Hello community, here is the log from the commit of package openvswitch for openSUSE:Factory checked in at 2017-06-05 18:51:00 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/openvswitch (Old) and /work/SRC/openSUSE:Factory/.openvswitch.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "openvswitch" Mon Jun 5 18:51:00 2017 rev:14 rq:501158 version:2.7.0 Changes: -------- --- /work/SRC/openSUSE:Factory/openvswitch/openvswitch.changes 2017-03-17 15:06:34.989536680 +0100 +++ /work/SRC/openSUSE:Factory/.openvswitch.new/openvswitch.changes 2017-06-05 18:51:20.892708889 +0200 @@ -1,0 +2,9 @@ +Sat May 27 08:39:25 UTC 2017 - [email protected] + +- Install firewalld OVN files with chmod 644 instead of 755 (4a54614120ea) +- Use python-six instead of python2-six dependency to cover distributions + which are not using the python-singlespec packaging specification yet (bsc#1041110) +- Add upstream patch to fix a buffer overread vulnerability (cve-2017-9214) (bsc#1040543) + * 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch + +------------------------------------------------------------------- New: ---- 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ openvswitch.spec ++++++ --- /var/tmp/diff_new_pack.YyFayC/_old 2017-06-05 18:51:21.488624889 +0200 +++ /var/tmp/diff_new_pack.YyFayC/_new 2017-06-05 18:51:21.492624326 +0200 @@ -42,6 +42,10 @@ Source0: http://openvswitch.org/releases/openvswitch-%{version}.tar.gz Source1: preamble Source89: Module.supported.updates +# PATCh-FIX-UPSTREAM 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch +# Upstream fix (present in 2.7 branch) to fix CVE-2017-9214 +# See https://nvd.nist.gov/vuln/detail/CVE-2017-9214 +Patch1: 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch Patch99: 0001-utilities-Add-script-to-support-DPDK-option-migratio.patch BuildRequires: autoconf BuildRequires: automake @@ -237,7 +241,7 @@ Group: Productivity/Networking/System Requires: openvswitch-common = %{version} Requires: python -Requires: python2-six +Requires: python-six %description -n python-openvswitch This package contains the full Python bindings for Open vSwitch database. @@ -274,6 +278,7 @@ %prep %setup -q -n openvswitch-%{version} +%patch1 -p1 %patch99 -p1 %build @@ -373,9 +378,9 @@ # firewalld install -d %{buildroot}%{_prefix}/lib/firewalld/services/ -install rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ +install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-central-firewall-service.xml \ %{buildroot}%{_prefix}/lib/firewalld/services/ovn-central-firewall-service.xml -install rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ +install -p -m 0644 rhel/usr_lib_firewalld_services_ovn-host-firewall-service.xml \ %{buildroot}%{_prefix}/lib/firewalld/services/ovn-host-firewall-service.xml # Copy documentation. The git archive builds also contain non rst files ++++++ 0001-ofp-util-Fix-buffer-overread-in-ofputil_pull_queue_g.patch ++++++ >From 7b7b186a8d40fc6f287cef2582702181da74bdc3 Mon Sep 17 00:00:00 2001 From: Ben Pfaff <[email protected]> Date: Sat, 20 May 2017 16:38:24 -0700 Subject: [PATCH] ofp-util: Fix buffer overread in ofputil_pull_queue_get_config_reply10(). msg->size isn't the relevant measurement here because we're only supposed to read 'len' bytes. Reading more than that causes 'len' to underflow to a large number at the end of the loop. Reported-by: Bhargava Shastry <[email protected]> Signed-off-by: Ben Pfaff <[email protected]> Acked-by: Greg Rose <[email protected]> --- lib/ofp-util.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/ofp-util.c b/lib/ofp-util.c index db27abf8b..a6dd5dbdd 100644 --- a/lib/ofp-util.c +++ b/lib/ofp-util.c @@ -2598,7 +2598,7 @@ ofputil_pull_queue_get_config_reply10(struct ofpbuf *msg, hdr = ofpbuf_at_assert(msg, 0, sizeof *hdr); prop_len = ntohs(hdr->len); - if (prop_len < sizeof *hdr || prop_len > msg->size || prop_len % 8) { + if (prop_len < sizeof *hdr || prop_len > len || prop_len % 8) { return OFPERR_OFPBRC_BAD_LEN; } -- 2.12.2
