Accepting request 512973 from network

1 OBS-URL: https://build.opensuse.org/request/show/512973 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=15
2017-08-24 16:42:36 +00:00
parent 023bef9fe3 d1d940d22b
commit 603faa4fc2
5 changed files with 120 additions and 76 deletions
--- a/0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
+++ b/0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
@@ -1,33 +0,0 @@
 From 7b7b186a8d40fc6f287cef2582702181da74bdc3 Mon Sep 17 00:00:00 2001
 From: Ben Pfaff <blp@ovn.org>
 Date: Sat, 20 May 2017 16:38:24 -0700
 Subject: [PATCH] ofp-util: Fix buffer overread in
 ofputil_pull_queue_get_config_reply10().
 msg->size isn't the relevant measurement here because we're only supposed
 to read 'len' bytes.  Reading more than that causes 'len' to underflow to a
 large number at the end of the loop.
 Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
 Signed-off-by: Ben Pfaff <blp@ovn.org>
 Acked-by: Greg Rose <gvrose8192@gmail.com>
 ---
 lib/ofp-util.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/lib/ofp-util.c b/lib/ofp-util.c
 index db27abf8b..a6dd5dbdd 100644
 --- a/lib/ofp-util.c
 +++ b/lib/ofp-util.c
@@ -2598,7 +2598,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg,
         hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr);
         prop_len = ntohs(hdr->len);
 -        if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) {
 +        if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) {
             return OFPERR_OFPBRC_BAD_LEN;
         }
 -- 
 2.12.2
--- a/openvswitch-2.7.0.tar.gz
+++ b/openvswitch-2.7.0.tar.gz
@@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:e492cf08a929b4a2178b7f9b01dc4ff562f44138b547b4e942078187b2445d2e
 size 6149523
--- a/openvswitch-2.7.2.tar.gz
+++ b/openvswitch-2.7.2.tar.gz
@@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:fe36c86ed52f6f7c17b01cdbb7ae37bf521cc5c2e50997b618f3f742485f655b
 size 6192414
--- a/openvswitch.changes
+++ b/openvswitch.changes
@@ -1,3 +1,62 @@
 -------------------------------------------------------------------
 Thu Jul 27 13:05:42 UTC 2017 - mchandras@suse.de
 - Do not restart the ovs-vswitchd and ovsdb-server services
  on package updates (bsc#1002734)
 - Do not restart the ovs-vswitchd, ovsdb-server and openvswitch
  services on package removals. This facilitates potential future
  package moves but also preserves connectivity when the package is
  removed (bsc#1050896) 
 -------------------------------------------------------------------
 Wed Jul 19 07:32:59 UTC 2017 - mchandras@suse.de
 - Version bump to 2.7.2. Some of the changes are:
  * Revert "netdev: Fix netdev_open() to adhere to class type if given"
  * connmgr: Fix crash when in_band_create() fails.
  * db-ctl-base: Fix reference-following feature in get_row_by_id().
  * netdev: Fix crash when ifa_netmask is null.
  * ovn-controller: fix use-after-free in physical_run()
  * ovn-controller: avoid crash when vswitchd connection is lost
  * ovsdb-types: Fix memory leak on error path.
  * vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
  * netdev: Fix crash when interface option is changed to invalid value.
  * ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
  * configure: Fix check for rte_config.h to handle cross-compilation.
  * ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
  * ofp-print: Don't abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
 -------------------------------------------------------------------
 Sat Jul  8 20:42:27 UTC 2017 - jengelh@inai.de
 - Remove irrelevant wording from summaries/description.
  Diversify summaries.
 - Get rid of an empty if block by inverting the condition.
 - Implement shared library packaging guideline.
 -------------------------------------------------------------------
 Thu Jul  6 07:59:30 UTC 2017 - mchandras@suse.de
 - Version bump to 2.7.1. Some of the changes are:
  * Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
  * libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
    against libopenvswitch must be recompiled against the newer library.
  * ovs-ctl: allow passing user:group to daemons
  * ofproto/bond: Fix bond reconfiguration race condition
  * ofproto/bond: Fix bond post recirc rule leak.
  * ofproto/bond: fix interal flow leak of tcp-balance bond
  * mcast-snooping: Avoid segfault for vswitchd.
  * tun-metadata: Fix memory leak in tun_metadata_table_mod().
  * netdev-dpdk: Fix mempool segfault.
  * mirror: Allow concurrent lookups.
  * ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
  * ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
  * For the complete list of changes, please see:
    - https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
 - Remove upstreamed patch
  * 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
 - OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
 -------------------------------------------------------------------
 Sat May 27 08:39:25 UTC 2017 - mchandras@suse.de
--- a/openvswitch.spec
+++ b/openvswitch.spec
@@ -29,10 +29,12 @@
 # The testsuite is somewhat fragile for continuous testing in OBS
 # but keep it here as an option
 %bcond_with check
 %define lname libopenvswitch-2_7-1
 Name:           openvswitch
-Version:        2.7.0
+Version:        2.7.2
 Release:        0
-Summary:        An open source, production quality, multilayer virtual switch
+Summary:        A multilayer virtual network switch
 # All code is Apache-2.0 except
 # - lib/sflow* which is SISSL
 # - utilities/bugtool which is LGPL-2.1
@@ -42,10 +44,6 @@ Url:            http://openvswitch.org/
 Source0:        http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
 Source1:        preamble
 Source89:       Module.supported.updates
 # PATCh-FIX-UPSTREAM 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
 # Upstream fix (present in 2.7 branch) to fix CVE-2017-9214
 # See https://nvd.nist.gov/vuln/detail/CVE-2017-9214
 Patch1:         0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
 Patch99:        0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -100,12 +98,12 @@ BuildRequires:  libpcap-devel
 %endif
 %description
-Open vSwitch is a production quality, multilayer virtual switch licensed under
+Open vSwitch is a multilayer virtual network Ethernet switch. It is
-the open source Apache 2.0 license. It is designed to enable massive network automation
+enables network automation through programmatic extension, and
-through programmatic extension, while still supporting standard management interfaces
+supports standard management interfaces and protocols (e.g. NetFlow,
-and protocols (e.g. NetFlow, sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition,
+sFlow, RSPAN, ERSPAN, CLI, LACP, 802.1ag). In addition, it supports
-it is designed to support distribution across multiple physical servers similar to
+distribution across multiple physical servers similar to VMware’s
-VMware’s vNetwork distributed vswitch or Cisco’s Nexus 1000V.
+vNetwork distributed vswitch or Cisco’s Nexus 1000V.
 %if %{with kmp}
 %package kmp
@@ -119,11 +117,19 @@ BuildRequires:  %{kernel_module_package_buildreqs}
 Kernel modules supporting the openvswitch datapath.
 %endif
 %package -n %{lname}
 Summary:        Open vSwitch core libraries
 License:        Apache-2.0
 Group:          System/Libraries
 %description -n %{lname}
 Contains the shared libraries used by Open vSwitch and any eventual extensions.
 %package devel
-Summary:        Open vSwitch Devel Libraries
+Summary:        Development files for Open vSwitch
 License:        Apache-2.0
 Group:          Development/Libraries/C and C++
-Requires:       %{name} = %{version}
+Requires:       %{lname} = %{version}
 Provides:       %{name}-dpdk-devel = %{version}
 Obsoletes:      %{name}-dpdk-devel < %{version}
@@ -131,7 +137,7 @@ Obsoletes:      %{name}-dpdk-devel < %{version}
 Devel libraries and headers for Open vSwitch.
 %package ovn-central
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -147,7 +153,7 @@ native support for virtual network abstractions, such as virtual L2 and L3
 overlays and security groups.
 %package ovn-host
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network support for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -157,13 +163,10 @@ Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller
 Provides:       %{name}-ovn:%{_bindir}/ovn-controller
 %description ovn-host
-OVN, the Open Virtual Network, is a system to support virtual network
+This subpackage contains the OVN host controller.
 abstraction.  OVN complements the existing capabilities of OVS to add
 native support for virtual network abstractions, such as virtual L2 and L3
 overlays and security groups.
 %package ovn-vtep
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network VTEP controller for Open vSwitch
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -173,10 +176,10 @@ Provides:       %{name}-dpdk-ovn:%{_bindir}/ovn-controller-vtep
 Provides:       %{name}-ovn:%{_bindir}/ovn-controller-vtep
 %description ovn-vtep
-OVN vtep controller
+This subpackage contains the OVN VTEP (VXLAN Tunnel Endpoint) controller.
 %package ovn-common
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Open Virtual Network diagnostic utilities
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -190,7 +193,7 @@ Obsoletes:      %{name}-ovn < %{version}
 Utilities that are used to diagnose and manage the OVN components.
 %package ovn-docker
-Summary:        Open vSwitch - Open Virtual Network support
+Summary:        Docker network plugins for OVN
 License:        Apache-2.0
 Group:          Productivity/Networking/System
 Requires:       %{name} = %{version}
@@ -244,7 +247,7 @@ Requires:       python
 Requires:       python-six
 %description -n python-openvswitch
-This package contains the full Python bindings for Open vSwitch database.
+This package contains the Python bindings for Open vSwitch database.
 %package -n python-openvswitch-test
 Summary:        Python bindings for Open vSwitch
@@ -256,7 +259,7 @@ Requires:       python-openvswitch = %{version}
 Requires:       python-twisted
 %description -n python-openvswitch-test
-This package contains the full Python bindings for Open vSwitch database.
+This package contains the Python bindings for Open vSwitch database.
 %package test
 Summary:        Open vSwitch test package
@@ -271,14 +274,13 @@ Provides:       %{name}-dpdk-test = %{version}
 Obsoletes:      %{name}-dpdk-test < %{version}
 %description test
 Open vSwitch is a software-based Ethernet switch.
 This package contains utilities that are useful to diagnose
 performance and connectivity issues in Open vSwitch setup.
 Open vSwitch is a full-featured software-based Ethernet switch.
 %prep
 %setup -q -n openvswitch-%{version}
 %patch1 -p1
 %patch99 -p1
 %build
@@ -330,9 +332,8 @@ pushd source
 # Recheck tests before we declare them broken. If that fails, dump
 # the log and exit. >2.5.0 uses the RECHECK env variable so this
 # needs to be taken into consideration for future releases.
-if make check TESTSUITEFLAGS="%{?_smp_mflags}" ||
+if ! make check TESTSUITEFLAGS="%{?_smp_mflags}" &&
-   make check TESTSUITEFLAGS='--recheck'; then :;
+   ! make check TESTSUITEFLAGS='--recheck'; then
 else
    cat tests/testsuite.log
    exit 1
 fi
@@ -427,8 +428,6 @@ fi
 %postun
 /sbin/ldconfig
 %service_del_postun ovsdb-server.service
 %service_del_postun ovs-vswitchd.service
 # Do not restart the openvswitch service on package updates.
 # Restarting the service may break the existing network state.
 # For example, openflow rules are not automatically re-installed
@@ -437,9 +436,13 @@ fi
 # admin decide when it's the best time for an OvS restart.
 # 5771f476573445710834234a6a9f7bd999a027e7 ("fedora: do not restart the service on a pkg upgrade")
 export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovsdb-server.service
 %service_del_postun ovs-vswitchd.service
 %service_del_postun openvswitch.service
 %pre
 # This prevents networking breakages on package removals
 export DISABLE_STOP_ON_REMOVAL=yes
 %service_add_pre ovsdb-server.service
 %service_add_pre ovs-vswitchd.service
 %service_add_pre openvswitch.service
@@ -449,6 +452,9 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_preun ovs-vswitchd.service
 %service_del_preun openvswitch.service
 %post   -n %{lname} -p /sbin/ldconfig
 %postun -n %{lname} -p /sbin/ldconfig
 %pre ovn-central
 %service_add_pre ovn-northd.service
@@ -477,12 +483,21 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_preun ovn-controller-vtep.service
 %postun ovn-central
 # 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
 # automatically on pkg upgrade")
 export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-northd.service
 %postun ovn-host
 # 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
 # automatically on pkg upgrade")
 export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller.service
 %postun ovn-vtep
 # 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
 # automatically on pkg upgrade")
 export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller-vtep.service
 %preun test
@@ -526,10 +541,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovs-save
 %{_datadir}/openvswitch/scripts/ovs-dpdk-migrate-2.6.sh
 %{_datadir}/openvswitch/vswitch.ovsschema
 %{_libdir}/libofproto-2.so.*
 %{_libdir}/libopenvswitch-2.so.*
 %{_libdir}/libovsdb-2.so.*
 %{_libdir}/libsflow-2.so.*
 %{_mandir}/man1/ovsdb-client.1%{ext_man}
 %{_mandir}/man1/ovsdb-server.1%{ext_man}
 %{_mandir}/man1/ovsdb-tool.1%{ext_man}
@@ -560,6 +571,15 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_localstatedir}/adm/fillup-templates/sysconfig.openvswitch
 %dir %{_localstatedir}/log/openvswitch
 %files -n %{lname}
 %defattr(-,root,root)
 %{_libdir}/libofproto-2*.so.*
 %{_libdir}/libopenvswitch-2*.so.*
 %{_libdir}/libovsdb-2*.so.*
 %{_libdir}/libsflow-2*.so.*
 %{_libdir}/libovn-2*.so.*
 %{_libdir}/libvtep-2*.so.*
 %files pki
 %defattr(-,root,root)
 %{_mandir}/man8/ovs-pki.8%{ext_man}
@@ -572,7 +592,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_mandir}/man8/vtep-ctl.8%{ext_man}
 %{_datadir}/openvswitch/scripts/ovs-vtep
 %{_datadir}/openvswitch/vtep.ovsschema
 %{_libdir}/libvtep-2.so.*
 %files -n python-openvswitch
 %defattr(-,root,root)
@@ -597,7 +616,6 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-show
 %{_libdir}/libovn-2.so.*
 %{_mandir}/man5/ovn-nb.5%{ext_man}
 %{_mandir}/man5/ovn-sb.5%{ext_man}
 %{_mandir}/man7/ovn-architecture.7%{ext_man}