From 11bbc43f300061a92843e36805e9229dceb507f9 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 15 May 2023 12:38:08 +0200 Subject: [PATCH 1/5] Update repo versions for c8s/c9s nfv ovs --- etc/kayobe/pulp-repo-versions.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index 45a40a718..fc20f3259 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -5,13 +5,13 @@ stackhpc_pulp_repo_centos_stream_8_appstream_version: 20230201T025809 stackhpc_pulp_repo_centos_stream_8_baseos_version: 20230201T025809 stackhpc_pulp_repo_centos_stream_8_extras_version: 20220401T032901 stackhpc_pulp_repo_centos_stream_8_nfv_extras_version: 20220609T110556 -stackhpc_pulp_repo_centos_stream_8_nfv_openvswitch_version: 20230203T025251 +stackhpc_pulp_repo_centos_stream_8_nfv_openvswitch_version: 20230510T072502 stackhpc_pulp_repo_centos_stream_8_openstack_yoga_version: 20230206T150339 stackhpc_pulp_repo_centos_stream_8_opstools_version: 20220617T100837 stackhpc_pulp_repo_centos_stream_8_powertools_version: 20230201T025809 stackhpc_pulp_repo_centos_stream_8_storage_ceph_pacific_version: 20230201T025809 stackhpc_pulp_repo_centos_stream_9_docker_version: 20230228T044432 -stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20230302T031902 +stackhpc_pulp_repo_centos_stream_9_nfv_openvswitch_version: 20230510T072502 stackhpc_pulp_repo_centos_stream_9_openstack_yoga_version: 20230310T163106 stackhpc_pulp_repo_centos_stream_9_opstools_version: 20230301T034123 stackhpc_pulp_repo_centos_stream_9_storage_ceph_pacific_version: 20230308T155704 From 360041ae46b334b6eec818594982146840e74957 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 15 May 2023 13:40:25 +0200 Subject: [PATCH 2/5] Add centos/rocky OVS/OVN tags --- etc/kayobe/kolla/globals.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index f99acdfdf..467094b6a 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -17,6 +17,8 @@ ironic_dnsmasq_tag: yoga-20230217T135826 neutron_tag: yoga-20230309T123152 nova_tag: yoga-20230331T102705 opensearch_tag: yoga-20230324T084510 +openvswitch_tag: yoga-20230515T104855 +ovn_tag: yoga-20230515T104855 prometheus_node_exporter_tag: yoga-20230310T173747 {% elif kolla_base_distro == 'rocky' %} bifrost_tag: yoga-20230310T194732 @@ -27,6 +29,8 @@ ironic_tag: yoga-20230316T170311 ironic_dnsmasq_tag: yoga-20230310T170929 nova_tag: yoga-20230331T113516 opensearch_tag: yoga-20230324T090413 +openvswitch_tag: yoga-20230515T104855 +ovn_tag: yoga-20230515T104855 prometheus_node_exporter_tag: yoga-20230315T170614 {% else %} bifrost_tag: yoga-20230220T184947 From 6e9a4bf36a6a1d9d3578e90a117979d787410046 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 15 May 2023 16:10:09 +0200 Subject: [PATCH 3/5] Bump Ubuntu repo versions to fix builds --- etc/kayobe/pulp-repo-versions.yml | 6 +++--- stackhpc_repo_ubuntu_focal_url | 33 +++++++++++++++++++++++++++++++ 2 files changed, 36 insertions(+), 3 deletions(-) create mode 100644 stackhpc_repo_ubuntu_focal_url diff --git a/etc/kayobe/pulp-repo-versions.yml b/etc/kayobe/pulp-repo-versions.yml index fc20f3259..e986b578a 100644 --- a/etc/kayobe/pulp-repo-versions.yml +++ b/etc/kayobe/pulp-repo-versions.yml @@ -45,6 +45,6 @@ stackhpc_pulp_repo_rocky_9_1_crb_version: 20230228T044432 stackhpc_pulp_repo_rocky_9_1_extras_version: 20230228T044432 stackhpc_pulp_repo_rocky_9_1_highavailability_version: 20230228T044432 stackhpc_pulp_repo_treasuredata_4_version: 20221105T035018 -stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20230424T064949 -stackhpc_pulp_repo_ubuntu_focal_security_version: 20230424T064949 -stackhpc_pulp_repo_ubuntu_focal_version: 20230424T064949 +stackhpc_pulp_repo_ubuntu_cloud_archive_version: 20230515T073310 +stackhpc_pulp_repo_ubuntu_focal_security_version: 20230515T073310 +stackhpc_pulp_repo_ubuntu_focal_version: 20230515T073310 diff --git a/stackhpc_repo_ubuntu_focal_url b/stackhpc_repo_ubuntu_focal_url new file mode 100644 index 000000000..a28897900 --- /dev/null +++ b/stackhpc_repo_ubuntu_focal_url @@ -0,0 +1,33 @@ +# This viminfo file was generated by Vim 9.0. +# You may edit it if you're careful! + +# Viminfo version +|1,4 + +# Value of 'encoding' when this file was written +*encoding=latin1 + + +# hlsearch on (H) or off (h): +~h +# Command Line History (newest to oldest): + +# Search String History (newest to oldest): + +# Expression History (newest to oldest): + +# Input Line History (newest to oldest): + +# Debug Line History (newest to oldest): + +# Registers: + +# File marks: +'0 1 0 ~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep +|4,48,1,0,1684159353,"~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep" + +# Jumplist (newest first): +-' 1 0 ~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep +|4,39,1,0,1684159353,"~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep" + +# History of marks within files (newest to oldest): From 6561f94457de9d2e59127b659d1032908be8f721 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 15 May 2023 17:04:39 +0200 Subject: [PATCH 4/5] Update neutron/ovs/ovn tag to the same on all distros --- etc/kayobe/kolla/globals.yml | 9 +++------ stackhpc_repo_ubuntu_focal_url | 33 --------------------------------- 2 files changed, 3 insertions(+), 39 deletions(-) delete mode 100644 stackhpc_repo_ubuntu_focal_url diff --git a/etc/kayobe/kolla/globals.yml b/etc/kayobe/kolla/globals.yml index 467094b6a..56b66c8be 100644 --- a/etc/kayobe/kolla/globals.yml +++ b/etc/kayobe/kolla/globals.yml @@ -6,6 +6,9 @@ # non-overcloud hosts enable_docker_repo: {% raw %}"{{ 'overcloud' not in group_names or ansible_facts.os_family == 'Debian' }}"{% endraw %} +neutron_tag: yoga-20230515T150233 +openvswitch_tag: yoga-20230515T150233 +ovn_tag: yoga-20230515T150233 {% if kolla_base_distro == 'centos' %} bifrost_tag: yoga-20230217T160618 @@ -14,11 +17,8 @@ caso_tag: yoga-20230315T125157 grafana_tag: yoga-20230419T085955 ironic_tag: yoga-20230316T154655 ironic_dnsmasq_tag: yoga-20230217T135826 -neutron_tag: yoga-20230309T123152 nova_tag: yoga-20230331T102705 opensearch_tag: yoga-20230324T084510 -openvswitch_tag: yoga-20230515T104855 -ovn_tag: yoga-20230515T104855 prometheus_node_exporter_tag: yoga-20230310T173747 {% elif kolla_base_distro == 'rocky' %} bifrost_tag: yoga-20230310T194732 @@ -29,15 +29,12 @@ ironic_tag: yoga-20230316T170311 ironic_dnsmasq_tag: yoga-20230310T170929 nova_tag: yoga-20230331T113516 opensearch_tag: yoga-20230324T090413 -openvswitch_tag: yoga-20230515T104855 -ovn_tag: yoga-20230515T104855 prometheus_node_exporter_tag: yoga-20230315T170614 {% else %} bifrost_tag: yoga-20230220T184947 blazar_tag: yoga-20230315T125441 caso_tag: yoga-20230315T125441 grafana_tag: yoga-20230426T084340 -neutron_tag: yoga-20230309T123143 nova_tag: yoga-20230331T110423 ironic_tag: yoga-20230316T154704 ironic_dnsmasq_tag: yoga-20230220T181235 diff --git a/stackhpc_repo_ubuntu_focal_url b/stackhpc_repo_ubuntu_focal_url deleted file mode 100644 index a28897900..000000000 --- a/stackhpc_repo_ubuntu_focal_url +++ /dev/null @@ -1,33 +0,0 @@ -# This viminfo file was generated by Vim 9.0. -# You may edit it if you're careful! - -# Viminfo version -|1,4 - -# Value of 'encoding' when this file was written -*encoding=latin1 - - -# hlsearch on (H) or off (h): -~h -# Command Line History (newest to oldest): - -# Search String History (newest to oldest): - -# Expression History (newest to oldest): - -# Input Line History (newest to oldest): - -# Debug Line History (newest to oldest): - -# Registers: - -# File marks: -'0 1 0 ~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep -|4,48,1,0,1684159353,"~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep" - -# Jumplist (newest first): --' 1 0 ~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep -|4,39,1,0,1684159353,"~/dev/stackhpc/stackhpc-kayobe-config/yoga_ovs_15052023/grep" - -# History of marks within files (newest to oldest): From 62cecdb49a241422fc7bf13ce4fbe8bd6fd9ed44 Mon Sep 17 00:00:00 2001 From: Michal Nasiadka Date: Mon, 15 May 2023 21:25:20 +0200 Subject: [PATCH 5/5] Add release note --- .../notes/ovs-cve-2023-1668-298a2fc907fc07b9.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) create mode 100644 releasenotes/notes/ovs-cve-2023-1668-298a2fc907fc07b9.yaml diff --git a/releasenotes/notes/ovs-cve-2023-1668-298a2fc907fc07b9.yaml b/releasenotes/notes/ovs-cve-2023-1668-298a2fc907fc07b9.yaml new file mode 100644 index 000000000..3363affea --- /dev/null +++ b/releasenotes/notes/ovs-cve-2023-1668-298a2fc907fc07b9.yaml @@ -0,0 +1,9 @@ +--- +upgrade: + - | + ``openvswitch`` version has been updated to ~2.17.5 on all distributions + (CentOS/Rocky9 are two patches ahead of 2.17.5). + Images include fixes for CVE-2023-1668. + + Ubuntu repository versions for focal and ubuntu cloud archive have been + updated to `20230515`.