Accepting request 871483 from network

OBS-URL: https://build.opensuse.org/request/show/871483 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=54
2021-02-15 22:17:11 +00:00 · 2021-02-15 22:17:11 +00:00 · 4551c30a0e
commit 4551c30a0e
parent eb3c9164d6 12d7ab0ed5
6 changed files with 17 additions and 116 deletions
--- a/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+++ b/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
@ -1,56 +0,0 @@
-From 0723a7b85fa446bbe372567f9e06869041982e9b Mon Sep 17 00:00:00 2001
-From: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
-Date: Wed, 8 Apr 2020 11:47:20 +0100
-Subject: [PATCH 1/2] ipsec: Fix Strongswan configuration syntax.
-
-Strongswan seems to have .opt files in the source tree with the dotted
-option syntax. It seems that up until version 5.6, the syntax was also
-accepted by Strongswan.
-
-However, the .opt files are converted to .conf files during Strongswan
-build, and the dotted syntax is no longer accepted by Strongswan (tested
-on 5.8.2).
-
-The effect was that the ovs ipsec monitor fails to start Strongswan,
-since that complains with:
-/etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]
-
-This commit fixes the configuration file provided to Strongswan to .conf
-syntax.
-
-Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
-Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
---
- ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++----
- 1 file changed, 12 insertions(+), 4 deletions(-)
-
-diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
-index 37e370324..da8b92b6c 100755
--- a/ipsec/ovs-monitor-ipsec.in
-+++ b/ipsec/ovs-monitor-ipsec.in
-@@ -145,10 +145,18 @@ class StrongSwanHelper(object):
-     """This class does StrongSwan specific configurations."""
- 
-     STRONGSWAN_CONF = """%s
-charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
-charon.plugins.kernel-netlink.xfrm_ack_expires = 10
-charon.load_modular = yes
-charon.plugins.gcm.load = yes
-+charon {
-+  plugins {
-+    kernel-netlink {
-+      set_proto_port_transport_sa = yes
-+      xfrm_ack_expires = 10
-+    }
-+    gcm {
-+      load = yes
-+    }
-+  }
-+  load_modular = yes
-+}
- """ % (FILE_HEADER)
- 
-     CONF_HEADER = """%s
-- 
-2.26.2
-
--- a/0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+++ b/0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
@ -1,48 +0,0 @@
-From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
-Date: Tue, 5 May 2020 18:41:30 +0200
-Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-OVS_USER_ID was being picked up from a previously existing
-openvswitch.useropts rendering innefective any configuration change
-through sysconfig.
-
-There is no explicit ordering between Exec* and Environment* stanzas of
-systemd, full enviroment is always reloaded before each Exec. We make
-sure that openvswitch.useropts is removed first so that a fresh
-OVS_USER_ID can be picked up from config.
-
-Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
---
- rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++--
- 1 file changed, 8 insertions(+), 2 deletions(-)
-
-diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service
-index 4c170c09b..98338b9df 100644
--- a/rhel/usr_lib_systemd_system_ovsdb-server.service
-+++ b/rhel/usr_lib_systemd_system_ovsdb-server.service
-@@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid
- Restart=on-failure
- EnvironmentFile=/etc/openvswitch/default.conf
- EnvironmentFile=-/etc/sysconfig/openvswitch
-+EnvironmentFile=-/run/openvswitch.useropts
-+
-+# Environment is reloaded for each Exec*, make sure to
-+# remove openvswitch.useropts first to reload a fresh
-+# OVS_USER_ID from default.conf or sysconfig.
-+ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts
-+
- ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
-ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
-+ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
- ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
-EnvironmentFile=-/run/openvswitch.useropts
- ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
-           --no-ovs-vswitchd --no-monitor --system-id=random \
-           ${OVS_USER_OPT} \
-- 
-2.16.4
-
--- a/openvswitch-2.14.0.tar.gz
+++ b/openvswitch-2.14.0.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:4171e52a8c0ffe160c1daa6687219d902a2a6969b296d223d8dac980ab99a260
-size 7359886
--- a/openvswitch-2.14.2.tar.gz
+++ b/openvswitch-2.14.2.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:65f420f954e250d895fb2db22a132e1cb560bc5e2b9051e834511348108e597a
+size 7394648
--- a/openvswitch.changes
+++ b/openvswitch.changes
@ -1,3 +1,14 @@
+-------------------------------------------------------------------
+Fri Feb 12 10:36:03 UTC 2021 - Jaime Caamaño Ruiz <jcaamano@suse.com>
+
+- Update openvswitch to 2.14.2. For a list of changes, check
+  https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS 
+  Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
+  (bsc#1181742). 
+- Removed patches no longer applying to code base:
+  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+
 -------------------------------------------------------------------
 Tue Nov  3 10:50:49 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>

--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openvswitch
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@

 %define ovs_lname libopenvswitch-2_14-0
 %define ovn_lname libovn-20_06-0
-%define ovs_version 2.14.0
+%define ovs_version 2.14.2
 %define ovn_version 20.06.2
 %define ovs_dir ovs-%{ovs_version}
 %define ovn_dir ovn-%{ovn_version}
@ -66,12 +66,8 @@ Patch0:         0001-Use-strongswan-for-openvswitch-ipsec-service.patch
 Patch1:         0001-Run-openvswitch-as-openvswitch-openvswitch.patch
 # PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch
 Patch2:         0001-Don-t-change-permissions-of-dev-hugepages.patch
-# PATCH-FIX-UPSTREAM: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
-Patch3:         0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
 # PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-Patch4:         0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-# PATCH-FIX-UPSTREAM: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
-Patch5:         0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+Patch3:         0001-Use-double-hash-for-OVS_USER_ID-comment.patch
 #OVN patches
 # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
 Patch20:        0001-Run-ovn-as-openvswitch-openvswitch.patch
@ -399,8 +395,6 @@ Devel libraries and headers for Open Virtual Network.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
-%patch4 -p1
-%patch5 -p1
 cd %{ovn_dir}
 %patch20 -p1