923d32124fe427de76e8234c49d64e4bb77
Author: Aaron Conole
Date: Fri Mar 31 17:17:27 2023 -0400
ofproto-dpif-xlate: Always mask ip proto field.
The ofproto layer currently treats nw_proto field as overloaded to mean
both that a proper nw layer exists, as well as the value contained in
the header for the nw proto. However, this is incorrect behavior as
relevant standards permit that any value, including '0' should be treated
as a valid value.
Because of this overload, when the ofproto layer builds action list for
a packet with nw_proto of 0, it won't build the complete action list that
we expect to be built for the packet. That will cause a bad behavior
where all packets passing the datapath will fall into an incomplete
action set.
The fix here is to unwildcard nw_proto, allowing us to preserve setting
actions for protocols which we know have support for the actions we
program. This means that a traffic which contains nw_proto == 0 cannot
cause connectivity breakage with other traffic on the link.
Reported-by: David Marchand
Reported-at: https://bugzilla.redhat.com/show_bug.cgi?id=2134873
Acked-by: Ilya Maximets
Signed-off-by: Aaron Conole
Signed-off-by: Ilya Maximets
diff --git a/include/openvswitch/meta-flow.h b/include/openvswitch/meta-flow.h
index 045dce8f5..3b0220aaa 100644
--- a/include/openvswitch/meta-flow.h
+++ b/include/openvswitch/meta-flow.h
@@ -2366,6 +2366,10 @@ void mf_format_subvalue(const union mf_subvalue
*subvalue, struct ds *s);
void field_array_set(enum mf_field_id id, const union mf_value *,
struct field_array *);
+/* Mask the required l3 prerequisites if a 'set' action occurs. */
+void mf_set_mask_l3_prereqs(const struct mf_field *, const struct flow *,
+struct flow_wildcards *);
+
#ifdef __cplusplus
}
#endif
diff --git a/lib/meta-flow.c b/lib/meta-flow.c
index c576ae620..474344194 100644
--- a/lib/meta-flow.c
+++ b/lib/meta-flow.c
@@ -3676,3 +3676,28 @@ mf_bitmap_not(struct mf_bitmap x)
bitmap_not(x.bm, MFF_N_IDS);
return x;
}
+
+void
+mf_set_mask_l3_prereqs(const struct mf_field *mf, const struct flow *fl,
+ struct flow_wildcards *wc)
+{
+if (is_ip_any(fl) &&
+((mf->id == MFF_IPV4_SRC) ||
+ (mf->id == MFF_IPV4_DST) ||
+ (mf->id == MFF_IPV6_SRC) ||
+ (mf->id == MFF_IPV6_DST) ||
+ (mf->id == MFF_IPV6_LABEL) ||
+ (mf->id == MFF_IP_DSCP) ||
+ (mf->id == MFF_IP_ECN) ||
+ (mf->id == MFF_IP_TTL))) {
+WC_MASK_FIELD(wc, nw_proto);
+} else if ((fl->dl_type == htons(ETH_TYPE_ARP)) &&
+ ((mf->id == MFF_ARP_OP) ||
+(mf->id == MFF_ARP_SHA) ||
+(mf->id == MFF_ARP_THA) ||
+(mf->id == MFF_ARP_SPA) ||
+(mf
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2023-05-04 17:09:21
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1533 (New)
Package is "openvswitch"
Thu May 4 17:09:21 2023 rev:67 rq:1084458 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2023-04-14
13:12:35.371396203 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1533/openvswitch.changes
2023-05-04 17:09:26.399966397 +0200
@@ -1,0 +2,6 @@
+Tue May 2 07:48:43 UTC 2023 - Dominique Leuenberger
+
+- Remove python/ovs/dirs.py prior to building: have this
+ re-generated based on the shipped template (boo#1210479).
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.jMG75T/_old 2023-05-04 17:09:27.071970331 +0200
+++ /var/tmp/diff_new_pack.jMG75T/_new 2023-05-04 17:09:27.079970378 +0200
@@ -410,6 +410,8 @@
%patch2 -p1
%patch3 -p1
%patch4 -p1
+# remove python/ovs/dirs.py - this is generated from template to have proper
paths
+rm python/ovs/dirs.py
cd %{ovn_dir}
%patch20 -p1
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2023-04-14 13:12:27 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.19717 (New) Package is "openvswitch" Fri Apr 14 13:12:27 2023 rev:66 rq:1079120 version:unknown Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-10-10 18:43:18.754707229 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.19717/openvswitch.changes 2023-04-14 13:12:35.371396203 +0200 @@ -1,0 +2,67 @@ +Wed Apr 5 21:14:59 UTC 2023 - Duraisankar P + +- Update OVS version to v3.1.0 and OVN version to v23.03.0 + Some of the features are, + - ovs-vswitchd now detects changes in CPU affinity and adjusts the number + of handler and revalidator threads if necessary. + - AF_XDP: + * Added support for building with libxdp and libbpf >= 0.7. + * Support for AF_XDP is now enabled by default if all dependencies are + available at the build time. Use --disable-afxdp to disable. + Use --enable-afxdp to fail the build if dependencies are not present. + - ovs-appctl: + * "ovs-appctl ofproto/trace" command can now display port names with the + "--names" option. + - OVSDB-IDL: + * Add the support to specify the persistent uuid for row insert in both + C and Python IDLs. + - Windows: + * Conntrack IPv6 fragment support. + - DPDK: + * Add support for DPDK 22.11.1. + - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes + 10 Gbps link speed by default in case the actual link speed cannot be + determined. Previously it was 10 Mbps. Values can still be overridden + by specifying 'max-rate' or '[r]stp-path-cost' accordingly. + - OpenFlow: + * New OpenFlow extension NXT_CT_FLUSH to flush connections matching + the specified fields. + - ovs-ctl: + * New option '--dump-hugepages' to include hugepages in core dumps. This + can assist with postmortem analysis involving DPDK, but may also produce + significantly larger core dump files. + - ovs-dpctl and 'ovs-appctl dpctl/' commands: + * 'flush-conntrack' is now capable of handling partial 5-tuple, +with additional optional parameter to specify the reply direction. + - ovs-ofctl: + * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial + 5-tuple) for both directions. + - Support for travis-ci.org based continuous integration builds has been + dropped. + - Userspace datapath: + * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show + the pmd usage of an Rx queue over a configurable time period. + * Add new experimental PMD load based sleeping feature. PMD threads can + request to sleep up to a user configured 'pmd-maxsleep' value under + low load conditions. + -For more details, check + https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS + -Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581) + - Removed patches, + * 0001-Replace-deprecated-var-run-with-run.patch + * 0001-openvswitch-merge-compiler.h-files-into-one-file.patch + * openvswitch-CVE-2021-36980.patch + * 0002-build-Seperated-common-used-headers.patch + * a77ad9693c8b49055389559187fe74eddb619746.patch + * 0001-m4-Test-avx512-for-x86-only.patch + * openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch + - Renamed and rebased patches, + * 0001-Don-t-change-permissions-of-dev-hugepages.patch + * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch + * 0001-Run-ovn-as-openvswitch-openvswitch.patch + * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch + * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch + - Added ovsb tool install patch, + * install-ovsdb-tools.patch + +--- Old: 0001-m4-Test-avx512-for-x86-only.patch 0001-openvswitch-merge-compiler.h-files-into-one-file.patch 0002-build-Seperated-common-used-headers.patch Don-t-change-permissions-of-dev-hugepages.patch Run-openvswitch-as-openvswitch-openvswitch.patch Use-double-hash-for-OVS_USER_ID-comment.patch Use-strongswan-for-openvswitch-ipsec-service.patch a77ad9693c8b49055389559187fe74eddb619746.patch openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch openvswitch-2.17.2.tar.gz New: 0001-Don-t-change-permissions-of-dev-hugepages.patch 0001-Run-openvswitch-as-openvswitch-openvswitch.patch 0001-Run-ovn-as-openvswitch-openvswitch.patch 0001-Use-double-hash-for-OVS_USER_ID-comment.patch 0001-Use-strongswan-for-openvswitch-ipsec-service.patch openvswitch-3.1.0.tar.gz ovn-23.0
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-10-10 18:43:14
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.2275 (New)
Package is "openvswitch"
Mon Oct 10 18:43:14 2022 rev:65 rq:1008394 version:2.17.2
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-10-01
17:42:57.741648951 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.2275/openvswitch.changes
2022-10-10 18:43:18.754707229 +0200
@@ -5,0 +6 @@
+- add 0001-m4-Test-avx512-for-x86-only.patch
New:
0001-m4-Test-avx512-for-x86-only.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.5YKY3b/_old 2022-10-10 18:43:20.330710621 +0200
+++ /var/tmp/diff_new_pack.5YKY3b/_new 2022-10-10 18:43:20.334710630 +0200
@@ -62,6 +62,7 @@
Patch6: 0002-build-Seperated-common-used-headers.patch
Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
Patch8: a77ad9693c8b49055389559187fe74eddb619746.patch
+Patch9: 0001-m4-Test-avx512-for-x86-only.patch
# Python subpackage
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
++ 0001-m4-Test-avx512-for-x86-only.patch ++
>From edf699ec6404da3612b58aab85d7da12f0dc9733 Mon Sep 17 00:00:00 2001
From: Cheng Li
Date: Fri, 16 Sep 2022 09:56:18 +
Subject: [PATCH] m4: Test avx512 for x86 only.
'as' command of arm version may don't support option '--64', this
patch is to move the avx512 test into x86 branch to avoid this.
Fixes: 352b6c7116cd ("dpif-lookup: add avx512 gather implementation.")
Tested-by: Harry van Haaren
Signed-off-by: Cheng Li
Signed-off-by: Ilya Maximets
---
m4/openvswitch.m4 | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/m4/openvswitch.m4 b/m4/openvswitch.m4
index 21808483e..09134feca 100644
--- a/m4/openvswitch.m4
+++ b/m4/openvswitch.m4
@@ -436,8 +436,8 @@ AC_DEFUN([OVS_CHECK_BINUTILS_AVX512],
mkdir -p build-aux
OBJFILE=build-aux/binutils_avx512_check.o
GATHER_PARAMS='0x8(,%ymm1,1),%ymm0{%k2}'
- echo "vpgatherqq $GATHER_PARAMS" | as --64 -o $OBJFILE -
if ($CC -dumpmachine | grep x86_64) >/dev/null 2>&1; then
+ echo "vpgatherqq $GATHER_PARAMS" | as --64 -o $OBJFILE -
if (objdump -d --no-show-raw-insn $OBJFILE | grep -q $GATHER_PARAMS)
>/dev/null 2>&1; then
ovs_cv_binutils_avx512_good=yes
else
@@ -446,11 +446,11 @@ AC_DEFUN([OVS_CHECK_BINUTILS_AVX512],
dnl and causing zmm usage with buggy binutils versions.
CFLAGS="$CFLAGS -mno-avx512f"
fi
+ rm $OBJFILE
else
dnl non x86_64 architectures don't have avx512, so not affected
ovs_cv_binutils_avx512_good=no
fi])
- rm $OBJFILE
if test "$ovs_cv_binutils_avx512_good" = yes; then
AC_DEFINE([HAVE_LD_AVX512_GOOD], [1],
[Define to 1 if binutils correctly supports AVX512.])
--
2.37.3
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-10-01 17:42:46
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.2275 (New)
Package is "openvswitch"
Sat Oct 1 17:42:46 2022 rev:64 rq:1006932 version:2.17.2
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-09-14
13:44:31.245824561 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.2275/openvswitch.changes
2022-10-01 17:42:57.741648951 +0200
@@ -1,0 +2,6 @@
+Thu Sep 29 11:58:47 UTC 2022 - Dirk M??ller
+
+- add a77ad9693c8b49055389559187fe74eddb619746.patch to avoid
+ the cpu detection code being compiled with AVX512 enabled
+
+---
New:
a77ad9693c8b49055389559187fe74eddb619746.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.3M9c0C/_old 2022-10-01 17:42:59.493652137 +0200
+++ /var/tmp/diff_new_pack.3M9c0C/_new 2022-10-01 17:42:59.497652144 +0200
@@ -61,6 +61,7 @@
Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
Patch6: 0002-build-Seperated-common-used-headers.patch
Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
+Patch8: a77ad9693c8b49055389559187fe74eddb619746.patch
# Python subpackage
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
++ a77ad9693c8b49055389559187fe74eddb619746.patch ++
>From a77ad9693c8b49055389559187fe74eddb619746 Mon Sep 17 00:00:00 2001
From: David Marchand
Date: Wed, 29 Jun 2022 09:32:24 +0200
Subject: [PATCH] dpif-netdev: Refactor AVX512 runtime checks.
As described in the bugzilla below, cpu_has_isa code may be compiled
with some AVX512 instructions in it, because cpu.c is built as part of
the libopenvswitchavx512.
This is a problem when this function (supposed to probe for AVX512
instructions availability) is invoked from generic OVS code, on older
CPUs that don't support them.
For the same reason, dpcls_subtable_avx512_gather_probe,
dp_netdev_input_outer_avx512_probe, mfex_avx512_probe and
mfex_avx512_vbmi_probe are potential runtime bombs and can't either be
built as part of libopenvswitchavx512.
Move cpu.c to be part of the "normal" libopenvswitch.
And move other helpers in generic OVS code.
Note:
- dpcls_subtable_avx512_gather_probe is split in two, because it also
needs to do its own magic,
- while moving those helpers, prefer direct calls to cpu_has_isa and
avoid cast to intermediate integer variables when a simple boolean
is enough,
Fixes: 352b6c7116cd ("dpif-lookup: add avx512 gather implementation.")
Fixes: abb807e27dd4 ("dpif-netdev: Add command to switch dpif implementation.")
Fixes: 250ceddcc2d0 ("dpif-netdev/mfex: Add AVX512 based optimized miniflow
extract")
Fixes: b366fa2f4947 ("dpif-netdev: Call cpuid for x86 isa availability.")
Reported-at: https://bugzilla.redhat.com/2100393
Reported-by: Ales Musil
Co-authored-by: Ales Musil
Signed-off-by: Ales Musil
Signed-off-by: David Marchand
Acked-by: Sunil Pai G
Acked-by: Ales Musil
Signed-off-by: Ilya Maximets
---
lib/automake.mk| 4 +--
lib/dpif-netdev-avx512.c | 14 -
lib/dpif-netdev-extract-avx512.c | 43 --
lib/dpif-netdev-lookup-avx512-gather.c | 12 ++-
lib/dpif-netdev-lookup.c | 15 +
lib/dpif-netdev-lookup.h | 3 +-
lib/dpif-netdev-private-dpif.c | 14 +
lib/dpif-netdev-private-dpif.h | 5 +--
lib/dpif-netdev-private-extract.c | 38 +++
lib/dpif-netdev-private-extract.h | 4 +--
10 files changed, 75 insertions(+), 77 deletions(-)
Index: openvswitch-2.17.2/lib/automake.mk
===
--- openvswitch-2.17.2.orig/lib/automake.mk
+++ openvswitch-2.17.2/lib/automake.mk
@@ -38,8 +38,6 @@ lib_libopenvswitchavx512_la_CFLAGS = \
-fPIC \
$(AM_CFLAGS)
lib_libopenvswitchavx512_la_SOURCES = \
- lib/cpu.c \
- lib/cpu.h \
lib/dpif-netdev-lookup-avx512-gather.c \
lib/dpif-netdev-extract-avx512.c \
lib/dpif-netdev-avx512.c
@@ -89,6 +87,8 @@ lib_libopenvswitch_la_SOURCES = \
lib/conntrack.h \
lib/coverage.c \
lib/coverage.h \
+ lib/cpu.c \
+ lib/cpu.h \
lib/crc32c.c \
lib/crc32c.h \
lib/csum.c \
Index: openvswitch-2.17.2/lib/dpif-netdev-avx512.c
===
--- openvswitch-2.17.2.orig/lib/dpif-netdev-avx512.
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-09-14 13:44:30
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.2083 (New)
Package is "openvswitch"
Wed Sep 14 13:44:30 2022 rev:63 rq:1003119 version:2.17.2
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-08-10
17:13:30.797741395 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.2083/openvswitch.changes
2022-09-14 13:44:31.245824561 +0200
@@ -1,0 +2,6 @@
+Mon Sep 12 19:55:30 UTC 2022 - Andreas Stieger
+
+- fix tests with GNU grep 3.8 boo#1203239
+ add openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
+
+---
New:
openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.1a3WCV/_old 2022-09-14 13:44:31.897826203 +0200
+++ /var/tmp/diff_new_pack.1a3WCV/_new 2022-09-14 13:44:31.901826213 +0200
@@ -60,6 +60,7 @@
Patch4: install-ovsdb-tools.patch
Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
Patch6: 0002-build-Seperated-common-used-headers.patch
+Patch7: openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
# Python subpackage
BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
++ openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch ++
>From 28fec7e88f0faf877a1da4fcfb4b629211fff84c Mon Sep 17 00:00:00 2001
From: Andreas Stieger
Date: Mon, 12 Sep 2022 21:38:46 +0200
Subject: [PATCH] Fix tests with GNU grep 3.8
GNU grep 3.8 started to emit warnings when invoking egrep/fgrep. In some
cases this breaks tests that check stderr. Replace the commands with
their grep -E and grep -F counterparts throughout.
Signed-off-by: Andreas Stieger
Reported-at: https://bugzilla.opensuse.org/show_bug.cgi?id=1203239
https://github.com/openvswitch/ovs/pull/395
https://bugzilla.opensuse.org/show_bug.cgi?id=1203239
---
tests/ofproto-dpif.at| 12 +--
tests/ovs-macros.at | 2 +-
tests/ovs-ofctl.at | 6 +-
tests/system-dpdk-macros.at | 2 +-
tests/system-dpdk.at | 48 -
tests/system-offloads-traffic.at | 4 +-
tests/system-traffic.at | 162 +++
tests/tunnel-push-pop.at | 6 +-
8 files changed, 121 insertions(+), 121 deletions(-)
Index: openvswitch-2.17.2/tests/ofproto-dpif.at
===
--- openvswitch-2.17.2.orig/tests/ofproto-dpif.at
+++ openvswitch-2.17.2/tests/ofproto-dpif.at
@@ -126,7 +126,7 @@ dnl bring the primary back and verify th
dnl primary.
ovs-appctl netdev-dummy/set-admin-state p1 down
ovs-appctl time/warp 100
-OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | fgrep 'member p1:
disabled'`"])
+OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | grep -F 'member p1:
disabled'`"])
ovs-appctl netdev-dummy/set-admin-state p1 up
ovs-appctl time/warp 100
OVS_WAIT_UNTIL_EQUAL([ovs-appctl bond/show | STRIP_RECIRC_ID |
STRIP_ACTIVE_MEMBER_MAC], [dnl
@@ -157,7 +157,7 @@ dnl Now delete the primary and verify th
dnl primary is no longer an member
ovs-vsctl --id=@p1 get Interface p1 -- remove Port bond0 interfaces @p1
ovs-appctl time/warp 100
-OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | fgrep 'active-backup primary:
p1 (no such member)'`"])
+OVS_WAIT_UNTIL([test -n "`ovs-appctl bond/show | grep -F 'active-backup
primary: p1 (no such member)'`"])
dnl Now re-add the primary and verify that the output shows that the
dnl primary is available again.
@@ -336,9 +336,9 @@ ovs-appctl time/warp 100
AT_CHECK([ovs-appctl dpif/dump-flows br1 > br1_flows.txt])
# Make sure there is resonable distribution to all three ports.
# We don't want to make this check precise, in case hash function changes.
-AT_CHECK([test `egrep 'in_port\(4\)' br1_flows.txt |wc -l` -gt 3])
-AT_CHECK([test `egrep 'in_port\(5\)' br1_flows.txt |wc -l` -gt 3])
-AT_CHECK([test `egrep 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3])
+AT_CHECK([test `grep -E 'in_port\(4\)' br1_flows.txt |wc -l` -gt 3])
+AT_CHECK([test `grep -E 'in_port\(5\)' br1_flows.txt |wc -l` -gt 3])
+AT_CHECK([test `grep -E 'in_port\(6\)' br1_flows.txt |wc -l` -gt 3])
OVS_VSWITCHD_STOP
AT_CLEANUP
@@ -5464,7 +5464,7 @@ ovs-vsctl \
flow="in_port=1"
AT_CHECK([ovs-appctl ofproto/trace br0 "$flow"], [0], [stdout])
-AT_CHECK([tail -1 stdout | egrep
"trunc\(200\),2,trunc\(300\),3,100|trunc\(300\),3,trunc\(200\),2,100"], [0],
[stdout])
+AT_CHECK([tail -1 stdout | grep -E
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-08-10 17:13:02
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1521 (New)
Package is "openvswitch"
Wed Aug 10 17:13:02 2022 rev:62 rq:993959 version:2.17.2
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-05-14
22:59:06.191511417 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1521/openvswitch.changes
2022-08-10 17:13:30.797741395 +0200
@@ -1,0 +2,23 @@
+Wed Aug 3 11:11:36 UTC 2022 - Dirk M??ller
+
+- update to 2.17.2:
+ - Bug fixes
+ - DPDK:
+* OVS validated with DPDK 21.11.1. It is recommended to use this version
+ until further releases.
+ - Bug fixes
+ - libopenvswitch API change:
+* To fix the Undefined Behavior issue causing the compiler to incorrectly
+ optimize important parts of code, container iteration macros (e.g.,
+ LIST_FOR_EACH) have been re-implemented in a UB-safe way.
+* Backwards compatibility has mostly been preserved, however the
+ user-provided pointer is now set to NULL after the loop (unless it
+ exited via "break;")
+* Users of libopenvswitch will need to double-check the use of such loop
+ macros before compiling with a new version.
+* Since the change is limited to the definitions within the headers, the
+ ABI is not affected.
+- refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
+ 0002-build-Seperated-common-used-headers.patch
+
+---
Old:
openvswitch-2.17.0.tar.gz
New:
openvswitch-2.17.2.tar.gz
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.XLrhtM/_old 2022-08-10 17:13:31.665743661 +0200
+++ /var/tmp/diff_new_pack.XLrhtM/_new 2022-08-10 17:13:31.669743671 +0200
@@ -35,7 +35,7 @@
%bcond_with kmp
%define lname libopenvswitch-2_17-0
Name: openvswitch
-Version:2.17.0
+Version:2.17.2
Release:0
Summary:A multilayer virtual network switch
# All code is Apache-2.0 except
@@ -43,8 +43,8 @@
# - utilities/bugtool which is LGPL-2.1
License:Apache-2.0 AND LGPL-2.1-only AND SISSL
Group: Productivity/Networking/System
-URL:http://openvswitch.org/
-Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
+URL:https://www.openvswitch.org/
+Source0:
https://www.openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source2:preamble
Source89: Module.supported.updates
Source99: openvswitch-rpmlintrc
++ 0001-openvswitch-merge-compiler.h-files-into-one-file.patch ++
1138 lines (skipped)
between
/work/SRC/openSUSE:Factory/openvswitch/0001-openvswitch-merge-compiler.h-files-into-one-file.patch
and
/work/SRC/openSUSE:Factory/.openvswitch.new.1521/0001-openvswitch-merge-compiler.h-files-into-one-file.patch
++ 0002-build-Seperated-common-used-headers.patch ++
42143 lines (skipped)
between
/work/SRC/openSUSE:Factory/openvswitch/0002-build-Seperated-common-used-headers.patch
and
/work/SRC/openSUSE:Factory/.openvswitch.new.1521/0002-build-Seperated-common-used-headers.patch
++ openvswitch-2.17.0.tar.gz -> openvswitch-2.17.2.tar.gz ++
/work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.17.0.tar.gz
/work/SRC/openSUSE:Factory/.openvswitch.new.1521/openvswitch-2.17.2.tar.gz
differ: char 5, line 1
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2022-05-14 22:57:14 Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new.1538 (New) Package is "openvswitch" Sat May 14 22:57:14 2022 rev:61 rq:977255 version:2.17.0 Changes: --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-04-26 20:18:08.248787470 +0200 +++ /work/SRC/openSUSE:Factory/.openvswitch.new.1538/openvswitch.changes 2022-05-14 22:59:06.191511417 +0200 @@ -1,0 +2,5 @@ +Fri May 13 15:52:24 UTC 2022 - Dominique Leuenberger + +- Allow dpdk version 21.11. + +--- Other differences: -- ++ openvswitch.spec ++ --- /var/tmp/diff_new_pack.Hq4QuP/_old 2022-05-14 22:59:06.743512107 +0200 +++ /var/tmp/diff_new_pack.Hq4QuP/_new 2022-05-14 22:59:06.747512112 +0200 @@ -107,7 +107,7 @@ # We need to be a bit strict with the dpdk version since # it's very possible for DPDK to change it's API between # releases. -BuildRequires: dpdk-devel <= 21.11 +BuildRequires: dpdk-devel <= 21.12 BuildRequires: dpdk-devel >= 20.11.0 BuildRequires: libmnl-devel BuildRequires: libnuma-devel
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-04-26 20:16:20
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1538 (New)
Package is "openvswitch"
Tue Apr 26 20:16:20 2022 rev:60 rq:972941 version:2.17.0
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-04-11
23:49:50.662659187 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1538/openvswitch.changes
2022-04-26 20:18:08.248787470 +0200
@@ -1,0 +2,6 @@
+Fri Apr 22 20:42:31 UTC 2022 - Ferdinand Thiessen
+
+- Python package: Do not use C json parser on 32bit as large numbers
+ will overflow.
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.v66pvV/_old 2022-04-26 20:18:08.848788196 +0200
+++ /var/tmp/diff_new_pack.v66pvV/_new 2022-04-26 20:18:08.848788196 +0200
@@ -402,6 +402,10 @@
%python_build
%python_install
popd
+# Currently (version 2.17) the c parser for json is broken on 32bit (int
overflow for number parsing)
+%ifarch i386 i586 i686
+%python_expand rm -v %{buildroot}%{$python_sitearch}/ovs/_json*.so
+%endif
%python_expand %fdupes %{buildroot}%{$python_sitearch}
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-04-11 23:48:08
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1900 (New)
Package is "openvswitch"
Mon Apr 11 23:48:08 2022 rev:59 rq:967690 version:2.17.0
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-03-14
19:37:49.598181076 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1900/openvswitch.changes
2022-04-11 23:49:50.662659187 +0200
@@ -1,0 +2,27 @@
+Sun Apr 3 13:12:28 UTC 2022 - Ferdinand Thiessen
+
+- Mention openvswitch-rpmlintrc as Source in spec file
+
+---
+Mon Mar 14 13:55:07 UTC 2022 - Ferdinand Thiessen
+
+- Fix installation of files shared with OVN (required for building
+ OVN without openvswitch sources), remove custom installation
+ of internal headers from SPEC-install section and use patches
+ (for upstreaming) instead.
+ * install-ovsdb-tools.patch
+ * Added 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
+ * Added 0002-build-Seperated-common-used-headers.patch
+- Enabled check section / running testsuite by default to validate
+ build result. There must no problems with the testsuite anymore as
+ upstream runs it by CI and checked before release of a new version.
+- Renamed 0001-Don-t-change-permissions-of-dev-hugepages.patch to
+ Don-t-change-permissions-of-dev-hugepages.patch
+- Renamed 0001-Run-openvswitch-as-openvswitch-openvswitch.patch to
+ Run-openvswitch-as-openvswitch-openvswitch.patch
+- Renamed 0001-Use-double-hash-for-OVS_USER_ID-comment.patch to
+ Use-double-hash-for-OVS_USER_ID-comment.patch
+- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch to
+ Use-strongswan-for-openvswitch-ipsec-service.patch
+
+---
Old:
0001-Don-t-change-permissions-of-dev-hugepages.patch
0001-Run-openvswitch-as-openvswitch-openvswitch.patch
0001-Use-double-hash-for-OVS_USER_ID-comment.patch
0001-Use-strongswan-for-openvswitch-ipsec-service.patch
New:
0001-openvswitch-merge-compiler.h-files-into-one-file.patch
0002-build-Seperated-common-used-headers.patch
Don-t-change-permissions-of-dev-hugepages.patch
Run-openvswitch-as-openvswitch-openvswitch.patch
Use-double-hash-for-OVS_USER_ID-comment.patch
Use-strongswan-for-openvswitch-ipsec-service.patch
openvswitch-rpmlintrc
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.5CqUkO/_old 2022-04-11 23:49:51.434650380 +0200
+++ /var/tmp/diff_new_pack.5CqUkO/_new 2022-04-11 23:49:51.438650334 +0200
@@ -30,8 +30,7 @@
%bcond_with dpdk
%endif
# The testsuite is somewhat fragile for continuous testing in OBS
-# but keep it here as an option
-%bcond_with check
+%bcond_without check
# Disable building the external kernel datapath by default
%bcond_with kmp
%define lname libopenvswitch-2_17-0
@@ -48,30 +47,35 @@
Source0:http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
Source2:preamble
Source89: Module.supported.updates
+Source99: openvswitch-rpmlintrc
# PATCH-FIX-OPENSUSE: Use-strongswan-for-openvswitch-ipsec-service.patch
-Patch0: 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
-# PATCH-FIX-OPENSUSE: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
-Patch1: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
-# PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch
-Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch
-# PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+Patch0: Use-strongswan-for-openvswitch-ipsec-service.patch
+# PATCH-FIX-OPENSUSE: Run-openvswitch-as-openvswitch-openvswitch.patch
+Patch1: Run-openvswitch-as-openvswitch-openvswitch.patch
+# PATCH-FIX-OPENSUSE: Don-t-change-permissions-of-dev-hugepages.patch
+Patch2: Don-t-change-permissions-of-dev-hugepages.patch
+# PATCH-FIX-OPENSUSE: Use-double-hash-for-OVS_USER_ID-comment.patch
+Patch3: Use-double-hash-for-OVS_USER_ID-comment.patch
# PATCH-FEATURE-UPSTREAM install-ovsdb-tools.patch -- Install some tools
required for building OVN
Patch4: install-ovsdb-tools.patch
+Patch5: 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
+Patch6: 0002-build-Seperated-common-used-headers.patch
+# Python subpackage
+BuildRequires: %{python_module devel}
BuildRequires: %{python_module setuptools}
+BuildRequires: pyt
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-03-14 19:35:44
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.25692 (New)
Package is "openvswitch"
Mon Mar 14 19:35:44 2022 rev:58 rq:961646 version:2.17.0
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2022-03-07
17:47:36.371108319 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.25692/openvswitch.changes
2022-03-14 19:37:49.598181076 +0100
@@ -1,0 +2,6 @@
+Fri Mar 11 11:33:18 UTC 2022 - Ferdinand Thiessen
+
+- Fix OVS location for python bindings (dirs.py), boo#1196978
+ Make sure dirs.py is freshly generated
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.vBshsc/_old 2022-03-14 19:37:50.146181733 +0100
+++ /var/tmp/diff_new_pack.vBshsc/_new 2022-03-14 19:37:50.150181737 +0100
@@ -389,25 +389,26 @@
rm %{buildroot}%{_docdir}/%{name}/automake.mk
rm %{buildroot}%{_docdir}/%{name}/conf.py
-# Tests
+# Python subpackage
+# Install python tests package
mkdir -p %{buildroot}%{python3_sitelib}
cp -a %{buildroot}%{_datadir}/openvswitch/python/ovstest \
%{buildroot}%{python3_sitelib}
-
-# Python subpackage
-# Some build files are in sources while others are generated directly on
-# buildroot as part of make_install (dirs.py). Copy them first.
-pushd python
-cp -an %{buildroot}%{_datadir}/openvswitch/python/* .
+# Remove non standard location python package
rm -rf %{buildroot}%{_datadir}/openvswitch/python
-
+# Install python package, some files are generated by make install
+# make sure dirs.py is freshly generated
+rm -f python/ovs/dirs.py
+make python/ovs/dirs.py
+pushd python
export LDFLAGS="${LDFLAGS} -L %{buildroot}%{_libdir}"
export CPPFLAGS="-I ../../include"
-
%python_build
%python_install
popd
+%python_expand %fdupes %{buildroot}%{$python_sitearch}
+
%pre
%service_add_pre ovsdb-server.service ovs-vswitchd.service openvswitch.service
ovs-delete-transient-ports.service
if [ "$1" -ge 1 ]; then
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2022-03-07 17:47:26
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1958 (New)
Package is "openvswitch"
Mon Mar 7 17:47:26 2022 rev:57 rq:959873 version:2.17.0
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-05-10
15:42:06.528915237 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1958/openvswitch.changes
2022-03-07 17:47:36.371108319 +0100
@@ -1,0 +2,105 @@
+Mon Mar 7 12:04:30 UTC 2022 - Dirk M??ller
+
+- fix python3 requires (bsc#1196758)
+
+---
+Sun Feb 27 19:24:57 UTC 2022 - Ferdinand Thiessen
+
+- Added install-ovsdb-tools.patch to install ovsdb tools required
+ for building OVN
+
+---
+Sat Feb 26 22:11:06 UTC 2022 - Ferdinand Thiessen
+
+- Enable multiple python3 flavor subpackages on Tumbleweed / Factory
+
+---
+Sat Feb 26 00:56:03 UTC 2022 - Ferdinand Thiessen
+
+- Update OVS to version 2.17.0
+ * Userspace datapath:
+* Optimized flow lookups for datapath flows with simple match criteria.
+* New per-interface configuration knob 'other_config:tx-steering'.
+* Removed experimental tag for PMD Auto Load Balance.
+* New configuration knob 'other_config:n-offload-threads' to change the
+ number of HW offloading threads.
+ * DPDK:
+* EAL argument --socket-mem is no longer configured by default upon
+ start-up. If dpdk-socket-mem and dpdk-alloc-mem are not specified,
+ DPDK defaults will be used.
+* EAL argument --socket-limit no longer takes on the value of --socket-mem
+ by default. 'other_config:dpdk-socket-limit' can be set equal to
+ the 'other_config:dpdk-socket-mem' to preserve the legacy memory
+ limiting behavior.
+* EAL argument --in-memory is applied by default if supported.
+* Add support for DPDK 21.11.
+* Forbid use of DPDK multiprocess feature.
+* Add support for running threads on cores >= RTE_MAX_LCORE.
+ * Python: For SSL support, the use of the pyOpenSSL library has
+ been replaced with the native 'ssl' module.
+ * OVSDB:
+* Python library for OVSDB clients now also supports faster
+ resynchronization with a clustered database after a brief disconnection,
+ i.e. 'monitor_cond_since' monitoring method.
+* Major improvement in the performance of the OVSDB server.
+ * OpenFlow:
+* Default selection method for select groups with up to 256 buckets is
+ now dp_hash. Previously this was limited to 64 buckets. This change
+ is mainly for the benefit of OVN load balancing configurations.
+* Encap & Decap action support for MPLS packet type.
+- Update OVS to version 2.16.0
+ * Fix CVE-2021-36980 (boo#1188524)
+openvswitch 2.11.0 through 2.15.0 has a use-after-free in
+decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode)
+during the decoding of a RAW_ENCAP action
+ * Removed support for 1024-bit Diffie-Hellman key exchange
+ * Rate limiting configuration now supports setting packet-per-second
+limits in addition to the previously configurable byte rate settings.
+ * OVSDB:
+* Introduced new database service model - "relay".
+* New command line options --record/--replay for ovsdb-server and
+ ovsdb-client to record and replay all the incoming transactions,
+ monitors, etc.
+* The Python Idl class now has a cooperative_yield() method
+ * In ovs-vsctl and vtep-ctl, the "find" command now accept new
+operators {in} and {not-in}.
+ * Various Userspace datapath improvements
+ * ovs-ctl:
+* New option '--no-record-hostname' to disable hostname configuration
+ in ovsdb on startup.
+* New command 'record-hostname-if-not-set' to update hostname in ovsdb.
+ * ovs-appctl: Added ability to add and delete static mac entries using:
+'ovs-appctl fdb/add'
+'ovs-appctl fdb/del '
+ * Linux datapath:
+* ovs-vswitchd will configure the kernel module using per-cpu dispatch
+ mode (if available). This changes the way upcalls are delivered to
+ user space in order to resolve a number of issues with per-vport
dispatch.
+* New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
+ the current dispatch mode for each datapath.
+- Update OVS to version 2.15.0
+ * OVSDB:
+ * Changed format in which ovsdb transactions are stored in
+ database files. Now each transaction contains diff of data
+ instead of the whole new value of a column.
+ * New unixctl command 'o
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2021-05-10 15:39:20
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.2988 (New)
Package is "openvswitch"
Mon May 10 15:39:20 2021 rev:56 rq:892002 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-05-01
00:46:43.299445870 +0200
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.2988/openvswitch.changes
2021-05-10 15:42:06.528915237 +0200
@@ -1,0 +2,5 @@
+Mon May 10 10:28:32 UTC 2021 - Dirk M??ller
+
+- add openssl(cli) dependency on pki (bsc#1185839)
+
+---
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.68MARl/_old 2021-05-10 15:42:07.072913110 +0200
+++ /var/tmp/diff_new_pack.68MARl/_new 2021-05-10 15:42:07.076913094 +0200
@@ -114,9 +114,9 @@
BuildRequires: python3-sphinx
BuildRequires: systemd-units
Requires(post): systemd-units
-Requires(postun): systemd-units
+Requires(postun):systemd-units
Requires(pre): shadow-utils
-Requires(preun): systemd-units
+Requires(preun):systemd-units
%endif
# Needed by the testsuite
%if %{with check}
@@ -190,6 +190,7 @@
License:Apache-2.0
Group: Productivity/Networking/System
Requires: %{name} = %{version}
+Requires: openssl(cli)
Provides: %{name}-dpdk-pki = %{version}
Obsoletes: %{name}-dpdk-pki < 2.7.0
@@ -259,6 +260,7 @@
performance and connectivity issues in Open vSwitch setup.
# OVN preambles from now on, overwrites Version and URL
+
%package -n ovn
Version:%{ovn_version}
Release:0
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2021-05-01 00:46:38
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.1947 (New)
Package is "openvswitch"
Sat May 1 00:46:38 2021 rev:55 rq:889415 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2021-02-15
23:19:40.363698026 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.1947/openvswitch.changes
2021-05-01 00:46:43.299445870 +0200
@@ -1,0 +2,6 @@
+Thu Apr 29 16:05:49 UTC 2021 - Jaime Caama??o Ruiz
+
+- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177).
+ * 0001-Replace-deprecated-var-run-with-run.patch
+
+---
New:
0001-Replace-deprecated-var-run-with-run.patch
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.p9h8aa/_old 2021-05-01 00:46:44.075442413 +0200
+++ /var/tmp/diff_new_pack.p9h8aa/_new 2021-05-01 00:46:44.075442413 +0200
@@ -68,6 +68,8 @@
Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch
# PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+# PATCH-FIX-OPENSUSE: 0001-Replace-deprecated-var-run-with-run.patch
+Patch4: 0001-Replace-deprecated-var-run-with-run.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -395,6 +397,7 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
+%patch4 -p1
cd %{ovn_dir}
%patch20 -p1
++ 0001-Replace-deprecated-var-run-with-run.patch ++
>From 89ddd0707175de0f56b605a45afd9926cb80826f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?=
Date: Thu, 29 Apr 2021 18:00:12 +0200
Subject: [PATCH] Replace deprecated /var/run with /run
---
rhel/etc_logrotate.d_openvswitch| 4 ++--
rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
...sr_lib_systemd_system_ovs-delete-transient-ports.service | 2 +-
rhel/usr_lib_systemd_system_ovs-vswitchd.service.in | 6 +++---
rhel/usr_lib_systemd_system_ovsdb-server.service| 4 ++--
5 files changed, 9 insertions(+), 9 deletions(-)
diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
index eaf1fd5bf..fa6303873 100644
--- a/rhel/etc_logrotate.d_openvswitch
+++ b/rhel/etc_logrotate.d_openvswitch
@@ -13,8 +13,8 @@
missingok
postrotate
# Tell Open vSwitch daemons to reopen their log files
-if [ -d /var/run/openvswitch ]; then
-for ctl in /var/run/openvswitch/*.ctl; do
+if [ -d /run/openvswitch ]; then
+for ctl in /run/openvswitch/*.ctl; do
ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
done
fi
diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
index 3c4a40138..ec86874cb 100644
--- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
@@ -5,7 +5,7 @@ After=openvswitch.service
[Service]
Type=forking
-PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid
+PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--ike-daemon=strongswan start-ovs-ipsec
ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
diff --git a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
index 4cd4d7f57..d4d7b204b 100644
--- a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
+++ b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
@@ -2,7 +2,7 @@
Description=Open vSwitch Delete Transient Ports
After=ovsdb-server.service
Before=ovs-vswitchd.service
-AssertPathExists=/var/run/openvswitch/db.sock
+AssertPathExists=/run/openvswitch/db.sock
[Service]
Type=oneshot
diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
index 08355d950..71c49dc59 100644
--- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
@@ -4,14 +4,14 @@ After=ovsdb-server.service network-pre.target
systemd-udev-settle.service
Before=network.target network.service
Requires=ovsdb-server.service
ReloadPropagatedFrom=ovsdb-server.service
-AssertPathIsReadWrite=/var/run/openvswitch/db.sock
+AssertPathIsReadWrite=/run/openv
commit openvswitch for openSUSE:Factory
Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package openvswitch for openSUSE:Factory
checked in at 2021-02-15 23:17:11
Comparing /work/SRC/openSUSE:Factory/openvswitch (Old)
and /work/SRC/openSUSE:Factory/.openvswitch.new.28504 (New)
Package is "openvswitch"
Mon Feb 15 23:17:11 2021 rev:54 rq:871483 version:unknown
Changes:
--- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2020-11-04
18:31:19.468289753 +0100
+++ /work/SRC/openSUSE:Factory/.openvswitch.new.28504/openvswitch.changes
2021-02-15 23:19:40.363698026 +0100
@@ -1,0 +2,11 @@
+Fri Feb 12 10:36:03 UTC 2021 - Jaime Caama??o Ruiz
+
+- Update openvswitch to 2.14.2. For a list of changes, check
+ https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS
+ Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
+ (bsc#1181742).
+- Removed patches no longer applying to code base:
+ * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+ * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+
+---
Old:
0001-ipsec-Fix-Strongswan-configuration-syntax.patch
0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
openvswitch-2.14.0.tar.gz
New:
openvswitch-2.14.2.tar.gz
Other differences:
--
++ openvswitch.spec ++
--- /var/tmp/diff_new_pack.Om9qyB/_old 2021-02-15 23:19:40.979698945 +0100
+++ /var/tmp/diff_new_pack.Om9qyB/_new 2021-02-15 23:19:40.983698952 +0100
@@ -1,7 +1,7 @@
#
# spec file for package openvswitch
#
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
%define ovs_lname libopenvswitch-2_14-0
%define ovn_lname libovn-20_06-0
-%define ovs_version 2.14.0
+%define ovs_version 2.14.2
%define ovn_version 20.06.2
%define ovs_dir ovs-%{ovs_version}
%define ovn_dir ovn-%{ovn_version}
@@ -66,12 +66,8 @@
Patch1: 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
# PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch
Patch2: 0001-Don-t-change-permissions-of-dev-hugepages.patch
-# PATCH-FIX-UPSTREAM: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
-Patch3: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
# PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-Patch4: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-# PATCH-FIX-UPSTREAM: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
-Patch5: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+Patch3: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
#OVN patches
# PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
Patch20:0001-Run-ovn-as-openvswitch-openvswitch.patch
@@ -399,8 +395,6 @@
%patch1 -p1
%patch2 -p1
%patch3 -p1
-%patch4 -p1
-%patch5 -p1
cd %{ovn_dir}
%patch20 -p1
++ openvswitch-2.14.0.tar.gz -> openvswitch-2.14.2.tar.gz ++
/work/SRC/openSUSE:Factory/openvswitch/openvswitch-2.14.0.tar.gz
/work/SRC/openSUSE:Factory/.openvswitch.new.28504/openvswitch-2.14.2.tar.gz
differ: char 5, line 1
