Hello community, here is the log from the commit of package snort checked in at Mon Oct 2 12:07:42 CEST 2006. -------- --- snort/snort.changes 2006-09-21 03:11:18.000000000 +0200 +++ /mounts/work_src_done/STABLE/snort/snort.changes 2006-09-30 15:18:16.000000000 +0200 @@ -1,0 +2,8 @@ +Sat Sep 30 14:31:36 CEST 2006 - olh@suse.de + +- src/libnet_version.o depends on version.h +- fix unsigned char usage in libnet +- build libnet with RPM_OPT_FLAGS +- fix strncat overflow in snort + +------------------------------------------------------------------- New: ---- libnet-IPPROTO_OSPF_LSA-checksum.patch libnet-version-dep.patch snort.strncat-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ snort.spec ++++++ --- /var/tmp/diff_new_pack.UfJQlw/_old 2006-10-02 12:07:27.000000000 +0200 +++ /var/tmp/diff_new_pack.UfJQlw/_new 2006-10-02 12:07:27.000000000 +0200 @@ -18,7 +18,7 @@ %define libnet_version 1.0.2a Summary: A Packet Sniffer and Logger Version: 2.4.5 -Release: 1 +Release: 3 Group: Productivity/Networking/Diagnostic License: GPL Requires: logrotate @@ -35,8 +35,11 @@ Patch1: %{name}-2.2.0-config.patch Patch2: %{name}-2.4.3-lib64_configure.patch Patch3: %{name}-2.1.1-logrotate.patch +Patch4: snort.strncat-overflow.patch Patch100: libnet-multiline-string-fix.diff Patch101: libnet-strict-aliasing.diff +Patch102: libnet-version-dep.patch +Patch103: libnet-IPPROTO_OSPF_LSA-checksum.patch URL: http://www.snort.org/ #%if %{with_pgsql} #Buildrequires: postgresql-devel, postgresql-lib @@ -76,9 +79,12 @@ %patch2 #%endif %patch3 -p2 -b .logrotate +%patch4 -p1 cd Libnet-%{libnet_version} %patch100 %patch101 +%patch102 -p1 +%patch103 -p1 cd .. %build @@ -87,11 +93,9 @@ cd Libnet-%{libnet_version} %{?suse_update_config:%{suse_update_config}} #autoreconf -fi -export CXXFLAGS="$RPM_OPT_FLAGS" -export CFLAGS="$RPM_OPT_FLAGS" ./configure --prefix=%{_prefix} --with-pf_packet=yes --libdir=%{_libdir} --disable-shared --enable-static -make %{?jobs:-j %jobs} -make test +make CFLAGS="$RPM_OPT_FLAGS" %{?jobs:-j %jobs} +make test CFLAGS="$RPM_OPT_FLAGS" mkdir -p $RPM_BUILD_DIR/Libnet-build make DESTDIR=$RPM_BUILD_DIR/Libnet-build install export LIBNET=$RPM_BUILD_DIR/Libnet-build/%{_prefix} @@ -221,6 +225,11 @@ %doc schemas %changelog -n snort +* Sat Sep 30 2006 - olh@suse.de +- src/libnet_version.o depends on version.h +- fix unsigned char usage in libnet +- build libnet with RPM_OPT_FLAGS +- fix strncat overflow in snort * Thu Sep 21 2006 - dmueller@suse.de - update to 2.4.5: * Fixed potential evasion in URI content buffers ++++++ libnet-IPPROTO_OSPF_LSA-checksum.patch ++++++ src/libnet_checksum.c:219: warning: comparison is always false due to limited range of data type --- src/libnet_checksum.c | 13 ++----------- 1 file changed, 2 insertions(+), 11 deletions(-) Index: Libnet-1.0.2a/src/libnet_checksum.c =================================================================== --- Libnet-1.0.2a.orig/src/libnet_checksum.c +++ Libnet-1.0.2a/src/libnet_checksum.c @@ -182,9 +182,6 @@ libnet_do_checksum(u_char *buf, int prot c0 = 0; c1 = 0; - lsa_p->lsa_cksum[0] = 0; - lsa_p->lsa_cksum[1] = 0; /* zero out checksum */ - p = buf; p1 = buf; p3 = buf + len; /* beginning and end of buf */ @@ -210,16 +207,10 @@ libnet_do_checksum(u_char *buf, int prot } lsa_p->lsa_cksum[0] = (((len - 17) * c0 - c1) % 255); - if (lsa_p->lsa_cksum[0] <= 0) - { - lsa_p->lsa_cksum[0] += 255; - } + if (lsa_p->lsa_cksum[0] == 0) + lsa_p->lsa_cksum[0] = 255; lsa_p->lsa_cksum[1] = (510 - c0 - lsa_p->lsa_cksum[0]); - if (lsa_p->lsa_cksum[1] > 255) - { - lsa_p->lsa_cksum[1] -= 255; - } break; } case IPPROTO_IP: ++++++ libnet-version-dep.patch ++++++ gcc -O2 -funroll-loops -fomit-frame-pointer -Wall -DHAVE_CONFIG_H -c src/libnet_version.c -o src/libnet_version.o sed -e 's/.*/#define VERSION "&"/' ./VERSION > version.h src/libnet_version.c:34:24: gcc -O2 -funroll-loops -fomit-frame-pointer -Wall -DHAVE_CONFIG_H -c src/libnet_build_udp.c -o src/libnet_build_udp.o ../version.h: No such file or directory make: *** [src/libnet_version.o] Error 1 --- Makefile.in | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) Index: Libnet-1.0.2a/Makefile.in =================================================================== --- Libnet-1.0.2a.orig/Makefile.in +++ Libnet-1.0.2a/Makefile.in @@ -77,10 +77,10 @@ libnet: version.h $(OBJECTS) $(AR) -cr $(LIB) $(OBJECTS) $(RANLIB) $(LIB) -version.o: version.h +src/libnet_version.o: version.h version.h: ./VERSION - @rm -f $@ - sed -e 's/.*/#define VERSION "&"/' ./VERSION > $@ + @rm -f $@ $@~ + sed -e 's/.*/#define VERSION "&"/' ./VERSION > $@~ ; mv -f $@~ $@ test: libnet cd test; make ++++++ snort.strncat-overflow.patch ++++++ spo_database.c:2568: warning: call to __builtin___strncat_chk might overflow destination buffer spp_portscan2.c:247: warning: call to __builtin___strncat_chk might overflow destination buffer spp_portscan2.c:361: warning: call to __builtin___strncat_chk might overflow destination buffer --- src/output-plugins/spo_database.c | 2 +- src/preprocessors/spp_portscan2.c | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) Index: snort-2.4.5/src/output-plugins/spo_database.c =================================================================== --- snort-2.4.5.orig/src/output-plugins/spo_database.c +++ snort-2.4.5/src/output-plugins/spo_database.c @@ -2565,7 +2565,7 @@ void Connect(DatabaseData * data) if( nativeError!=5701 && nativeError!=5703 ) { encounteredFailure = 1; - strncat(odbcError, msg, sizeof(odbcError)); + strncat(odbcError, msg, sizeof(odbcError) - 1); } errorIndex++; } Index: snort-2.4.5/src/preprocessors/spp_portscan2.c =================================================================== --- snort-2.4.5.orig/src/preprocessors/spp_portscan2.c +++ snort-2.4.5/src/preprocessors/spp_portscan2.c @@ -242,9 +242,9 @@ void ParseScanmungeArgs(u_char *args) char logpath[STD_BUF], tmp[STD_BUF]; /* setup the defaults */ - strncpy(logpath, pv.log_dir, STD_BUF); - strncpy(tmp, "/scan.log", STD_BUF); - strncat(logpath, tmp, STD_BUF); + i = snprintf(logpath, STD_BUF, "%s/scan.log", pv.log_dir); + if (i < 0 || i >= STD_BUF) + logpath[0] = '\0'; /* way too low of defaults */ ps2data.scanner_count = DEFAULT_MAX_SCANNER; @@ -356,9 +356,9 @@ void ParseScanmungeArgs(u_char *args) strncpy (logpath, stoks[1], STD_BUF); else { - strncpy(logpath, pv.log_dir, STD_BUF); - strncat(logpath, "/", STD_BUF); - strncat(logpath, stoks[1], STD_BUF); + i = snprintf(logpath, STD_BUF, "%s/%s", pv.log_dir, stoks[1]); + if (i < 0 || i >= STD_BUF) + logpath[0] = '\0'; } i++; } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org