Accepting request 141379 from home:rhafer:branches:network

bnc#774332, CVE-2012-3449 OBS-URL: https://build.opensuse.org/request/show/141379 OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=15
2012-11-15 09:20:47 +00:00 · 2012-11-15 09:20:47 +00:00 · c275e1b90e
commit c275e1b90e
parent 8e36dbc125
3 changed files with 20 additions and 0 deletions
--- a/openvswitch-1.7.1-ovs-pki-permissions.patch
+++ b/openvswitch-1.7.1-ovs-pki-permissions.patch
@ -0,0 +1,11 @@
+--- utilities/ovs-pki.in	2012/11/15 08:47:04	1.1
+++ utilities/ovs-pki.in	2012/11/15 08:51:37
+@@ -219,7 +219,7 @@
+ 
+         mkdir -p certs crl newcerts
+         mkdir -p -m 0700 private
+-        mkdir -p -m 0733 incoming
+        mkdir -p -m 0700 incoming
+         touch index.txt
+         test -e crlnumber || echo 01 > crlnumber
+         test -e serial || echo 01 > serial
--- a/openvswitch.changes
+++ b/openvswitch.changes
@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov 15 08:59:41 UTC 2012 - rhafer@suse.com
+
+- New patch openvswitch-1.7.1-ovs-pki-permissions.patch: Avoid
+  creating world writeable directory (bnc#774332, CVE-2012-3449)
+
 -------------------------------------------------------------------
 Sun Sep  9 15:33:08 UTC 2012 - on@morlock.nu

--- a/openvswitch.spec
+++ b/openvswitch.spec
@ -45,6 +45,8 @@ Source4:        openvswitch-switch.logrotate
 Source5:        openvswitch-controller.init
 # PATCH-FEATURE-UPSTREAM openvswitch-1.7.0-stp-fwd-delay.patch -- Set STP bridge forward delay
 Patch1:		%name-1.7.0-stp-fwd-delay.patch
+# PATCH-FIX-UPSTREAM openvswitch-1.7.1-ovs-pki-permissions.patch [bnc#774332] 
+Patch2:         %name-1.7.1-ovs-pki-permissions.patch
 BuildRequires:	autoconf automake libtool
 BuildRequires:	gcc
 BuildRequires:	make
@ -205,6 +207,7 @@ Open vSwitch is a full-featured software-based Ethernet switch.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p0

 set -- *
 mkdir source