Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package net-tools for openSUSE:Factory checked in at 2025-08-13 16:22:55 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/net-tools (Old) and /work/SRC/openSUSE:Factory/.net-tools.new.1085 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "net-tools" Wed Aug 13 16:22:55 2025 rev:61 rq:1298935 version:2.10 Changes: -------- --- /work/SRC/openSUSE:Factory/net-tools/net-tools.changes 2025-08-09 20:04:58.163150280 +0200 +++ /work/SRC/openSUSE:Factory/.net-tools.new.1085/net-tools.changes 2025-08-13 16:23:10.678121098 +0200 @@ -1,0 +2,7 @@ +Mon Aug 11 12:42:17 UTC 2025 - Stanislav Brabec <sbra...@suse.com> + +- Provide more readable error for interface name size checking + introduced by net-tools-CVE-2025-46836.patch + (bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch). + +------------------------------------------------------------------- New: ---- net-tools-CVE-2025-46836-error-reporting.patch ----------(New B)---------- New: introduced by net-tools-CVE-2025-46836.patch (bsc#1243581, net-tools-CVE-2025-46836-error-reporting.patch). ----------(New E)---------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ net-tools.spec ++++++ --- /var/tmp/diff_new_pack.vJorBm/_old 2025-08-13 16:23:13.970259508 +0200 +++ /var/tmp/diff_new_pack.vJorBm/_new 2025-08-13 16:23:13.974259676 +0200 @@ -37,6 +37,8 @@ Patch8: net-tools-CVE-2025-46836.patch # PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-regression.patch bsc1243581 sbra...@suse.com -- Fix regression introduced by net-tools-CVE-2025-46836.patch. Patch9: net-tools-CVE-2025-46836-regression.patch +# PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-error-reporting.patch bsc1243581 sbra...@suse.com -- Provide more readable error for interface name size checking. +Patch10: net-tools-CVE-2025-46836-error-reporting.patch BuildRequires: help2man Recommends: traceroute >= 2.0.0 Provides: net_tool = %{version} ++++++ net-tools-CVE-2025-46836-error-reporting.patch ++++++ >From 61f4890ae077bcf02aa2b5c3f8737349ee048ae9 Mon Sep 17 00:00:00 2001 From: skrab-sah <skrab....@gmail.com> Date: Sun, 18 May 2025 01:58:36 +0530 Subject: [PATCH] Interface name size checking (#21) Interface name size checking to provide more readable error. --- ifconfig.c | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/ifconfig.c b/ifconfig.c index 3b8bd5c..7688a79 100644 --- a/ifconfig.c +++ b/ifconfig.c @@ -330,7 +330,13 @@ int main(int argc, char **argv) } /* No. Fetch the interface name. */ spp = argv; - safe_strncpy(ifr.ifr_name, *spp++, IFNAMSIZ); + size_t len = strlen(*spp); + if (len >= IFNAMSIZ) + { + fprintf(stderr, "%s(%lu): interface name length must be < %i\n", *spp, len, IFNAMSIZ); + return EXIT_FAILURE; + } + memcpy(ifr.ifr_name, *spp++, len+1); if (*spp == (char *) NULL) { int err = if_print(ifr.ifr_name); (void) close(skfd); -- 2.48.1