Hello community, here is the log from the commit of package novell-ipsec-tools for openSUSE:Factory checked in at Wed Mar 17 14:22:15 CET 2010. -------- --- novell-ipsec-tools/novell-ipsec-tools.changes 2010-02-14 01:53:47.000000000 +0100 +++ /mounts/work_src_done/STABLE/novell-ipsec-tools/novell-ipsec-tools.changes 2010-03-16 10:02:41.000000000 +0100 @@ -1,0 +2,5 @@ +Tue Mar 16 09:02:21 UTC 2010 - aj@suse.de + +- Fix bufferoverflow found by gcc 4.5. + +------------------------------------------------------------------- calling whatdependson for head-i586 New: ---- ipsec-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ novell-ipsec-tools.spec ++++++ --- /var/tmp/diff_new_pack.XZ5l6U/_old 2010-03-17 14:21:36.000000000 +0100 +++ /var/tmp/diff_new_pack.XZ5l6U/_new 2010-03-17 14:21:36.000000000 +0100 @@ -21,7 +21,7 @@ Name: novell-ipsec-tools BuildRequires: bison flex openssl-devel Version: 0.7.1 -Release: 5 +Release: 6 License: BSD3c(or similar) Group: Productivity/Networking/Security PreReq: %insserv_prereq %fillup_prereq @@ -40,6 +40,7 @@ Patch5: no_werror.patch Patch6: novell-ipsec-tools_plugins-am111.patch Patch7: nit-includes.diff +Patch8: ipsec-overflow.patch Url: http://forge.novell.com/modules/xfmod/project/?turnpike Prefix: /usr Conflicts: ipsec-tools @@ -119,6 +120,7 @@ %patch5 -p1 %patch6 -p1 %patch -P 7 -p1 +%patch8 -p0 ln -sf acracoon.m4 acinclude.m4 %build ++++++ ipsec-overflow.patch ++++++ Index: src/racoon/ipsec_doi.c =================================================================== --- src/racoon/ipsec_doi.c.orig +++ src/racoon/ipsec_doi.c @@ -4503,7 +4503,8 @@ ipsecdoi_id2str(id) char *dat; static char buf[BUFLEN]; struct ipsecdoi_id_b *id_b = (struct ipsecdoi_id_b *)id->v; - struct sockaddr saddr; + struct sockaddr_storage saddr; + struct sockaddr *sa = (struct sockaddr *)&saddr; u_int plen = 0; switch (id_b->type) { @@ -4514,7 +4515,7 @@ ipsecdoi_id2str(id) #ifndef __linux__ saddr.sa_len = sizeof(struct sockaddr_in); #endif - saddr.sa_family = AF_INET; + sa->sa_family = AF_INET; ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, id->v + sizeof(*id_b), sizeof(struct in_addr)); @@ -4527,7 +4528,7 @@ ipsecdoi_id2str(id) #ifndef __linux__ saddr.sa_len = sizeof(struct sockaddr_in6); #endif - saddr.sa_family = AF_INET6; + sa->sa_family = AF_INET6; ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, id->v + sizeof(*id_b), sizeof(struct in6_addr)); @@ -4540,7 +4541,7 @@ ipsecdoi_id2str(id) #ifdef INET6 case IPSECDOI_ID_IPV6_ADDR: #endif - len = snprintf( buf, BUFLEN, "%s", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s", saddrwop2str(sa)); break; case IPSECDOI_ID_IPV4_ADDR_SUBNET: @@ -4596,42 +4597,42 @@ ipsecdoi_id2str(id) plen += l; } - len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(&saddr), plen); + len = snprintf( buf, BUFLEN, "%s/%i", saddrwop2str(sa), plen); } break; case IPSECDOI_ID_IPV4_ADDR_RANGE: - len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(sa)); #ifndef __linux__ saddr.sa_len = sizeof(struct sockaddr_in); #endif - saddr.sa_family = AF_INET; + sa->sa_family = AF_INET; ((struct sockaddr_in *)&saddr)->sin_port = IPSEC_PORT_ANY; memcpy(&((struct sockaddr_in *)&saddr)->sin_addr, id->v + sizeof(*id_b) + sizeof(struct in_addr), sizeof(struct in_addr)); - len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(sa)); break; #ifdef INET6 case IPSECDOI_ID_IPV6_ADDR_RANGE: - len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(&saddr)); + len = snprintf( buf, BUFLEN, "%s-", saddrwop2str(sa)); #ifndef __linux__ saddr.sa_len = sizeof(struct sockaddr_in6); #endif - saddr.sa_family = AF_INET6; + sa->sa_family = AF_INET6; ((struct sockaddr_in6 *)&saddr)->sin6_port = IPSEC_PORT_ANY; memcpy(&((struct sockaddr_in6 *)&saddr)->sin6_addr, id->v + sizeof(*id_b) + sizeof(struct in6_addr), sizeof(struct in6_addr)); - len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(&saddr)); + len += snprintf( buf + len, BUFLEN - len, "%s", saddrwop2str(sa)); break; #endif ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org