Recommended update for openvswitch

Announcement ID:	SUSE-RU-2019:0816-1
Rating:	moderate
References:	bsc#1115085 bsc#1116437 bsc#1124435 bsc#1125606
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SP3 SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP3

An update that has four fixes can now be installed.

Description:

This update for openvswitch fixes the following issues:

Version bump to 2.7.7 bugfix release (bsc#1125606).

Some of the changes are:

• dpdk: Use DPDK 16.11.8 release.
• dpif-netdev.at: Add missing backslash.
• test-hash: Fix unaligned pointer value error.
• odp-execute: Fix broken build with Clang as compiler.
• expr: Disallow < <= >= > comparisons against empty value set.
• expr: Set a limit on the depth of nested parentheses
• Python: Make Row's getattr less error prone
• Revert "bridge: Fix ovs-appctl qos/show repeated queue information"
• netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
• bridge: Fix ovs-appctl qos/show repeated queue information
• lex: Fix buffer overrun parsing overlong hexadecimal constants.
• ovsdb-client: Fix a bug that uses wrong index
• flow: Fix uninitialized flow fields in IPv6 error case.
• meta-flow: Make "nw_frag" a synonym for "ip_frag".
• datapath: lisp: Fix uninitialized field in tunnel_cfg.
• odp-util: Don't attempt to write IPv6 flow label bits that don't exist.
• daemon-unix: Use same name for original or restarted children.
• utilities: Drop shebang from bash completion script
• ofp-actions: Re-fix error path for parsing OpenFlow actions.
• nx-match: Avoid double-free on some error paths.
• netdev-dpdk: Support the link speed of XL710
• netdev-linux: Avoid division by 0 if kernel reports bad scheduler data.
• ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).
• netdev-dpdk: Fix failure to configure flow control at netdev-init.
• netdev-dpdk: Use hex for PCI vendor ID.
• ofctl: Fixup compare_flows function
• stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
• utilities: Launch ovsdb-tool without using PAM
• ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".
• stream-ssl: Don't enable new TLS versions by default
• pcap-file: Fix formatting of log message.
• meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field.
• nx-match: Fix memory leak in oxm_pull_field_array() error case.
• datapath: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
• compat: Initialize IPv4 reassembly secret timer
• Revert "flow: Fix buffer overread for crafted IPv6 packets."
• ifupdown.sh: Correctly bring up bond slaves.
• flow: Fix buffer overread for crafted IPv6 packets.
• ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command.
• ofp-actions: Fix buffer overread in decode_LEARN_specs().
• ofp-actions: Avoid buffer overread in BUNDLE action decoding.
• rconn: Suppress 'connected' log for unreliable connections.
• datapath: stt: linearize in SKIP_ZERO_COPY case
• ovn: Fix DHCP classless static route for non-classful masks.
• ofproto: Fix OVS crash when reverting old flows in bundle commit
• rconn: Introduce new invariant to fix assertion failure in corner case.
• lib: fix typo in fragment handling error message

Other bugfixes:

• Backport upstream fix for python json parser memory leak (bsc#1116437):
• New python subpackages obsolete old python subpackages (bsc#1124435).
• Improve python packaging (bsc#1115085)

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Server 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-816=1
• SUSE Linux Enterprise High Performance Computing 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-816=1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3
  zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-816=1

Package List:

• SUSE Linux Enterprise Server 12 SP3 (aarch64 ppc64le s390x x86_64)
  • openvswitch-debuginfo-2.7.7-3.28.1
  • openvswitch-debugsource-2.7.7-3.28.1
  • openvswitch-2.7.7-3.28.1
• SUSE Linux Enterprise High Performance Computing 12 SP3 (aarch64 x86_64)
  • openvswitch-debuginfo-2.7.7-3.28.1
  • openvswitch-debugsource-2.7.7-3.28.1
  • openvswitch-2.7.7-3.28.1
• SUSE Linux Enterprise Server for SAP Applications 12 SP3 (ppc64le x86_64)
  • openvswitch-debuginfo-2.7.7-3.28.1
  • openvswitch-debugsource-2.7.7-3.28.1
  • openvswitch-2.7.7-3.28.1

References:

• https://bugzilla.suse.com/show_bug.cgi?id=1115085
• https://bugzilla.suse.com/show_bug.cgi?id=1116437
• https://bugzilla.suse.com/show_bug.cgi?id=1124435
• https://bugzilla.suse.com/show_bug.cgi?id=1125606