From c275e1b90eb7d74eb477d9d89d2c2a92dd5d38a53697a00ea252f226ce37192c Mon Sep 17 00:00:00 2001
From: Marcus Meissner <meissner@suse.com>
Date: Thu, 15 Nov 2012 09:20:47 +0000
Subject: [PATCH] Accepting request 141379 from home:rhafer:branches:network

bnc#774332, CVE-2012-3449

OBS-URL: https://build.opensuse.org/request/show/141379
OBS-URL: https://build.opensuse.org/package/show/network/openvswitch?expand=0&rev=15
---
 openvswitch-1.7.1-ovs-pki-permissions.patch | 11 +++++++++++
 openvswitch.changes                         |  6 ++++++
 openvswitch.spec                            |  3 +++
 3 files changed, 20 insertions(+)
 create mode 100644 openvswitch-1.7.1-ovs-pki-permissions.patch

diff --git a/openvswitch-1.7.1-ovs-pki-permissions.patch b/openvswitch-1.7.1-ovs-pki-permissions.patch
new file mode 100644
index 0000000..32528bd
--- /dev/null
+++ b/openvswitch-1.7.1-ovs-pki-permissions.patch
@@ -0,0 +1,11 @@
+--- utilities/ovs-pki.in	2012/11/15 08:47:04	1.1
++++ utilities/ovs-pki.in	2012/11/15 08:51:37
+@@ -219,7 +219,7 @@
+ 
+         mkdir -p certs crl newcerts
+         mkdir -p -m 0700 private
+-        mkdir -p -m 0733 incoming
++        mkdir -p -m 0700 incoming
+         touch index.txt
+         test -e crlnumber || echo 01 > crlnumber
+         test -e serial || echo 01 > serial
diff --git a/openvswitch.changes b/openvswitch.changes
index a9f8a1b..841aea8 100644
--- a/openvswitch.changes
+++ b/openvswitch.changes
@@ -1,3 +1,9 @@
+-------------------------------------------------------------------
+Thu Nov 15 08:59:41 UTC 2012 - rhafer@suse.com
+
+- New patch openvswitch-1.7.1-ovs-pki-permissions.patch: Avoid
+  creating world writeable directory (bnc#774332, CVE-2012-3449)
+
 -------------------------------------------------------------------
 Sun Sep  9 15:33:08 UTC 2012 - on@morlock.nu
 
diff --git a/openvswitch.spec b/openvswitch.spec
index 51918de..fcbf86d 100644
--- a/openvswitch.spec
+++ b/openvswitch.spec
@@ -45,6 +45,8 @@ Source4:        openvswitch-switch.logrotate
 Source5:        openvswitch-controller.init
 # PATCH-FEATURE-UPSTREAM openvswitch-1.7.0-stp-fwd-delay.patch -- Set STP bridge forward delay
 Patch1:		%name-1.7.0-stp-fwd-delay.patch
+# PATCH-FIX-UPSTREAM openvswitch-1.7.1-ovs-pki-permissions.patch [bnc#774332] 
+Patch2:         %name-1.7.1-ovs-pki-permissions.patch
 BuildRequires:	autoconf automake libtool
 BuildRequires:	gcc
 BuildRequires:	make
@@ -205,6 +207,7 @@ Open vSwitch is a full-featured software-based Ethernet switch.
 %prep
 %setup -q
 %patch1 -p1
+%patch2 -p0
 
 set -- *
 mkdir source