Recommended update for openvswitch

Announcement ID: SUSE-RU-2019:1564-1
Rating: moderate
References:
Affected Products:
  • Server Applications Module 15
  • SUSE Linux Enterprise High Performance Computing 15
  • SUSE Linux Enterprise Server 15
  • SUSE Linux Enterprise Server for SAP Applications 15

An update that has two fixes can now be installed.

Description:

This update for openvswitch fixes the following issues:

Fix problem preventing new installs to run as non root (bsc#1132029), including:

  • Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under.
  • hugetblfs groups is created as systemgroup

openvswitch was updated to bugfix release 2.8.7 (bsc#1130276). Some of the changes are:

  • ofp-group: support to insert bucket with weight value for select type
  • ofproto: fix the bug of bucket counter is not updated
  • netdev-dpdk: Print netdev name for txq mapping.
  • ifupdown.sh: Add missing "--may-exist" option
  • netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  • travis: Stop rsyslog before start.
  • vlog: Better handle syslog handler exceptions.
  • travis: Remove 'sudo' configuration.
  • ovsdb-monitor.at: Use correct perl scripts.
  • rconn: Avoid occasional immediate connection failures.
  • conntrack: Fix L4 csum for V6 extension hdr pkts.
  • packets: Change return type of 'packet_csum_upperlayer6'.
  • ovsdb-client: Fix typo.
  • ofctl: break the loop if ovs_pcap_read returns error
  • Revert "ovs-tcpdump: Fix an undefined variable"
  • dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9
  • dhparams: Add pregenerated .c file to the repository.
  • netlink: added check to prevent netlink attribute overflow
  • conntrack: Keep Address Sanitizer happy.
  • lldp: fix string warnings
  • conntrack: Exclude l2 padding in 'conn_key_extract()'.
  • dp-packet: Add 'dp_packet_l3_size()'.
  • monitor: Fix crash when monitor condition adds new columns.
  • dpif-netdev: Add thread safety annotation to sorted_poll_list.
  • acinclude: Drop DPDK_EXTRA_LIB variable.
  • flow: fix a possible memory leak in parse_ct_state
  • ofproto-dpif-trace: Fix for the segmentation fault in ofproto_trace().
  • datapath: Fix IPv6 later frags parsing
  • datapath: Derive IP protocol number for IPv6 later frags
  • datapath: Avoid OOB read when parsing flow nlattrs
  • dpif-netlink: Fix a bug that causes duplicate key error in datapath
  • odp-util: Stop parse odp actions if nlattr is overflow
  • ovs-tcpdump: Fix an undefined variable
  • stt: Fix return code during xmit.
  • ofpbuf: Fix arithmetic error in ofpbuf_insert().
  • odp-util: Fix a bug in parse_odp_push_nsh_action
  • netdev-linux: Fix function argument order in sfq_tc_load().
  • ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches.
  • ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits
  • python: Escape backslashes while formatting logs.
  • docs: Fix table title for VM MQ config in dpdk howto.
  • conntrack: Check all addresses for ephemeral ports.
  • cmap: Fix hashing in cmap_find_protected().
  • python: Catch setsockopt exceptions for TCP stream.
  • conntrack: Skip ephemeral ports fallback for DNAT.
  • rhel: Add 'SYSTEMD_NO_WRAP=yes' in ovs init script for SLES
  • ofproto: Return correct error codes from meter_set.
  • debian: Install correct vtep-ctl.
  • packets: Fix use-after-free error in packet_put_ra_prefix_opt().
  • Windows: Fix broken kernel userspace communication
  • netdev-tc-offloads: Delete ufid tc mapping in the right place
  • dpif-netlink: Fix error behavior in dpif_netlink_port_add__().
  • datapath-windows: Fix invalid reference in Buffermgmt.c
  • netdev-dpdk: Bring link down when NETDEV_UP is not set
  • actions: Enforce a maximum limit for nested action depth
  • bond: Fix LACP fallback to active-backup when recirc is enabled.
  • netdev-dpdk: Fix netdev_dpdk_get_features().
  • ovn-northd: Fix memory leak in free_chassis_queueid().
  • python-c-ext: Fix memory leak in Parser_finish
  • bridge.c: prevent controller connects while flow-restore-wait
  • connmgr: Fix vswitchd abort when a port is added and the controller is down
  • odp-util: Move ufid handling to odp_flow_from_string

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • Server Applications Module 15
    zypper in -t patch SUSE-SLE-Module-Server-Applications-15-2019-1564=1

Package List:

  • Server Applications Module 15 (aarch64 ppc64le s390x x86_64)
    • openvswitch-devel-2.8.7-6.22.2
    • libopenvswitch-2_8-0-debuginfo-2.8.7-6.22.2
    • openvswitch-debugsource-2.8.7-6.22.2
    • openvswitch-debuginfo-2.8.7-6.22.2
    • openvswitch-2.8.7-6.22.2
    • libopenvswitch-2_8-0-2.8.7-6.22.2

References: