Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package net-tools for openSUSE:Factory
checked in at 2025-08-09 19:58:52
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/net-tools (Old)
and /work/SRC/openSUSE:Factory/.net-tools.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "net-tools"
Sat Aug 9 19:58:52 2025 rev:60 rq:1298353 version:2.10
Changes:
--------
--- /work/SRC/openSUSE:Factory/net-tools/net-tools.changes 2025-01-29
16:09:30.265290401 +0100
+++ /work/SRC/openSUSE:Factory/.net-tools.new.1085/net-tools.changes
2025-08-09 20:04:58.163150280 +0200
@@ -1,0 +2,13 @@
+Mon Aug 4 06:27:05 UTC 2025 - Stanislav Brabec <sbra...@suse.com>
+
+- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
+
+-------------------------------------------------------------------
+Thu Jul 10 03:44:15 UTC 2025 - Stanislav Brabec <sbra...@suse.com>
+
+- Perform bound checks when parsing interface labels in
+ /proc/net/dev (bsc#1243581, CVE-2025-46836,
+ net-tools-CVE-2025-46836.patch,
+ net-tools-CVE-2025-46836-regression.patch).
+
+-------------------------------------------------------------------
@@ -853 +866 @@
-whenever-whenever - flor...@suse.de
+Tue Aug 13 22:39:00 MEST 1996 - flor...@suse.de
@@ -855,2 +868,2 @@
-new version 1.32-alpha
-mv /sbin/arp /usr/sbin/arp
+- new version 1.32-alpha
+- mv /sbin/arp /usr/sbin/arp
New:
----
net-tools-CVE-2025-46836-regression.patch
net-tools-CVE-2025-46836.patch
----------(New B)----------
New: net-tools-CVE-2025-46836.patch,
net-tools-CVE-2025-46836-regression.patch).
New:
- Fix a regression in net-tools-CVE-2025-46836.patch (bsc#1246608).
----------(New E)----------
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ net-tools.spec ++++++
--- /var/tmp/diff_new_pack.QW70v6/_old 2025-08-09 20:04:59.711215366 +0200
+++ /var/tmp/diff_new_pack.QW70v6/_new 2025-08-09 20:04:59.715215534 +0200
@@ -33,6 +33,10 @@
Patch4: 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch
Patch6: 0006-Allow-interface-stacking.patch
Patch7: 0007-Introduce-T-notrim-option-in-netstat.patch
+# PATCH-FIX-SECURITY net-tools-CVE-2025-46836.patch bsc1243581
sbra...@suse.com -- Perform bound checks when parsing interface labels in
/proc/net/dev.
+Patch8: net-tools-CVE-2025-46836.patch
+# PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-regression.patch bsc1243581
sbra...@suse.com -- Fix regression introduced by net-tools-CVE-2025-46836.patch.
+Patch9: net-tools-CVE-2025-46836-regression.patch
BuildRequires: help2man
Recommends: traceroute >= 2.0.0
Provides: net_tool = %{version}
++++++ net-tools-CVE-2025-46836-regression.patch ++++++
>From ddb0e375fb9ca95bb69335540b85bbdaa2714348 Mon Sep 17 00:00:00 2001
From: Bernd Eckenfels <net-to...@lina.inka.de>
Date: Sat, 17 May 2025 21:53:23 +0200
Subject: [PATCH] Interface statistic regression after 7a8f42fb2
---
lib/interface.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
diff --git a/lib/interface.c b/lib/interface.c
index a054f12..ca4adf1 100644
--- a/lib/interface.c
+++ b/lib/interface.c
@@ -239,12 +239,11 @@ static const char *get_name(char *name, const char *p)
/* copy the digits */
while (*p && isdigit((unsigned char)*p) && dst < end)
*dst++ = *p++;
-
- if (*p == ':') /* consume trailing colon */
- ++p;
} else { /* if so treat as normal */
p = dot;
}
+ if (*p == ':') /* consume trailing colon */
+ ++p;
break; /* interface name ends here */
}
--
2.48.1
++++++ net-tools-CVE-2025-46836.patch ++++++
>From 7a8f42fb20013a1493d8cae1c43436f85e656f2d Mon Sep 17 00:00:00 2001
From: Zephkeks <zephyrofficialdisc...@gmail.com>
Date: Tue, 13 May 2025 11:04:17 +0200
Subject: [PATCH] CVE-2025-46836: interface.c: Stack-based Buffer Overflow in
get_name()
Coordinated as GHSA-pfwf-h6m3-63wf
---
lib/interface.c | 63 ++++++++++++++++++++++++++++++-------------------
1 file changed, 39 insertions(+), 24 deletions(-)
Index: net-tools-2.10/lib/interface.c
===================================================================
--- net-tools-2.10.orig/lib/interface.c
+++ net-tools-2.10/lib/interface.c
@@ -209,33 +209,46 @@ out:
}
static const char *get_name(char **namep, const char *p)
+/* Safe version — guarantees at most IFNAMSIZ‑1 bytes are copied
+ and the destination buffer is always NUL‑terminated. */
{
- while (isspace(*p))
- p++;
+ /* Skip leading white‑space. */
+ while (isspace((unsigned char)*p))
+ ++p;
char *name = *namep = p;
- while (*p) {
- if (isspace(*p))
- break;
- if (*p == ':') { /* could be an alias */
- const char *dot = p++;
- while (*p && isdigit(*p)) p++;
- if (*p == ':') {
- /* Yes it is, backup and copy it. */
- p = dot;
- *name++ = *p++;
- while (*p && isdigit(*p)) {
- *name++ = *p++;
- }
- } else {
- /* No, it isn't */
- p = dot;
- }
- p++;
- break;
- }
- *name++ = *p++;
+ char *dst = name; /* current write ptr */
+ const char *end = name + IFNAMSIZ - 1; /* last byte we may write */
+ /* Copy until white‑space, end of string, or buffer full. */
+ while (*p && !isspace((unsigned char)*p) && dst < end) {
+ if (*p == ':') { /* possible alias veth0:123: */
+ const char *dot = p; /* remember the colon */
+ ++p;
+ while (*p && isdigit((unsigned char)*p))
+ ++p;
+
+ if (*p == ':') { /* confirmed alias */
+ p = dot; /* rewind and copy it all */
+
+ /* copy the colon */
+ if (dst < end)
+ *dst++ = *p++;
+
+ /* copy the digits */
+ while (*p && isdigit((unsigned char)*p) && dst < end)
+ *dst++ = *p++;
+
+ if (*p == ':') /* consume trailing colon */
+ ++p;
+ } else { /* if so treat as normal */
+ p = dot;
+ }
+ break; /* interface name ends here */
+ }
+
+ *dst++ = *p++; /* ordinary character copy */
}
- *name++ = '\0';
+
+ *dst = '\0'; /* always NUL‑terminate */
return p;
}
