Changelog for
openvswitch-ovn-docker-2.8.7-5.17.4.x86_64.rpm :
* Mon Apr 29 2019 jcaamanoAATTsuse.com- Fix problem preventing new installs to run as non root (bsc#1132029), including:
* Align with upstream so that no running configuration is changed on upgrades, specifically to avoid changes on the user Open vSwitch runs under.
* hugetblfs groups is created as system group.- Version bump to bugfix release 2.8.7 (bsc#1130276). Some of the changes are:
* ofp-group: support to insert bucket with weight value for select type
* ofproto: fix the bug of bucket counter is not updated
* netdev-dpdk: Print netdev name for txq mapping.
* ifupdown.sh: Add missing \"--may-exist\" option
* netdev-tc-offloads: Improve log message for icmpv6 offload not supported
* travis: Stop rsyslog before start.
* vlog: Better handle syslog handler exceptions.
* travis: Remove \'sudo\' configuration.
* ovsdb-monitor.at: Use correct perl scripts.
* rconn: Avoid occasional immediate connection failures.
* conntrack: Fix L4 csum for V6 extension hdr pkts.
* packets: Change return type of \'packet_csum_upperlayer6\'.
* ovsdb-client: Fix typo.
* ofctl: break the loop if ovs_pcap_read returns error
* Revert \"ovs-tcpdump: Fix an undefined variable\"
* dhparams: Fix .c file generation with OpenSSL >= 1.1.1-pre9
* dhparams: Add pregenerated .c file to the repository.
* netlink: added check to prevent netlink attribute overflow
* conntrack: Keep Address Sanitizer happy.
* lldp: fix string warnings
* conntrack: Exclude l2 padding in \'conn_key_extract()\'.
* dp-packet: Add \'dp_packet_l3_size()\'.
* monitor: Fix crash when monitor condition adds new columns.
* dpif-netdev: Add thread safety annotation to sorted_poll_list.
* acinclude: Drop DPDK_EXTRA_LIB variable.
* flow: fix a possible memory leak in parse_ct_state
* ofproto-dpif-trace: Fix for the segmentation fault in ofproto_trace().
* datapath: Fix IPv6 later frags parsing
* datapath: Derive IP protocol number for IPv6 later frags
* datapath: Avoid OOB read when parsing flow nlattrs
* dpif-netlink: Fix a bug that causes duplicate key error in datapath
* odp-util: Stop parse odp actions if nlattr is overflow
* ovs-tcpdump: Fix an undefined variable
* stt: Fix return code during xmit.
* ofpbuf: Fix arithmetic error in ofpbuf_insert().
* odp-util: Fix a bug in parse_odp_push_nsh_action
* netdev-linux: Fix function argument order in sfq_tc_load().
* ofproto-dpif-xlate: Account mirrored packets only if the VLAN matches.
* ofp-actions: Avoid overflow for ofpact_learn_spec->n_bits
* python: Escape backslashes while formatting logs.
* docs: Fix table title for VM MQ config in dpdk howto.
* conntrack: Check all addresses for ephemeral ports.
* cmap: Fix hashing in cmap_find_protected().
* python: Catch setsockopt exceptions for TCP stream.
* conntrack: Skip ephemeral ports fallback for DNAT.
* rhel: Add \'SYSTEMD_NO_WRAP=yes\' in ovs init script for SLES
* ofproto: Return correct error codes from meter_set.
* debian: Install correct vtep-ctl.
* packets: Fix use-after-free error in packet_put_ra_prefix_opt().
* Windows: Fix broken kernel userspace communication
* netdev-tc-offloads: Delete ufid tc mapping in the right place
* dpif-netlink: Fix error behavior in dpif_netlink_port_add__().
* datapath-windows: Fix invalid reference in Buffermgmt.c
* netdev-dpdk: Bring link down when NETDEV_UP is not set
* actions: Enforce a maximum limit for nested action depth
* bond: Fix LACP fallback to active-backup when recirc is enabled.
* netdev-dpdk: Fix netdev_dpdk_get_features().
* ovn-northd: Fix memory leak in free_chassis_queueid().
* python-c-ext: Fix memory leak in Parser_finish
* bridge.c: prevent controller connects while flow-restore-wait
* connmgr: Fix vswitchd abort when a port is added and the controller is down
* odp-util: Move ufid handling to odp_flow_from_string- Remove patches present in upstream 2.8.7:
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
* Mon Mar 25 2019 jcaamanoAATTsuse.com- Backport upstream fixes (bsc#1128407)
* 0001-rhel-don-t-drop-capabilities-when-running-as-root.patch
* 0002-rhel-Fix-literal-dollar-sign-usage-in-systemd-servic.patch- Rebased upstream fixes that had conflict with the previous ones
* 0003-rhel-Use-correct-user-in-the-logrotate-configuration.patch- Add extra openvswitch headers (bsc#1125897).
* Fri Feb 15 2019 jcaamanoAATTsuse.com- Obsolete old python[2]-openvswitch-test subpackages (bsc#1124435)
* Tue Dec 18 2018 jcaamanoAATTsuse.com- Backport upstream fix for python json parser memory leak (bsc#1116437)
* 0001-python-c-ext-Fix-memory-leak-in-Parser_finish.patch
* Thu Nov 08 2018 mchandrasAATTsuse.de- Improve python packaging (bsc#1115085)
* Rename python
*-openvswitch subpackages to python
*-ovs to follow the openSUSE policy that packages should be named after the modules they install.
* Build the JSON C bindings and as a result the \'noarch\' BuildArch needs to be removed.
* Drop the python
*-openvswitch-test packages and merge them with the test subpackage
* Build the python bindings using setuptools
* Include the egg-info package.
* Use libopenvswitch as dependency to python bindings
* Mon Oct 22 2018 mchandrasAATTsuse.de- Version bump to 2.8.5 (bsc#1112703). Some of the changes are:
* dpif-netdev.at: Add missing backslash.
* ofproto-dpif-xlate: Avoid deadlock on multicast snooping recursion.
* expr: Disallow < <= >= > comparisons against empty value set.
* expr: Set a limit on the depth of nested parentheses
* dpif-netdev: Add vlan to mask for flow_put operation.
* odp-util: Fix a use-after-free bug.
* dpif-netlink: Fix null pointer.
* dpif-netlink: don\'t allocate per thread netlink sockets (bsc#1110865)
* netdev: Properly clear \'details\' when iterating in NETDEV_QOS_FOR_EACH.
* lex: Fix buffer overrun parsing overlong hexadecimal constants.
* ovsdb-client: Fix a bug that uses wrong index
* ofproto-dpif-xlate: Fix conntrack fields on NXT_RESUME
* flow: Fix uninitialized flow fields in IPv6 error case.
* ofproto-dpif: Fix NXT_RESUME flow stats
* meta-flow: Make \"nw_frag\" a synonym for \"ip_frag\".
* lib/tc: treat vlan id and prio as independent fields
* odp-util: Don\'t attempt to write IPv6 flow label bits that don\'t exist.
* lib/tc: reject offloading of non-Ethernet packets
* ovn-controller: Fix test - IP relocation using GARP request.
* tests: Make test result more predictable.
* ovs-ctl: Allow add-remote without vswitchd started.
* daemon-unix: Use same name for original or restarted children.
* dpif-netdev: Prevent unsafe access when retrieving meter stats.
* tests: Use the default key length when generating RSA keys
* utilities: Drop shebang from bash completion script
* ofp-actions: Re-fix error path for parsing OpenFlow actions.
* nx-match: Avoid double-free on some error paths.
* ovn-northd: Support learning neighbor from ARP request.
* ovn-northd: LR respond ARP from valid subnet only.
* netdev-dpdk: Support the link speed of XL710
* netdev-linux: Avoid division by 0 if kernel reports bad scheduler data.
* ofp-actions: Avoid assertion failure for clone(ct(...bad actions...)).
* ovsdb-idl.c: Fix IDL index problem when rows are updated.
* netdev-dpdk: Fix failure to configure flow control at netdev-init.
* netdev-dpdk: Use hex for PCI vendor ID.
* ofctl: Fixup compare_flows function
* stream-ssl: Define SSL_OP_NO_SSL_MASK for OpenSSL versions that lack it.
* utilities: Launch ovsdb-tool without using PAM
* ovs-ofctl: Better validate OpenFlow message length in \"ofp-parse-pcap\".
* stream-ssl: Don\'t enable new TLS versions by default
* pcap-file: Fix formatting of log message.
* meta-flow: Make mf_vl_mff_mf_from_nxm_header() require a valid field.
* nx-match: Fix memory leak in oxm_pull_field_array() error case.
* compat: Initialize IPv4 reassembly secret timer
* conntrack: Fix use after free for FTP control case.
* ifupdown.sh: Correctly bring up bond slaves.
* conntrack: Fix using alg_exp_entry out of scope.
* ofp-group: Don\'t assert-fail decoding bad OF1.5 group mod type or command.
* ofp-actions: Fix buffer overread in decode_LEARN_specs().
* ofp-actions: Avoid buffer overread in BUNDLE action decoding.
* rconn: Suppress \'connected\' log for unreliable connections.
* datapath: stt: linearize in SKIP_ZERO_COPY case
* ovn: Fix DHCP classless static route for non-classful masks.
* ofproto: Fix OVS crash when reverting old flows in bundle commit
* rconn: Introduce new invariant to fix assertion failure in corner case.
* dpctl.man: Correct argument to \"dump-flows\".
* ovs-thread: Fix thread id for threads not started with ovs_thread_create()
* netdev-dpdk: Handle ENOTSUP for rte_eth_dev_set_mtu.
* netdev-dpdk: Enable HW_CRC_STRIP for virtual functions.
* lib: fix typo in fragment handling error messages- Remove old patch which is included in this release:
* 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch
* Thu Aug 09 2018 mchandrasAATTsuse.de- Add upstream patch to fix permissions when running the logrotate script (bsc#1104049)
* 0001-rhel-Use-correct-user-in-the-logrotate-configuration.patch
* Tue Aug 07 2018 mchandrasAATTsuse.de- Add upstream patch to fix dbus timeout due to deadlock in systemd dependencies (bsc#1098630).
* 0001-utilities-Launch-ovsdb-tool-without-using-PAM.patch
* Tue May 29 2018 mchandrasAATTsuse.de- Version bump to 2.8.4 (bsc#1094234). Some of the changes are
* dpif-netdev: Free packets on TUNNEL_PUSH if may_steal.
* netdev-dpdk: fix check for \"net_nfp\" driver
* netdev-dpdk: Don\'t use PMD driver if not configured successfully
* netdev-dpdk: Remove use of rte_mempool_ops_get_count.
* conntrack-tcp: Handle tcp session reuse.
* tunnel: make tun_key_to_attr aware of tunnel type.
* Configurable Link State Change (LSC) detection mode
* netdev-dpdk: don\'t enable scatter for jumbo RX support for nfp
* faq: Document DPDK version maintenance.
* Avoid crash in OvS while transmitting fragmented packets over tunnel.
* compat: Fix upstream 4.4.119 kernel
* ovs-vsctl: Fix segfault when attempting to del-port from parent bridge.
* ofproto-dpif-xlate: Fix segmentation fault caused by tun_table
* odp-util: Remove unnecessary TOS ECN bits rewrite for tunnels
* datapath: Prevent panic
* netdev-dpdk: Free mempool only when no in-use mbufs.
* python: Fix a double encoding attempt on an Unicode string
* ofproto-dpif: Init ukey->dump_seq to zero
* nsh: Add unit test for double NSH encap and decap
* xlate: Correct handling of double encap() actions
* tc: Change filter error to debug once
* lib/tc: Handle error parsing action in nl_parse_single_action
* ovn: Fix tunnel id overflow.
* ofp-actions: Correct execution of encap/decap actions in action set
* ovsdb-idl.at: Fix test failed. (writing large data via IDL with unicode)
* netdev-dpdk: Limit rate of DPDK logs.
* netdev-dpdk: Remove \'error\' from non error log.
* odp-util: Print eth() for Ethernet flows if packet_type is absent.
* python: Fix decoding error when the received data is larger than 4096.
* datapath-windows: fix hash creation on ct mark
* tunnel: Fix deletion of datapath tunnel ports in case of reconfiguration
* tests: Make packet-type-aware.at hash independent- Remove patches which are now upstream:
* 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
* 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
* 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
* 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch- Use openvswitch user/group for the log directory (3f556d66edb9)
* Wed May 09 2018 mchandrasAATTsuse.de- Add support for RedHat distributions. All SUSE macros are now conditional and the spec file has been adapted based on the upstream one (fate#324537)- spec-cleaner fixes
* Wed May 02 2018 mchandrasAATTsuse.de- Move openvswitch user/group creation to %pre scriptlet. The default ownership of the configuration files expects the user and group to be available as early as possible (bsc#1091408)
* Mon Apr 23 2018 mchandrasAATTsuse.de- Preserve \'enable\' status of openvswitch.service file when upgrading from
* Thu Mar 22 2018 mchandrasAATTsuse.de- Fix file permissions in /etc/openvswitch for upgrades (951d79e638ec)
* Wed Mar 21 2018 dmuellerAATTsuse.com- set rundir to %_rundir
* Thu Feb 22 2018 mchandrasAATTsuse.de- Fix incorrect python3 dependencies for python2 subpackages- Add upstream patches so we can build tools using python3 (bsc#1082194)
* 0001-ovsdb-Use-items-instead-of-iteritems-for-Python3.patch
* 0002-ovsdb-ovsdb-dot.in-Use-print-function-for-Python3.patch
* 0003-ovsdb-ovsdb-dot.in-Change-exception-semantics-for-Py.patch
* 0004-ovsdb-ovsdb-dot.in-Replace-sys.maxint-with-sys.maxsi.patch
* Wed Feb 21 2018 mchandrasAATTsuse.de- Version bump to 2.8.2 (bsc#1081953, bsc#1093469, fate#324872). Some of the changes are:
* ofp-meter: Fix use-after-free for decoding meter mods.
* xlate: fix xport lookup for recirc
* ofproto-dpif-xlate: add uuid to xports
* netdev-dpdk: Fix requested MTU size validation.
* netdev-dpdk: fix ingress_policer leak on error path
* ofproto: Fix double-unref of temporary rule when learning.
* gre: strip gre-tso offload flags
* tc flower: reorder tunnel encap/decap actions
* ofproto: Fix wrong datapath flow with same in_port and output port.
* dpif: geneve: supply dpif function to get ifindex
* ovs-tcpundump: fix a conversion issue
* tunnel: fix tunnel flags set/clear.
* netdev-dpdk: replace uint8_t with dpdk_port_t
* lex: Fix parsing of long tokens.
* odp-util: Use flexible sized buffer to hold Geneve options.
* odp-util: Avoid reading wrong table in generate_all_wildcard_mask().
* bond: Fix bug that writes to freed memory
* conntrack: Fix icmp error address sanity check.
* ovsdb-idl: Fix assertion failure on error path parsing server reply.
* ofproto: Keep inserting buckets into a group from changing group type.
* odp-util: Fix another hang in NSH action parsing.
* odp-util: Fix parsing corner case for encap_nsh() actions.
* netdev: netdev_get_etheraddr is not functioning as advertised.
* ofproto-dpif-xlate: Fix bug that may leak ofproto_flow_mod
* bfd: Fix memory leak
* dpif: Fix memory leak
* execution: Fix bug that leaks ovsdb_row
* flow: Avoid buffer overread in parse_nsh() for malformed packet.
* ovs-ofctl: Fix bad free in colors_parse_from_env().
* odp-util: Fix buffer overread in parsing string form of ODP flows.
* OpenvSwitch logrotate: Use ctl file path as target in ovs-appctl to reset logs
* ovn-ctl: Add -vfile:info option to OVN_NB/SB_LOG options
* netdev-tc-offloads: update stats properly on flow deletion
* tests: Try harder to figure out whether IPv6 is supported.
* netdev, dpif: fix the crash/assert on port delete
* ovs-ctl: Don\'t remember vport-
* kernel modules
* NSH: Adjust NSH wire format to the latest IETF draft
* ovs-lib: dont\'t purge corrupted DB
* meta-flow: Fix format in documentation.
* dpif-netlink-rtnl: Fix ovs_geneve probing after restart.
* ovsdb-server: Fix memory leak
* test-ovsdb: Fix memory leak
* ovsdb-idl: Fix memory leak
* netdev-linux: Fix wrong ceil rate when max-rate less than 8bit.
* ofproto/trace: Fix memory leak in oftrace_push_ct_state()
* ofproto-dpif-upcall: Fix null pointer dereference on exit.
* ofproto-dpif-xlate: use xlate error enum for unsupported packet type
* timeval: Check for OS-provided clock_gettime on macOS
* Add dl_type to flow metadata for correct interpretation of conntrack metadata
* Check flow\'s dl_type before setting ct_orig_tuple in \'pkt_metadata_from_flow()\'
* tests/stp: Use long warps instead of multiple calls.
* ovs-save: Handle different \'ip addr show\' output.
* datapath-windows: Remove the workaround in NAT for TCP checksum
* netdev: Fix memory leak on error path.
* replication: Avoid theoretical use-after-free error in reset_database().
* ovs-ctl.in: Call \'hostname -f\' after vswitchd starts.
* dpif-netdev: Use portable error code for zero rate meter band- Remove patches that have been applied upstream:
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* Tue Jan 09 2018 mchandrasAATTsuse.de- Add upstream patches to support DPDK 17.11 (fate#322609)
* 0001-netdev-dpdk-replace-uint8_t-with-dpdk_port_t.patch
* 0002-netdev-dpdk-DPDK-v17.11-upgrade.patch
* 0003-netdev-dpdk-vHost-IOMMU-support.patch
* Wed Dec 27 2017 mchandrasAATTsuse.de- Python fixes and improvements
* Build Python3 subpackages for Open vSwitch python bindings
* Switch build architecture to \'noarch\' for python bindings.
* Fix license for python subpackages
* Build and ship python bytecode files.- Do not mark files in /usr/share/
* as configuration files- Replace version macro with actual version number of Obsoletes tags. The DPDK packages have been merged with the regular OvS ones in the 2.7.0 release so make it more explicit which ones we are obsoleting.- spec-cleaner fixes
* Wed Dec 06 2017 mchandrasAATTsuse.de- Fix documentation installation. It\'s best to install everything to %buildroot and then remove the files we don\'t need instead of the other way around since some files need to be present in the source directory for the testsuite to run.
* Thu Nov 23 2017 rbrownAATTsuse.com- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)
* Fri Sep 29 2017 mchandrasAATTsuse.de- Version bump to 2.8.1. Some of the changes are:
* connmgr: Fix violation of flow monitoring protocol description.
* ovn/actions: Improve OVN load-balancing performance.
* dpif-netdev: Fix a zero-rate bug for meter
* conntrack: Tighten handling of alg reverse conns.
* conntrack: Add function ct_print_conn_info().
* conntrack: Create nat_conn_keys_insert().
* netdev-dpdk: reset packet_type for reused dp_packets.
* ofp-util: Fix memory leaks when parsing OF1.5 group properties (cve-2017-14970) (bsc#1061310)
* ofp-util: Fix memory leaks on error cases in ofputil_decode_group_mod() (cve-2017-14970) (bsc#1061310)
* ofp-util: Fix buffer overread in ofputil_decode_bundle_add().
* ofproto: Include patch ports in mtu overriden check
* netdev-tc-offloads: Fix vxlan tunnel offloading
* bridge: Fix controller status update to passive connections
* lib/odp: Fix handling of set masked action in parse_odp_action
* tests: Fix sparse error on test-ovn.c
* dpif-netdev: Fix per packet cycles statistics.
* netdev-dpdk: update vhost user client port status.
* ovsdb-server.1: Fix mention of wrong option.
* Mon Sep 04 2017 mchandrasAATTsuse.de- Version bump to 2.8.0 (fate#323334, bsc#1050700). Some of the changes are:
* ovs-ofctl can now accept and display port names in place of numbers. By default it always accepts names and in interactive use it displays them; use --names or --no-names to override. See ovs-ofctl(8) for details.
* \"ovs-ofctl dump-flows\" now accepts --no-stats to omit flow statistics.
* New ovs-dpctl command \"ct-stats-show\" to show connection tracking stats.
* DPDK log messages redirected to OVS logging subsystem. Log level can be changed in a usual OVS way using \'ovs-appctl vlog\' commands for \'dpdk\' module. Lower bound still can be configured via extra arguments for DPDK EAL.
* dpdkvhostuser ports are marked as deprecated. They will be removed in an upcoming release.
* Support for DPDK v17.05.1.
* New support for multiple VLANs (802.1ad or \"QinQ\"), including a new \"dot1q-tunnel\" port VLAN mode.
* Added NAT support for userspace datapath.
* Added FTP and TFTP support with NAT for userspace datapath.
* Experimental NSH (Network Service Header) support in userspace datapath.
* Tracing with ofproto/trace now traces through recirculation.
* New support for role-based access control (see ovsdb-server(1)).
* New commands \'stp/show\' and \'rstp/show\' (see ovs-vswitchd(8)).
* All features required by OpenFlow 1.4 are now implemented, so ovs-vswitchd now enables OpenFlow 1.4 by default (in addition to OpenFlow 1.0 to 1.3).
* Increased support for OpenFlow 1.6 (draft).
* Bundles now support hashing by just nw_src or nw_dst.
* The \"learn\" action now supports a \"limit\" option (see ovs-ofctl(8)).
* The port status bit OFPPS_LIVE now reflects link aliveness.
* OpenFlow 1.5 packet-out is now supported.
* Support for OpenFlow 1.5 field packet_type and packet-type-aware pipeline (PTAP).
* Added generic encap and decap actions (EXT-382). First supported use case is encap/decap for Ethernet.
* Added NSH (Network Service Header) support in userspace Used generic encap and decap actions to implement encapsulation and decapsulation of NSH header. IETF NSH draft - https://datatracker.ietf.org/doc/draft-ietf-sfc-nsh/
* ovs-vswitchd and ovsdb-server run as non-root users by default.
* Add --cleanup option to command \'ovs-appctl exit\' (see ovs-vswitchd(8)).
* Use new tunnel port option \"packet_type\" to configure L2 vs. L3.
* In conjunction with PTAP tunnel ports can handle a mix of L2 and L3 payload.
* New vxlan tunnel extension \"gpe\" to support VXLAN-GPE tunnels.
* New support for non-Ethernet (L3) payloads in GRE and VXLAN-GPE.
* Add experimental support for hardware offloading
* HW offloading is disabled by default.
* HW offloading is done through the TC interface.
* The next major version of OVS will introduce a change in the conntrack API. Conntrack state is only available to the processing path that follows the \"recirc_table\" argument of the ct() action. Starting in OVS 2.9, this state will be cleared for the current processing path whenever ct() is called.- Create new openvswitch-doc subpackage for the Open vSwitch documentation- Fix filename for logrotate configuration (bsc#1057357)- Fix constrains with Provides/Obsoletes tags (bsc#1057357)- Misc cleanups from spec-cleaner
* Thu Aug 10 2017 olafAATTaepfle.de- Update filename in /var/adm/update-messages to match documentation, and build-compare pattern
* Thu Jul 27 2017 mchandrasAATTsuse.de- Do not restart the ovs-vswitchd and ovsdb-server services on package updates (bsc#1002734)- Do not restart the ovs-vswitchd, ovsdb-server and openvswitch services on package removals. This facilitates potential future package moves but also preserves connectivity when the package is removed (bsc#1050896)
* Wed Jul 19 2017 mchandrasAATTsuse.de- Version bump to 2.7.2. Some of the changes are:
* Revert \"netdev: Fix netdev_open() to adhere to class type if given\"
* connmgr: Fix crash when in_band_create() fails.
* db-ctl-base: Fix reference-following feature in get_row_by_id().
* netdev: Fix crash when ifa_netmask is null.
* ovn-controller: fix use-after-free in physical_run()
* ovn-controller: avoid crash when vswitchd connection is lost
* ovsdb-types: Fix memory leak on error path.
* vswitchd: Fix IFACE_STAT name error in iface_refresh_stats
* netdev: Fix crash when interface option is changed to invalid value.
* ofp-util: fix memory leak in ofputil_pull_ofp11_buckets
* configure: Fix check for rte_config.h to handle cross-compilation.
* ofp-util: Check length of buckets in ofputil_pull_ofp15_group_mod() (cve-2017-9265) (bsc#1041447)
* ofp-print: Don\'t abort on unknown reason in role status message (cve-2017-9263) (bsc#1041470)
* Sat Jul 08 2017 jengelhAATTinai.de- Remove irrelevant wording from summaries/description. Diversify summaries.- Get rid of an empty if block by inverting the condition.- Implement shared library packaging guideline.
* Thu Jul 06 2017 mchandrasAATTsuse.de- Version bump to 2.7.1. Some of the changes are:
* Add --cleanup option to command \'ovs-appctl exit\' (see ovs-vswitchd(8)).
* libopenvswitch-2 was renamed to libopenvswitch-2.7. Applications built against libopenvswitch must be recompiled against the newer library.
* ovs-ctl: allow passing user:group to daemons
* ofproto/bond: Fix bond reconfiguration race condition
* ofproto/bond: Fix bond post recirc rule leak.
* ofproto/bond: fix interal flow leak of tcp-balance bond
* mcast-snooping: Avoid segfault for vswitchd.
* tun-metadata: Fix memory leak in tun_metadata_table_mod().
* netdev-dpdk: Fix mempool segfault.
* mirror: Allow concurrent lookups.
* ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10() (bsc#1040543)
* ovsdb: Check null before deref in ovsdb_monitor_table_condition_update().
* For the complete list of changes, please see: - https://github.com/openvswitch/ovs/compare/v2.7.0...v2.7.1- Remove upstreamed patch
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch- OVN services are no longer restarted automatically after upgrade (44dd4cc49c8a)
* Sat May 27 2017 mchandrasAATTsuse.de- Install firewalld OVN files with chmod 644 instead of 755 (4a54614120ea)- Use python-six instead of python2-six dependency to cover distributions which are not using the python-singlespec packaging specification yet (bsc#1041110)- Add upstream patch to fix a buffer overread vulnerability (cve-2017-9214) (bsc#1040543)
* 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch
* Tue Feb 28 2017 mchandrasAATTsuse.de- Version bump to 2.7.0 (fate#321541). Some of the changes are:
* Utilities and daemons that support SSL now allow protocols and ciphers to be configured with --ssl-protocols and --ssl-ciphers.
* OVN: - QoS is now implemented via egress shaping rather than ingress policing. - DSCP marking is now supported, via the new northbound QoS table. - IPAM now supports fixed MAC addresses. - Support for source IP address based routing. - ovn-trace:
* New --ovs option to also print OpenFlow flows.
* put_dhcp_opts and put_dhcp_optsv6 actions may now be traced. - Support for managing SSL and remote connection configuration in northbound and southbound databases.
* Fixed regression in table stats maintenance introduced in OVS 2.3.0, wherein the number of OpenFlow table hits and misses was not accurate.
* OpenFlow: - OFPT_PACKET_OUT messages are now supported in bundles. - A new \"selection_method=dp_hash\" type for OpenFlow select group bucket selection that uses the datapath computed 5-tuple hash without making datapath flows match the 5-tuple fields, which is useful for more efficient load balancing, for example. This uses the Netronome extension to OpenFlow 1.5+ that allows control over the OpenFlow select groups selection method. See \"selection_method\" and related options in ovs-ofctl(8) for details. - The \"sample\" action now supports \"ingress\" and \"egress\" options. - The \"ct\" action now supports the TFTP ALG where support is available. - New actions \"clone\" and \"ct_clear\".
* ovs-ofctl: - \'bundle\' command now supports packet-out messages. - New syntax for \'ovs-ofctl packet-out\' command, which uses the same string parser as the \'bundle\' command. The old \'packet-out\' syntax is deprecated and will be removed in a later OVS release. - New unixctl \"ofctl/packet-out\" command, which can be used to instruct a flow monitor to issue OpenFlow packet-out messages.
* ovsdb-server: - Remote connections can now be made read-only (see ovsdb-server(1)).
* DPDK: - Support for DPDK v16.11. - Support for rx checksum offload. Refer DPDK HOWTO for details. - Port Hotplug is now supported. - DPDK physical ports can now have arbitrary names. The PCI address of the device must be set using the \'dpdk-devargs\' option. Compatibility with the old dpdk naming scheme is broken, and as such a device will not be available for use until a valid dpdk-devargs is specified. - Virtual DPDK Poll Mode Driver (vdev PMD) support.
* For the complete list of changes, please see: - http://openvswitch.org/releases/NEWS-2.7.0- Add patch to fix DPDK configuration migration for < 2.6 installations
* 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch- Rework spec file
* Enable DPDK by default and drop openvswitch-dpdk
* packages. DPDK is only enabled on supported architectures though. - Remove openvswitch-dpdk.changes - Remove openvswitch-dpdk.spec - Remove pre_checkin.sh
* Merge openvswitch and openvswitch-switch into a single package since there was no compelling reason to keep the switch functionality in a separate subpackage.
* Split OVN package to ovn-common, ovn-central, ovn-docker, ovn-host and ovn-controller similar to the Debian and RedHat packages.
* Fri Nov 25 2016 mchandrasAATTsuse.de- Relax the DPDK dependency a bit so we can support stable and possibly new minor releases as well.
* Mon Nov 21 2016 mchandrasAATTsuse.de- Do not restart the openvswitch service after a package update. Restarting the systemd service may break connectivity so let the user decide when it is the best time for such an action. (bsc#1002734)
* Thu Nov 03 2016 mchandrasAATTsuse.de- Version bump to 2.6.1. Some of the changes are:
* ovn: Do not reply to ARP or ND NS for a VM\'s own IP address.
* ovs-ofctl: Tolerate differences in IPv6 formatting.
* netdev-linux: double tagged packets should use 0x88a8
* expr: Fix abort when simplifying \"x != 0/0\".
* dpif-netdev: Fix crash in dpif_netdev_execute().
* ovn-controller: Container can have connection to a hosting VM.
* stream-ssl: Fix memory leak on error path.
* Other bug fixes.
* Mon Oct 03 2016 mchandrasAATTsuse.de- Version bump to 2.6.0. Some of the changes are:
* First supported release of OVN. See ovn-architecture(7) for more details.
* ovsdb-server: - New \"monitor_cond\" \"monitor_cond_update\" and \"update2\" extensions to RFC 7047.
* OpenFlow: - OpenFlow 1.3+ bundles now expire after 10 seconds since the last time the bundle was either opened, modified, or closed. - OpenFlow 1.3 Extension 230, adding OpenFlow Bundles support, is now implemented. - OpenFlow 1.3+ bundles are now supported for group mods as well as flow mods and port mods. Both \'atomic\' and \'ordered\' bundle flags are supported for group mods as well as flow mods. - Internal OpenFlow rule representation for load and set-field actions is now much more memory efficient. For a complex flow table this can reduce rule memory consumption by 40%. - Bundles are now much more memory efficient than in OVS 2.5. Together with memory efficiency improvements in OpenFlow rule representation, the peak OVS resident memory use during a bundle commit for large complex set of flow mods can be only 25% of that in OVS 2.5 (4x lower). - OpenFlow 1.1+ OFPT_QUEUE_GET_CONFIG_REQUEST now supports OFPP_ANY. - OpenFlow 1.4+ OFPMP_QUEUE_DESC is now supported. - OpenFlow 1.4+ OFPT_TABLE_STATUS is now supported. - New property-based packet-in message format NXT_PACKET_IN2 with support for arbitrary user-provided data and for serializing flow table traversal into a continuation for later resumption. - New extension message NXT_SET_ASYNC_CONFIG2 to allow OpenFlow 1.4-like control over asynchronous messages in earlier versions of OpenFlow. - [...] - For a complete list of changes, please see http://openvswitch.org/releases/NEWS-2.6.0- Remove obsolete patches and files
* 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch
* 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch
* openvswitch-2.5.0-detect-dpdk-installation.patch
* openvswitch-switch.logrotate
* openvswitch.service
* Wed Sep 28 2016 mchandrasAATTsuse.de- New upstream bugfix release 2.5.1 (bsc#1001657)
* DPDK: - New appctl command \'dpif-netdev/pmd-rxq-show\' to check the port/rxq assignment. - Type of log messages from PMD threads changed from INFO to DBG.
* ovs-pki: Changed message digest algorithm from SHA-1 to SHA-512 because SHA-1 is no longer secure and some operating systems have started to disable it in OpenSSL.
* Bug fixes
* Tue Sep 06 2016 mchandrasAATTsuse.de- Add new DPDK_OPTIONS environment variable to hold the dpdk vswitchd options so that the systemd unit files can be used to launch an ovs-vswitcd DPDK capable instance instead of doing it manually. (bsc#987265)
* 0001-ovs-ctl-Add-new-DPDK_OPTIONS-environment-variable.patch
* Sun Aug 14 2016 roAATTsuse.de- enable openvswitch-dpdk on aarch64 since dpdk builds on aarch64 now
* Sun Aug 07 2016 roAATTsuse.de- remove aarch from openvswitch-dpdk until we have a dpdk that builds for aarch64
* Tue Jul 12 2016 mchandrasAATTsuse.de- Add missing licenses (bsc#988513)- Misc spec file cleanups highlighted by the spec-cleaner tool.- Allow aarch64 builds for openvswitch-dpdk
* Mon Jul 04 2016 mchandrasAATTsuse.de- Allow the OvS daemon to run as non-root (bsc#987545)- Add missing \'Conflicts\' statements to all the subpackages as required by the Factory review tools.
* Wed Jun 29 2016 mchandrasAATTsuse.de- Remove the ?_with_dpdk macro usage since this is not being set without explicitly passing --with/--without during an OBS build. This reverts back to using the %{with dpdk} style which is set automatically based on %bcond_with
* macros (bsc#989335).
* Tue Jun 28 2016 mchandrasAATTsuse.de- Fix subpackage dependencies to not require the non-existent python DPDK subpackages (bsc#986835). We do not provide DPDK versions of the python bindings so nothing should depend on these subpackages.
* Wed Jun 22 2016 jengelhAATTinai.de- Update rpm groups, acronym forms.
* Tue Jun 21 2016 mchandrasAATTsuse.de- Multiple fixes for the openvswitch-dpdk package (bsc#985878)
* Rename main package name to openvswitch-dpdk
* Do not build the python and kmp packages since they do not depend on the DPDK capabilities
* Remove the open_virtual_switch capability. The openvswitch-common will be used by reverse dependencies to require either of the OvS packages.
* Provide virtual capabilities for all DPDK subpackages.
* Fix the dependencies in the python package to require either of the OvS packages.
* Suggest the kmp package only if it\'s actually provided.
* Small cleanups.
* Fri May 27 2016 mchandrasAATTsuse.de- Add %check directive to run the openvswitch testsuite on demand. The openvswitch contains hundreds of tests covering simple and complex openvswitch configuration so it\'s beneficial to run them during package builds. However, running the testsuite is not enabled by default. Also add the following upstream patch:
* 0001-Remove-broken-pipe-warning-logs-from-ovsdb-server.lo.patch
* Thu May 26 2016 mchandrasAATTsuse.de- Build a DPDK-enabled Open vSwitch (fate#319170)
* Apply the following changes to the openvswitch.spec file - Add support for building with DPDK capabilities - Add conflicts between the two packages. - Add new \'open_virtual_switch-
*\' capabilities for openvswitch, openvswitch-switch, openvswitch-test packages which can be used by reverse dependencies to select between the two openvswitch implementations.
* Add pre_checkin.sh to generate the openvswitch_dpdk.spec file based on the openvswitch.spec one.
* Add upstream openvswitch-2.5.0-detect-dpdk-installation.patch patch to detect and link against a DPDK installation.
* Mon May 23 2016 jengelhAATTinai.de- Keep %prep small for speedier `quilt setup`. Kill __DATE__ from source. Drop all .la files that are in %_libdir.
* Fri May 20 2016 mchandrasAATTsuse.de- Add missing %dir directive for /var/log/openvswitch
* Thu May 19 2016 dmuellerAATTsuse.com- remove aarch64 conditional, no longer needed
* Thu May 05 2016 mchandrasAATTsuse.de- Multiple spec file and package fixes.
* Drop obsolete log-check-module-loop.patch patch.
* Drop conditional code for older openSUSE releases. This also removes all of the sysvinit files which were pulled in when the package was originally developed.
* Drop support for building the GUI. The GUI code has been removed in 7868fbc6c97c2 (\"ovsdbmonitor: Remove.\") upstream commit and it does not exist since v2.2.0 so drop the code in the spec file.
* Use the upstream systemd service files for the OVN components instead of maintaining our own downstream.
* Drop the unofficial ipsec support. It hasn\'t been enabled in years.
* Drop support for building the upstream kernel module since it\'s being shipped with the kernel package in latest releases. Restore the %bcond_with kmp to make it easier to build the external kernel module if needed.
* Fix some suse-missing-rclink rpmlint warnings for the ovn subpackage
* Base our service unit to the upstream one.
* Stop silently enabling the GRE protocol in iptables by default.
* Install the upstream sysconfig file to pass more information to the openvswitch service unit.
* Use make install instead of %makeinstall
* Drop brcompat leftovers.
* spec-cleaner fixes
* Fri Apr 01 2016 dmuellerAATTsuse.com- address dimstars concerns
* Tue Mar 22 2016 mchandrasAATTsuse.de- Prevent systemd from autogenerating a service file for openvswitch-switch which conflicts with the opevswitch one. (bsc#966762)
* Fri Mar 18 2016 kmrozAATTsuse.com- Add missing %defattr to ovn files section.
* Tue Mar 08 2016 kmrozAATTsuse.com- Add additional install requirements for python-openvswitch-test package.
* Fri Mar 04 2016 kmrozAATTsuse.com- Add support for building both 2.4.0 and 2.5.0 from the same spec file. Needed to fix SLE11 builds as OVS-2.5.0 no longer supports python < 2.7. SLE11 SP3 and SP4 use python 2.6.- Added: openvswitch-2.4.0.tar.gz
* Thu Mar 03 2016 kmrozAATTsuse.com- New upstream version 2.5.0 (LTS) - Dropped support for Python older than version 2.7. As a consequence, using Open vSwitch 2.5 or later on XenServer 6.5 or earlier (which have Python 2.4) requires first installing Python 2.7. - OpenFlow:
* Group chaining (where one OpenFlow group triggers another) is now supported.
* OpenFlow 1.4+ \"importance\" is now considered for flow eviction.
* OpenFlow 1.4+ OFPTC_EVICTION is now implemented.
* OpenFlow 1.4+ OFPTC_VACANCY_EVENTS is now implemented.
* OpenFlow 1.4+ OFPMP_TABLE_DESC is now implemented.
* Allow modifying the ICMPv4/ICMPv6 type and code fields.
* OpenFlow 1.4+ OFPT_SET_ASYNC_CONFIG and OFPT_GET_ASYNC_CONFIG are now implemented. - ovs-ofctl:
* New \"out_group\" keyword for OpenFlow 1.1+ matching on output group. - Tunnels:
* Geneve tunnels can now match and set options and the OAM bit.
* The nonstandard GRE64 tunnel extension has been dropped. - Support Multicast Listener Discovery (MLDv1 and MLDv2). - Add \'symmetric_l3l4\' and \'symmetric_l3l4+udp\' hash functions. - sFlow agent now reports tunnel and MPLS structures. - New \'check-system-userspace\', \'check-kmod\' and \'check-kernel\' Makefile targets to run a new system testsuite. These tests can be run inside a Vagrant box. See INSTALL.md for details - Mark --syslog-target argument as deprecated. It will be removed in the next OVS release. - Added --user option to all daemons - Add support for connection tracking through the new \"ct\" action and \"ct_state\"/\"ct_zone\"/\"ct_mark\"/\"ct_label\" match fields. Only available on Linux kernels with the connection tracking module loaded. - Add experimental version of OVN. OVN, the Open Virtual Network, is a system to support virtual network abstraction. OVN complements the existing capabilities of OVS to add native support for virtual network abstractions, such as virtual L2 and L3 overlays and security groups. - RHEL packaging:
* DPDK ports may now be created via network scripts (see README.RHEL). - DPDK:
* Requires DPDK 2.2
* Added multiqueue support to vhost-user
* Note: QEMU 2.5+ required for multiqueue support - SELinux:
* Introduced SELinux policy package.- New package: openvswitch-ovn- Removed: openvswitch-2.4.0.tar.gg- Added: openvswitch-2.5.0.tar.gg- Added: openvswitch-testcontroller.init- Added: ovn-controller-vtep.service- Added: ovn-controller.service- Added: ovn-northd.service- TODO: Explicit DPDK support not yet added to spec.- Spec file work and cleanup.- Includes fixes (or obsoletes) the following issues:
* bsc#948840, bsc#941466, bsc#936780, bnc#935750, bnc#867964
* Tue Mar 01 2016 kmrozAATTsuse.com- Tighten up openvswitch service ordering. bsc#968205 (openSUSE), bsc#951314 (SLE).
* Wed Feb 24 2016 kmrozAATTsuse.com- Don\'t install INSTALL.
* files.
* Wed Feb 24 2016 kmrozAATTsuse.com- Removed: openvswitch-switch.template
* Wed Feb 24 2016 kmrozAATTsuse.com- New upstream version 2.4.0 - Flow table modifications are now atomic, meaning that each packet now sees a coherent version of the OpenFlow pipeline. For example, if a controller removes all flows with a single OpenFlow \"flow_mod\", no packet sees an intermediate version of the OpenFlow pipeline where only some of the flows have been deleted. - Added support for SFQ, FQ_CoDel and CoDel qdiscs. - Add bash command-line completion support for ovs-vsctl Please check utilities/ovs-command-compgen.INSTALL.md for how to use. - The MAC learning feature now includes per-port fairness to mitigate MAC flooding attacks. - New support for a \"conjunctive match\" OpenFlow extension, which allows constructing OpenFlow matches of the form \"field1 in {a,b,c...} AND field2 in {d,e,f...}\" and generalizations. For details, see documentation for the \"conjunction\" action in ovs-ofctl(8). - Add bash command-line completion support for ovs-appctl/ovs-dpctl/ ovs-ofctl/ovsdb-tool commands. Please check utilities/ovs-command-compgen.INSTALL.md for how to use. - The \"learn\" action supports a new flag \"delete_learned\" that causes the learned flows to be deleted when the flow with the \"learn\" action is deleted. - Basic support for the Geneve tunneling protocol. It is not yet possible to generate or match options. This is planned for a future release. The protocol is documented at http://tools.ietf.org/html/draft-gross-geneve-00 - The OVS database now reports controller rate limiting statistics. - sflow now exports information about LACP-based bonds, port names, and OpenFlow port numbers, as well as datapath performance counters. - ovs-dpctl functionality is now available for datapaths integrated into ovs-vswitchd, via ovs-appctl. Some existing ovs-appctl commands are now redundant and will be removed in a future release. See ovs-vswitchd(8) for details. - OpenFlow:
* OpenFlow 1.4 bundles are now supported for flow mods and port mods. For flow mods, both \'atomic\' and \'ordered\' bundle flags are trivially supported, as all bundled messages are executed in the order they were added and all flow table modifications are now atomic to the datapath. Port mods may not appear in atomic bundles, as port status modifications are not atomic.
* IPv6 flow label and neighbor discovery fields are now modifiable.
* OpenFlow 1.5 extended registers are now supported.
* The OpenFlow 1.5 actset_output field is now supported.
* OpenFlow 1.5 Copy-Field action is now supported.
* OpenFlow 1.5 masked Set-Field action is now supported.
* OpenFlow 1.3+ table features requests are now supported (read-only).
* Nicira extension \"move\" actions may now be included in action sets.
* \"resubmit\" actions may now be included in action sets. The resubmit is executed last, and only if the action set has no \"output\" or \"group\" action.
* OpenFlow 1.4+ flow \"importance\" is now maintained in the flow table.
* A new Netronome extension to OpenFlow 1.5+ allows control over the fields hashed for OpenFlow select groups. See \"selection_method\" and related options in ovs-ofctl(8) for details. - ovs-ofctl has a new \'--bundle\' option that makes the flow mod commands (\'add-flow\', \'add-flows\', \'mod-flows\', \'del-flows\', and \'replace-flows\') use an OpenFlow 1.4 bundle to operate the modifications as a single atomic transaction. If any of the flow mods in a transaction fail, none of them are executed. All flow mods in a bundle appear to datapath lookups simultaneously. - ovs-ofctl \'add-flow\' and \'add-flows\' commands now accept arbitrary flow mods as an input by allowing the flow specification to start with an explicit \'add\', \'modify\', \'modify_strict\', \'delete\', or \'delete_strict\' keyword. A missing keyword is treated as \'add\', so this is fully backwards compatible. With the new \'--bundle\' option all the flow mods are executed as a single atomic transaction using an OpenFlow 1.4 bundle. - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because MD5 is no longer secure and some operating systems have started to disable it in OpenSSL. - ovsdb-server: New OVSDB protocol extension allows inequality tests on \"optional scalar\" columns. See ovsdb-server(1) for details. - ovs-vsctl now permits immutable columns in a new row to be modified in the same transaction that creates the row. - test-controller has been renamed ovs-testcontroller at request of users who find it useful for testing basic OpenFlow setups. It is still not a necessary or desirable part of most Open vSwitch deployments. - Support for travis-ci.org based continuous integration builds has been added. Build failures are reported to buildAATTopenvswitch.org. See INSTALL.md file for additional details. - Support for the Rapid Spanning Tree Protocol (IEEE 802.1D-2004). The implementation has been tested successfully against the Ixia Automated Network Validation Library (ANVL). - Stats are no longer updated on fake bond interface. - Keep active bond slave selection across OVS restart. - A simple wrapper script, \'ovs-docker\', to integrate OVS with Docker containers. If and when there is a native integration of Open vSwitch with Docker, the wrapper script will be retired. - Added support for DPDK Tunneling. VXLAN, GRE, and Geneve are supported protocols. This is generic tunneling mechanism for userspace datapath. - Support for multicast snooping (IGMPv1, IGMPv2 and IGMPv3) - Support for Linux kernels up to 4.0.x - The documentation now use the term \'destination\' to mean one of syslog, console or file for vlog logging instead of the previously used term \'facility\'. - Support for VXLAN Group Policy extension - Initial support for the IETF Auto-Attach SPBM draft standard. This contains rudimentary support for the LLDP protocol as needed for Auto-Attach. - The default OpenFlow and OVSDB ports are now the IANA-assigned numbers. OpenFlow is 6653 and OVSDB is 6640. - Support for DPDK vHost. - Support for outer UDP checksums in Geneve and VXLAN. - The kernel vports with dependencies are no longer part of the overall openvswitch.ko but built and loaded automatically as individual kernel modules (vport-
*.ko). - Support for STT tunneling. - Support to configure method (--syslog-method argument) that determines how daemons will talk with syslog. - Support for \"ovs-appctl vlog/list-pattern\" command that lets to query logging message format for each destination. - GRE64 and ipsec_gre64 tunnel protocol is deprecated and will be removed from OVS v2.5 release.
* The openvswitch-testcontroller package is new. It reintroduces the simple OpenFlow controller that was packaged with Open vSwitch prior to version 2.1, at request of users who find it useful for testing basic OpenFlow setups. It is still not a necessary or desirable part of most Open vSwitch deployments.- Fixed: log-check-module-loop.patch to work with new version.- Removed: openvswitch-2.3.1.tar.gz- Added: openvswitch-2.4.0.tar.gz- Spec file work and cleanup.
* Sun Jan 10 2016 antoine.belvireAATTlaposte.net- Add calls to /sbin/ldconfig in %post and %postun- Fix typo in Url
* Sun Dec 28 2014 andreaAATTopensuse.org- new upstream version 2.3.1 - Compatibility with autoconf 2.63 (previously >=2.64) - ovs-pki: Changed message digest algorithm from MD5 to SHA-1 because MD5 is no longer secure and some operating systems have started to disable it in OpenSSL. - Keep active bond slave selection across OVS restart.
* v2.3.0 - 14 Aug 2014 - OpenFlow 1.1, 1.2, and 1.3 are now enabled by default in ovs-vswitchd. - Linux kernel datapath now has an exact match cache optimizing the flow matching process. - Datapath flows now have partially wildcarded tranport port field matches. This reduces userspace upcalls, but increases the number of different masks in the datapath. The kernel datapath exact match cache removes the overhead of matching the incoming packets with the larger number of masks, but when paired with an older kernel module, some workloads may perform worse with the new userspace.
* v2.2.0 - Internal Release - Internal ports are no longer brought up by default, because it should be an administrator task to bring up devices as they are configured properly. - ovs-vsctl now reports when ovs-vswitchd fails to create a new port or bridge. - The \"ovsdbmonitor\" graphical tool has been removed, because it was poorly maintained and not widely used. - New \"check-ryu\" Makefile target for running Ryu tests for OpenFlow controllers against Open vSwitch. See INSTALL for details. - Added IPFIX support for SCTP flows and templates for ICMPv4/v6 flows. - Upon the receipt of a SIGHUP signal, ovs-vswitchd no longer reopens its log file (it will terminate instead). Please use \'ovs-appctl vlog/reopen\' instead. - Support for Linux kernels up to 3.14. From Kernel 3.12 onwards OVS uses tunnel API for GRE and VXLAN. - Added experimental DPDK support. - Added support for custom vlog patterns in Python- removed datapath-Add-support-for-Linux-3.12.patch no more required- removed sle11-device-ops-backport.diff , not used before
* Tue Oct 21 2014 dmuellerAATTsuse.com- fix rcX link
* Tue Sep 23 2014 dmuellerAATTsuse.com- disable shipped kmp module build for newer distros
* Mon Sep 22 2014 dmuellerAATTsuse.com- update to 2.1.3: datapath: Drop packets when interdev is not up Fix two memory leaks. tests: Remove extraneous parenthesis from test name. build: Allow building with autoconf 2.63 ovsdb: Don\'t add ovsdb-server.c to libovsdb. stp: Make stp-disabled port forward stp bpdu packets. dpif-linux: Fix bad backport in previous commit. dpif-linux: Avoid null dereference if all ports disappear. ofp-msgs: Correct code for queue configuration messages in OpenFlow 1.0. ofp-util: Fix null pointer dereference in ofputil_pull_buckets(). tests: Disable glibc memory checking under glibc <= 2.11. datapath/flow_netlink: Fix NDP flow mask validation datapath: Change u64_stats_
* to use _irq instead of _bh(). datapath: Use exact lookup for flow_get and flow_del. json: Fix parsing of strings that end with a backslash. dpif: When executing actions needs help, use \"set\" action to set tunnel. datapath: Rehash 16-bit skbuff hashes into 32 bits. upcall: Configure datapath max-idle through ovs-vsctl. upcall: Add appctl call to set flow_limit. stream-ssl: Enable TLSv1.1 and TLSv1.2. lib/classifier: Fix use of uninitialized memory. lib/classifier: Clarify trie_lookup_value(). ovs-lib: allow non-root users to check service status rhel: Add Patch Port support to initscripts rhel: support persistent mac addresses on OVS bridges netflow: Fold netflow_expire() into netflow_flow_clear(). ofproto: Fix memory leak in ofproto_destroy(). ofproto: Send monitor updates if a flow mod changes a rules actions lib/match: Add mask bits for nd_target for ICMPv6 bridge: Initialize dscp for mgmt connections. datapath: Fix build from stats backport. openvswitch: fix a possible deadlock and lockdep warning AUTHORS: Fix spelling of Anoob Soman\'s name. ofproto-dpif-xlate: Fix null pointer dereference ovs-ctl: Don\'t decrease max open fds if already set higher Makefiles: Fix invocation of dot2pic when builddir != srcdir. dot2pic: Stop assuming the path of the interpreter dot2pic: Use \"> $AATT; mv $AATT.tmp $AATT\" notation to make this reliably fail tunnel: Fix bug where misconfiguration persists. netdev: Safely increment refcount in netdev_open(). datapath: Fix feature check for HAVE_RXHASH. datapath: clear l4_rxhash in skb_clear_hash. ofproto-dpif-xlate: Fix in_port=controller case for NORMAL action
* Fri May 02 2014 e.istominAATTedss.ee- updated to 2.1.2. This contains bug fixes related to sending packet-in messages to the controller.
* Tue Apr 29 2014 e.istominAATTedss.ee- updated to 2.1.1. This release removes the \"ovsdbmonitor\" program and contains bug fixes.
* Wed Apr 02 2014 kmrozAATTsuse.com- Prevent ovsdb-server from entering an infinite loop when processing logging levels during bringup. added: log-check-module-loop.patch
* Thu Mar 27 2014 dmuellerAATTsuse.com- update to 2.1.0: - Address prefix tracking support for flow tables. New columns \"prefixes\" in OVS-DB table \"Flow_Table\" controls which packet header fields are used for address prefix tracking. Prefix tracking allows the classifier to skip rules with longer than necessary prefixes, resulting in better wildcarding for datapath flows. Default configuration is to not use any fields for prefix tracking. However, if any flow tables contain both exact matches and masked matches for IP address fields, OVS performance may be increased by using this feature.
* As of now, the fields for which prefix lookup can be enabled are: \'tun_id\', \'tun_src\', \'tun_dst\', \'nw_src\', \'nw_dst\' (or aliases \'ip_src\' and \'ip_dst\'), \'ipv6_src\', and \'ipv6_dst\'. (Using this feature for \'tun_id\' would only make sense if the tunnel IDs have prefix structure similar to IP addresses.)
* There is a maximum number of fields that can be enabled for any one flow table. Currently this limit is 3.
* Examples: $ ovs-vsctl set Bridge br0 flow_tables:0=AATTN1 -- \\ - -id=AATTN1 create Flow_Table name=table0 $ ovs-vsctl set Bridge br0 flow_tables:1=AATTN1 -- \\ - -id=AATTN1 create Flow_Table name=table1 $ ovs-vsctl set Flow_Table table0 prefixes=ip_dst,ip_src $ ovs-vsctl set Flow_Table table1 prefixes=[] - TCP flags matching: OVS now supports matching of TCP flags. This has an adverse performance impact when using OVS userspace 1.10 or older (no megaflows support) together with the new OVS kernel module. It is recommended that the kernel and userspace modules both are upgraded at the same time. - The default OpenFlow and OVSDB ports will change to IANA-assigned numbers in a future release. Consider updating your installations to specify port numbers instead of using the defaults. - OpenFlow:
* The OpenFlow 1.1+ \"Write-Actions\" instruction is now supported.
* OVS limits the OpenFlow port numbers it assigns to port 32767 and below, leaving port numbers above that range free for assignment by the controller.
* ovs-vswitchd now honors changes to the \"ofport_request\" column in the Interface table by changing the port\'s OpenFlow port number. - ovs-vswitchd.conf.db.5 man page will contain graphviz/dot diagram only if graphviz package was installed at the build time. - Support for Linux kernels up to 3.11 - ovs-dpctl: The \"show\" command also displays mega flow mask stats. - ovs-ofctl:
* New command \"ofp-parse-pcap\" to dump OpenFlow from PCAP files. - ovs-controller has been renamed test-controller. It is no longer packaged or installed by default, because too many users assumed incorrectly that ovs-controller was a necessary or desirable part of an Open vSwitch deployment. - Added vlog option to export to a UDP syslog sink. - ovsdb-client:
* The \"monitor\" command can now monitor all tables in a database, instead of being limited to a single table. - The flow-eviction-threshold has been replaced by the flow-limit which is a hard limit on the number of flows in the datapath. It defaults to 200,000 flows. OVS automatically adjusts this number depending on network conditions.
* Thu Mar 27 2014 dmuellerAATTsuse.com- allow to use kmod as well
* Mon Feb 03 2014 dmuellerAATTsuse.com- another fix in logrotate
* Mon Jan 27 2014 dmuellerAATTsuse.com- fix logrotate configuration
* Tue Jan 21 2014 dmuellerAATTsuse.com- add openvswitch.service for systemd distros
* Tue Jan 14 2014 dmuellerAATTsuse.com- add kernel-312.diff (build against Kernel 3.12.x)
* Fri Jan 03 2014 dmuellerAATTsuse.com- do not build with valgrind-devel on aarch64 (doesn\'t exist)
* Thu Dec 05 2013 dmuellerAATTsuse.com- update to 2.0.0: - The ovs-vswitchd process is no longer single-threaded. Multiple threads are now used to handle flow set up and asynchronous logging. - OpenFlow:
* Experimental support for OpenFlow 1.1 (in addition to 1.2 and 1.3, which had experimental support in 1.10).
* New support for matching outer source and destination IP address of tunneled packets, for tunnel ports configured with the newly added \"remote_ip=flow\" and \"local_ip=flow\" options.
* Support for matching on metadata \'pkt_mark\' for interacting with other system components. On Linux this corresponds to the skb mark.
* Support matching, rewriting SCTP ports - The Interface table in the database has a new \"ifindex\" column to report the interface\'s OS-assigned ifindex. - New \"check-oftest\" Makefile target for running OFTest against Open vSwitch. See README-OFTest for details. - The flow eviction threshold has been moved to the Open_vSwitch table. - Database names are now mandatory when specifying ovsdb-server options through database paths (e.g. Private key option with the database name should look like \"--private-key=db:Open_vSwitch,SSL,private_key\"). - Added ovs-dev.py, a utility script helpful for Open vSwitch developers. - Support for Linux kernels up to 3.10 - ovs-ofctl:
* New \"ofp-parse\" for printing OpenFlow messages read from a file. - Added configurable flow caching support to IPFIX exporter. - Dropped support for Linux pre-2.6.32. - Log file timestamps and ovsdb commit timestamps are now reported with millisecond resolution. (Previous versions only reported whole seconds.)
* Wed Dec 04 2013 jsuchomeAATTsuse.cz- added try-restart action to openvswitch-switch init script (bnc#849222)
* Wed Nov 20 2013 kmrozAATTsuse.com- Incorporate ubuntu Linux 3.11 fix to prevent kernel datapath panics. Addresses bnc#851395 + added datapath-add-support-for-linux-3.11.patch
* Tue Oct 01 2013 speilickeAATTsuse.com- Let openvswitch-switch depend on util-linux instead of uuid-runtime (Debian package name). The ovs-ctl / ovs-pki tools use /usr/bin/uuidgen
* Tue Sep 24 2013 bwiedemannAATTsuse.com- add vlan_apichange.patch to compensate kernel API changes between 3.8 and 3.11 in commits f646968f and 86a9bad3
* Fri Sep 13 2013 dmuellerAATTsuse.com- update to 1.11.0:
* http://openvswitch.org/releases/NEWS-1.11.0- remove accept-newer-kernel-versions.diff
* Fri Sep 13 2013 dmuellerAATTsuse.com- sign modules for secure boot (bnc#839838)
* Tue Jul 02 2013 tpaszkowskiAATTnovell.com- Build openvswitch kernel module for xen kernel flavor.
* Sun Jun 16 2013 vuntzAATTsuse.com- Add openvswitch-ipsec.init, Module.supported, Module.supported.updates and README.packager as sources: they were not listed as such.- Install openvswitch-ipsec.init if we build ipsec support.
* Thu Jun 06 2013 tpaszkowskiAATTnovell.com- mark openvswitch module shipped with package as supported
* Fri May 17 2013 dmuellerAATTsuse.com- only call boot.sh for newer distros- build parallel- accept-newer-kernel-versions.diff: Accept newer kernel versions- sle11-device-ops-backport.diff Handle sle11 device ops backport
* Fri May 03 2013 e.istominAATTedss.ee- New upstream version 1.10.0 http://openvswitch.org/releases/NEWS-1.10.0- Removed openvswitch-1.7.0-stp-fwd-delay.patch because of bridge compatibility support removing
* Wed Apr 03 2013 tpaszkowskiAATTnovell.com- %make_install macro no longer works on SLE11. Spec file now uses %makeinstall.
* Tue Mar 26 2013 speilickeAATTsuse.com- Use build conditionals instead of %define and disable GUI by default everywhere
* Thu Mar 21 2013 tpaszkowskiAATTnovell.com- Fix openvswitch-controller init script- Add openflow-controller sysconfig file with default binding to ptcp:
* Tue Mar 12 2013 tpaszkowskiAATTsuse.com- ipsec build temporary disabled
* Fri Mar 08 2013 tpaszkowskiAATTsuse.com- Provides and Obsolete for former openvswitch-common package
* Thu Mar 07 2013 tpaszkowskiAATTsuse.com- always build in openvswitch kernel module (gre tunelling not present within the standard kernel module)- removed unnedded build rquirements (move to appropriate subpackage)- moved common stuff to main pkg- added group filed to packages and sub packages- switch pkg suggest kernel module pkg- moved python test stuff to python-openvswitch-test sub pkg- moved ui interface requirements to ovsdbmonitor sub pkg- ovsdbmonitor will not be build on sles (for now)- sub pkg test require python-twisted (ovs-test)- don\'t call boot.sh on sles11 (old autoconf). Shipped configuration stuff is ok (we don\'t patch plenty of stuff)- ovs-parse-backtrace now part of main pkg- addes ovs-l3ping,ovs-vlan-test to test sub pkg
* Thu Feb 28 2013 e.istominAATTedss.ee- New upstream version 1.9.0 http://openvswitch.org/releases/NEWS-1.9.0
* Thu Nov 15 2012 rhaferAATTsuse.com- New patch openvswitch-1.7.1-ovs-pki-permissions.patch: Avoid creating world writeable directory (bnc#774332, CVE-2012-3449)
* Sun Sep 09 2012 onAATTmorlock.nu- New upstream version 1.7.1
* This release only contain bug fixes.
* Tue Jul 31 2012 onAATTmorlock.nu- New upstream version 1.7.0
* kernel modules are renamed. openvswitch_mod.ko is now openvswitch.ko and brcompat_mod.ko is now brcompat.ko.
* Increased the number of NXM registers to 8.
* Added ability to configure DSCP setting for manager and controller connections. By default, these connections have a DSCP value of Internetwork Control (0xc0).
* Added the granular link health statistics, \'cfm_health\', to an interface.
* OpenFlow: - Added support to mask nd_target for ICMPv6 neighbor discovery flows. - Added support for OpenFlow 1.3 port description (OFPMP_PORT_DESC) multipart messages.
* ovs-ofctl: - Added the \"dump-ports-desc\" command to retrieve port information using the new port description multipart messages.
* ovs-test: - Added support for spawning ovs-test server from the client. - Now ovs-test is able to automatically create test bridges and ports.
* \"ovs-dpctl dump-flows\" now prints observed TCP flags in TCP flows.
* Tripled flow setup performance.
* The \"coverage/log\" command previously available through ovs-appctl has been replaced by \"coverage/show\". The new command replies with coverage counter values, instead of logging them.- Adjusted openvswitch-1.1.0-stp-fwd-delay.patch (new filename)
* Thu Jul 26 2012 rhaferAATTsuse.com- The kernel modules where renamed in recent kernels. Backported a patch from the 1.7 branch to use the new kernel names when building on openSUSE > 12.1.
* Tue Jun 26 2012 onAATTmorlock.nu- New upstream version 1.6.1
* Added support for bitwise matching on TCP and UDP ports.
* Support for limiting the number of flows in an OpenFlow flow table, with configurable policy for evicting flows upon overflow.
* Added an OpenFlow extension that allows controllers more precise control over which messages they receive asynchronously.
* CFM module CCM broadcasts can now be tagged with an 802.1p priority.
* Load balancing for bonds can be disabled.
* Wed Jun 06 2012 onAATTmorlock.nu- New upstream version 1.5.0
* OpenFlow: - Added support for querying, modifying, and deleting flows based on flow cookie when using NXM. - Added new NXM_PACKET_IN format.
* ovs-ofctl: - Added daemonization support to the monitor and snoop commands.
* ovs-vsctl: - The \"find\" command supports new set relational operators {=}, {!=}, {<}, {>}, {<=}, and {>=}.
* ovsdb-tool now uses the typical database and schema installation directories as defaults.
* Thu May 10 2012 onAATTmorlock.nu- New upstream version 1.4.1
* The default MAC learning timeout has been increased from 60 seconds to 300 seconds. The MAC learning timeout is now configurable.
* Bug fixes
* Thu Apr 05 2012 onAATTmorlock.nu- Build KMP packages from kernel-source on openSuSE > 12.1.
* Tue Mar 13 2012 mvidnerAATTsuse.com- Specify defattr for pki subpackage to fix 11.4 build.
* Thu Mar 01 2012 dmacvicarAATTsuse.de- Rewrite the package based on the debian version instead
* current package was tied to xenserver config without even requiring it
* instead of one big package depending even on qt4, there are -switch, -controller, -test subpackages now
* Mon Feb 20 2012 onAATTmorlock.nu- New upstream version 1.4.0
* Compatible with Open vSwitch kernel module included in Linux 3.3.
* Don\'t require the \"normal\" action to use mirrors.
* New \"VLAN splinters\" feature to work around buggy device driver in old Linux versions.
* Added ability to match ECN and TTL in IPv4 and IPv6 headers.
* Added ability to match IPv6 flow label.
* Added ability to modify ECN bits and TTL in IPv4 headers.
* And many others. See the full change log here: http://openvswitch.org/releases/NEWS-1.4.0
* Fri Sep 02 2011 andreaAATTopensuse.org- new uopstream version 1.2.1
* The release only contains bug fixes for the 1.2.0 release
* Mon Aug 08 2011 andreaAATTopensuse.org- new upstream version 1.2.0
* New abstraction layer to make better use of switching ASICs
* Packaging for Red Hat (RHEL) 5.6 and 6.0
* Datapath support for Linux kernels up to 3.0
* And many others. See the full change log here: http://openvswitch.org/releases/ChangeLog-1.2.0- rebased openvswitch-1.1.0-suse.patch as openvswitch-1.2.0-suse.patch to apply to the files
* Thu Jun 23 2011 andreaAATTopensuse.org- new upstream version 1.1.1
* bug fix release
* Wed May 18 2011 andreaAATTopensuse.org- re-enabled kmp package since openvswitch_mod.ko and brcompat_mod.ko are not available on suse kernel rpms
* Tue May 17 2011 andreaAATTopensuse.org- new upstream version 1.1.0 (stable)- spec file clean up- added as dependency all python modules to enable additional functionalities- rebase patches- build pyside support only if pyside is available
* Fri Dec 31 2010 pmullaneyAATTnovell.com- updates for build issues- fixes for libvirt integration
* Sat Dec 11 2010 pmullaneyAATTnovell.com- initial version 1.1