Hello community, here is the log from the commit of package ethtool checked in at Thu Sep 7 01:11:20 CEST 2006. -------- --- ethtool/ethtool.changes 2006-09-04 08:00:01.000000000 +0200 +++ ethtool/ethtool.changes 2006-09-06 16:30:13.000000000 +0200 @@ -1,0 +2,5 @@ +Wed Sep 6 16:29:24 CEST 2006 - mskibbe@suse.de + +- fix bug #202756 - No Buffer Overflow check in Ethtool + +------------------------------------------------------------------- New: ---- ethtool-5-buffer-overflow.patch ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ethtool.spec ++++++ --- /var/tmp/diff_new_pack.y52ep3/_old 2006-09-07 01:10:39.000000000 +0200 +++ /var/tmp/diff_new_pack.y52ep3/_new 2006-09-07 01:10:39.000000000 +0200 @@ -16,10 +16,11 @@ Autoreqprov: on Summary: Examine and Tune Ethernet-Based Network Interfaces Version: 5 -Release: 1 +Release: 3 URL: http://sourceforge.net/projects/gkernel Source: %{name}-%{version}.tar.bz2 BuildRoot: %{_tmppath}/%{name}-%{version}-build +Patch: %{name}-%{version}-buffer-overflow.patch %description Ethtool is a small utility for examining and tuning ethernet-based @@ -36,6 +37,7 @@ %prep %setup -q +%patch %build %{suse_update_config -f} @@ -57,11 +59,13 @@ %files %defattr(-,root,root) -/usr/sbin/ethtool +%{_sbindir}/ethtool %{_mandir}/man8/ethtool.8* %doc AUTHORS COPYING INSTALL NEWS README ChangeLog %changelog -n ethtool +* Wed Sep 06 2006 - mskibbe@suse.de +- fix bug #202756 - No Buffer Overflow check in Ethtool * Mon Sep 04 2006 - mskibbe@suse.de - update to version 5 which includes: o Security: Avoid potential buffer overflow ++++++ ethtool-5-buffer-overflow.patch ++++++ --- ethtool.c +++ ethtool.c @@ -628,7 +628,13 @@ } if (devname == NULL) + { show_usage(1); + } else if (strlen(devname) > IFNAMSIZ - 1) { + fprintf(stderr, "Device name \"%s\" exceeds maximum length.\n", + devname); + exit(1); + } if (strlen(devname) >= IFNAMSIZ) show_usage(1); } ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Remember to have fun... --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-commit+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-commit+help@opensuse.org