Package Release Info

openvswitch-2.14.2-150400.24.9.1

Update Info: SUSE-SLE-Module-Packagehub-Subpackages-15-SP5-2023-2296
Available in Package Hub : 15 SP5 Subpackages Updates

platforms

AArch64
ppc64le
s390x
x86-64

subpackages

python3-ovs

Change Logs

* Fri May 19 2023 Duraisankar.pitchumani@suse.com
- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0
- Added patch,
    CVE-2023-1668.patch
Version: 2.14.2-150400.24.23.1
* Tue Mar 12 2024 Duraisankar.pitchumani@suse.com
- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in Geneve with HW offload
- Added patch,
    +openvswitch-CVE-2023-3966.patch
Version: 2.14.2-150400.24.17.1
* Fri Dec 01 2023 Duraisankar.pitchumani@suse.com
- Updated the corrected patch for CVE-2023-5366 [bsc#1216002]
Version: 2.14.2-150400.24.14.2
* Thu Nov 16 2023 Duraisankar.pitchumani@suse.com
- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage with ports trie
- Added patch,
    CVE-2023-5366.patch
Version: 2.11.5-150100.3.24.1
* Mon Feb 12 2024 Duraisankar.pitchumani@suse.com
- Fix CVE-2024-22563 [bsc#1219059] openvswitch: memory leak via the function xmalloc__ in /lib/util.c
- Added patch,
  +openvswitch-CVE-2024-22563.patch
Version: 2.11.5-150100.3.21.1
* Tue May 16 2023 Duraisankar.pitchumani@suse.com
- added patch to include fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337(bsc#1206581) when parsing malformed LLDP packets
  * CVE-2022-4338.patch
Version: 2.11.5-150100.3.18.2
* Fri Sep 30 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2022-32166 [bsc#1203865], out of bounds read in minimask_equal()
  + openvswitch-CVE-2022-32166.patch
* Wed Aug 24 2022 pgajdos@suse.com
- security update
- added patches
  fix CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP
  + openvswitch-CVE-2021-36980.patch
Version: 2.14.2-150400.24.3.1
* Mon May 10 2021 dmueller@suse.com
- add openssl(cli) dependency on pki (bsc#1185839)
Version: 2.14.2-150300.19.3.1
* Thu Apr 29 2021 jcaamano@suse.com
- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177).
  * 0001-Replace-deprecated-var-run-with-run.patch
* Fri Feb 12 2021 jcaamano@suse.com
- Update openvswitch to 2.14.2. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS
  Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
  (bsc#1181742).
- Removed patches no longer applying to code base:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
* Tue Sep 01 2020 jcaamano@suse.com
- Update openvswitch to 2.14.0. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.0/NEWS
- Update OVN to 20.06.2. For a list of changes, check
  https://github.com/ovn-org/ovn/blob/v20.06.2/NEWS
Version: 2.13.2-9.14.1
* Thu Jan 24 2019 jcaamano@suse.com
- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0
Version: 2.13.1-9.6.1
* Tue Sep 29 2020 jcaamano@suse.com
- Fix wrong default directories for OVS python utilities (bsc#1176273).
- Add upstream patches to fix openvswitch-ipsec service (bsc#1176273).
  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch
Version: 2.13.0-9.3.5
* Mon Jun 15 2020 jcaamano@suse.com
- Fix preserving old default OVS_USER_ID for users that removed the
  override at /etc/sysconfig/openvswitch or for users affected by
  fillup bug below (bsc#1172861).
- Add patch to workaround a possible fillup issue that could cause
  existing openvswitch configuration to be unintendedly altered during
  upgrades (bsc#1172929).
  * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
* Wed Jun 03 2020 jcaamano@suse.com
- add missing provides/obsoletes for python3-openvswitch-test
* Mon May 04 2020 jcaamano@suse.com
- Update openvswitch to 2.13.0.
  * For a list of changes, check
    https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
  * This version drops python2 binding support. Only python3 bindings
    provided going forward.
  * Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
  such from this same source package. OVN initial version is 20.03.
  * For a list of changes, check
    https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
  * Packages openvswitch-ovn* are renamed to ovn*.
  * OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
  credentials (bsc#1157338):
  * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
  * 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
  (bsc#1140835). System admin should mount hugepages on a path and permissions of
  his choosing for OVS. Add patch:
  * 0001-Don-t-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
  'hugetlbfs'. Group name does not make much sense in this case and ownership of
  vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
  OVS will now run under group 'openvswitch' whether compiled with DPDK support
  or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
  /etc/openvswitch for new installs.
* Thu Feb 13 2020 dmueller@suse.com
- add missing sortedcontainers dependency to the python bindings
* Mon Oct 28 2019 jcaamano@suse.com
- Update openvswitch to 2.12.0. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/master/NEWS
- Removed patches that are already included upstream:
  * 0001-rhel-secure-openvswitch-useropts.patch
  * 0002-rhel-let-ctl-handle-runtime-directory.patch
- Rebased patches:
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
* Tue Jul 16 2019 jcaamano@suse.com
- Add unbound as a build requirement to support asynchronous DNS
  resolving for remotes.
* Thu Jun 20 2019 jcaamano@suse.com
- Update DPDK dependency to support DPDK 18.11.2.
* Mon Jun 10 2019 jcaamano@suse.com
- Add upstream patches to fix bsc#1135884:
  * 0001-rhel-secure-openvswitch-useropts.patch
  * 0002-rhel-let-ctl-handle-runtime-directory.patch
* Mon May 06 2019 jcaamano@suse.com
- Use temporary directory for python build.
* Mon Apr 29 2019 jcaamano@suse.com
- Fix problem preventing new installs to run as non root (bsc#1132029),
  including:
  * Align with upstream so that no running configuration is changed on
    upgrades, specifically to avoid changes on the user Open vSwitch runs
    under.
  * hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
  libreswan package not available currently.
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
  * netdev-tc-offloads: Fix probe tc block support
  * rhel: Include all header files in the Fedora's devel package
  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
  * OVN: Make periodic RAs consistent with RA responder.
  * OVN: Always send prefix option in RAs
  * OVN: Use offset instead of pointer into ofpbuf
  * ofproto: fix the bug of bucket counter is not updated
  * netdev-dpdk: Print netdev name for txq mapping.
  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
  * ifupdown.sh: Add missing "--may-exist" option
  * dpif-netdev-perf: Fix double update of perf histograms.
  * dpdk: Stop dumping memzones to stdout.
  * dpctl: Drop parser debug information.
  * netdev-tc-offloads: Properly get the block id on flow del/get
  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  * conntrack: Replace structure copy by memcpy().
  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
  * conntrack: Fix race for NAT cleanup.
  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
  * datapath-windows: Add annotations to find vport functions
  * datapath-windows: Guard vport usage in user.c
  * datapath-windows: Fix potential deadlock in event subscription
  * datapath-windows: Fix race condition during port creation
  * datapath-windows: Fix nbl cleanup when memory allocation fails
  * netdev-linux: Remove ingress qdisc before trying to add shared block
  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
  * ovsdb-idl: Fix memory leak of idl->remote.
  * travis: Remove 'sudo' configuration.
  * OVN: Add port addresses to IPAM after all ports are joined.
  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
  * OVN: update RA next_announce according to {min, max}_interval
  * rconn: Avoid occasional immediate connection failures.
  * dpdk: Fix case-sensitivity of dpdk-init knob.
  * NEWS: Clean up the 2.11.0 release notes a bit.
  * conntrack: Fix L4 csum for V6 extension hdr pkts.
  * packets: Change return type for 'packet_csum_upperlayer6()'.
  * ovsdb-client: Fix typo.
  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
  * ofctl: break the loop if ovs_pcap_read returns error
  * netlink: added check to prevent netlink attribute overflow
* Mon Mar 25 2019 jcaamano@suse.com
- Disable dpdk on ix86, aligned with dpdk package.
* Thu Mar 21 2019 jengelh@inai.de
- Combine %service_* calls to reduce generated boilerplate.
- Reduce scriptlets' hard dependency on systemd.
* Thu Jan 24 2019 jcaamano@suse.com
- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0
* Sun Jan 20 2019 tbechtold@suse.com
- python2-ovs provides now also python-ovs which is the standard
  for singlespec python packages.
Version: 2.11.5-3.15.3
* Mon Feb 08 2021 jcaamano@suse.com
- Add patch to include security fix for CVE-2020-35498 (bsc#1181742).
  * 0001-flow-Support-extra-padding-length.patch
Version: 2.11.5-3.12.1
* Wed Jan 27 2021 jcaamano@suse.com
- Update openvswitch to 2.11.5. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.11.5/NEWS
  Includes security fix for CVE-2020-27827 (bsc#1181345).
- Updated patch to new code base:
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
* Tue Nov 03 2020 jcaamano@suse.com
- Replaced `%service_del_postun -n` with `%service_del_postun_without_restart`
  (bsc#1117483).
Version: 2.11.1-3.7.1
* Thu Aug 08 2019 jcaamano@suse.com
- Fixed missing obsoletes for old python-ovs (bsc#1138948).
* Mon Jul 15 2019 jcaamano@suse.com
- Fix problem preventing new installs to run as non root (bsc#1132029,
  bsc#1139798), including:
  * Align with upstream so that no running configuration is changed on
    upgrades, specifically to avoid changes on the user Open vSwitch runs
    under.
  * hugetblfs groups is created as system group.
- Version bump to bugfix release 2.11.1 (bsc#1130276). Some of the changes are:
  * netdev-tc-offloads: Fix probe tc block support
  * rhel: Include all header files in the Fedora's devel package
  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
  * OVN: Make periodic RAs consistent with RA responder.
  * OVN: Always send prefix option in RAs
  * OVN: Use offset instead of pointer into ofpbuf
  * ofproto: fix the bug of bucket counter is not updated
  * netdev-dpdk: Print netdev name for txq mapping.
  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
  * ifupdown.sh: Add missing "--may-exist" option
  * dpif-netdev-perf: Fix double update of perf histograms.
  * dpdk: Stop dumping memzones to stdout.
  * dpctl: Drop parser debug information.
  * netdev-tc-offloads: Properly get the block id on flow del/get
  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  * conntrack: Replace structure copy by memcpy().
  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
  * conntrack: Fix race for NAT cleanup.
  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
  * datapath-windows: Add annotations to find vport functions
  * datapath-windows: Guard vport usage in user.c
  * datapath-windows: Fix potential deadlock in event subscription
  * datapath-windows: Fix race condition during port creation
  * datapath-windows: Fix nbl cleanup when memory allocation fails
  * netdev-linux: Remove ingress qdisc before trying to add shared block
  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
  * ovsdb-idl: Fix memory leak of idl->remote.
  * travis: Remove 'sudo' configuration.
  * OVN: Add port addresses to IPAM after all ports are joined.
  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
  * OVN: update RA next_announce according to {min, max}_interval
  * rconn: Avoid occasional immediate connection failures.
  * dpdk: Fix case-sensitivity of dpdk-init knob.
  * NEWS: Clean up the 2.11.0 release notes a bit.
  * conntrack: Fix L4 csum for V6 extension hdr pkts.
  * packets: Change return type for 'packet_csum_upperlayer6()'.
  * ovsdb-client: Fix typo.
  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
  * ofctl: break the loop if ovs_pcap_read returns error
  * netlink: added check to prevent netlink attribute overflow
* Thu Feb 28 2019 jcaamano@suse.com
- Version bump to 2.11.0 (fate#325916, fate#325951, fate#326025, fate#326992).
  Some of the changes are:
  * Linux datapath:
  - Support for the kernel versions 4.16.x and 4.17.x.
  - Support for the kernel versions 4.18.x
  * OpenFlow:
  - OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
  * ovs-ofctl:
  - "mod-table" command can now change OpenFlow table names.
  * The environment variable OVS_SYSLOG_METHOD, if set, is now used
    as the default syslog method.
  * The environment variable OVS_CTL_TIMEOUT, if set, is now used
    as the default timeout for control utilities.
  * ovn:
  - OVN-SB schema changed: duplicated IP with same Encapsulation type
    is not allowed any more.  Please refer to
    Documentation/intro/install/ovn-upgrades.rst for the instructions
    in case there are problems encountered when upgrading from an earlier
    version.
  - New support for IPSEC encrypted tunnels between hypervisors.
  - ovn-ctl: allow passing user:group ids to the OVN daemons.
  - IPAM/MACAM:
  * add the capability to dynamically assign just L2 addresses
  * add the capability to specify a static ip address and get the L2 one
    allocated dynamically using the following syntax:
    ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
  * DPDK:
  - Add support for DPDK 18.11
  - Add support for port representors.
  * Userspace datapath:
  - Add option for simple round-robin based Rxq to PMD assignment.
    It can be set with pmd-rxq-assign.
  - Add support for Auto load balancing of PMDs (experimental)
  - Added new per-port configurable option to manage EMC:
    'other_config:emc-enable'.
  * Add 'symmetric_l3' hash function.
  * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
  * ovs-vswitchd:
  - New configuration option "offload-rebalance", that enables dynamic
    rebalancing of offloaded flows.
  * The environment variable OVS_RESOLV_CONF, if set, is now used
    as the DNS server configuration file.
  * RHEL packaging:
  - OVN packages are split from OVS packages. A new spec
    file - ovn-fedora.spec.in is added to generate OVN packages.
- Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options
  (bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed. DISABLE_RESTART_ON_UPDATE
  is replaced by '%service_del_postun -n'. $FIRST_ARG is replaced by $1.
- Add extra openvswitch headers (bsc#1125897).
* Fri Feb 15 2019 jcaamano@suse.com
- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).
* Thu Jan 24 2019 Jaime CaamaƱo (jcaamano@suse.com)
- Version bump to 2.11.0+git20190123.ad83fc9ab (fate#325916, fate#325951,
  fate#326025, fate#326992). Some of the changes are:
  * Linux datapath:
  - Support for the kernel versions 4.16.x and 4.17.x.
  * OpenFlow:
  - OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
  * ovs-ofctl:
  - "mod-table" command can now change OpenFlow table names.
  * The environment variable OVS_SYSLOG_METHOD, if set, is now used
    as the default syslog method.
  * The environment variable OVS_CTL_TIMEOUT, if set, is now used
    as the default timeout for control utilities.
  * ovn:
  - OVN-SB schema changed: duplicated IP with same Encapsulation type
    is not allowed any more.  Please refer to
    Documentation/intro/install/ovn-upgrades.rst for the instructions
    in case there are problems encountered when upgrading from an earlier
    version.
  - New support for IPSEC encrypted tunnels between hypervisors.
  - ovn-ctl: allow passing user:group ids to the OVN daemons.
  - IPAM/MACAM:
  * add the capability to dynamically assign just L2 addresses
  * add the capability to specify a static ip address and get the L2 one
    allocated dynamically using the following syntax:
    ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
  * DPDK:
  - Add support for DPDK 18.11
  - Add support for port representors.
  * Userspace datapath:
  - Add option for simple round-robin based Rxq to PMD assignment.
    It can be set with pmd-rxq-assign.
  - Add support for Auto load balancing of PMDs (experimental)
  - Added new per-port configurable option to manage EMC:
    'other_config:emc-enable'.
  * Add 'symmetric_l3' hash function.
  * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
  * ovs-vswitchd:
  - New configuration option "offload-rebalance", that enables dynamic
    rebalancing of offloaded flows.
  * The environment variable OVS_RESOLV_CONF, if set, is now used
    as the DNS server configuration file.
  * RHEL packaging:
  - OVN packages are split from OVS packages. A new spec
    file - ovn-fedora.spec.in is added to generate OVN packages.
- Remove upstreamed patch:
  * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
- Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).
* Mon Nov 26 2018 jcaamano@suse.com
- Backport upstream fix for python json parser memory leak (bsc#1116437)
  * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
* Thu Nov 08 2018 mchandras@suse.de
- Improve python packaging (bsc#1115085)
  * Rename python*-openvswitch subpackages to python*-ovs to follow
    the openSUSE policy that packages should be named after the modules
    they install.
  * Build the JSON C bindings and as a result the 'noarch' BuildArch
    needs to be removed.
  * Drop the python*-openvswitch-test packages and merge them with the
    test subpackage
  * Build the python bindings using setuptools
  * Include the egg-info package.
  * Use libopenvswitch as dependency to python bindings
* Mon Oct 22 2018 mchandras@suse.de
- Version bump to 2.9.3. Some of the changes are:
  * dpif-netdev.at: Add missing backslash.
  * ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
  * ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
  * ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.
  * ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
  * expr: Disallow < <= >= > comparisons against empty value set.
  * expr: Set a limit on the depth of nested parentheses
  * dpif-netdev: Add vlan to mask for flow_put operation.
  * odp-util: Fix a use-after-free bug.
  * dpif-netlink: Fix null pointer.
  * dpif-netlink: don't allocate per thread netlink sockets
  * bfd: Make the tp_dst masking megaflow-friendly.
  * netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
  * lex: Fix buffer overrun parsing overlong hexadecimal constants.
  * ovsdb-client: Fix a bug that uses wrong index
  * ofproto-dpif-xlate: Fix conntrack fields on NXT_RESUME
  * ovs-save: save and restore groups on restart
  * flow: Fix uninitialized flow fields in IPv6 error case.
  * ofproto-dpif: Fix NXT_RESUME flow stats
  * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9
  * ovn: Add DHCP support for option 252.
  * meta-flow: Make "nw_frag" a synonym for "ip_frag".
  * ovsdb-server: Alleviate the possible data loss in an active/standby setup
  * ovs-save: Don't always include the default flow during restore
  * lib/tc: treat vlan id and prio as independent fields
  * datapath: lisp: Fix uninitialized field in tunnel_cfg.
  * odp-util: Don't attempt to write IPv6 flow label bits that don't exist.
  * lib/tc: reject offloading of non-Ethernet packets
  * ovs-ctl: Allow add-remote without vswitchd started.
  * daemon-unix: Use same name for original or restarted children.
  * dpif-netdev: Prevent unsafe access when retrieving meter stats.
  * Add ovs.compat module to python package
  * utilities: Drop shebang from bash completion script
  * ofp-actions: Re-fix error path for parsing OpenFlow actions.
  * nx-match: Avoid double-free on some error paths.
  * vswitch.xml: Fix key type and description style of tc-policy.
  * ovn: Fix the issue in IPv6 Neigh Solicitation responder for router IPs
  * netdev-dpdk: Support the link speed of XL710
  * ovn-northd: Support learning neighbor from ARP request.
  * ovn-northd: LR respond ARP from valid subnet only.
  * netdev-linux: Avoid division by 0 if kernel reports bad scheduler data.
  * ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).
  * ovsdb-idl: Adjust indexes during transactions.
  * ovsdb-idl.c: Fix IDL index problem when rows are updated.
  * netdev-dpdk: Use hex for PCI vendor ID.
  * ofp-port: Fix buffer overread parsing Intel custom statistics.
  * netdev-dpdk: Fix failure to configure flow control at netdev-init.
  * ofctl: Fixup compare_flows function
  * raft: Fix use-after-free error in raft_store_snapshot().
  * stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
  * utilities: Launch ovsdb-tool without using PAM
  * ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".
  * stream-ssl: Don't enable new TLS versions by default
  * pcap-file: Fix formatting of log message.
  * meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field.
  * nx-match: Fix memory leak in oxm_pull_field_array() error case.
  * lib/tc: Handle ttl for ipv6 too
  * compat: Initialize IPv4 reassembly secret timer
  * ovn-nbctl: Fix compilation warnings.
  * conntrack: Fix conn_update_state_alg use after free.
  * ovn-northd: Don't shadow addr_family in add_router_lb_flow().
  * ovn: Add router load balancer undnat rule for IPv6
  * ifupdown.sh: Correctly bring up bond slaves.
  * conntrack: Fix using alg_exp_entry out of scope.
  * ovndb-servers: Set connection table when using load balancer to manage ovndb clusters via pacemaker.
  * ovn-ctl: Support NB and SB DBs to start without using remote connections.
  * ovndb-servers.ocf: add LB support for managing ovndb cluster:
  * ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command.
  * ovn: Clarify the differences between QoS marking and metering.
  * ovs-ofctl: Clarifications in the Meter Syntax man page section.
  * OpenFlow: Update documentation to indicate support for virtual meters.
  * ofp-actions: Fix undefined behavior shifting 'int' 16 places left.
  * extract-ofp-errors: Fix undefined behavior shifting 'int' 16 places left.
  * json: Avoid signed integer overflow in parsing exponents.
  * ofp-actions: Fix buffer overread in decode_LEARN_specs().
  * ofp-actions: Avoid buffer overread in BUNDLE action decoding.
  * conntrack: Fix fragmentation checks.
  * rconn: Suppress 'connected' log for unreliable connections.
  * ofproto-macros: Ignore "Dropped # log messages" in check_logs.
  * datapath: stt: linearize in SKIP_ZERO_COPY case
  * ovsdb-idl: Correct singleton insert logic
  * ovn: Fix DHCP classless static route for non-classful masks.
  * ofproto: Fix OVS crash when reverting old flows in bundle commit
  * rconn: Introduce new invariant to fix assertion failure in corner case.
  * dpctl.man: Correct argument to "dump-flows".
  * python: avoid useless JSON conversion to enhance performance
  * ofproto: Make ofproto_port_open_type() faster.
  * ovs-thread: Fix thread id for threads not started with ovs_thread_create()
  * netdev-dpdk: Handle ENOTSUP for rte_eth_dev_set_mtu.
  * netdev-dpdk: Enable HW_CRC_STRIP for virtual functions.
  * lib: fix typo in fragment handling error message
  * ovs-vswitchd: Do not use system routing table with --disable-system.
  * vswitchd: Allow user to directly specify sFlow agent address.
* Thu Sep 27 2018 mchandras@suse.de
- Version bump to 2.9.2 (fate#325952). Some of the changes are:
  * NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
  * OVSDB:
  - ovsdb-client: New "get-schema-cksum" and "query" commands.
  - ovsdb-client: New "backup" and "restore" commands.
  - ovsdb-client: New --timeout option.
  - ovsdb-tool: New "db-name" and "schema-name" commands.
  * OVSDB has new, experimental support for database clustering:
  - New high-level documentation in ovsdb(7).
  - New file format documentation for developers in ovsdb(5).
  - Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
  - ovsdb-server now supports online schema conversion via
    "ovsdb-client convert".
  - ovsdb-server now always hosts a built-in database named _Server. See
    ovsdb-server(5) for more details.
  - ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
    and "wait" commands.  New --timeout option.
  - ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
    "db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
    "schema-name", "compare-versions", and "check-cluster" commands.
  - ovsdb-server: New ovs-appctl commands for managing clusters.
  - ovs-sandbox: New support for clustered databases.
  * ovs-vsctl and other commands that display data in tables now support a
  - -max-column-width option to limit column width.
  * No longer slow-path traffic that sends to a controller.  Applications,
    such as OVN ACL logging, want to send a copy of a packet to a
    controller while leaving the actual packet forwarding in the datapath.
  * OVN:
  - The "requested-chassis" option for a logical switch port now accepts a
    chassis "hostname" in addition to a chassis "name".
  - IPv6
  * Added support to send IPv6 Router Advertisement packets in response to
    the IPv6 Router Solicitation packets from  the VIF ports.
  * Added support to generate Neighbor Solicitation packets using the OVN
    action 'nd_ns' to resolve unknown next hop MAC addresses for the
    IPv6 packets.
  - ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
  - ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
  * OpenFlow:
  - ct_clear action is now backed by kernel datapath. Support is probed for
    when OVS starts.
  - ovs-dpctl and related ovs-appctl commands:
  * "flush-conntrack" now accept a 5-tuple to delete a specific
    connection tracking entry.
  * New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
    for userspace datapath.
  - No longer send packets to the Linux TAP device if it's DOWN unless it is
    in another networking namespace.
  * DPDK:
  - Add support for DPDK v17.11
  - Add support for vHost IOMMU
  - New debug appctl command 'netdev-dpdk/get-mempool-info'.
  * Custom statistics:
  - DPDK physical ports now return custom set of "dropped", "error" and
    "management" statistics.
  - ovs-ofctl dump-ports command now prints new of set custom statistics
    if available (for OpenFlow 1.4+).
  - New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
    pmd assignments.
  - Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
  - Add support for vHost dequeue zero copy (experimental)
  * Userspace datapath:
  - Output packet batching support.
  * vswitchd:
  - Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
  - Configuring a controller, or unconfiguring all controllers, now deletes
    all groups and meters (as well as all flows).
  - New --enable-sparse configure option enables "sparse" checking by default.
  - Added additional information to vhost-user status.
- Get rid of the old openvswitch DPDK migration steps everybody should have
  migrated from <2.6 to latest releases by now.
  * 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
- Remove patches which have made it upstream
  * 0001-rhel-Use-correct-user-in-the-logrotate-configuration.patch
  * 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch
  * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
  * 0003-netdev-dpdk-vHost-IOMMU-support.patch
* Thu Aug 09 2018 mchandras@suse.de
- Add upstream patch to fix permissions when running the logrotate
  script (bsc#1104049)
  * 0001-rhel-Use-correct-user-in-the-logrotate-configuration.patch
* Tue Aug 07 2018 mchandras@suse.de
- Add upstream patch to fix dbus timeout due to deadlock in systemd
  dependencies (bsc#1098630).
  * 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch
* Tue May 29 2018 mchandras@suse.de
- Version bump to 2.8.4 (bsc#1094234). Some of the changes are
  * dpif-netdev: Free packets on TUNNEL_PUSH if may_steal.
  * netdev-dpdk: fix check for "net_nfp" driver
  * netdev-dpdk: Don't use PMD driver if not configured successfully
  * netdev-dpdk: Remove use of rte_mempool_ops_get_count.
  * conntrack-tcp: Handle tcp session reuse.
  * tunnel: make tun_key_to_attr aware of tunnel type.
  * Configurable Link State Change (LSC) detection mode
  * netdev-dpdk: don't enable scatter for jumbo RX support for nfp
  * faq: Document DPDK version maintenance.
  * Avoid crash in OvS while transmitting fragmented packets over tunnel.
  * compat: Fix upstream 4.4.119 kernel
  * ovs-vsctl: Fix segfault when attempting to del-port from parent bridge.
  * ofproto-dpif-xlate: Fix segmentation fault caused by tun_table
  * odp-util: Remove unnecessary TOS ECN bits rewrite for tunnels
  * datapath: Prevent panic
  * netdev-dpdk: Free mempool only when no in-use mbufs.
  * python: Fix a double encoding attempt on an Unicode string
  * ofproto-dpif: Init ukey->dump_seq to zero
  * nsh: Add unit test for double NSH encap and decap
  * xlate: Correct handling of double encap() actions
  * tc: Change filter error to debug once
  * lib/tc: Handle error parsing action in nl_parse_single_action
  * ovn: Fix tunnel id overflow.
  * ofp-actions: Correct execution of encap/decap actions in action set
  * ovsdb-idl.at: Fix test failed. (writing large data via IDL with unicode)
  * netdev-dpdk: Limit rate of DPDK logs.
  * netdev-dpdk: Remove 'error' from non error log.
  * odp-util: Print eth() for Ethernet flows if packet_type is absent.
  * python: Fix decoding error when the received data is larger than 4096.
  * datapath-windows: fix hash creation on ct mark
  * tunnel: Fix deletion of datapath tunnel ports in case of reconfiguration
  * tests: Make packet-type-aware.at hash independent
- Remove patches which are now upstream:
  * 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
  * 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
  * 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
  * 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch
- Use openvswitch user/group for the log directory (3f556d66edb9)
* Wed May 09 2018 mchandras@suse.de
- Add support for RedHat distributions. All SUSE macros are now
  conditional and the spec file has been adapted based on the upstream
  one (fate#324537)
- spec-cleaner fixes
* Wed May 02 2018 mchandras@suse.de
- Move openvswitch user/group creation to %pre scriptlet. The default
  ownership of the configuration files expects the user and group to
  be available as early as possible (bsc#1091408)
* Mon Apr 23 2018 mchandras@suse.de
- Preserve 'enable' status of openvswitch.service file when upgrading
  from <SLE-12-SP3. The service file has been moved from the old
  openvswitch-switch subpackage to the main openvswitch one so we
  need to handle this migration step in %posttrans (bsc#1089476)
- Move DISABLE_STOP_ON_REMOVAL=yes to %preun. This variable is only
  checked in %service_del_preun macro
* Thu Mar 22 2018 mchandras@suse.de
- Fix file permissions in /etc/openvswitch for upgrades (951d79e638ec)
* Wed Mar 21 2018 dmueller@suse.com
- set rundir to %_rundir
* Thu Feb 22 2018 mchandras@suse.de
- Fix incorrect python3 dependencies for python2 subpackages
- Add upstream patches so we can build tools using python3 (bsc#1082194)
  * 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
  * 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
  * 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
  * 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch
* Wed Feb 21 2018 mchandras@suse.de
- Version bump to 2.8.2 (bsc#1081953). Some of the changes are
  * ofp-meter: Fix use-after-free for decoding meter mods.
  * xlate: fix xport lookup for recirc
  * ofproto-dpif-xlate: add uuid to xports
  * netdev-dpdk: Fix requested MTU size validation.
  * netdev-dpdk: fix ingress_policer leak on error path
  * ofproto: Fix double-unref of temporary rule when learning.
  * gre: strip gre-tso offload flags
  * tc flower: reorder tunnel encap/decap actions
  * ofproto: Fix wrong datapath flow with same in_port and output port.
  * dpif: geneve: supply dpif function to get ifindex
  * ovs-tcpundump: fix a conversion issue
  * tunnel: fix tunnel flags set/clear.
  * netdev-dpdk: replace uint8_t with dpdk_port_t
  * lex: Fix parsing of long tokens.
  * odp-util: Use flexible sized buffer to hold Geneve options.
  * odp-util: Avoid reading wrong table in generate_all_wildcard_mask().
  * bond: Fix bug that writes to freed memory
  * conntrack: Fix icmp error address sanity check.
  * ovsdb-idl: Fix assertion failure on error path parsing server reply.
  * ofproto: Keep inserting buckets into a group from changing group type.
  * odp-util: Fix another hang in NSH action parsing.
  * odp-util: Fix parsing corner case for encap_nsh() actions.
  * netdev: netdev_get_etheraddr is not functioning as advertised.
  * ofproto-dpif-xlate: Fix bug that may leak ofproto_flow_mod
  * bfd: Fix memory leak
  * dpif: Fix memory leak
  * execution: Fix bug that leaks ovsdb_row
  * flow: Avoid buffer overread in parse_nsh() for malformed packet.
  * ovs-ofctl: Fix bad free in colors_parse_from_env().
  * odp-util: Fix buffer overread in parsing string form of ODP flows.
  * OpenvSwitch logrotate: Use ctl file path as target in ovs-appctl to reset logs
  * ovn-ctl: Add -vfile:info option to OVN_NB/SB_LOG options
  * netdev-tc-offloads: update stats properly on flow deletion
  * tests: Try harder to figure out whether IPv6 is supported.
  * netdev, dpif: fix the crash/assert on port delete
  * ovs-ctl: Don't remember vport-* kernel modules
  * NSH: Adjust NSH wire format to the latest IETF draft
  * ovs-lib: dont't purge corrupted DB
  * meta-flow: Fix format in documentation.
  * dpif-netlink-rtnl: Fix ovs_geneve probing after restart.
  * ovsdb-server: Fix memory leak
  * test-ovsdb: Fix memory leak
  * ovsdb-idl: Fix memory leak
  * netdev-linux: Fix wrong ceil rate when max-rate less than 8bit.
  * ofproto/trace: Fix memory leak in oftrace_push_ct_state()
  * ofproto-dpif-upcall: Fix null pointer dereference on exit.
  * ofproto-dpif-xlate: use xlate error enum for unsupported packet type
  * timeval: Check for OS-provided clock_gettime on macOS
  * Add dl_type to flow metadata for correct interpretation of conntrack metadata
  * Check flow's dl_type before setting ct_orig_tuple in 'pkt_metadata_from_flow()'
  * tests/stp: Use long warps instead of multiple calls.
  * ovs-save: Handle different 'ip addr show' output.
  * datapath-windows: Remove the workaround in NAT for TCP checksum
  * netdev: Fix memory leak on error path.
  * replication: Avoid theoretical use-after-free error in reset_database().
  * ovs-ctl.in: Call 'hostname -f' after vswitchd starts.
  * dpif-netdev: Use portable error code for zero rate meter band
- Remove patches that have been applied upstream:
  * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* Tue Jan 09 2018 mchandras@suse.de
- Add upstream patches to support DPDK 17.11 (fate#322609)
  * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
  * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
  * 0003-netdev-dpdk-vHost-IOMMU-support.patch