Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package net-tools for openSUSE:Factory 
checked in at 2025-08-13 16:22:55
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/net-tools (Old)
 and      /work/SRC/openSUSE:Factory/.net-tools.new.1085 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "net-tools"

Wed Aug 13 16:22:55 2025 rev:61 rq:1298935 version:2.10

Changes:
--------
--- /work/SRC/openSUSE:Factory/net-tools/net-tools.changes      2025-08-09 
20:04:58.163150280 +0200
+++ /work/SRC/openSUSE:Factory/.net-tools.new.1085/net-tools.changes    
2025-08-13 16:23:10.678121098 +0200
@@ -1,0 +2,7 @@
+Mon Aug 11 12:42:17 UTC 2025 - Stanislav Brabec <sbra...@suse.com>
+
+- Provide more readable error for interface name size checking
+  introduced by net-tools-CVE-2025-46836.patch
+  (bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
+
+-------------------------------------------------------------------

New:
----
  net-tools-CVE-2025-46836-error-reporting.patch

----------(New B)----------
  New:  introduced by net-tools-CVE-2025-46836.patch
  (bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch).
----------(New E)----------

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ net-tools.spec ++++++
--- /var/tmp/diff_new_pack.vJorBm/_old  2025-08-13 16:23:13.970259508 +0200
+++ /var/tmp/diff_new_pack.vJorBm/_new  2025-08-13 16:23:13.974259676 +0200
@@ -37,6 +37,8 @@
 Patch8:         net-tools-CVE-2025-46836.patch
 # PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-regression.patch bsc1243581 
sbra...@suse.com -- Fix regression introduced by net-tools-CVE-2025-46836.patch.
 Patch9:         net-tools-CVE-2025-46836-regression.patch
+# PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-error-reporting.patch bsc1243581 
sbra...@suse.com -- Provide more readable error for interface name size 
checking.
+Patch10:        net-tools-CVE-2025-46836-error-reporting.patch
 BuildRequires:  help2man
 Recommends:     traceroute >= 2.0.0
 Provides:       net_tool = %{version}

++++++ net-tools-CVE-2025-46836-error-reporting.patch ++++++
>From 61f4890ae077bcf02aa2b5c3f8737349ee048ae9 Mon Sep 17 00:00:00 2001
From: skrab-sah <skrab....@gmail.com>
Date: Sun, 18 May 2025 01:58:36 +0530
Subject: [PATCH] Interface name size checking (#21)

Interface name size checking to provide more readable error.
---
 ifconfig.c | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/ifconfig.c b/ifconfig.c
index 3b8bd5c..7688a79 100644
--- a/ifconfig.c
+++ b/ifconfig.c
@@ -330,7 +330,13 @@ int main(int argc, char **argv)
     }
     /* No. Fetch the interface name. */
     spp = argv;
-    safe_strncpy(ifr.ifr_name, *spp++, IFNAMSIZ);
+    size_t len = strlen(*spp);
+    if (len >= IFNAMSIZ)
+    {
+       fprintf(stderr, "%s(%lu): interface name length must be < %i\n", *spp, 
len, IFNAMSIZ);
+       return EXIT_FAILURE;
+    }
+    memcpy(ifr.ifr_name, *spp++, len+1);
     if (*spp == (char *) NULL) {
        int err = if_print(ifr.ifr_name);
        (void) close(skfd);
-- 
2.48.1

Reply via email to