commit sshguard for openSUSE:Factory

Wed, 31 Aug 2022 09:31:57 -0700 

Script 'mail_helper' called by obssrc
Hello community,

here is the log from the commit of package sshguard for openSUSE:Factory 
checked in at 2022-08-31 18:08:58
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/sshguard (Old)
 and      /work/SRC/openSUSE:Factory/.sshguard.new.2083 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Package is "sshguard"

Wed Aug 31 18:08:58 2022 rev:17 rq:1000390 version:2.4.2

Changes:
--------
--- /work/SRC/openSUSE:Factory/sshguard/sshguard.changes        2022-01-24 
23:11:13.438253584 +0100
+++ /work/SRC/openSUSE:Factory/.sshguard.new.2083/sshguard.changes      
2022-08-31 18:09:03.815387453 +0200
@@ -1,0 +2,6 @@
+Tue Aug 30 15:19:17 UTC 2022 - Marcus Meissner <meiss...@suse.com>
+
+- sshguard-overflow.patch: fixed 1 byte 0x00 overwrite in a memset
+  (bsc#1202944)
+
+-------------------------------------------------------------------

New:
----
  sshguard-overflow.patch

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Other differences:
------------------
++++++ sshguard.spec ++++++
--- /var/tmp/diff_new_pack.1vrhhT/_old  2022-08-31 18:09:04.351388871 +0200
+++ /var/tmp/diff_new_pack.1vrhhT/_new  2022-08-31 18:09:04.355388882 +0200
@@ -42,6 +42,7 @@
 # PATCH-FIX-UPSTREAM sshguard-gcc5.patch
 Patch0:         sshguard-gcc5.patch
 Patch1:         harden_sshguard.service.patch
+Patch2:         sshguard-overflow.patch
 Requires:       openssh
 Requires(pre):  %fillup_prereq
 
@@ -55,6 +56,7 @@
 %patch0 -p1
 find . -type f -iname "*.swp" -print -exec rm {} \;
 %patch1 -p1
+%patch2 -p1
 
 %build
 %configure \

++++++ sshguard-overflow.patch ++++++
Index: sshguard-2.4.2/src/blocker/sshguard_whitelist.c
===================================================================
--- sshguard-2.4.2.orig/src/blocker/sshguard_whitelist.c
+++ sshguard-2.4.2/src/blocker/sshguard_whitelist.c
@@ -276,7 +276,7 @@ int whitelist_add_block6(const char *res
     bitlen = masklen % 8;
     bitmask = 0xFF << (8 - bitlen);
     ab.address.ip6.mask.s6_addr[bytelen] = bitmask;
-    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, 
sizeof(ab.address.ip6.mask.s6_addr) - bytelen);
+    memset(& ab.address.ip6.mask.s6_addr[bytelen+1], 0x00, 
sizeof(ab.address.ip6.mask.s6_addr) - bytelen - 1);
 
     if (! list_contains(& whitelist, &ab)) {
         list_append(& whitelist, &ab);

Reply via email to