Hello community, here is the log from the commit of package libndp for openSUSE:Factory checked in at 2015-01-08 23:20:05 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libndp (Old) and /work/SRC/openSUSE:Factory/.libndp.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libndp" Changes: -------- --- /work/SRC/openSUSE:Factory/libndp/libndp.changes 2014-07-13 14:06:50.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.libndp.new/libndp.changes 2015-01-09 01:11:20.000000000 +0100 @@ -1,0 +2,6 @@ +Mon Jan 5 14:35:54 UTC 2015 - [email protected] + +- Update to version 1.4: + + libndp: fix buffer overflow in ndp_msg_opt_dnssl_domain(). + +------------------------------------------------------------------- Old: ---- libndp-1.3.tar.gz New: ---- libndp-1.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libndp.spec ++++++ --- /var/tmp/diff_new_pack.aSQgdI/_old 2015-01-09 01:11:21.000000000 +0100 +++ /var/tmp/diff_new_pack.aSQgdI/_new 2015-01-09 01:11:21.000000000 +0100 @@ -1,7 +1,7 @@ # # spec file for package libndp # -# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ Name: libndp -Version: 1.3 +Version: 1.4 Release: 0 Summary: Library for Neighbor Discovery Protocol License: LGPL-2.1+ ++++++ libndp-1.3.tar.gz -> libndp-1.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libndp-1.3/configure new/libndp-1.4/configure --- old/libndp-1.3/configure 2014-06-26 11:12:46.000000000 +0200 +++ new/libndp-1.4/configure 2014-07-29 15:19:26.000000000 +0200 @@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.69 for libndp 1.3. +# Generated by GNU Autoconf 2.69 for libndp 1.4. # # Report bugs to <[email protected]>. # @@ -590,8 +590,8 @@ # Identity of this package. PACKAGE_NAME='libndp' PACKAGE_TARNAME='libndp' -PACKAGE_VERSION='1.3' -PACKAGE_STRING='libndp 1.3' +PACKAGE_VERSION='1.4' +PACKAGE_STRING='libndp 1.4' PACKAGE_BUGREPORT='[email protected]' PACKAGE_URL='' @@ -1314,7 +1314,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures libndp 1.3 to adapt to many kinds of systems. +\`configure' configures libndp 1.4 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1384,7 +1384,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of libndp 1.3:";; + short | recursive ) echo "Configuration of libndp 1.4:";; esac cat <<\_ACEOF @@ -1491,7 +1491,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -libndp configure 1.3 +libndp configure 1.4 generated by GNU Autoconf 2.69 Copyright (C) 2012 Free Software Foundation, Inc. @@ -1860,7 +1860,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by libndp $as_me 1.3, which was +It was created by libndp $as_me 1.4, which was generated by GNU Autoconf 2.69. Invocation command line was $ $0 $@ @@ -2724,7 +2724,7 @@ # Define the identity of the package. PACKAGE='libndp' - VERSION='1.3' + VERSION='1.4' cat >>confdefs.h <<_ACEOF @@ -3972,7 +3972,7 @@ LIBNDP_CURRENT=0 -LIBNDP_REVISION=1 +LIBNDP_REVISION=2 LIBNDP_AGE=0 @@ -12969,7 +12969,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by libndp $as_me 1.3, which was +This file was extended by libndp $as_me 1.4, which was generated by GNU Autoconf 2.69. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -13026,7 +13026,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -libndp config.status 1.3 +libndp config.status 1.4 configured by $0, generated by GNU Autoconf 2.69, with options \\"\$ac_cs_config\\" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libndp-1.3/configure.ac new/libndp-1.4/configure.ac --- old/libndp-1.3/configure.ac 2014-06-26 11:11:52.000000000 +0200 +++ new/libndp-1.4/configure.ac 2014-07-29 15:17:55.000000000 +0200 @@ -1,7 +1,7 @@ # -*- Autoconf -*- # Process this file with autoconf to produce a configure script. -AC_INIT([libndp], [1.3], [[email protected]]) +AC_INIT([libndp], [1.4], [[email protected]]) AC_CONFIG_AUX_DIR([build-aux]) AC_CONFIG_MACRO_DIR([m4]) AM_INIT_AUTOMAKE([-Wall foreign subdir-objects]) @@ -23,7 +23,7 @@ # release, then set age to 0. AC_SUBST(LIBNDP_CURRENT, 0) -AC_SUBST(LIBNDP_REVISION, 1) +AC_SUBST(LIBNDP_REVISION, 2) AC_SUBST(LIBNDP_AGE, 0) CFLAGS="$CFLAGS -Wall" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/libndp-1.3/libndp/libndp.c new/libndp-1.4/libndp/libndp.c --- old/libndp-1.3/libndp/libndp.c 2013-12-18 13:25:30.000000000 +0100 +++ new/libndp-1.4/libndp/libndp.c 2014-07-29 15:16:06.000000000 +0200 @@ -1527,7 +1527,7 @@ i = 0; while (len > 0) { - *buf = '\0'; + size_t buf_len = 0; while (len > 0) { uint8_t dom_len = *ptr; @@ -1539,15 +1539,18 @@ if (dom_len > len) return NULL; - if (strlen(buf)) - strcat(buf, "."); - buf[strlen(buf) + dom_len] = '\0'; - memcpy(buf + strlen(buf), ptr, dom_len); + if (buf_len + dom_len + 1 > sizeof(buf)) + return NULL; + + memcpy(buf + buf_len, ptr, dom_len); + buf[buf_len + dom_len] = '.'; ptr += dom_len; len -= dom_len; + buf_len += dom_len + 1; } - if (!strlen(buf)) + if (!buf_len) break; + buf[buf_len - 1] = '\0'; /* overwrite final '.' */ if (i++ == domain_index) return buf; } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
