Recommended update for openvswitch

SUSE Recommended Update: Recommended update for openvswitch
Announcement ID: SUSE-RU-2019:0816-1
Rating: moderate
References: #1115085 #1116437 #1124435 #1125606
Affected Products:
  • SUSE Linux Enterprise Server 12-SP3

An update that has four recommended fixes can now be installed.

Description:

This update for openvswitch fixes the following issues:
Version bump to 2.7.7 bugfix release (bsc#1125606).
Some of the changes are:

  • dpdk: Use DPDK 16.11.8 release.
  • dpif-netdev.at: Add missing backslash.
  • test-hash: Fix unaligned pointer value error.
  • odp-execute: Fix broken build with Clang as compiler.
  • expr: Disallow = > comparisons against empty value set.
  • expr: Set a limit on the depth of nested parentheses
  • Python: Make Row's __getattr__ less error prone
  • Revert "bridge: Fix ovs-appctl qos/show repeated queue information"
  • netdev: Properly clear 'details' when iterating in NETDEV_QOS_FOR_EACH.
  • bridge: Fix ovs-appctl qos/show repeated queue information
  • lex: Fix buffer overrun parsing overlong hexadecimal constants.
  • ovsdb-client: Fix a bug that uses wrong index
  • flow: Fix uninitialized flow fields in IPv6 error case.
  • meta-flow: Make "nw_frag" a synonym for "ip_frag".
  • datapath: lisp: Fix uninitialized field in tunnel_cfg.
  • odp-util: Don't attempt to write IPv6 flow label bits that don't exist.
  • daemon-unix: Use same name for original or restarted children.
  • utilities: Drop shebang from bash completion script
  • ofp-actions: Re-fix error path for parsing OpenFlow actions.
  • nx-match: Avoid double-free on some error paths.
  • netdev-dpdk: Support the link speed of XL710
  • netdev-linux: Avoid division by 0 if kernel reports bad scheduler data.
  • ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).
  • netdev-dpdk: Fix failure to configure flow control at netdev-init.
  • netdev-dpdk: Use hex for PCI vendor ID.
  • ofctl: Fixup compare_flows function
  • stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
  • utilities: Launch ovsdb-tool without using PAM
  • ovs-ofctl: Better validate OpenFlow message length in "ofp-parse-pcap".
  • stream-ssl: Don't enable new TLS versions by default
  • pcap-file: Fix formatting of log message.
  • meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field.
  • nx-match: Fix memory leak in oxm_pull_field_array() error case.
  • datapath: Don't swap table in nlattr_set() after OVS_ATTR_NESTED is found
  • compat: Initialize IPv4 reassembly secret timer
  • Revert "flow: Fix buffer overread for crafted IPv6 packets."
  • ifupdown.sh: Correctly bring up bond slaves.
  • flow: Fix buffer overread for crafted IPv6 packets.
  • ofp-group: Don't assert-fail decoding bad OF1.5 group mod type or command.
  • ofp-actions: Fix buffer overread in decode_LEARN_specs().
  • ofp-actions: Avoid buffer overread in BUNDLE action decoding.
  • rconn: Suppress 'connected' log for unreliable connections.
  • datapath: stt: linearize in SKIP_ZERO_COPY case
  • ovn: Fix DHCP classless static route for non-classful masks.
  • ofproto: Fix OVS crash when reverting old flows in bundle commit
  • rconn: Introduce new invariant to fix assertion failure in corner case.
  • lib: fix typo in fragment handling error message

Other bugfixes:
  • Backport upstream fix for python json parser memory leak (bsc#1116437):
  • New python subpackages obsolete old python subpackages (bsc#1124435).
  • Improve python packaging (bsc#1115085)

Patch Instructions:

To install this SUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Server 12-SP3:
    zypper in -t patch SUSE-SLE-SERVER-12-SP3-2019-816=1

Package List:

  • SUSE Linux Enterprise Server 12-SP3 (aarch64 ppc64le s390x x86_64):
    • openvswitch-2.7.7-3.28.1
    • openvswitch-debuginfo-2.7.7-3.28.1
    • openvswitch-debugsource-2.7.7-3.28.1

References: