Accepting request 512973 from network

1 OBS-URL: https://build.opensuse.org/request/show/512973 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=15
2017-08-24 16:42:36 +00:00
parent 023bef9fe3 d1d940d22b
commit 603faa4fc2
5 changed files with 120 additions and 76 deletions
--- a/0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
+++ b/0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
@@ -1,33 +0,0 @@
-From 7b7b186a8d40fc6f287cef2582702181da74bdc3 Mon Sep 17 00:00:00 2001
-From: Ben Pfaff <blp@ovn.org>
-Date: Sat, 20 May 2017 16:38:24 -0700
-Subject: [PATCH] ofp-util: Fix buffer overread in
- ofputil_pull_queue_get_config_reply10().
-
-msg->size isn't the relevant measurement here because we're only supposed
-to read 'len' bytes.  Reading more than that causes 'len' to underflow to a
-large number at the end of the loop.
-
-Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
-Signed-off-by: Ben Pfaff <blp@ovn.org>
-Acked-by: Greg Rose <gvrose8192@gmail.com>
---
- lib/ofp-util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/ofp-util.c b/lib/ofp-util.c
-index db27abf8b..a6dd5dbdd 100644
--- a/lib/ofp-util.c
-+++ b/lib/ofp-util.c
-@@ -2598,7 +2598,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg,
- 
-         hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr);
-         prop_len = ntohs(hdr->len);
-        if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) {
-+        if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) {
-             return OFPERR_OFPBRC_BAD_LEN;
-         }
- 
-- 
-2.12.2
-
--- a/openvswitch-2.7.0.tar.gz
+++ b/openvswitch-2.7.0.tar.gz
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e492cf08a929b4a2178b7f9b01dc4ff562f44138b547b4e942078187b2445d2e
-size 6149523
--- a/openvswitch-2.7.2.tar.gz
+++ b/openvswitch-2.7.2.tar.gz
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:fe36c86ed52f6f7c17b01cdbb7ae37bf521cc5c2e50997b618f3f742485f655b
+size 6192414
--- a/openvswitch.changes
+++ b/openvswitch.changes
@@ -1,3 +1,62 @@
+-------------------------------------------------------------------
+Thu Jul 27 13:05:42 UTC 2017 - mchandras@suse.de
+
+- Do not restart the ovs-vswitchd and ovsdb-server services
+  on package updates (bsc#1002734)
+- Do not restart the ovs-vswitchd, ovsdb-server and openvswitch
+  services on package removals. This facilitates potential future
+  package moves but also preserves connectivity when the package is
+  removed (bsc#1050896) 
+
+-------------------------------------------------------------------
+Wed Jul 19 07:32:59 UTC 2017 - mchandras@suse.de
+
+- Version bump to 2.7.2. Some of the changes are:
+  * Revert "netdev: Fix netdev_open() to adhere to class type if given"
+  * connmgr: Fix crash when in_band_create() fails.
+  * db-ctl-base: Fix reference-following feature in get_row_by_id().
+  * netdev: Fix crash when ifa_netmask is null.
+  * ovn-controller: fix use-after-free in physical_run()
+  * ovn-controller: avoid crash when vswitchd connection is lost
+  * ovsdb-types: Fix memory leak on error path.
+  * vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
+  * netdev: Fix crash when interface option is changed to invalid value.
+  * ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
+  * configure: Fix check for rte_config.h to handle cross-compilation.
+  * ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
+  * ofp-print: Don't abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
+
+-------------------------------------------------------------------
+Sat Jul  8 20:42:27 UTC 2017 - jengelh@inai.de
+
+- Remove irrelevant wording from summaries/description.
+  Diversify summaries.
+- Get rid of an empty if block by inverting the condition.
+- Implement shared library packaging guideline.
+
+-------------------------------------------------------------------
+Thu Jul  6 07:59:30 UTC 2017 - mchandras@suse.de
+
+- Version bump to 2.7.1. Some of the changes are:
+  * Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+  * libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
+    against libopenvswitch must be recompiled against the newer library.
+  * ovs-ctl: allow passing user:group to daemons
+  * ofproto/bond: Fix bond reconfiguration race condition
+  * ofproto/bond: Fix bond post recirc rule leak.
+  * ofproto/bond: fix interal flow leak of tcp-balance bond
+  * mcast-snooping: Avoid segfault for vswitchd.
+  * tun-metadata: Fix memory leak in tun_metadata_table_mod().
+  * netdev-dpdk: Fix mempool segfault.
+  * mirror: Allow concurrent lookups.
+  * ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
+  * ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
+  * For the complete list of changes, please see:
+    - https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
+- Remove upstreamed patch
+  * 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
+- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
+
 -------------------------------------------------------------------
 Sat May 27 08:39:25 UTC 2017 - mchandras@suse.de

--- a/openvswitch.spec
+++ b/openvswitch.spec
@@ -29,10 +29,12 @@
 # The testsuite is somewhat fragile for continuous testing in OBS
 # but keep it here as an option
 %bcond_with check
+%define lname libopenvswitch-2_7-1
+
 Name:           openvswitch
-Version:        2.7.0
+Version:        2.7.2
 Release:        0
-Summary:        An open source, production quality, multilayer virtual switch
+Summary:        A multilayer virtual network switch
 # All code is Apache-2.0 except
 # - lib/sflow* which is SISSL
 # - utilities/bugtool which is LGPL-2.1
@@ -42,10 +44,6 @@ Url:            http://openvswitch.org/
 Source0:        http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
 Source1:        preamble
 Source89:       Module.supported.updates
-# PATCh-FIX-UPSTREAM 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
-# Upstream fix (present in 2.7 branch) to fix CVE-2017-9214
-# See https://nvd.nist.gov/vuln/detail/CVE-2017-9214
-Patch1:         0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
 Patch99:        0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -100,12 +98,12 @@ BuildRequires:  libpcap-devel
 %endif

 %description
-Open vSwitch is a production quality, multilayer virtual switch licensed under
-the open source Apache 2.0 license. It is designed to enable massive network automation
-through programmatic extension, while still supporting standard management interfaces
-and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition,
-it is designed to support distribution across multiple physical servers similar to
-VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V.
+Open vSwitch is a multilayer virtual network Ethernet switch. It is
+enables network automation through programmatic extension, and
+supports standard management interfaces and protocols (e.g. NetFlow,
+sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it supports
+distribution across multiple physical servers similar to VMware’s
+vNetwork distributed vswitch or Cisco’s Nexus 1000V.

 %if %{with kmp}
 %package kmp
@@ -119,11 +117,19 @@ BuildRequires:  %{kernel_module_package_buildreqs}
 Kernel modules supporting the openvswitch datapath.
 %endif

+%package -n %{lname}
+Summary:        Open vSwitch core libraries
+License:        Apache-2.0
+Group:          System/Libraries
+
+%description -n %{lname}
+Contains the shared libraries used by Open vSwitch and any eventual extensions.
+
 %package devel
-Summary:        Open vSwitch Devel Libraries
+Summary:        Development files for Open vSwitch
 License:        Apache-2.0
 Group:          Development/Libraries/C and C++
-Requires:       %{name} = %{version}
+Requires:       %{lname} = %{version}
 Provides:       %{name}-dpdk-devel = %{version}
 Obsoletes:      %{name}-dpdk-devel < %{version}

@@ -131,7 +137,7 @@ Obsoletes:      %{name}-dpdk-devel < %{version}
 Devel libraries and headers for Open vSwitch.

 %package ovn-central
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -147,7 +153,7 @@ native support for virtual network abstractions, such as virtual L2 and L3
 overlays and security groups.

 %package ovn-host
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -157,13 +163,10 @@ Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller
 Provides:       %{name}-ovn:%{_bindir}/ovn-controller

 %description ovn-host
-OVN, the Open Virtual Network, is a system to support virtual network
-abstraction.  OVN complements the existing capabilities of OVS to add
-native support for virtual network abstractions, such as virtual L2 and L3
-overlays and security groups.
+This subpackage contains the OVN host controller.

 %package ovn-vtep
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network VTEP controller for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -173,10 +176,10 @@ Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller-vtep
 Provides:       %{name}-ovn:%{_bindir}/ovn-controller-vtep

 %description ovn-vtep
-OVN vtep controller
+This subpackage contains the OVN VTEP (VXLAN Tunnel Endpoint) controller.

 %package ovn-common
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network diagnostic utilities
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -190,7 +193,7 @@ Obsoletes:      %{name}-ovn < %{version}
 Utilities that are used to diagnose and manage the OVN components.

 %package ovn-docker
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Docker network plugins for OVN
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -244,7 +247,7 @@ Requires:       python
 Requires:       python-six

 %description -n python-openvswitch
-This package contains the full Python bindings for Open vSwitch database.
+This package contains the Python bindings for Open vSwitch database.

 %package -n python-openvswitch-test
 Summary:        Python bindings for Open vSwitch
@@ -256,7 +259,7 @@ Requires:       python-openvswitch = %{version}
 Requires:       python-twisted

 %description -n python-openvswitch-test
-This package contains the full Python bindings for Open vSwitch database.
+This package contains the Python bindings for Open vSwitch database.

 %package test
 Summary:        Open vSwitch test package
@@ -271,14 +274,13 @@ Provides:       %{name}-dpdk-test = %{version}
 Obsoletes:      %{name}-dpdk-test < %{version}

 %description test
+Open vSwitch is a software-based Ethernet switch.
+
 This package contains utilities that are useful to diagnose
 performance and connectivity issues in Open vSwitch setup.

-Open vSwitch is a full-featured software-based Ethernet switch.
-
 %prep
 %setup -q -n openvswitch-%{version}
-%patch1 -p1
 %patch99 -p1

 %build
@@ -330,9 +332,8 @@ pushd source
 # Recheck tests before we declare them broken. If that fails, dump
 # the log and exit. >2.5.0 uses the RECHECK env variable so this
 # needs to be taken into consideration for future releases.
-if make check TESTSUITEFLAGS="%{?_smp_mflags}" ||
-   make check TESTSUITEFLAGS='--recheck'; then :;
-else
+if ! make check TESTSUITEFLAGS="%{?_smp_mflags}" &&
+   ! make check TESTSUITEFLAGS='--recheck'; then
    cat tests/testsuite.log
    exit 1
 fi
@@ -427,8 +428,6 @@ fi

 %postun
 /sbin/ldconfig
-%service_del_postun ovsdb-server.service
-%service_del_postun ovs-vswitchd.service
 # Do not restart the openvswitch service on package updates.
 # Restarting the service may break the existing network state.
 # For example, openflow rules are not automatically re-installed
@@ -437,9 +436,13 @@ fi
 # admin decide when it's the best time for an OvS restart.
 # 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the service on a pkg upgrade")
 export DISABLE_RESTART_ON_UPDATE=yes
+%service_del_postun ovsdb-server.service
+%service_del_postun ovs-vswitchd.service
 %service_del_postun openvswitch.service

 %pre
+# This prevents networking breakages on package removals
+export DISABLE_STOP_ON_REMOVAL=yes
 %service_add_pre ovsdb-server.service
 %service_add_pre ovs-vswitchd.service
 %service_add_pre openvswitch.service
@@ -449,6 +452,9 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_preun ovs-vswitchd.service
 %service_del_preun openvswitch.service

+%post   -n %{lname} -p /sbin/ldconfig
+%postun -n %{lname} -p /sbin/ldconfig
+
 %pre ovn-central
 %service_add_pre ovn-northd.service

@@ -477,12 +483,21 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_preun ovn-controller-vtep.service

 %postun ovn-central
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-northd.service

 %postun ovn-host
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller.service

 %postun ovn-vtep
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller-vtep.service

 %preun test
@@ -526,10 +541,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovs-save
 %{_datadir}/openvswitch/scripts/ovs-dpdk-migrate-2.6.sh
 %{_datadir}/openvswitch/vswitch.ovsschema
-%{_libdir}/libofproto-2.so.*
-%{_libdir}/libopenvswitch-2.so.*
-%{_libdir}/libovsdb-2.so.*
-%{_libdir}/libsflow-2.so.*
 %{_mandir}/man1/ovsdb-client.1%{ext_man}
 %{_mandir}/man1/ovsdb-server.1%{ext_man}
 %{_mandir}/man1/ovsdb-tool.1%{ext_man}
@@ -560,6 +571,15 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_localstatedir}/adm/fillup-templates/sysconfig.openvswitch
 %dir %{_localstatedir}/log/openvswitch

+%files -n %{lname}
+%defattr(-,root,root)
+%{_libdir}/libofproto-2*.so.*
+%{_libdir}/libopenvswitch-2*.so.*
+%{_libdir}/libovsdb-2*.so.*
+%{_libdir}/libsflow-2*.so.*
+%{_libdir}/libovn-2*.so.*
+%{_libdir}/libvtep-2*.so.*
+
 %files pki
 %defattr(-,root,root)
 %{_mandir}/man8/ovs-pki.8%{ext_man}
@@ -572,7 +592,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_mandir}/man8/vtep-ctl.8%{ext_man}
 %{_datadir}/openvswitch/scripts/ovs-vtep
 %{_datadir}/openvswitch/vtep.ovsschema
-%{_libdir}/libvtep-2.so.*

 %files -n python-openvswitch
 %defattr(-,root,root)
@@ -597,7 +616,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-show
-%{_libdir}/libovn-2.so.*
 %{_mandir}/man5/ovn-nb.5%{ext_man}
 %{_mandir}/man5/ovn-sb.5%{ext_man}
 %{_mandir}/man7/ovn-architecture.7%{ext_man}