Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[release-4.12] OCPBUGS-32990: Bump OVS #2144

Merged
merged 1 commit into from
May 22, 2024
Merged

[release-4.12] OCPBUGS-32990: Bump OVS #2144

merged 1 commit into from
May 22, 2024

Conversation

JacobTanenbaum
Copy link
Contributor

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

@openshift-ci-robot openshift-ci-robot added jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels Apr 26, 2024
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • expected the bug to target the "4.12.z" version, but no target version was set
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"
  • expected Jira Issue OCPBUGS-32990 to depend on a bug targeting a version in 4.13.0, 4.13.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci openshift-ci bot requested review from jcaamano and trozet April 26, 2024 17:00
@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 26, 2024
tssurya
tssurya reviewed Apr 29, 2024
View reviewed changes
Dockerfile.base
@@ -12,8 +12,8 @@ RUN yum install -y \
selinux-policy && \
yum clean all

ARG ovsver=2.17.0-62.el8fdp
ARG ovnver=23.06.1-39.el8fdp
ARG ovsver=2.17.0-148.el8fdp
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@igsilya : how about this one? is this version ok?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess, we posted at the same time. :) See my other comment in this PR.
In short, -154 is the latest released 2.17.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

FWIW, OVN version is the latest in this PR, so it's fine.

igsilya
igsilya reviewed Apr 29, 2024
View reviewed changes
Dockerfile.base
@@ -12,8 +12,8 @@ RUN yum install -y \
selinux-policy && \
yum clean all

ARG ovsver=2.17.0-62.el8fdp
ARG ovnver=23.06.1-39.el8fdp
ARG ovsver=2.17.0-148.el8fdp
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While -148 is the first version that contains CVE fixes, it might be better to update to the latest FDP release instead. That is 2.17.0-154.el8fdp. There are no changes between 148 and 154 that would be important for the ovn-kubernetes container, but it might be better to stay in sync with FDP. What do you think?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The goal of this update is to unblock the ART team. I would push back on bringing ovs up to FDP because it will be out of sync as soon as FDP updates

@npinaeva
Copy link
Member

/retitle [release-4.12] OCPBUGS-32990,OCPBUGS-28604: Bump OVN/OVS

@openshift-ci openshift-ci bot changed the title [release-4.12] OCPBUGS-32990: Bump OVN/OVS [release-4.12] OCPBUGS-32990,OCPBUGS-28604: Bump OVN/OVS Apr 29, 2024
@openshift-ci-robot openshift-ci-robot added the jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. label Apr 29, 2024
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • expected the bug to target the "4.12.z" version, but no target version was set
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"
  • expected Jira Issue OCPBUGS-32990 to depend on a bug targeting a version in 4.13.0, 4.13.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-28604, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"
  • expected Jira Issue OCPBUGS-28604 to depend on a bug targeting a version in 4.13.0, 4.13.z and in one of the following states: VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA), but no dependents were found

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@npinaeva npinaeva mentioned this pull request Apr 29, 2024
Closed
@bpickard22
Copy link
Contributor

/retest-required

@openshift-merge-robot openshift-merge-robot added the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 10, 2024
@JacobTanenbaum
bump OVS version
f07a574 
bumping to version openvswitch2.17-2.17.0-148.el8fdp brings in fixes for
all of the following
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366
@openshift-merge-robot openshift-merge-robot removed the needs-rebase Indicates a PR cannot be merged because it has merge conflicts with HEAD. label May 15, 2024
@JacobTanenbaum JacobTanenbaum changed the title [release-4.12] OCPBUGS-32990,OCPBUGS-28604: Bump OVN/OVS [release-4.12] OCPBUGS-32990,OCPBUGS-28604: Bump OVS May 15, 2024
@jcaamano
Copy link
Contributor

/lgtm
/label backport-risk-assessed

@openshift-ci openshift-ci bot added the backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. label May 16, 2024
@openshift-ci openshift-ci bot added the lgtm Indicates that a PR is ready to be merged. label May 16, 2024
@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 16, 2024

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: JacobTanenbaum, jcaamano

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:
  • OWNERS [JacobTanenbaum,jcaamano]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@jechen0648
Copy link

/label cherry-pick-approved

@jechen0648
Copy link

/label cherry-pick-approved

@openshift-ci openshift-ci bot added the cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. label May 20, 2024
@anuragthehatter
Copy link

/label qe-approved

# rpm -qa | grep -i "ovn\|openv"
openvswitch-selinux-extra-policy-1.0-31.el8fdp.noarch
openvswitch2.17-2.17.0-148.el8fdp.x86_64
ovn23.06-23.06.1-112.el8fdp.x86_64
ovn23.06-central-23.06.1-112.el8fdp.x86_64
ovn23.06-vtep-23.06.1-112.el8fdp.x86_64
python3-openvswitch2.17-2.17.0-148.el8fdp.x86_64
ovn23.06-host-23.06.1-112.el8fdp.x86_64
openvswitch2.17-devel-2.17.0-148.el8fdp.x86_64
openvswitch2.17-ipsec-2.17.0-148.el8fdp.x86_64

Tests passed as well

@openshift-ci openshift-ci bot added the qe-approved Signifies that QE has signed off on this PR label May 21, 2024
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • expected the bug to target the "4.12.z" version, but no target version was set
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

This pull request references Jira Issue OCPBUGS-28604, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@JacobTanenbaum
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • expected the bug to target the "4.12.z" version, but no target version was set
  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

This pull request references Jira Issue OCPBUGS-28604, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@JacobTanenbaum JacobTanenbaum changed the title [release-4.12] OCPBUGS-32990,OCPBUGS-28604: Bump OVS [release-4.12] OCPBUGS-32990: Bump OVS May 21, 2024
@openshift-ci-robot openshift-ci-robot removed the jira/severity-critical Referenced Jira bug's severity is critical for the branch this PR is targeting. label May 21, 2024
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

The bug has been updated to refer to the pull request using the external bug tracker.

In response to this:

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@JacobTanenbaum
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is invalid:

  • release note text must be set and not match the template OR release note type must be set to "Release Note Not Required"

Comment /jira refresh to re-evaluate validity if changes to the Jira bug are made, or edit the title of this pull request to link to a different bug.

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@JacobTanenbaum
Copy link
Contributor Author

/jira refresh

@openshift-ci-robot openshift-ci-robot added jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. and removed jira/invalid-bug Indicates that a referenced Jira bug is invalid for the branch this PR is targeting. labels May 21, 2024
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: This pull request references Jira Issue OCPBUGS-32990, which is valid. The bug has been moved to the POST state.

7 validation(s) were run on this bug
  • bug is open, matching expected state (open)
  • bug target version (4.12.z) matches configured target version for branch (4.12.z)
  • bug is in the state New, which is one of the valid states (NEW, ASSIGNED, POST)
  • release note type set to "Release Note Not Required"
  • dependent bug Jira Issue OCPBUGS-32988 is in the state Verified, which is one of the valid states (VERIFIED, RELEASE PENDING, CLOSED (ERRATA), CLOSED (CURRENT RELEASE), CLOSED (DONE), CLOSED (DONE-ERRATA))
  • dependent Jira Issue OCPBUGS-32988 targets the "4.13.z" version, which is one of the valid target versions: 4.13.0, 4.13.z
  • bug has dependents

Requesting review from QA contact:
/cc @anuragthehatter

In response to this:

/jira refresh

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-ci-robot
Copy link
Contributor

/retest-required

Remaining retests: 0 against base HEAD 385e2b1 and 2 for PR HEAD f07a574 in total

@openshift-ci OpenShift CI
Copy link
Contributor

openshift-ci bot commented May 22, 2024
edited

@JacobTanenbaum: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name Commit Details Required Rerun command
ci/prow/e2e-aws-ovn-hypershift f07a574 link false /test e2e-aws-ovn-hypershift
ci/prow/security f07a574 link false /test security

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.

@sdodson
Copy link
Member

sdodson commented May 22, 2024

/retest-required

@openshift-merge-bot openshift-merge-bot bot merged commit 90c6af7 into openshift:release-4.12 May 22, 2024
24 of 26 checks passed
@openshift-ci-robot
Copy link
Contributor

@JacobTanenbaum: Jira Issue OCPBUGS-32990: All pull requests linked via external trackers have merged:

Jira Issue OCPBUGS-32990 has been moved to the MODIFIED state.

In response to this:

Bumping ovn to 23.06.1-112.el8fdp brings in fixes for
CVE-2024-2182

Bumping ovs to 2.17.0-148.el8fdp brings in fixes for
CVE-2022-4337
CVE-2022-4338
CVE-2023-1668
CVE-2023-3966
CVE-2023-5366

- What this PR does and why is it needed

- Special notes for reviewers

- How to verify it

- Description for the changelog

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

@openshift-bot
Copy link
Contributor

[ART PR BUILD NOTIFIER]

This PR has been included in build ose-ovn-kubernetes-base-container-v4.12.0-202405221636.p0.g90c6af7.assembly.stream.el8 for distgit ovn-kubernetes-base.
All builds following this will include this PR.

@openshift-merge-robot
Copy link
Contributor

Fix included in accepted release 4.12.0-0.nightly-2024-05-22-184107

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tssurya tssurya tssurya left review comments

@igsilya igsilya igsilya left review comments

@jcaamano jcaamano Awaiting requested review from jcaamano

@trozet trozet Awaiting requested review from trozet

@anuragthehatter anuragthehatter Awaiting requested review from anuragthehatter

Assignees

@mffiedler mffiedler

@rbbratta rbbratta

@zhaozhanqi zhaozhanqi

@weliang1 weliang1

@anuragthehatter anuragthehatter

@huiran0826 huiran0826

@asood-rh asood-rh

@jechen0648 jechen0648

@yingwang-0320 yingwang-0320

@qiowang721 qiowang721

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. backport-risk-assessed Indicates a PR to a release branch has been evaluated and considered safe to accept. cherry-pick-approved Indicates a cherry-pick PR into a release branch has been approved by the release branch manager. jira/valid-bug Indicates that a referenced Jira bug is valid for the branch this PR is targeting. jira/valid-reference Indicates that this PR references a valid Jira ticket of any type. lgtm Indicates that a PR is ready to be merged. qe-approved Signifies that QE has signed off on this PR
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet