merged. Bruce
On Fri, Jun 9, 2017 at 7:50 AM, Fan Xin <[email protected]> wrote: > Backport patch file to fix CVE-2017-9263 > > Signed-off-by: Fan Xin <[email protected]> > --- > .../openvswitch-git/CVE-2017-9263.patch | 29 > ++++++++++++++++++++++ > recipes-networking/openvswitch/openvswitch_git.bb | 1 + > 2 files changed, 30 insertions(+) > create mode 100644 recipes-networking/openvswitch/openvswitch-git/ > CVE-2017-9263.patch > > diff --git > a/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch > b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch > new file mode 100644 > index 0000000..0fc3aa1 > --- /dev/null > +++ b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch > @@ -0,0 +1,29 @@ > +A buggy or malicious switch could send a role status message with a bad > +reason code, which if printed by OVS would cause it to abort. This fixes > +the problem. > + > +CVE: CVE-2017-9263 > +Upstream-Status: Submitted > + > +Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de> > +Signed-off-by: Ben Pfaff <blp at ovn.org> > +--- > + lib/ofp-print.c | 3 ++- > + 1 file changed, 2 insertions(+), 1 deletion(-) > + > +diff --git a/lib/ofp-print.c b/lib/ofp-print.c > +index 7ca953100539..1932baf4871f 100644 > +--- a/lib/ofp-print.c > ++++ b/lib/ofp-print.c > +@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds *string, > const struct ofp_header *oh) > + break; > + case OFPCRR_N_REASONS: > + default: > +- OVS_NOT_REACHED(); > ++ ds_put_cstr(string, "(unknown)"); > ++ break; > + } > + } > + > +-- > +2.10.2 > diff --git a/recipes-networking/openvswitch/openvswitch_git.bb > b/recipes-networking/openvswitch/openvswitch_git.bb > index 1fb82ae..6ab0c40 100644 > --- a/recipes-networking/openvswitch/openvswitch_git.bb > +++ b/recipes-networking/openvswitch/openvswitch_git.bb > @@ -29,6 +29,7 @@ SRC_URI = "file://openvswitch-switch \ > file://python-make-remaining-scripts-use-usr-bin-env.patch \ > file://0001-use-the-linux-if_packet.h-Interface-directly.patch > \ > file://0002-Define-WAIT_ANY-if-not-provided-by-system.patch \ > + file://CVE-2017-9263.patch \ > " > > LIC_FILES_CHKSUM = "file://COPYING;md5=17b2c9d4c70853a09c0e143137754b35" > -- > 1.9.1 > > -- > _______________________________________________ > meta-virtualization mailing list > [email protected] > https://lists.yoctoproject.org/listinfo/meta-virtualization > -- "Thou shalt not follow the NULL pointer, for chaos and madness await thee at its end"
-- _______________________________________________ meta-virtualization mailing list [email protected] https://lists.yoctoproject.org/listinfo/meta-virtualization
