openvswitch-3.1.0-150600.33.3.1

- Fix [bsc#1233369], ovs-thread: Fix cpus not read for the first 10s.
- Added patch,
  * 0002-Openvswitch-fix-cpus-not-read-for-the-first-10s.patch

- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in Geneve with HW offload
- Added patch,
    +openvswitch-CVE-2023-3966.patch

- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage with ports trie
- Added patch,
  * CVE-2023-5366.patch

- convert to sysuser generated users

- Add BuildRequires on python-setuptools. Previously this was pulled
  by python-Sphinx in the build environment.

- Fix CVE-2023-3153 [bsc#1212125], VUL-0: CVE-2023-3153: openvswitch,openvswitch3: service monitor MAC flow is not rate limited
- Added patch,
    CVE-2023-3152.patch

- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0
- Added patch,
    CVE-2023-1668.patch

- Remove python/ovs/dirs.py prior to building: have this
  re-generated based on the shipped template (boo#1210479).

- Update OVS version to v3.1.0 and OVN version to v23.03.0
  Some of the features are,
  - ovs-vswitchd now detects changes in CPU affinity and adjusts the number
    of handler and revalidator threads if necessary.
  - AF_XDP:
  * Added support for building with libxdp and libbpf >= 0.7.
  * Support for AF_XDP is now enabled by default if all dependencies are
    available at the build time.  Use --disable-afxdp to disable.
    Use --enable-afxdp to fail the build if dependencies are not present.
  - ovs-appctl:
  * "ovs-appctl ofproto/trace" command can now display port names with the
    "--names" option.
  - OVSDB-IDL:
  * Add the support to specify the persistent uuid for row insert in both
    C and Python IDLs.
  - Windows:
  * Conntrack IPv6 fragment support.
  - DPDK:
  * Add support for DPDK 22.11.1.
  - For the QoS max-rate and STP/RSTP path-cost configuration OVS now assumes
    10 Gbps link speed by default in case the actual link speed cannot be
    determined.  Previously it was 10 Mbps.  Values can still be overridden
    by specifying 'max-rate' or '[r]stp-path-cost' accordingly.
  - OpenFlow:
  * New OpenFlow extension NXT_CT_FLUSH to flush connections matching
    the specified fields.
  - ovs-ctl:
  * New option '--dump-hugepages' to include hugepages in core dumps. This
    can assist with postmortem analysis involving DPDK, but may also produce
    significantly larger core dump files.
  - ovs-dpctl and 'ovs-appctl dpctl/' commands:
  * 'flush-conntrack' is now capable of handling partial 5-tuple,
    with additional optional parameter to specify the reply direction.
  - ovs-ofctl:
  * New command 'flush-conntrack' that accepts zone and 5-tuple (or partial
    5-tuple) for both directions.
  - Support for travis-ci.org based continuous integration builds has been
    dropped.
  - Userspace datapath:
  * Add '-secs' argument to appctl 'dpif-netdev/pmd-rxq-show' to show
    the pmd usage of an Rx queue over a configurable time period.
  * Add new experimental PMD load based sleeping feature. PMD threads can
    request to sleep up to a user configured 'pmd-maxsleep' value under
    low load conditions.
  - For more details, check
    https://github.com/openvswitch/ovs/blob/v3.1.0/NEWS
  - Includes secrity fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337 (bsc#1206581)
  - Removed patches,
  * 0001-Replace-deprecated-var-run-with-run.patch
  * 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
  * openvswitch-CVE-2021-36980.patch
  * 0002-build-Seperated-common-used-headers.patch
  * a77ad9693c8b49055389559187fe74eddb619746.patch
  * 0001-m4-Test-avx512-for-x86-only.patch
  * openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch
  - Renamed and rebased patches,
  * 0001-Don-t-change-permissions-of-dev-hugepages.patch
  * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch
  * 0001-Run-ovn-as-openvswitch-openvswitch.patch
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
  * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
  - Added ovsb tool install patch,
  * install-ovsdb-tools.patch

- add a77ad9693c8b49055389559187fe74eddb619746.patch to avoid
  the cpu detection code being compiled with AVX512 enabled
- add 0001-m4-Test-avx512-for-x86-only.patch

- fix tests with GNU grep 3.8 boo#1203239
  add openvswitch-2.17.2-Fix-tests-with-GNU-grep-3.8.patch

- update to 2.17.2:
  - Bug fixes
  - DPDK:
  * OVS validated with DPDK 21.11.1.  It is recommended to use this version
    until further releases.
  - Bug fixes
  - libopenvswitch API change:
  * To fix the Undefined Behavior issue causing the compiler to incorrectly
    optimize important parts of code, container iteration macros (e.g.,
    LIST_FOR_EACH) have been re-implemented in a UB-safe way.
  * Backwards compatibility has mostly been preserved, however the
    user-provided pointer is now set to NULL after the loop (unless it
    exited via "break;")
  * Users of libopenvswitch will need to double-check the use of such loop
    macros before compiling with a new version.
  * Since the change is limited to the definitions within the headers, the
    ABI is not affected.
- refresh 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
  0002-build-Seperated-common-used-headers.patch

- Allow dpdk version 21.11.

- Python package: Do not use C json parser on 32bit as large numbers
  will overflow.

- Mention openvswitch-rpmlintrc as Source in spec file

- Fix installation of files shared with OVN (required for building
  OVN without openvswitch sources), remove custom installation
  of internal headers from SPEC-install section and use patches
  (for upstreaming) instead.
  * install-ovsdb-tools.patch
  * Added 0001-openvswitch-merge-compiler.h-files-into-one-file.patch
  * Added 0002-build-Seperated-common-used-headers.patch
- Enabled check section / running testsuite by default to validate
  build result. There must no problems with the testsuite anymore as
  upstream runs it by CI and checked before release of a new version.
- Renamed 0001-Don-t-change-permissions-of-dev-hugepages.patch to
  Don-t-change-permissions-of-dev-hugepages.patch
- Renamed 0001-Run-openvswitch-as-openvswitch-openvswitch.patch to
  Run-openvswitch-as-openvswitch-openvswitch.patch
- Renamed 0001-Use-double-hash-for-OVS_USER_ID-comment.patch to
  Use-double-hash-for-OVS_USER_ID-comment.patch
- Rebased 0001-Use-strongswan-for-openvswitch-ipsec-service.patch to
  Use-strongswan-for-openvswitch-ipsec-service.patch

- Fix OVS location for python bindings (dirs.py), boo#1196978
  Make sure dirs.py is freshly generated

- fix python3 requires (bsc#1196758)

- Added install-ovsdb-tools.patch to install ovsdb tools required
  for building OVN

- Enable multiple python3 flavor subpackages on Tumbleweed / Factory

- Fix CVE-2023-3966 [bsc#1219465] openvswitch3: Invalid memory access in Geneve with HW offload
- Added patch,
    +openvswitch-CVE-2023-3966.patch

- Updated the corrected patch for CVE-2023-5366 [bsc#1216002]

- Fix CVE-2023-5366 [bsc#1216002], openvswitch: missing masks on a final stage with ports trie
- Added patch,
    CVE-2023-5366.patch

- Fix CVE-2023-1668 [bsc#1210054], openvswitch: remote traffic denial of service via crafted packets with IP proto 0
- Added patch,
    CVE-2023-1668.patch

- Fix CVE-2024-22563 [bsc#1219059] openvswitch: memory leak via the function xmalloc__ in /lib/util.c
- Added patch,
  +openvswitch-CVE-2024-22563.patch

- added patch to include fix for CVE-2022-4338 (bsc#1206580) and CVE-2022-4337(bsc#1206581) when parsing malformed LLDP packets
  * CVE-2022-4338.patch

- security update
- added patches
  fix CVE-2022-32166 [bsc#1203865], out of bounds read in minimask_equal()
  + openvswitch-CVE-2022-32166.patch

- security update
- added patches
  fix CVE-2021-36980 [bsc#1188524], use-after-free in decode_NXAST_RAW_ENCAP
  + openvswitch-CVE-2021-36980.patch

- add openssl(cli) dependency on pki (bsc#1185839)

- Replace deprecated /var/run with /run (bsc#1185176, bsc#1185177).
  * 0001-Replace-deprecated-var-run-with-run.patch

- Update openvswitch to 2.14.2. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.2/NEWS
  Includes security fix for CVE-2020-27827 (bsc#1181345) and CVE-2020-35498
  (bsc#1181742).
- Removed patches no longer applying to code base:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch

- Update openvswitch to 2.14.0. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.14.0/NEWS
- Update OVN to 20.06.2. For a list of changes, check
  https://github.com/ovn-org/ovn/blob/v20.06.2/NEWS

- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0

- Fix wrong default directories for OVS python utilities (bsc#1176273).
- Add upstream patches to fix openvswitch-ipsec service (bsc#1176273).
  * 0001-ipsec-Fix-Strongswan-configuration-syntax.patch

- Fix preserving old default OVS_USER_ID for users that removed the
  override at /etc/sysconfig/openvswitch or for users affected by
  fillup bug below (bsc#1172861).
- Add patch to workaround a possible fillup issue that could cause
  existing openvswitch configuration to be unintendedly altered during
  upgrades (bsc#1172929).
  * 0001-Use-double-hash-for-OVS_USER_ID-comment.patch

- add missing provides/obsoletes for python3-openvswitch-test

- Update openvswitch to 2.13.0.
  * For a list of changes, check
    https://github.com/openvswitch/ovs/blob/v2.13.0/NEWS
  * This version drops python2 binding support. Only python3 bindings
    provided going forward.
  * Tool ovs-vlan-bug-workaround is no longer provided.
- OVN was split to its own repo but is still built together with OVS and as
  such from this same source package. OVN initial version is 20.03.
  * For a list of changes, check
    https://github.com/ovn-org/ovn/blob/v20.03.0/NEWS
  * Packages openvswitch-ovn* are renamed to ovn*.
  * OVN now has its own sysconfig and log paths.
- Add OVS patch to be proposed upstream:
  * 0001-rhel-Fix-reload-of-OVS_USER_ID-on-startup.patch
- Patch instead of post-processing configuration files to set running
  credentials (bsc#1157338):
  * 0001-Run-openvswitch-as-openvswitch-openvswitch.patch
  * 0001-Run-ovn-as-openvswitch-openvswitch.patch
- Will no longer change group ownership of /dev/hugepages to 'hugetlbfs'
  (bsc#1140835). System admin should mount hugepages on a path and permissions of
  his choosing for OVS. Add patch:
  * 0001-Don-t-change-permissions-of-dev-hugepages.patch
- Will no longer install udev rule to change group ownership of vfio devices to
  'hugetlbfs'. Group name does not make much sense in this case and ownership of
  vfio devices should be coordinated system wide or per device.
- Will no longer run under group 'hugetlbfs' on new installs with DPDK enabled.
  OVS will now run under group 'openvswitch' whether compiled with DPDK support
  or not.
- OVS persistent state is now saved on /var/lib/openvswitch instead of
  /etc/openvswitch for new installs.

- add missing sortedcontainers dependency to the python bindings

- Update openvswitch to 2.12.0. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/master/NEWS
- Removed patches that are already included upstream:
  * 0001-rhel-secure-openvswitch-useropts.patch
  * 0002-rhel-let-ctl-handle-runtime-directory.patch
- Rebased patches:
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch

- Add unbound as a build requirement to support asynchronous DNS
  resolving for remotes.

- Update DPDK dependency to support DPDK 18.11.2.

- Add upstream patches to fix bsc#1135884:
  * 0001-rhel-secure-openvswitch-useropts.patch
  * 0002-rhel-let-ctl-handle-runtime-directory.patch

- Use temporary directory for python build.

- Fix problem preventing new installs to run as non root (bsc#1132029),
  including:
  * Align with upstream so that no running configuration is changed on
    upgrades, specifically to avoid changes on the user Open vSwitch runs
    under.
  * hugetblfs groups is created as system group.
- Add missing opnvswitch-ipsec package and systemd service.
- Add patch to use strongswan instead of libreswan for openvswitch-ipsec.
  libreswan package not available currently.
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch
- Add missing ovs-delete-transient-ports systemd service.
- Align installed headers with upstream.
- Fix problem preventing rpm build '--with check'.
- Fix python environment that had directories pointing to /usr/local.
- Version bump to 2.11.1. Some of the changes are:
  * netdev-tc-offloads: Fix probe tc block support
  * rhel: Include all header files in the Fedora's devel package
  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
  * OVN: Make periodic RAs consistent with RA responder.
  * OVN: Always send prefix option in RAs
  * OVN: Use offset instead of pointer into ofpbuf
  * ofproto: fix the bug of bucket counter is not updated
  * netdev-dpdk: Print netdev name for txq mapping.
  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
  * ifupdown.sh: Add missing "--may-exist" option
  * dpif-netdev-perf: Fix double update of perf histograms.
  * dpdk: Stop dumping memzones to stdout.
  * dpctl: Drop parser debug information.
  * netdev-tc-offloads: Properly get the block id on flow del/get
  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  * conntrack: Replace structure copy by memcpy().
  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
  * conntrack: Fix race for NAT cleanup.
  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
  * datapath-windows: Add annotations to find vport functions
  * datapath-windows: Guard vport usage in user.c
  * datapath-windows: Fix potential deadlock in event subscription
  * datapath-windows: Fix race condition during port creation
  * datapath-windows: Fix nbl cleanup when memory allocation fails
  * netdev-linux: Remove ingress qdisc before trying to add shared block
  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
  * ovsdb-idl: Fix memory leak of idl->remote.
  * travis: Remove 'sudo' configuration.
  * OVN: Add port addresses to IPAM after all ports are joined.
  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
  * OVN: update RA next_announce according to {min, max}_interval
  * rconn: Avoid occasional immediate connection failures.
  * dpdk: Fix case-sensitivity of dpdk-init knob.
  * NEWS: Clean up the 2.11.0 release notes a bit.
  * conntrack: Fix L4 csum for V6 extension hdr pkts.
  * packets: Change return type for 'packet_csum_upperlayer6()'.
  * ovsdb-client: Fix typo.
  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
  * ofctl: break the loop if ovs_pcap_read returns error
  * netlink: added check to prevent netlink attribute overflow

- Disable dpdk on ix86, aligned with dpdk package.

- Combine %service_* calls to reduce generated boilerplate.
- Reduce scriptlets' hard dependency on systemd.

- Fixed package name libopenvswitch-2_10-0 to libopenvswitch-2_11-0

- python2-ovs provides now also python-ovs which is the standard
  for singlespec python packages.

- Add patch to include security fix for CVE-2020-35498 (bsc#1181742).
  * 0001-flow-Support-extra-padding-length.patch

- Update openvswitch to 2.11.5. For a list of changes, check
  https://github.com/openvswitch/ovs/blob/v2.11.5/NEWS
  Includes security fix for CVE-2020-27827 (bsc#1181345).
- Updated patch to new code base:
  * 0001-Use-strongswan-for-openvswitch-ipsec-service.patch

- Replaced `%service_del_postun -n` with `%service_del_postun_without_restart`
  (bsc#1117483).

- Fixed missing obsoletes for old python-ovs (bsc#1138948).

- Fix problem preventing new installs to run as non root (bsc#1132029,
  bsc#1139798), including:
  * Align with upstream so that no running configuration is changed on
    upgrades, specifically to avoid changes on the user Open vSwitch runs
    under.
  * hugetblfs groups is created as system group.
- Version bump to bugfix release 2.11.1 (bsc#1130276). Some of the changes are:
  * netdev-tc-offloads: Fix probe tc block support
  * rhel: Include all header files in the Fedora's devel package
  * reconnect.c: Don't transition back to ACTIVE when forced to RECONNECT.
  * OVN: Make periodic RAs consistent with RA responder.
  * OVN: Always send prefix option in RAs
  * OVN: Use offset instead of pointer into ofpbuf
  * ofproto: fix the bug of bucket counter is not updated
  * netdev-dpdk: Print netdev name for txq mapping.
  * dpif-netdev-perf: Fix millisecond stats precision with slower TSC.
  * ifupdown.sh: Add missing "--may-exist" option
  * dpif-netdev-perf: Fix double update of perf histograms.
  * dpdk: Stop dumping memzones to stdout.
  * dpctl: Drop parser debug information.
  * netdev-tc-offloads: Properly get the block id on flow del/get
  * netdev-tc-offloads: Improve log message for icmpv6 offload not supported
  * conntrack: Replace structure copy by memcpy().
  * conntrack: Lookup only 'UNNAT conns' in 'nat_clean()'.
  * conntrack: Fix race for NAT cleanup.
  * ovn-nbctl: Don't segfault when ovn-northd doesn't configure dynamic addresses.
  * datapath-windows: Add annotations to find vport functions
  * datapath-windows: Guard vport usage in user.c
  * datapath-windows: Fix potential deadlock in event subscription
  * datapath-windows: Fix race condition during port creation
  * datapath-windows: Fix nbl cleanup when memory allocation fails
  * netdev-linux: Remove ingress qdisc before trying to add shared block
  * netdev-tc-offloads: Remove ingress qdisc on tc init flow api
  * ovsdb-idl: Fix memory leak of idl->remote.
  * travis: Remove 'sudo' configuration.
  * OVN: Add port addresses to IPAM after all ports are joined.
  * dpif-netlink: Free leaked ofpbuf by using ofpbuf_delete
  * OVN: update RA next_announce according to {min, max}_interval
  * rconn: Avoid occasional immediate connection failures.
  * dpdk: Fix case-sensitivity of dpdk-init knob.
  * NEWS: Clean up the 2.11.0 release notes a bit.
  * conntrack: Fix L4 csum for V6 extension hdr pkts.
  * packets: Change return type for 'packet_csum_upperlayer6()'.
  * ovsdb-client: Fix typo.
  * ovn-nbctl: Daemon mode should retry when IDL connection lost.
  * ofctl: break the loop if ovs_pcap_read returns error
  * netlink: added check to prevent netlink attribute overflow

- Version bump to 2.11.0 (fate#325916, fate#325951, fate#326025, fate#326992).
  Some of the changes are:
  * Linux datapath:
  - Support for the kernel versions 4.16.x and 4.17.x.
  - Support for the kernel versions 4.18.x
  * OpenFlow:
  - OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
  * ovs-ofctl:
  - "mod-table" command can now change OpenFlow table names.
  * The environment variable OVS_SYSLOG_METHOD, if set, is now used
    as the default syslog method.
  * The environment variable OVS_CTL_TIMEOUT, if set, is now used
    as the default timeout for control utilities.
  * ovn:
  - OVN-SB schema changed: duplicated IP with same Encapsulation type
    is not allowed any more.  Please refer to
    Documentation/intro/install/ovn-upgrades.rst for the instructions
    in case there are problems encountered when upgrading from an earlier
    version.
  - New support for IPSEC encrypted tunnels between hypervisors.
  - ovn-ctl: allow passing user:group ids to the OVN daemons.
  - IPAM/MACAM:
  * add the capability to dynamically assign just L2 addresses
  * add the capability to specify a static ip address and get the L2 one
    allocated dynamically using the following syntax:
    ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
  * DPDK:
  - Add support for DPDK 18.11
  - Add support for port representors.
  * Userspace datapath:
  - Add option for simple round-robin based Rxq to PMD assignment.
    It can be set with pmd-rxq-assign.
  - Add support for Auto load balancing of PMDs (experimental)
  - Added new per-port configurable option to manage EMC:
    'other_config:emc-enable'.
  * Add 'symmetric_l3' hash function.
  * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
  * ovs-vswitchd:
  - New configuration option "offload-rebalance", that enables dynamic
    rebalancing of offloaded flows.
  * The environment variable OVS_RESOLV_CONF, if set, is now used
    as the DNS server configuration file.
  * RHEL packaging:
  - OVN packages are split from OVS packages. A new spec
    file - ovn-fedora.spec.in is added to generate OVN packages.
- Revisit DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options
  (bsc#1117483). DISABLE_STOP_ON_REMOVAL is removed. DISABLE_RESTART_ON_UPDATE
  is replaced by '%service_del_postun -n'. $FIRST_ARG is replaced by $1.
- Add extra openvswitch headers (bsc#1125897).

- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435).

- Version bump to 2.11.0+git20190123.ad83fc9ab (fate#325916, fate#325951,
  fate#326025, fate#326992). Some of the changes are:
  * Linux datapath:
  - Support for the kernel versions 4.16.x and 4.17.x.
  * OpenFlow:
  - OFPMP_TABLE_FEATURES_REQUEST can now modify table features.
  * ovs-ofctl:
  - "mod-table" command can now change OpenFlow table names.
  * The environment variable OVS_SYSLOG_METHOD, if set, is now used
    as the default syslog method.
  * The environment variable OVS_CTL_TIMEOUT, if set, is now used
    as the default timeout for control utilities.
  * ovn:
  - OVN-SB schema changed: duplicated IP with same Encapsulation type
    is not allowed any more.  Please refer to
    Documentation/intro/install/ovn-upgrades.rst for the instructions
    in case there are problems encountered when upgrading from an earlier
    version.
  - New support for IPSEC encrypted tunnels between hypervisors.
  - ovn-ctl: allow passing user:group ids to the OVN daemons.
  - IPAM/MACAM:
  * add the capability to dynamically assign just L2 addresses
  * add the capability to specify a static ip address and get the L2 one
    allocated dynamically using the following syntax:
    ovn-nbctl lsp-set-addresses <port> "dynamic <IP>"
  * DPDK:
  - Add support for DPDK 18.11
  - Add support for port representors.
  * Userspace datapath:
  - Add option for simple round-robin based Rxq to PMD assignment.
    It can be set with pmd-rxq-assign.
  - Add support for Auto load balancing of PMDs (experimental)
  - Added new per-port configurable option to manage EMC:
    'other_config:emc-enable'.
  * Add 'symmetric_l3' hash function.
  * OVS now honors 'updelay' and 'downdelay' for bonds with LACP configured.
  * ovs-vswitchd:
  - New configuration option "offload-rebalance", that enables dynamic
    rebalancing of offloaded flows.
  * The environment variable OVS_RESOLV_CONF, if set, is now used
    as the DNS server configuration file.
  * RHEL packaging:
  - OVN packages are split from OVS packages. A new spec
    file - ovn-fedora.spec.in is added to generate OVN packages.
- Remove upstreamed patch:
  * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
- Remove DISABLE_RESTART_ON_UPDATE and DISABLE_STOP_ON_REMOVAL options (bsc#1117483).

- Backport upstream fix for python json parser memory leak (bsc#1116437)
  * 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch

- Improve python packaging (bsc#1115085)
  * Rename python*-openvswitch subpackages to python*-ovs to follow
    the openSUSE policy that packages should be named after the modules
    they install.
  * Build the JSON C bindings and as a result the 'noarch' BuildArch
    needs to be removed.
  * Drop the python*-openvswitch-test packages and merge them with the
    test subpackage
  * Build the python bindings using setuptools
  * Include the egg-info package.
  * Use libopenvswitch as dependency to python bindings

- Version bump to 2.9.3. Some of the changes are:
  * dpif-netdev.at: Add missing backslash.
  * ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
  * ovn-ctl: Fix the wrong pidfile argument passed to ovsdb-servers
  * ovndb-servers.ocf: Add ssl support for managing OVN DB resources with pacemaker using LB VIP.
  * ovn-ctl: Allow passing ssl certs when starting OVN DBs in ssl mode.
  * expr: Disallow < <= >= > comparisons against empty value set.
  * expr: Set a limit on the depth of nested parentheses
  * dpif-netdev: Add vlan to mask for flow_put operation.
  * odp-util: Fix a use-after-free bug.
  * dpif-netlink: Fix null pointer.
  * dpif-netlink: don't allocate per thread netlink sockets
  * bfd: Make the tp_dst masking megaflow-friendly.
  * netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
  * lex: Fix buffer overrun parsing overlong hexadecimal constants.
  * ovsdb-client: Fix a bug that uses wrong index
  * ofproto-dpif-xlate: Fix conntrack fields on NXT_RESUME
  * ovs-save: save and restore groups on restart
  * flow: Fix uninitialized flow fields in IPv6 error case.
  * ofproto-dpif: Fix NXT_RESUME flow stats
  * dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9
  * ovn: Add DHCP support for option 252.
  * meta-flow: Make "nw_frag" a synonym for "ip_frag".
  * ovsdb-server: Alleviate the possible data loss in an active/standby setup
  * ovs-save: Don't always include the default flow during restore
  * lib/tc: treat vlan id and prio as independent fields
  * datapath: lisp: Fix uninitialized field in tunnel_cfg.
  * odp-util: Don't attempt to write IPv6 flow label bits that don't exist.
  * lib/tc: reject offloading of non-Ethernet packets
  * ovs-ctl: Allow add-remote without vswitchd started.
  * daemon-unix: Use same name for original or restarted children.
  * dpif-netdev: Prevent unsafe access when retrieving meter stats.
  * Add ovs.compat module to python package
  * utilities: Drop shebang from bash completion script
  * ofp-actions: Re-fix error path for parsing OpenFlow actions.
  * nx-match: Avoid double-free on some error paths.
  * vswitch.xml: Fix key type and description style of tc-policy.
  * ovn: Fix the issue in IPv6 Neigh Solicitation responder for router IPs
  * netdev-dpdk: Support the link speed of XL710
  * ovn-northd: Support learning neighbor from ARP request.
  * ovn-northd: LR respond ARP from valid subnet only.
  * netdev-linux: Avoid division by 0 if kernel reports bad scheduler data.
  * ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).
  * ovsdb-idl: Adjust indexes during transactions.
  * ovsdb-idl.c: Fix IDL index problem when rows are updated.
  * netdev-dpdk: Use hex for PCI vendor ID.
  * ofp-port: Fix buffer overread parsing Intel custom statistics.
  * netdev-dpdk: Fix failure to configure flow control at netdev-init.
  * ofctl: Fixup compare_flows function
  * raft: Fix use-after-free error in raft_store_snapshot().
  * stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
  * utilities: Launch ovsdb-tool without using PAM
  * ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".
  * stream-ssl: Don't enable new TLS versions by default
  * pcap-file: Fix formatting of log message.
  * meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field.
  * nx-match: Fix memory leak in oxm_pull_field_array() error case.
  * lib/tc: Handle ttl for ipv6 too
  * compat: Initialize IPv4 reassembly secret timer
  * ovn-nbctl: Fix compilation warnings.
  * conntrack: Fix conn_update_state_alg use after free.
  * ovn-northd: Don't shadow addr_family in add_router_lb_flow().
  * ovn: Add router load balancer undnat rule for IPv6
  * ifupdown.sh: Correctly bring up bond slaves.
  * conntrack: Fix using alg_exp_entry out of scope.
  * ovndb-servers: Set connection table when using load balancer to manage ovndb clusters via pacemaker.
  * ovn-ctl: Support NB and SB DBs to start without using remote connections.
  * ovndb-servers.ocf: add LB support for managing ovndb cluster:
  * ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command.
  * ovn: Clarify the differences between QoS marking and metering.
  * ovs-ofctl: Clarifications in the Meter Syntax man page section.
  * OpenFlow: Update documentation to indicate support for virtual meters.
  * ofp-actions: Fix undefined behavior shifting 'int' 16 places left.
  * extract-ofp-errors: Fix undefined behavior shifting 'int' 16 places left.
  * json: Avoid signed integer overflow in parsing exponents.
  * ofp-actions: Fix buffer overread in decode_LEARN_specs().
  * ofp-actions: Avoid buffer overread in BUNDLE action decoding.
  * conntrack: Fix fragmentation checks.
  * rconn: Suppress 'connected' log for unreliable connections.
  * ofproto-macros: Ignore "Dropped # log messages" in check_logs.
  * datapath: stt: linearize in SKIP_ZERO_COPY case
  * ovsdb-idl: Correct singleton insert logic
  * ovn: Fix DHCP classless static route for non-classful masks.
  * ofproto: Fix OVS crash when reverting old flows in bundle commit
  * rconn: Introduce new invariant to fix assertion failure in corner case.
  * dpctl.man: Correct argument to "dump-flows".
  * python: avoid useless JSON conversion to enhance performance
  * ofproto: Make ofproto_port_open_type() faster.
  * ovs-thread: Fix thread id for threads not started with ovs_thread_create()
  * netdev-dpdk: Handle ENOTSUP for rte_eth_dev_set_mtu.
  * netdev-dpdk: Enable HW_CRC_STRIP for virtual functions.
  * lib: fix typo in fragment handling error message
  * ovs-vswitchd: Do not use system routing table with --disable-system.
  * vswitchd: Allow user to directly specify sFlow agent address.

- Version bump to 2.9.2 (fate#325952). Some of the changes are:
  * NSH implementation now conforms to latest draft (draft-ietf-sfc-nsh-28).
  * OVSDB:
  - ovsdb-client: New "get-schema-cksum" and "query" commands.
  - ovsdb-client: New "backup" and "restore" commands.
  - ovsdb-client: New --timeout option.
  - ovsdb-tool: New "db-name" and "schema-name" commands.
  * OVSDB has new, experimental support for database clustering:
  - New high-level documentation in ovsdb(7).
  - New file format documentation for developers in ovsdb(5).
  - Protocol documentation moved from ovsdb-server(1) to ovsdb-server(7).
  - ovsdb-server now supports online schema conversion via
    "ovsdb-client convert".
  - ovsdb-server now always hosts a built-in database named _Server. See
    ovsdb-server(5) for more details.
  - ovsdb-client: New "get-schema-cksum", "query", "backup", "restore",
    and "wait" commands.  New --timeout option.
  - ovsdb-tool: New "create-cluster", "join-cluster", "db-cid", "db-sid",
    "db-local-address", "db-is-clustered", "db-is-standalone", "db-name",
    "schema-name", "compare-versions", and "check-cluster" commands.
  - ovsdb-server: New ovs-appctl commands for managing clusters.
  - ovs-sandbox: New support for clustered databases.
  * ovs-vsctl and other commands that display data in tables now support a
  - -max-column-width option to limit column width.
  * No longer slow-path traffic that sends to a controller.  Applications,
    such as OVN ACL logging, want to send a copy of a packet to a
    controller while leaving the actual packet forwarding in the datapath.
  * OVN:
  - The "requested-chassis" option for a logical switch port now accepts a
    chassis "hostname" in addition to a chassis "name".
  - IPv6
  * Added support to send IPv6 Router Advertisement packets in response to
    the IPv6 Router Solicitation packets from  the VIF ports.
  * Added support to generate Neighbor Solicitation packets using the OVN
    action 'nd_ns' to resolve unknown next hop MAC addresses for the
    IPv6 packets.
  - ovn-ctl: New commands run_nb_ovsdb and run_sb_ovsdb.
  - ovn-sbctl, ovn-nbctl: New options --leader-only, --no-leader-only.
  * OpenFlow:
  - ct_clear action is now backed by kernel datapath. Support is probed for
    when OVS starts.
  - ovs-dpctl and related ovs-appctl commands:
  * "flush-conntrack" now accept a 5-tuple to delete a specific
    connection tracking entry.
  * New "ct-set-maxconns", "ct-get-maxconns", and "ct-get-nconns" commands
    for userspace datapath.
  - No longer send packets to the Linux TAP device if it's DOWN unless it is
    in another networking namespace.
  * DPDK:
  - Add support for DPDK v17.11
  - Add support for vHost IOMMU
  - New debug appctl command 'netdev-dpdk/get-mempool-info'.
  * Custom statistics:
  - DPDK physical ports now return custom set of "dropped", "error" and
    "management" statistics.
  - ovs-ofctl dump-ports command now prints new of set custom statistics
    if available (for OpenFlow 1.4+).
  - New appctl command 'dpif-netdev/pmd-rxq-rebalance' to rebalance rxq to
    pmd assignments.
  - Add rxq utilization of pmd to appctl 'dpif-netdev/pmd-rxq-show'.
  - Add support for vHost dequeue zero copy (experimental)
  * Userspace datapath:
  - Output packet batching support.
  * vswitchd:
  - Datapath IDs may now be specified as 0x1 (etc.) instead of 16 digits.
  - Configuring a controller, or unconfiguring all controllers, now deletes
    all groups and meters (as well as all flows).
  - New --enable-sparse configure option enables "sparse" checking by default.
  - Added additional information to vhost-user status.
- Get rid of the old openvswitch DPDK migration steps everybody should have
  migrated from <2.6 to latest releases by now.
  * 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch
- Remove patches which have made it upstream
  * 0001-rhel-Use-correct-user-in-the-logrotate-configuration.patch
  * 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch
  * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
  * 0003-netdev-dpdk-vHost-IOMMU-support.patch

- Add upstream patch to fix permissions when running the logrotate
  script (bsc#1104049)
  * 0001-rhel-Use-correct-user-in-the-logrotate-configuration.patch

- Add upstream patch to fix dbus timeout due to deadlock in systemd
  dependencies (bsc#1098630).
  * 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch

- Version bump to 2.8.4 (bsc#1094234). Some of the changes are
  * dpif-netdev: Free packets on TUNNEL_PUSH if may_steal.
  * netdev-dpdk: fix check for "net_nfp" driver
  * netdev-dpdk: Don't use PMD driver if not configured successfully
  * netdev-dpdk: Remove use of rte_mempool_ops_get_count.
  * conntrack-tcp: Handle tcp session reuse.
  * tunnel: make tun_key_to_attr aware of tunnel type.
  * Configurable Link State Change (LSC) detection mode
  * netdev-dpdk: don't enable scatter for jumbo RX support for nfp
  * faq: Document DPDK version maintenance.
  * Avoid crash in OvS while transmitting fragmented packets over tunnel.
  * compat: Fix upstream 4.4.119 kernel
  * ovs-vsctl: Fix segfault when attempting to del-port from parent bridge.
  * ofproto-dpif-xlate: Fix segmentation fault caused by tun_table
  * odp-util: Remove unnecessary TOS ECN bits rewrite for tunnels
  * datapath: Prevent panic
  * netdev-dpdk: Free mempool only when no in-use mbufs.
  * python: Fix a double encoding attempt on an Unicode string
  * ofproto-dpif: Init ukey->dump_seq to zero
  * nsh: Add unit test for double NSH encap and decap
  * xlate: Correct handling of double encap() actions
  * tc: Change filter error to debug once
  * lib/tc: Handle error parsing action in nl_parse_single_action
  * ovn: Fix tunnel id overflow.
  * ofp-actions: Correct execution of encap/decap actions in action set
  * ovsdb-idl.at: Fix test failed. (writing large data via IDL with unicode)
  * netdev-dpdk: Limit rate of DPDK logs.
  * netdev-dpdk: Remove 'error' from non error log.
  * odp-util: Print eth() for Ethernet flows if packet_type is absent.
  * python: Fix decoding error when the received data is larger than 4096.
  * datapath-windows: fix hash creation on ct mark
  * tunnel: Fix deletion of datapath tunnel ports in case of reconfiguration
  * tests: Make packet-type-aware.at hash independent
- Remove patches which are now upstream:
  * 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
  * 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
  * 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
  * 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch
- Use openvswitch user/group for the log directory (3f556d66edb9)

- Add support for RedHat distributions. All SUSE macros are now
  conditional and the spec file has been adapted based on the upstream
  one (fate#324537)
- spec-cleaner fixes

- Move openvswitch user/group creation to %pre scriptlet. The default
  ownership of the configuration files expects the user and group to
  be available as early as possible (bsc#1091408)

- Preserve 'enable' status of openvswitch.service file when upgrading
  from <SLE-12-SP3. The service file has been moved from the old
  openvswitch-switch subpackage to the main openvswitch one so we
  need to handle this migration step in %posttrans (bsc#1089476)
- Move DISABLE_STOP_ON_REMOVAL=yes to %preun. This variable is only
  checked in %service_del_preun macro

- Fix file permissions in /etc/openvswitch for upgrades (951d79e638ec)

- set rundir to %_rundir

- Fix incorrect python3 dependencies for python2 subpackages
- Add upstream patches so we can build tools using python3 (bsc#1082194)
  * 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
  * 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
  * 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
  * 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch

- Version bump to 2.8.2 (bsc#1081953). Some of the changes are
  * ofp-meter: Fix use-after-free for decoding meter mods.
  * xlate: fix xport lookup for recirc
  * ofproto-dpif-xlate: add uuid to xports
  * netdev-dpdk: Fix requested MTU size validation.
  * netdev-dpdk: fix ingress_policer leak on error path
  * ofproto: Fix double-unref of temporary rule when learning.
  * gre: strip gre-tso offload flags
  * tc flower: reorder tunnel encap/decap actions
  * ofproto: Fix wrong datapath flow with same in_port and output port.
  * dpif: geneve: supply dpif function to get ifindex
  * ovs-tcpundump: fix a conversion issue
  * tunnel: fix tunnel flags set/clear.
  * netdev-dpdk: replace uint8_t with dpdk_port_t
  * lex: Fix parsing of long tokens.
  * odp-util: Use flexible sized buffer to hold Geneve options.
  * odp-util: Avoid reading wrong table in generate_all_wildcard_mask().
  * bond: Fix bug that writes to freed memory
  * conntrack: Fix icmp error address sanity check.
  * ovsdb-idl: Fix assertion failure on error path parsing server reply.
  * ofproto: Keep inserting buckets into a group from changing group type.
  * odp-util: Fix another hang in NSH action parsing.
  * odp-util: Fix parsing corner case for encap_nsh() actions.
  * netdev: netdev_get_etheraddr is not functioning as advertised.
  * ofproto-dpif-xlate: Fix bug that may leak ofproto_flow_mod
  * bfd: Fix memory leak
  * dpif: Fix memory leak
  * execution: Fix bug that leaks ovsdb_row
  * flow: Avoid buffer overread in parse_nsh() for malformed packet.
  * ovs-ofctl: Fix bad free in colors_parse_from_env().
  * odp-util: Fix buffer overread in parsing string form of ODP flows.
  * OpenvSwitch logrotate: Use ctl file path as target in ovs-appctl to reset logs
  * ovn-ctl: Add -vfile:info option to OVN_NB/SB_LOG options
  * netdev-tc-offloads: update stats properly on flow deletion
  * tests: Try harder to figure out whether IPv6 is supported.
  * netdev, dpif: fix the crash/assert on port delete
  * ovs-ctl: Don't remember vport-* kernel modules
  * NSH: Adjust NSH wire format to the latest IETF draft
  * ovs-lib: dont't purge corrupted DB
  * meta-flow: Fix format in documentation.
  * dpif-netlink-rtnl: Fix ovs_geneve probing after restart.
  * ovsdb-server: Fix memory leak
  * test-ovsdb: Fix memory leak
  * ovsdb-idl: Fix memory leak
  * netdev-linux: Fix wrong ceil rate when max-rate less than 8bit.
  * ofproto/trace: Fix memory leak in oftrace_push_ct_state()
  * ofproto-dpif-upcall: Fix null pointer dereference on exit.
  * ofproto-dpif-xlate: use xlate error enum for unsupported packet type
  * timeval: Check for OS-provided clock_gettime on macOS
  * Add dl_type to flow metadata for correct interpretation of conntrack metadata
  * Check flow's dl_type before setting ct_orig_tuple in 'pkt_metadata_from_flow()'
  * tests/stp: Use long warps instead of multiple calls.
  * ovs-save: Handle different 'ip addr show' output.
  * datapath-windows: Remove the workaround in NAT for TCP checksum
  * netdev: Fix memory leak on error path.
  * replication: Avoid theoretical use-after-free error in reset_database().
  * ovs-ctl.in: Call 'hostname -f' after vswitchd starts.
  * dpif-netdev: Use portable error code for zero rate meter band
- Remove patches that have been applied upstream:
  * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch

- Add upstream patches to support DPDK 17.11 (fate#322609)
  * 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
  * 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
  * 0003-netdev-dpdk-vHost-IOMMU-support.patch