Accepting request 871483 from network

OBS-URL: https://build.opensuse.org/request/show/871483 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/openvswitch?expand=0&rev=54
2021-02-15 22:17:11 +00:00 · 2021-02-15 22:17:11 +00:00 · 4551c30a0e
commit 4551c30a0e
parent eb3c9164d6 12d7ab0ed5
6 changed files with 17 additions and 116 deletions
--- a/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
+++ b/0001-ipsec-Fix-Strongswan-configuration-syntax.patch
@ -1,56 +0,0 @@
 From 0723a7b85fa446bbe372567f9e06869041982e9b Mon Sep 17 00:00:00 2001
 From: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
 Date: Wed, 8 Apr 2020 11:47:20 +0100
 Subject: [PATCH 1/2] ipsec: Fix Strongswan configuration syntax.
 Strongswan seems to have .opt files in the source tree with the dotted
 option syntax. It seems that up until version 5.6, the syntax was also
 accepted by Strongswan.
 However, the .opt files are converted to .conf files during Strongswan
 build, and the dotted syntax is no longer accepted by Strongswan (tested
 on 5.8.2).
 The effect was that the ovs ipsec monitor fails to start Strongswan,
 since that complains with:
 /etc/strongswan.d/ovs.conf:4: syntax error, unexpected ., expecting : or '{' or '=' [.]
 This commit fixes the configuration file provided to Strongswan to .conf
 syntax.
 Signed-off-by: Boleslaw Tokarski <boleslaw.tokarski@jollamobile.com>
 Signed-off-by: Ilya Maximets <i.maximets@ovn.org>
 ---
 ipsec/ovs-monitor-ipsec.in | 16 ++++++++++++----
 1 file changed, 12 insertions(+), 4 deletions(-)
 diff --git a/ipsec/ovs-monitor-ipsec.in b/ipsec/ovs-monitor-ipsec.in
 index 37e370324..da8b92b6c 100755
 --- a/ipsec/ovs-monitor-ipsec.in
 +++ b/ipsec/ovs-monitor-ipsec.in
@@ -145,10 +145,18 @@ class StrongSwanHelper(object):
     """This class does StrongSwan specific configurations."""
     STRONGSWAN_CONF = """%s
 -charon.plugins.kernel-netlink.set_proto_port_transport_sa = yes
 -charon.plugins.kernel-netlink.xfrm_ack_expires = 10
 -charon.load_modular = yes
 -charon.plugins.gcm.load = yes
 +charon {
 +  plugins {
 +    kernel-netlink {
 +      set_proto_port_transport_sa = yes
 +      xfrm_ack_expires = 10
 +    }
 +    gcm {
 +      load = yes
 +    }
 +  }
 +  load_modular = yes
 +}
 """ % (FILE_HEADER)
     CONF_HEADER = """%s
 -- 
 2.26.2
--- a/0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
+++ b/0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
@ -1,48 +0,0 @@
 From c349652c106b4c4e54e5a4a2f05546d35a801601 Mon Sep 17 00:00:00 2001
 From: =?UTF-8?q?Jaime=20Caama=C3=B1o=20Ruiz?= <jcaamano@suse.com>
 Date: Tue, 5 May 2020 18:41:30 +0200
 Subject: [PATCH] rhel: Fix reload of OVS_USER_ID on startup
 MIME-Version: 1.0
 Content-Type: text/plain; charset=UTF-8
 Content-Transfer-Encoding: 8bit
 OVS_USER_ID was being picked up from a previously existing
 openvswitch.useropts rendering innefective any configuration change
 through sysconfig.
 There is no explicit ordering between Exec* and Environment* stanzas of
 systemd, full enviroment is always reloaded before each Exec. We make
 sure that openvswitch.useropts is removed first so that a fresh
 OVS_USER_ID can be picked up from config.
 Signed-off-by: Jaime Caamaño Ruiz <jcaamano@suse.com>
 ---
 rhel/usr_lib_systemd_system_ovsdb-server.service | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)
 diff --git a/rhel/usr_lib_systemd_system_ovsdb-server.service b/rhel/usr_lib_systemd_system_ovsdb-server.service
 index 4c170c09b..98338b9df 100644
 --- a/rhel/usr_lib_systemd_system_ovsdb-server.service
 +++ b/rhel/usr_lib_systemd_system_ovsdb-server.service
@@ -11,10 +11,16 @@ PIDFile=/var/run/openvswitch/ovsdb-server.pid
 Restart=on-failure
 EnvironmentFile=/etc/openvswitch/default.conf
 EnvironmentFile=-/etc/sysconfig/openvswitch
 +EnvironmentFile=-/run/openvswitch.useropts
 +
 +# Environment is reloaded for each Exec*, make sure to
 +# remove openvswitch.useropts first to reload a fresh
 +# OVS_USER_ID from default.conf or sysconfig.
 +ExecStartPre=/usr/bin/rm -f /run/openvswitch.useropts
 +
 ExecStartPre=-/usr/bin/chown ${OVS_USER_ID} /var/run/openvswitch /var/log/openvswitch
 -ExecStartPre=/bin/sh -c 'rm -f /run/openvswitch.useropts; /usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
 +ExecStartPre=/bin/sh -c '/usr/bin/echo "OVS_USER_ID=${OVS_USER_ID}" > /run/openvswitch.useropts'
 ExecStartPre=/bin/sh -c 'if [ "$${OVS_USER_ID/:*/}" != "root" ]; then /usr/bin/echo "OVS_USER_OPT=--ovs-user=${OVS_USER_ID}" >> /run/openvswitch.useropts; fi'
 -EnvironmentFile=-/run/openvswitch.useropts
 ExecStart=/usr/share/openvswitch/scripts/ovs-ctl \
           --no-ovs-vswitchd --no-monitor --system-id=random \
           ${OVS_USER_OPT} \
 -- 
 2.16.4
--- a/openvswitch-2.14.0.tar.gz
+++ b/openvswitch-2.14.0.tar.gz
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:4171e52a8c0ffe160c1daa6687219d902a2a6969b296d223d8dac980ab99a260
 size 7359886
--- a/openvswitch-2.14.2.tar.gz
+++ b/openvswitch-2.14.2.tar.gz
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:65f420f954e250d895fb2db22a132e1cb560bc5e2b9051e834511348108e597a
 size 7394648
--- a/openvswitch.changes
+++ b/openvswitch.changes
@ -1,3 +1,14 @@
 -------------------------------------------------------------------
 Fri Feb 12 10:36:03 UTC 2021 - Jaime Caamaño Ruiz <jcaamano@suse.com>
 - Update openvswitch to 2.14.2. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS 
  Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
  (bsc#1181742). 
 - Removed patches no longer applying to code base:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
 -------------------------------------------------------------------
 Tue Nov  3 10:50:49 UTC 2020 - Jaime Caamaño Ruiz <jcaamano@suse.com>
--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -1,7 +1,7 @@
 #
 # spec file for package openvswitch
 #
-# Copyright (c) 2020 SUSE LLC
+# Copyright (c) 2021 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@ -19,7 +19,7 @@
 %define ovs_lname libopenvswitch-2_14-0
 %define ovn_lname libovn-20_06-0
-%define ovs_version 2.14.0
+%define ovs_version 2.14.2
 %define ovn_version 20.06.2
 %define ovs_dir ovs-%{ovs_version}
 %define ovn_dir ovn-%{ovn_version}
@ -66,12 +66,8 @@ Patch0:         0001-Use-strongswan-for-openvswitch-ipsec-service.patch
 Patch1:         0001-Run-openvswitch-as-openvswitch-openvswitch.patch
 # PATCH-FIX-OPENSUSE: 0001-Don-t-change-permissions-of-dev-hugepages.patch
 Patch2:         0001-Don-t-change-permissions-of-dev-hugepages.patch
 # PATCH-FIX-UPSTREAM: 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
 Patch3:         0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
 # PATCH-FIX-OPENSUSE: 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
-Patch4:         0001-Use-double-hash-for-OVS_USER_ID-comment.patch
+Patch3:         0001-Use-double-hash-for-OVS_USER_ID-comment.patch
 # PATCH-FIX-UPSTREAM: 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
 Patch5:         0001-ipsec-Fix-Strongswan-configuration-syntax.patch
 #OVN patches
 # PATCH-FIX-OPENSUSE: 0001-Run-ovn-as-openvswitch-openvswitch.patch
 Patch20:        0001-Run-ovn-as-openvswitch-openvswitch.patch
@ -399,8 +395,6 @@ Devel libraries and headers for Open Virtual Network.
 %patch1 -p1
 %patch2 -p1
 %patch3 -p1
 %patch4 -p1
 %patch5 -p1
 cd %{ovn_dir}
 %patch20 -p1