Accepting request 957920 from home:susnux:branches:network

* Update OVS to version 2.17.0
* Fix CVE-2021-36980 (boo#1188524)
* Enable multiple python3 flavor sub-packages on Tumbleweed / Factory
Requires: https://build.opensuse.org/request/show/957836

(added patch for missing programs for OVN)

OBS-URL: https://build.opensuse.org/request/show/957920
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=217

0001-Replace-deprecated-var-run-with-run.patch

@@ -1,101 +0,0 @@
-From 89ddd0707175de0f56b605a45afd9926cb80826f Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
-Date: Thu, 29 Apr 2021 18:00:12 +0200
-Subject: [PATCH] Replace deprecated /var/run with /run
-
----
- rhel/etc_logrotate.d_openvswitch                            | 4 ++--
- rhel/usr_lib_systemd_system_openvswitch-ipsec.service       | 2 +-
- ...sr_lib_systemd_system_ovs-delete-transient-ports.service | 2 +-
- rhel/usr_lib_systemd_system_ovs-vswitchd.service.in         | 6 +++---
- rhel/usr_lib_systemd_system_ovsdb-server.service            | 4 ++--
- 5 files changed, 9 insertions(+), 9 deletions(-)
-
-diff --git a/rhel/etc_logrotate.d_openvswitch b/rhel/etc_logrotate.d_openvswitch
-index eaf1fd5bf..fa6303873 100644
---- a/rhel/etc_logrotate.d_openvswitch
-+++ b/rhel/etc_logrotate.d_openvswitch
-@@ -13,8 +13,8 @@
-     missingok
-     postrotate
-         # Tell Open vSwitch daemons to reopen their log files
--        if [ -d /var/run/openvswitch ]; then
--            for ctl in /var/run/openvswitch/*.ctl; do
-+        if [ -d /run/openvswitch ]; then
-+            for ctl in /run/openvswitch/*.ctl; do
-                 ovs-appctl -t "$ctl" vlog/reopen 2>/dev/null || :
-             done
-         fi
-diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-index 3c4a40138..ec86874cb 100644
---- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-@@ -5,7 +5,7 @@ After=openvswitch.service
- 
- [Service]
- Type=forking
--PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid
-+PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
- ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
-                     --ike-daemon=strongswan start-ovs-ipsec
- ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
-diff --git a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
-index 4cd4d7f57..d4d7b204b 100644
---- a/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
-+++ b/rhel/usr_lib_systemd_system_ovs-delete-transient-ports.service
-@@ -2,7 +2,7 @@
- Description=Open vSwitch Delete Transient Ports
- After=ovsdb-server.service
- Before=ovs-vswitchd.service
--AssertPathExists=/var/run/openvswitch/db.sock
-+AssertPathExists=/run/openvswitch/db.sock
- 
- [Service]
- Type=oneshot
-diff --git a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
-index 08355d950..71c49dc59 100644
---- a/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
-+++ b/rhel/usr_lib_systemd_system_ovs-vswitchd.service.in
-@@ -4,14 +4,14 @@ After=ovsdb-server.service network-pre.target systemd-udev-settle.service
- Before=network.target network.service
- Requires=ovsdb-server.service
- ReloadPropagatedFrom=ovsdb-server.service
--AssertPathIsReadWrite=/var/run/openvswitch/db.sock
-+AssertPathIsReadWrite=/run/openvswitch/db.sock
- PartOf=openvswitch.service
- 
- [Service]
- Type=forking
--PIDFile=/var/run/openvswitch/ovs-vswitchd.pid
-+PIDFile=/run/openvswitch/ovs-vswitchd.pid
- Restart=on-failure
--Environment=XDG_RUNTIME_DIR=/var/run/openvswitch
-+Environment=XDG_RUNTIME_DIR=/run/openvswitch
- EnvironmentFile=/etc/openvswitch/default.conf
- EnvironmentFile=-/etc/sysconfig/openvswitch
- EnvironmentFile=-/run/openvswitch.useropts
-diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service
-index 98338b9df..49dc06e38 100644
---- a/rhel/usr_lib_systemd_system_ovsdb-server.service
-+++ b/rhel/usr_lib_systemd_system_ovsdb-server.service
-@@ -7,7 +7,7 @@ PartOf=openvswitch.service
- 
- [Service]
- Type=forking
--PIDFile=/var/run/openvswitch/ovsdb-server.pid
-+PIDFile=/run/openvswitch/ovsdb-server.pid
- Restart=on-failure
- EnvironmentFile=/etc/openvswitch/default.conf
- EnvironmentFile=-/etc/sysconfig/openvswitch
-@@ -18,7 +18,7 @@ EnvironmentFile=-/run/openvswitch.useropts
- # OVS_USER_ID from default.conf or sysconfig.
- ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts
- 
--ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
-+ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /run/openvswitch /var/log/openvswitch
- ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
- ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
- ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
--- 
-2.26.2
-

0001-Run-ovn-as-openvswitch-openvswitch.patch

@@ -1,67 +0,0 @@
-From aa1869378cf512fd7aeee16c0a030264c2623270 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
-Date: Fri, 8 May 2020 11:23:04 +0200
-Subject: [PATCH] Run ovn as openvswitch:openvswitch
-
-Change default run configuration to unprivilieged user openvswitch and
-group openvswitch. Expect any further customization from user in
-sysconfig/ovn.
----
- rhel/etc_logrotate.d_ovn                                | 2 +-
- rhel/usr_lib_systemd_system_ovn-controller-vtep.service | 1 +
- rhel/usr_lib_systemd_system_ovn-controller.service      | 1 +
- rhel/usr_lib_systemd_system_ovn-northd.service          | 1 +
- 4 files changed, 4 insertions(+), 1 deletion(-)
-
-diff --git a/rhel/etc_logrotate.d_ovn b/rhel/etc_logrotate.d_ovn
-index a351ec303..4b26333fc 100644
---- a/rhel/etc_logrotate.d_ovn
-+++ b/rhel/etc_logrotate.d_ovn
-@@ -6,7 +6,7 @@
- # without warranty of any kind.
- 
- /var/log/ovn/*.log {
--    su root root
-+    su openvswitch openvswitch
-     daily
-     compress
-     sharedscripts
-diff --git a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
-index 09ad0612c..dd6ff6675 100644
---- a/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
-+++ b/rhel/usr_lib_systemd_system_ovn-controller-vtep.service
-@@ -35,6 +35,7 @@ After=openvswitch.service
- [Service]
- Type=simple
- Restart=on-failure
-+Environment=OVN_USER_ID=openvswitch:openvswitch
- Environment=OVS_RUNDIR=%t/openvswitch
- Environment=OVN_RUNDIR=%t/ovn
- Environment=OVN_DB=unix:%t/ovn/ovnsb_db.sock
-diff --git a/rhel/usr_lib_systemd_system_ovn-controller.service b/rhel/usr_lib_systemd_system_ovn-controller.service
-index 15d0ac853..c602760f1 100644
---- a/rhel/usr_lib_systemd_system_ovn-controller.service
-+++ b/rhel/usr_lib_systemd_system_ovn-controller.service
-@@ -23,6 +23,7 @@ After=openvswitch.service
- Type=forking
- PIDFile=/var/run/ovn/ovn-controller.pid
- Restart=on-failure
-+Environment=OVN_USER_ID=openvswitch:openvswitch
- Environment=OVN_RUNDIR=%t/ovn OVS_RUNDIR=%t/openvswitch
- EnvironmentFile=-/etc/sysconfig/ovn
- EnvironmentFile=-/etc/sysconfig/ovn-controller
-diff --git a/rhel/usr_lib_systemd_system_ovn-northd.service b/rhel/usr_lib_systemd_system_ovn-northd.service
-index d281f861c..d5c7dfa5f 100644
---- a/rhel/usr_lib_systemd_system_ovn-northd.service
-+++ b/rhel/usr_lib_systemd_system_ovn-northd.service
-@@ -20,6 +20,7 @@ After=syslog.target
- [Service]
- Type=oneshot
- RemainAfterExit=yes
-+Environment=OVN_USER_ID=openvswitch:openvswitch
- Environment=OVN_RUNDIR=%t/ovn OVN_DBDIR=/var/lib/ovn
- EnvironmentFile=-/etc/sysconfig/ovn
- EnvironmentFile=-/etc/sysconfig/ovn-northd
--- 
-2.16.4
-

0001-Use-strongswan-for-openvswitch-ipsec-service.patch

@@ -9,19 +9,15 @@ time being.
  rhel/usr_lib_systemd_system_openvswitch-ipsec.service | 2 +-
  1 file changed, 1 insertion(+), 1 deletion(-)
 
-diff --git a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-index d8f47af68..3c4a40138 100644
---- a/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-+++ b/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
-@@ -7,7 +7,7 @@ After=openvswitch.service
+diff -Nur openvswitch-2.17.0/rhel/usr_lib_systemd_system_openvswitch-ipsec.service new/rhel/usr_lib_systemd_system_openvswitch-ipsec.service
+--- openvswitch-2.17.0/rhel/usr_lib_systemd_system_openvswitch-ipsec.service	2022-02-17 23:15:55.257680736 +0100
++++ new/rhel/usr_lib_systemd_system_openvswitch-ipsec.service	2022-02-26 02:22:12.429785364 +0100
+@@ -7,7 +7,7 @@
  Type=forking
- PIDFile=/var/run/openvswitch/ovs-monitor-ipsec.pid
+ PIDFile=/run/openvswitch/ovs-monitor-ipsec.pid
  ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
 -                    --ike-daemon=libreswan start-ovs-ipsec
 +                    --ike-daemon=strongswan start-ovs-ipsec
  ExecStop=/usr/share/openvswitch/scripts/ovs-ctl stop-ovs-ipsec
  
  [Install]
--- 
-2.16.4
-

install-ovsdb-tools.patch

@@ -0,0 +1,34 @@
+diff -Nur openvswitch-2.17.0/ovsdb/automake.mk new/ovsdb/automake.mk
+--- openvswitch-2.17.0/ovsdb/automake.mk	2022-02-17 23:15:55.240680736 +0100
++++ new/ovsdb/automake.mk	2022-02-27 20:21:59.358719903 +0100
+@@ -88,8 +88,9 @@
+ MAN_ROOTS += ovsdb/ovsdb-server.1.in
+ 
+ # ovsdb-idlc
+-noinst_SCRIPTS += ovsdb/ovsdb-idlc
++bin_SCRIPTS += ovsdb/ovsdb-idlc
+ EXTRA_DIST += ovsdb/ovsdb-idlc.in
++man_MANS += ovsdb/ovsdb-idlc.1
+ MAN_ROOTS += ovsdb/ovsdb-idlc.1
+ CLEANFILES += ovsdb/ovsdb-idlc
+ SUFFIXES += .ovsidl .ovsschema
+@@ -112,14 +113,18 @@
+ # at least for now.
+ $(OVSIDL_BUILT): ovsdb/ovsdb-idlc.in python/ovs/dirs.py
+ 
++# Some internal tools, but installed for e.g. depending projects like OVN
++ovsdbdir = $(pkgdatadir)/ovsdb
++ovsdb_SCRIPTS =
+ # ovsdb-doc
++ovsdb_SCRIPTS += ovsdb/ovsdb-doc
+ EXTRA_DIST += ovsdb/ovsdb-doc
+ OVSDB_DOC = $(run_python) $(srcdir)/ovsdb/ovsdb-doc
+ ovsdb/ovsdb-doc: python/ovs/dirs.py
+ 
+ # ovsdb-dot
+ EXTRA_DIST += ovsdb/ovsdb-dot.in ovsdb/dot2pic
+-noinst_SCRIPTS += ovsdb/ovsdb-dot
++ovsdb_SCRIPTS += ovsdb/ovsdb-dot
+ CLEANFILES += ovsdb/ovsdb-dot
+ OVSDB_DOT = $(run_python) $(srcdir)/ovsdb/ovsdb-dot.in
+ 

openvswitch-2.14.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:65f420f954e250d895fb2db22a132e1cb560bc5e2b9051e834511348108e597a
-size 7394648

openvswitch-2.17.0.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:e03bfab7ca82d81a7d3a36de4f390a3b5210e3f39657671f922877cd4ea6dc73
+size 7729001

openvswitch.changes

@@ -1,3 +1,103 @@
+-------------------------------------------------------------------
+Sun Feb 27 19:24:57 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Added install-ovsdb-tools.patch to install ovsdb tools required
+  for building OVN
+
+-------------------------------------------------------------------
+Sat Feb 26 22:11:06 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Enable multiple python3 flavor subpackages on Tumbleweed / Factory
+
+-------------------------------------------------------------------
+Sat Feb 26 00:56:03 UTC 2022 - Ferdinand Thiessen <rpm@fthiessen.de>
+
+- Update OVS to version 2.17.0
+  * Userspace datapath:
+    * Optimized flow lookups for datapath flows with simple match criteria.
+    * New per-interface configuration knob 'other_config:tx-steering'.
+    * Removed experimental tag for PMD Auto Load Balance.
+    * New configuration knob 'other_config:n-offload-threads' to change the
+      number of HW offloading threads.
+  * DPDK:
+    * EAL argument --socket-mem is no longer configured by default upon
+      start-up.  If dpdk-socket-mem and dpdk-alloc-mem are not specified,
+      DPDK defaults will be used.
+    * EAL argument --socket-limit no longer takes on the value of --socket-mem
+      by default.  'other_config:dpdk-socket-limit' can be set equal to
+      the 'other_config:dpdk-socket-mem' to preserve the legacy memory
+      limiting behavior.
+    * EAL argument --in-memory is applied by default if supported.
+    * Add support for DPDK 21.11.
+    * Forbid use of DPDK multiprocess feature.
+    * Add support for running threads on cores >= RTE_MAX_LCORE.
+  * Python: For SSL support, the use of the pyOpenSSL library has
+      been replaced with the native 'ssl' module.
+  * OVSDB:
+    * Python library for OVSDB clients now also supports faster
+      resynchronization with a clustered database after a brief disconnection,
+      i.e. 'monitor_cond_since' monitoring method.
+    * Major improvement in the performance of the OVSDB server.
+  * OpenFlow:
+    * Default selection method for select groups with up to 256 buckets is
+      now dp_hash.  Previously this was limited to 64 buckets.  This change
+      is mainly for the benefit of OVN load balancing configurations.
+    * Encap & Decap action support for MPLS packet type.
+- Update OVS to version 2.16.0
+  * Fix CVE-2021-36980 (boo#1188524)
+    openvswitch 2.11.0 through 2.15.0 has a use-after-free in
+    decode_NXAST_RAW_ENCAP (called from ofpact_decode and ofpacts_decode)
+    during the decoding of a RAW_ENCAP action
+  * Removed support for 1024-bit Diffie-Hellman key exchange
+  * Rate limiting configuration now supports setting packet-per-second
+    limits in addition to the previously configurable byte rate settings.
+  * OVSDB:
+    * Introduced new database service model - "relay".
+    * New command line options --record/--replay for ovsdb-server and
+      ovsdb-client to record and replay all the incoming transactions,
+      monitors, etc.
+    * The Python Idl class now has a cooperative_yield() method
+  * In ovs-vsctl and vtep-ctl, the "find" command now accept new
+    operators {in} and {not-in}.
+  * Various Userspace datapath improvements
+  * ovs-ctl:
+    * New option '--no-record-hostname' to disable hostname configuration
+      in ovsdb on startup.
+    * New command 'record-hostname-if-not-set' to update hostname in ovsdb.
+  * ovs-appctl: Added ability to add and delete static mac entries using:
+    'ovs-appctl fdb/add <bridge> <port> <vlan> <mac>'
+    'ovs-appctl fdb/del <bridge> <vlan> <mac>'
+  * Linux datapath:
+    * ovs-vswitchd will configure the kernel module using per-cpu dispatch
+      mode (if available). This changes the way upcalls are delivered to
+      user space in order to resolve a number of issues with per-vport dispatch.
+    * New vswitchd unixctl command `dpif-netlink/dispatch-mode` will return
+     the current dispatch mode for each datapath.
+- Update OVS to version 2.15.0
+   * OVSDB:
+     * Changed format in which ovsdb transactions are stored in
+       database files. Now each transaction contains diff of data
+       instead of the whole new value of a column.
+     * New unixctl command 'ovsdb-server/get-db-storage-status'
+     * New unixctl command 'ovsdb-server/memory-trim-on-compaction on|off'.
+     * Maximum backlog on RAFT connections limited to 500 messages or 4GB.
+   * DPDK: Removed support for vhost-user dequeue zero-copy.
+     * Add support for DPDK 20.11.
+   * The environment variable OVS_UNBOUND_CONF, if set, is now used
+     as the DNS resolver's (unbound) configuration file.
+   * Linux datapath: Support for kernel versions up to 5.8.x.
+   * Building the Linux kernel module from the OVS source tree is deprecated
+     * Support for the Linux kernel is capped at version 5.8
+     * Only bug fixes for the Linux OOT kernel module will be accepted.
+     * The Linux kernel module will be fully removed from the OVS source tree
+       in OVS branch 2.18
+- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
+- Drop upstream fixed 0001-Replace-deprecated-var-run-with-run.patch
+- Separated OVN
+  * Stand alone package, this enables better maintenance
+    especially updates.
+  * Drop 0001-Run-ovn-as-openvswitch-openvswitch.patch from OVN
+
 -------------------------------------------------------------------
 Mon May 10 10:28:32 UTC 2021 - Dirk Müller <dmueller@suse.com>
 

ovn-20.06.2.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:fe15215392fc110af3e5203c808ca2c1396864e14f986957b1846ddd60eafffd
-size 1114006