2 files changed, 30 insertions, 0 deletions
diff --git a/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
new file mode 100644
index 00000000..0fc3aa1a
--- /dev/null
+++ b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
@@ -0,0 +1,29 @@
+A buggy or malicious switch could send a role status message with a bad
+reason code, which if printed by OVS would cause it to abort.  This fixes
+the problem.
+CVE: CVE-2017-9263
+Upstream-Status: Submitted
+Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
+Signed-off-by: Ben Pfaff <blp at ovn.org>
+---
+ lib/ofp-print.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/lib/ofp-print.c b/lib/ofp-print.c
+index 7ca953100539..1932baf4871f 100644
+--- a/lib/ofp-print.c
+++ b/lib/ofp-print.c
+@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds *string, const struct ofp_header *oh)
+         break;
+     case OFPCRR_N_REASONS:
+     default:
+-        OVS_NOT_REACHED();
+        ds_put_cstr(string, "(unknown)");
+        break;
+     }
+ }
+ 
+-- 
+2.10.2
diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb
index 1fb82aee..6ab0c40a 100644
--- a/recipes-networking/openvswitch/openvswitch_git.bb
+++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -29,6 +29,7 @@ SRC_URI = "file://openvswitch-switch \
           file://python-make-remaining-scripts-use-usr-bin-env.patch \
           file://0001-use-the-linux-if_packet.h-Interface-directly.patch \
           file://0002-Define-WAIT_ANY-if-not-provided-by-system.patch \
+           file://CVE-2017-9263.patch \
           "
 LIC_FILES_CHKSUM = "file://COPYING;md5=17b2c9d4c70853a09c0e143137754b35"

diff --git a/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch new file mode 100644 index 00000000..0fc3aa1a --- /dev/null +++ b/recipes-networking/openvswitch/openvswitch-git/CVE-2017-9263.patch
@@ -0,0 +1,29 @@
		1	A buggy or malicious switch could send a role status message with a bad
		2	reason code, which if printed by OVS would cause it to abort. This fixes
		3	the problem.
		4
		5	CVE: CVE-2017-9263
		6	Upstream-Status: Submitted
		7
		8	Reported-by: Bhargava Shastry <bshastry at sec.t-labs.tu-berlin.de>
		9	Signed-off-by: Ben Pfaff <blp at ovn.org>
		10	---
		11	lib/ofp-print.c \| 3 ++-
		12	1 file changed, 2 insertions(+), 1 deletion(-)
		13
		14	diff --git a/lib/ofp-print.c b/lib/ofp-print.c
		15	index 7ca953100539..1932baf4871f 100644
		16	--- a/lib/ofp-print.c
		17	+++ b/lib/ofp-print.c
		18	@@ -2147,7 +2147,8 @@ ofp_print_role_status_message(struct ds string, const struct ofp_header oh)
		19	break;
		20	case OFPCRR_N_REASONS:
		21	default:
		22	- OVS_NOT_REACHED();
		23	+ ds_put_cstr(string, "(unknown)");
		24	+ break;
		25	}
		26	}
		27
		28	--
		29	2.10.2


diff --git a/recipes-networking/openvswitch/openvswitch_git.bb b/recipes-networking/openvswitch/openvswitch_git.bb index 1fb82aee..6ab0c40a 100644 --- a/recipes-networking/openvswitch/openvswitch_git.bb +++ b/recipes-networking/openvswitch/openvswitch_git.bb
@@ -29,6 +29,7 @@ SRC_URI = "file://openvswitch-switch \
29	file://python-make-remaining-scripts-use-usr-bin-env.patch \	29	file://python-make-remaining-scripts-use-usr-bin-env.patch \
30	file://0001-use-the-linux-if_packet.h-Interface-directly.patch \	30	file://0001-use-the-linux-if_packet.h-Interface-directly.patch \
31	file://0002-Define-WAIT_ANY-if-not-provided-by-system.patch \	31	file://0002-Define-WAIT_ANY-if-not-provided-by-system.patch \
		32	file://CVE-2017-9263.patch \
32	"	33	"
33		34
34	LIC_FILES_CHKSUM = "file://COPYING;md5=17b2c9d4c70853a09c0e143137754b35"	35	LIC_FILES_CHKSUM = "file://COPYING;md5=17b2c9d4c70853a09c0e143137754b35"