Accepting request 508719 from home:markoschandras:network

- Version bump to 2.7.1. Some of the changes are:
  * Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
  * libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
    against libopenvswitch must be recompiled against the newer library.
  * ovs-ctl: allow passing user:group to daemons
  * ofproto/bond: Fix bond reconfiguration race condition
  * ofproto/bond: Fix bond post recirc rule leak.
  * ofproto/bond: fix interal flow leak of tcp-balance bond
  * mcast-snooping: Avoid segfault for vswitchd.
  * tun-metadata: Fix memory leak in tun_metadata_table_mod().
  * netdev-dpdk: Fix mempool segfault.
  * mirror: Allow concurrent lookups.
  * ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
  * ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
  * For the complete list of changes, please see:
    - https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
- Remove upstreamed patch
  * 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)

OBS-URL: https://build.opensuse.org/request/show/508719
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=116

0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch

@@ -1,33 +0,0 @@
-From 7b7b186a8d40fc6f287cef2582702181da74bdc3 Mon Sep 17 00:00:00 2001
-From: Ben Pfaff <blp@ovn.org>
-Date: Sat, 20 May 2017 16:38:24 -0700
-Subject: [PATCH] ofp-util: Fix buffer overread in
- ofputil_pull_queue_get_config_reply10().
-
-msg->size isn't the relevant measurement here because we're only supposed
-to read 'len' bytes.  Reading more than that causes 'len' to underflow to a
-large number at the end of the loop.
-
-Reported-by: Bhargava Shastry <bshastry@sec.t-labs.tu-berlin.de>
-Signed-off-by: Ben Pfaff <blp@ovn.org>
-Acked-by: Greg Rose <gvrose8192@gmail.com>
----
- lib/ofp-util.c | 2 +-
- 1 file changed, 1 insertion(+), 1 deletion(-)
-
-diff --git a/lib/ofp-util.c b/lib/ofp-util.c
-index db27abf8b..a6dd5dbdd 100644
---- a/lib/ofp-util.c
-+++ b/lib/ofp-util.c
-@@ -2598,7 +2598,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg,
- 
-         hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr);
-         prop_len = ntohs(hdr->len);
--        if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) {
-+        if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) {
-             return OFPERR_OFPBRC_BAD_LEN;
-         }
- 
--- 
-2.12.2
-

openvswitch-2.7.0.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e492cf08a929b4a2178b7f9b01dc4ff562f44138b547b4e942078187b2445d2e
-size 6149523

openvswitch-2.7.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:b0458cb2a7206f8e5802a524297c9f0569c01ae4bf91037a4dff37dcd0e2a84a
+size 6186107

openvswitch.changes

@@ -1,3 +1,26 @@
+-------------------------------------------------------------------
+Thu Jul  6 07:59:30 UTC 2017 - mchandras@suse.de
+
+- Version bump to 2.7.1. Some of the changes are:
+  * Add --cleanup option to command 'ovs-appctl exit' (see ovs-vswitchd(8)).
+  * libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built
+    against libopenvswitch must be recompiled against the newer library.
+  * ovs-ctl: allow passing user:group to daemons
+  * ofproto/bond: Fix bond reconfiguration race condition
+  * ofproto/bond: Fix bond post recirc rule leak.
+  * ofproto/bond: fix interal flow leak of tcp-balance bond
+  * mcast-snooping: Avoid segfault for vswitchd.
+  * tun-metadata: Fix memory leak in tun_metadata_table_mod().
+  * netdev-dpdk: Fix mempool segfault.
+  * mirror: Allow concurrent lookups.
+  * ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
+  * ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
+  * For the complete list of changes, please see:
+    - https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1
+- Remove upstreamed patch
+  * 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
+- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
+
 -------------------------------------------------------------------
 Sat May 27 08:39:25 UTC 2017 - mchandras@suse.de
 

openvswitch.spec

@@ -30,7 +30,7 @@
 # but keep it here as an option
 %bcond_with check
 Name:           openvswitch
-Version:        2.7.0
+Version:        2.7.1
 Release:        0
 Summary:        An open source, production quality, multilayer virtual switch
 # All code is Apache-2.0 except
@@ -42,10 +42,6 @@ Url:            http://openvswitch.org/
 Source0:        http://openvswitch.org/releases/openvswitch-%{version}.tar.gz
 Source1:        preamble
 Source89:       Module.supported.updates
-# PATCh-FIX-UPSTREAM 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
-# Upstream fix (present in 2.7 branch) to fix CVE-2017-9214
-# See https://nvd.nist.gov/vuln/detail/CVE-2017-9214
-Patch1:         0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
 Patch99:        0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
 BuildRequires:  autoconf
 BuildRequires:  automake
@@ -278,7 +274,6 @@ Open vSwitch is a full-featured software-based Ethernet switch.
 
 %prep
 %setup -q -n openvswitch-%{version}
-%patch1 -p1
 %patch99 -p1
 
 %build
@@ -477,12 +472,21 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_preun ovn-controller-vtep.service
 
 %postun ovn-central
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-northd.service
 
 %postun ovn-host
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller.service
 
 %postun ovn-vtep
+# 44dd4cc49c8a4f9413baa822f111686fd8964160 ("fedora: do not restart ovn svcs
+# automatically on pkg upgrade")
+export DISABLE_RESTART_ON_UPDATE=yes
 %service_del_postun ovn-controller-vtep.service
 
 %preun test
@@ -526,10 +530,10 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovs-save
 %{_datadir}/openvswitch/scripts/ovs-dpdk-migrate-2.6.sh
 %{_datadir}/openvswitch/vswitch.ovsschema
-%{_libdir}/libofproto-2.so.*
-%{_libdir}/libopenvswitch-2.so.*
-%{_libdir}/libovsdb-2.so.*
-%{_libdir}/libsflow-2.so.*
+%{_libdir}/libofproto-2*.so.*
+%{_libdir}/libopenvswitch-2*.so.*
+%{_libdir}/libovsdb-2*.so.*
+%{_libdir}/libsflow-2*.so.*
 %{_mandir}/man1/ovsdb-client.1%{ext_man}
 %{_mandir}/man1/ovsdb-server.1%{ext_man}
 %{_mandir}/man1/ovsdb-tool.1%{ext_man}
@@ -572,7 +576,7 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_mandir}/man8/vtep-ctl.8%{ext_man}
 %{_datadir}/openvswitch/scripts/ovs-vtep
 %{_datadir}/openvswitch/vtep.ovsschema
-%{_libdir}/libvtep-2.so.*
+%{_libdir}/libvtep-2*.so.*
 
 %files -n python-openvswitch
 %defattr(-,root,root)
@@ -597,7 +601,7 @@ export DISABLE_RESTART_ON_UPDATE=yes
 %{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-lflow-list
 %{_datadir}/openvswitch/scripts/ovn-bugtool-sbctl-show
-%{_libdir}/libovn-2.so.*
+%{_libdir}/libovn-2*.so.*
 %{_mandir}/man5/ovn-nb.5%{ext_man}
 %{_mandir}/man5/ovn-sb.5%{ext_man}
 %{_mandir}/man7/ovn-architecture.7%{ext_man}