deleted file mode 100644

@@ -1,174 +0,0 @@

-diff -dupr a/lib/ofp-util.c b/lib/ofp-util.c

-+++ b/lib/ofp-util.c	2017-10-10 13:21:04.512047007 -0700

-@@ -8690,6 +8690,7 @@ ofputil_pull_ofp11_buckets(struct ofpbuf

-         if (!ob) {

-             VLOG_WARN_RL(&bad_ofmsg_rl, "buckets end with %"PRIuSIZE" leftover bytes",

-                          buckets_length);

-+            ofputil_bucket_list_destroy(buckets);

-             return OFPERR_OFPGMFC_BAD_BUCKET;

-         }

- 

-@@ -8697,11 +8698,13 @@ ofputil_pull_ofp11_buckets(struct ofpbuf

-         if (ob_len < sizeof *ob) {

-             VLOG_WARN_RL(&bad_ofmsg_rl, "OpenFlow message bucket length "

-                          "%"PRIuSIZE" is not valid", ob_len);

-+            ofputil_bucket_list_destroy(buckets);

-             return OFPERR_OFPGMFC_BAD_BUCKET;

-         } else if (ob_len > buckets_length) {

-             VLOG_WARN_RL(&bad_ofmsg_rl, "OpenFlow message bucket length "

-                          "%"PRIuSIZE" exceeds remaining buckets data size %"PRIuSIZE,

-                          ob_len, buckets_length);

-+            ofputil_bucket_list_destroy(buckets);

-             return OFPERR_OFPGMFC_BAD_BUCKET;

-         }

-         buckets_length -= ob_len;

-@@ -9093,8 +9096,13 @@ ofputil_decode_ofp15_group_desc_reply(st

-      * Such properties are valid for group desc replies so

-      * claim that the group mod command is OFPGC15_ADD to

-      * satisfy the check in parse_group_prop_ntr_selection_method() */

--    return parse_ofp15_group_properties(msg, gd->type, OFPGC15_ADD, &gd->props,

--                                        length - sizeof *ogds - bucket_list_len);

-+    error = parse_ofp15_group_properties(

-+        msg, gd->type, OFPGC15_ADD, &gd->props,

-+        length - sizeof *ogds - bucket_list_len);

-+    if (error) {

-+        ofputil_bucket_list_destroy(&gd->buckets);

-+    }

-+    return error;

- }

- 

- /* Converts a group description reply in 'msg' into an abstract

-@@ -9331,6 +9339,7 @@ ofputil_pull_ofp11_group_mod(struct ofpb

-         && gm->command == OFPGC11_DELETE

-         && !ovs_list_is_empty(&gm->buckets)) {

-         error = OFPERR_OFPGMFC_INVALID_GROUP;

-+        ofputil_bucket_list_destroy(&gm->buckets);

-     }

- 

-     return error;

-@@ -9388,45 +9397,17 @@ ofputil_pull_ofp15_group_mod(struct ofpb

-         return error;

-     }

- 

--    return parse_ofp15_group_properties(msg, gm->type, gm->command, &gm->props,

--                                        msg->size);

-+    error = parse_ofp15_group_properties(msg, gm->type, gm->command,

-+                                         &gm->props, msg->size);

-+    if (error) {

-+        ofputil_bucket_list_destroy(&gm->buckets);

-+    }

-+    return error;

- }

- 

--/* Converts OpenFlow group mod message 'oh' into an abstract group mod in

-- * 'gm'.  Returns 0 if successful, otherwise an OpenFlow error code. */

--enum ofperr

--ofputil_decode_group_mod(const struct ofp_header *oh,

--                         struct ofputil_group_mod *gm)

-+static enum ofperr

-+ofputil_check_group_mod(const struct ofputil_group_mod *gm)

- {

--    ofputil_init_group_properties(&gm->props);

--

--    enum ofp_version ofp_version = oh->version;

--    struct ofpbuf msg = ofpbuf_const_initializer(oh, ntohs(oh->length));

--    ofpraw_pull_assert(&msg);

--

--    enum ofperr err;

--    switch (ofp_version)

--    {

--    case OFP11_VERSION:

--    case OFP12_VERSION:

--    case OFP13_VERSION:

--    case OFP14_VERSION:

--        err = ofputil_pull_ofp11_group_mod(&msg, ofp_version, gm);

--        break;

--

--    case OFP15_VERSION:

--    case OFP16_VERSION:

--        err = ofputil_pull_ofp15_group_mod(&msg, ofp_version, gm);

--        break;

--

--    case OFP10_VERSION:

--    default:

--        OVS_NOT_REACHED();

--    }

--    if (err) {

--        return err;

--    }

--

-     switch (gm->type) {

-     case OFPGT11_INDIRECT:

-         if (gm->command != OFPGC11_DELETE

-@@ -9488,6 +9469,48 @@ ofputil_decode_group_mod(const struct of

-     return 0;

- }

- 

-+/* Converts OpenFlow group mod message 'oh' into an abstract group mod in

-+ * 'gm'.  Returns 0 if successful, otherwise an OpenFlow error code. */

-+enum ofperr

-+ofputil_decode_group_mod(const struct ofp_header *oh,

-+                         struct ofputil_group_mod *gm)

-+{

-+    ofputil_init_group_properties(&gm->props);

-+

-+    enum ofp_version ofp_version = oh->version;

-+    struct ofpbuf msg = ofpbuf_const_initializer(oh, ntohs(oh->length));

-+    ofpraw_pull_assert(&msg);

-+

-+    enum ofperr err;

-+    switch (ofp_version)

-+    {

-+    case OFP11_VERSION:

-+    case OFP12_VERSION:

-+    case OFP13_VERSION:

-+    case OFP14_VERSION:

-+        err = ofputil_pull_ofp11_group_mod(&msg, ofp_version, gm);

-+        break;

-+

-+    case OFP15_VERSION:

-+    case OFP16_VERSION:

-+        err = ofputil_pull_ofp15_group_mod(&msg, ofp_version, gm);

-+        break;

-+

-+    case OFP10_VERSION:

-+    default:

-+        OVS_NOT_REACHED();

-+    }

-+    if (err) {

-+        return err;

-+    }

-+

-+    err = ofputil_check_group_mod(gm);

-+    if (err) {

-+        ofputil_uninit_group_mod(gm);

-+    }

-+    return err;

-+}

-+

- /* Destroys 'bms'. */

- void

- ofputil_free_bundle_msgs(struct ofputil_bundle_msg *bms, size_t n_bms)

-@@ -10020,14 +10043,21 @@ ofputil_decode_bundle_add(const struct o

-                           enum ofptype *typep)

- {

-     struct ofpbuf b = ofpbuf_const_initializer(oh, ntohs(oh->length));

-+

-+    /* Pull the outer ofp_header. */

-     enum ofpraw raw = ofpraw_pull_assert(&b);

-     ovs_assert(raw == OFPRAW_OFPT14_BUNDLE_ADD_MESSAGE

-                || raw == OFPRAW_ONFT13_BUNDLE_ADD_MESSAGE);

- 

-+    /* Pull the bundle_ctrl header. */

-     const struct ofp14_bundle_ctrl_msg *m = ofpbuf_pull(&b, sizeof *m);

-     msg->bundle_id = ntohl(m->bundle_id);

-     msg->flags = ntohs(m->flags);

- 

-+    /* Pull the inner ofp_header. */

-+    if (b.size < sizeof(struct ofp_header)) {

-+        return OFPERR_OFPBFC_MSG_BAD_LEN;

-+    }

-     msg->msg = b.data;

-     if (msg->msg->version != oh->version) {

-         return OFPERR_OFPBFC_BAD_VERSION;

deleted file mode 100644

@@ -1,20 +0,0 @@

-Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>

-Signed-off-by: Ben Pfaff <blp at ovn.org>

- lib/ofp-util.c | 2 +-

- 1 file changed, 1 insertion(+), 1 deletion(-)

-

-diff --git a/lib/ofp-util.c b/lib/ofp-util.c

-index bdf89b6c3017..f05ca398c13e 100644

-+++ b/lib/ofp-util.c

-@@ -2610,7 +2610,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg,

- 

-         hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr);

-         prop_len = ntohs(hdr->len);

--        if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) {

-+        if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) {

-             return OFPERR_OFPBRC_BAD_LEN;

-         }

- 

deleted file mode 100644

@@ -1,21 +0,0 @@

-Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>

-Signed-off-by: Ben Pfaff <blp at ovn.org>

- lib/ofp-print.c | 3 ++-

- 1 file changed, 2 insertions(+), 1 deletion(-)

-

-diff --git a/lib/ofp-print.c b/lib/ofp-print.c

-index 7ca953100539..1932baf4871f 100644

-+++ b/lib/ofp-print.c

-@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds *string, const struct ofp_header *oh)

-         break;

-     case OFPCRR_N_REASONS:

-     default:

--        OVS_NOT_REACHED();

-+        ds_put_cstr(string, "(unknown)");

-+        break;

-     }

- }

- 

deleted file mode 100644

@@ -1,21 +0,0 @@

-Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>

-Signed-off-by: Ben Pfaff <blp at ovn.org>

- lib/ofp-util.c | 3 +++

- 1 file changed, 3 insertions(+)

-

-diff --git a/lib/ofp-util.c b/lib/ofp-util.c

-index f05ca398c13e..46bc628d4191 100644

-+++ b/lib/ofp-util.c

-@@ -9581,6 +9581,9 @@ ofputil_pull_ofp15_group_mod(struct ofpbuf *msg, enum ofp_version ofp_version,

-     }

- 

-     bucket_list_len = ntohs(ogm->bucket_array_len);

-+    if (bucket_list_len > msg->size) {

-+        return OFPERR_OFPBRC_BAD_LEN;

-+    }

-     error = ofputil_pull_ofp15_buckets(msg, bucket_list_len, ofp_version,

-                                        gm->type, &gm->buckets);

-     if (error) {

@@ -2,8 +2,8 @@

 %{!?python3_sitelib: %global python3_sitelib %(python3 -c "from distutils.sysconfig import get_python_lib;print(get_python_lib())")}

 Summary:        Open vSwitch daemon/database/utilities

 Name:           openvswitch

-Version:        2.7.0

-Release:        9%{?dist}

+Version:        2.8.2

+Release:        1%{?dist}

 License:        ASL 2.0 and LGPLv2+

 URL:            http://www.openvswitch.org/

 Group:          System Environment/Daemons

@@ -11,12 +11,7 @@ Vendor:         VMware, Inc.

 Distribution:   Photon

 Source0:        http://openvswitch.org/releases/%{name}-%{version}.tar.gz

-%define sha1 openvswitch=0f324ccfe52ae84a2b102a7f2db1411f4debacf6

-Patch0:         OVS-CVE-2017-9214.patch

-Patch1:         OVS-CVE-2017-9265.patch

-Patch2:         ovs-systemd-services.patch

-Patch3:         OVS-CVE-2017-9263.patch

-Patch4:         OVS-CVE-2017-14970.patch

+%define sha1 openvswitch=1d0e8cbf6d6e649e0f518219a599d7411f863875

 BuildRequires:  gcc >= 4.0.0

 BuildRequires:  libcap-ng

@@ -123,10 +118,6 @@ It contains the documentation and manpages for OVN.

 %prep

 %setup -q

-%patch0 -p1

-%patch1 -p1

-%patch3 -p1

-%patch4 -p1

 %build

 ./configure \

@@ -153,8 +144,9 @@ cp -a %{buildroot}/%{_datadir}/openvswitch/python/ovs/* %{buildroot}/%{python3_s

 mkdir -p %{buildroot}/%{_libdir}/systemd/system

 install -p -D -m 0644 rhel/usr_share_openvswitch_scripts_systemd_sysconfig.template %{buildroot}/%{_sysconfdir}/sysconfig/openvswitch

-for service in openvswitch ovsdb-server ovs-vswitchd ovn-controller ovn-controller-vtep ovn-northd; do 

-	install -p -D -m 0644 rhel/usr_lib_systemd_system_${service}.service %{buildroot}/%{_unitdir}/${service}.service 

+/usr/bin/perl build-aux/dpdkstrip.pl --nodpdk < rhel/usr_lib_systemd_system_ovs-vswitchd.service.in > rhel/usr_lib_systemd_system_ovs-vswitchd.service

+for service in openvswitch ovsdb-server ovs-vswitchd ovn-controller ovn-controller-vtep ovn-northd; do

+	install -p -D -m 0644 rhel/usr_lib_systemd_system_${service}.service %{buildroot}/%{_unitdir}/${service}.service

 done

 %check

@@ -244,6 +236,7 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_bindir}/ovn-nbctl

 %{_bindir}/ovn-sbctl

 %{_bindir}/ovn-trace

+%{_bindir}/ovn-detrace

 %{_datadir}/openvswitch/scripts/ovn-ctl

 %{_datadir}/openvswitch/scripts/ovndb-servers.ocf

 %{_datadir}/openvswitch/scripts/ovn-bugtool-nbctl-show

@@ -269,6 +262,7 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_bindir}/ovn-docker-underlay-driver

 %files -n ovn-doc

+%{_mandir}/man1/ovn-detrace.1.gz

 %{_mandir}/man7/ovn-architecture.7.gz

 %{_mandir}/man8/ovn-ctl.8.gz

 %{_mandir}/man8/ovn-nbctl.8.gz

@@ -281,6 +275,8 @@ make -k check |& tee %{_specdir}/%{name}-check-log || %{nocheck}

 %{_mandir}/man8/ovn-trace.8.gz

 %changelog

+*   Tue Feb 27 2018 Vinay Kulkarni <kulkarniv@vmware.com> 2.8.2-1

+-   Update to OVS 2.8.2

 *   Tue Oct 10 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-9

 -   Fix CVE-2017-14970

 *   Wed Oct 04 2017 Dheeraj Shetty <dheerajs@vmware.com> 2.7.0-8

deleted file mode 100644

@@ -1,66 +0,0 @@

-diff -Naur old/rhel/usr_lib_systemd_system_openvswitch.service new/rhel/usr_lib_systemd_system_openvswitch.service

-+++ new/rhel/usr_lib_systemd_system_openvswitch.service	2017-07-13 20:32:11.049910843 +0000

-@@ -1,6 +1,6 @@

- [Unit]

- Description=Open vSwitch

--Before=network.target network.service

-+Before=network.target systemd-networkd.service

- After=network-pre.target ovsdb-server.service ovs-vswitchd.service

- PartOf=network.target

- Requires=ovsdb-server.service

-diff -Naur old/rhel/usr_lib_systemd_system_ovn-controller.service new/rhel/usr_lib_systemd_system_ovn-controller.service

-+++ new/rhel/usr_lib_systemd_system_ovn-controller.service	2017-07-13 20:32:11.049910843 +0000

-@@ -15,7 +15,6 @@

- 

- [Unit]

- Description=OVN controller daemon

--After=syslog.target

- Requires=openvswitch.service

- After=openvswitch.service

- 

-diff -Naur old/rhel/usr_lib_systemd_system_ovn-controller-vtep.service new/rhel/usr_lib_systemd_system_ovn-controller-vtep.service

-+++ new/rhel/usr_lib_systemd_system_ovn-controller-vtep.service	2017-07-13 20:32:11.049910843 +0000

-@@ -28,7 +28,6 @@

- 

- [Unit]

- Description=OVN VTEP gateway controller daemon

--After=syslog.target

- Requires=openvswitch.service

- After=openvswitch.service

- 

-diff -Naur old/rhel/usr_lib_systemd_system_ovn-northd.service new/rhel/usr_lib_systemd_system_ovn-northd.service

-+++ new/rhel/usr_lib_systemd_system_ovn-northd.service	2017-07-13 20:32:11.049910843 +0000

-@@ -15,7 +15,6 @@

- 

- [Unit]

- Description=OVN northd management daemon

--After=syslog.target

- Requires=openvswitch.service

- After=openvswitch.service

- 

-diff -Naur old/rhel/usr_lib_systemd_system_ovsdb-server.service new/rhel/usr_lib_systemd_system_ovsdb-server.service

-+++ new/rhel/usr_lib_systemd_system_ovsdb-server.service	2017-07-13 20:32:11.049910843 +0000

-@@ -1,6 +1,6 @@

- [Unit]

- Description=Open vSwitch Database Unit

--After=syslog.target network-pre.target

-+After=network-pre.target

- Before=network.target network.service

- ReloadPropagatedFrom=openvswitch.service

- PartOf=openvswitch.service

-diff -Naur old/rhel/usr_lib_systemd_system_ovs-vswitchd.service new/rhel/usr_lib_systemd_system_ovs-vswitchd.service

-+++ new/rhel/usr_lib_systemd_system_ovs-vswitchd.service	2017-07-13 20:32:11.049910843 +0000

-@@ -1,7 +1,7 @@

- [Unit]

- Description=Open vSwitch Forwarding Unit

--Before=network.target network.service

-+Before=network.target systemd-networkd.service

- Requires=ovsdb-server.service

- ReloadPropagatedFrom=ovsdb-server.service

- AssertPathIsReadWrite=/var/run/openvswitch/db.sock