From patchwork Mon Jun 16 05:34:31 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: Yi Zhao X-Patchwork-Id: 65026 X-Patchwork-Delegate: steve@sakoman.com Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from aws-us-west-2-korg-lkml-1.web.codeaurora.org (localhost.localdomain [127.0.0.1]) by smtp.lore.kernel.org (Postfix) with ESMTP id B2FCDC71135 for ; Mon, 16 Jun 2025 05:34:51 +0000 (UTC) Received: from mx0a-0064b401.pphosted.com (mx0a-0064b401.pphosted.com [205.220.166.238]) by mx.groups.io with SMTP id smtpd.web11.23792.1750052087347962909 for ; Sun, 15 Jun 2025 22:34:47 -0700 Authentication-Results: mx.groups.io; dkim=none (message not signed); spf=permerror, err=parse error for token &{10 18 %{ir}.%{v}.%{d}.spf.has.pphosted.com}: invalid domain name (domain: windriver.com, ip: 205.220.166.238, mailfrom: prvs=82629f7152=yi.zhao@windriver.com) Received: from pps.filterd (m0250810.ppops.net [127.0.0.1]) by mx0a-0064b401.pphosted.com (8.18.1.2/8.18.1.2) with ESMTP id 55G4ivj6009786 for ; Sun, 15 Jun 2025 22:34:47 -0700 Received: from nam11-co1-obe.outbound.protection.outlook.com (mail-co1nam11on2057.outbound.protection.outlook.com [40.107.220.57]) by mx0a-0064b401.pphosted.com (PPS) with ESMTPS id 4794c3sb18-1 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT) for ; Sun, 15 Jun 2025 22:34:46 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; s=arcselector10001; d=microsoft.com; cv=none; b=MTcriv+K1E3RXvY4qRcsKfQST3TG3sjKjAU+vMZX4rOrT1B3JwYMrcPR63J06JpRGpgbaA4g9nIxMgV4umb5p4NDQEJPURj84pIT9ByFSTAR72Gsh/w7zKlkAQIeG2dyB2V8AF4tMenr7BOMbzdZNBDVSrPUqONF2Q7JUfI/vwTG1MG2AOFFQq62useVt50eCD9Dbu1FetjQklk66oV6tQqjpvH2L3dqlVtG8gWqTLIfIvw18FxmHeB+zAWF0GkMOQp3sG59qNsNWYqcbj2JcV3gTomXbpzU9Zw/Ey0vIBknzvXEIVA3gNSdl7siN6ke2Jh3eGLE1SBhH+UK4OFRhg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector10001; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=9LDOX+7g9B4JYR1GourYSHYYX8fGAmG+6/wcBjJZMbs=; b=sR0Z6e/jJrh8UNV7Ry9gmcdYikkde5S9N/CplGwBllj8b93aLztb7BcwF1vsOtxDExw32u7DFSmbIkOTiodRT8CRV2tQTcc5H/kIiUDfYWzGt3ko4FM2TcdGDizB3DEpA69/pEjK6Y4Y8oZsj5fTnct5thj865576Gx1DdLBFZk91wHpc2vQE1gKb2+5hIuwK7lU1xajqCxNvmXyCpll0a+F6dKwYx9lIDTT/WapPeQQld5W/rKAdiWyVLW7MFmzd/A8nGD13rSJA60KICujxrXeHqAKv2z28MBZkMFwB4fIo/gdppdacAkrUJ3CDkb6iJJtzt+pTqmYIHr0StU/dg== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=windriver.com; dmarc=pass action=none header.from=windriver.com; dkim=pass header.d=windriver.com; arc=none Received: from DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) by PH0PR11MB4950.namprd11.prod.outlook.com (2603:10b6:510:33::20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.8835.28; Mon, 16 Jun 2025 05:34:45 +0000 Received: from DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad]) by DS0PR11MB6399.namprd11.prod.outlook.com ([fe80::2b44:787c:e7ee:bfad%3]) with mapi id 15.20.8835.018; Mon, 16 Jun 2025 05:34:45 +0000 From: Yi Zhao To: openembedded-core@lists.openembedded.org Subject: [walnascar][PATCH] net-tools: Security fix for CVE-2025-46836 Date: Mon, 16 Jun 2025 13:34:31 +0800 Message-Id: <20250616053431.457613-1-yi.zhao@windriver.com> X-Mailer: git-send-email 2.34.1 X-ClientProxiedBy: TYCP286CA0042.JPNP286.PROD.OUTLOOK.COM (2603:1096:400:29d::18) To DS0PR11MB6399.namprd11.prod.outlook.com (2603:10b6:8:c8::5) MIME-Version: 1.0 X-MS-PublicTrafficType: Email X-MS-TrafficTypeDiagnostic: DS0PR11MB6399:EE_|PH0PR11MB4950:EE_ X-MS-Office365-Filtering-Correlation-Id: d0b2dc6b-83cc-4c81-1d72-08ddac978044 X-MS-Exchange-SenderADCheck: 1 X-MS-Exchange-AntiSpam-Relay: 0 X-Microsoft-Antispam: BCL:0;ARA:13230040|52116014|376014|366016|1800799024|13003099007|38350700014; X-Microsoft-Antispam-Message-Info: =?utf-8?q?cGCXfOE/h8srQyDR08pDY6tfcyTk3pI?= =?utf-8?q?gYCppitZhkJo2Pze38y/HFkfVVxr23eW4mcX3h+AzTu0ujG//hDUTfkbolgEP3B9d?= =?utf-8?q?hL82+A0LceaaAOHYnwlQo2mKRWFcnTGW8MQl4Kkne1+hcpnYW8zymlbnrHf/UyWCo?= =?utf-8?q?O0uKBpu1Fvv8Mp6dZJMx2sbS5UjmqhvdtOujjYlKEvtXmpoE/ZKa+5KQ6vh6oWzvW?= =?utf-8?q?8/LThzBatFAS2JRRgolFvsgX7wf6cmhl8v34BU++VhgZFgL5RRDJ3V1PI+UaL7M5o?= =?utf-8?q?KO4310I8+ijpiYuzFGmA/v6Mfq5GTGFrQQ/GzKLiYFaDta15c+9b4gLFCD7pD3f+k?= =?utf-8?q?QtQibde94zddTFysGlybTibe4BVsbmlS5JgMj7a06ahi7MKWz0mm0Q2fXlcuUk7+g?= =?utf-8?q?P03RVso4nX9X35sE6L3pnnH2AnFnJ1NieHaNFM/5g7NhiO7YiaLGPrc7VIcQWBbWj?= =?utf-8?q?Xty0G5RoQoHL3HHcZ7Rij6vUeND+KSTyORnqBmxLF3fBzx42YCovobayXjflE/bpa?= =?utf-8?q?9hI7D5oXsRFFGNxs2NARNmCecWC8smrXePJZjNA1QS6JNVWkdJgDFTb4bcIGnc5GX?= =?utf-8?q?/OmMmY4liNMzV0XBO36wXhXGT9+aTZyf5neKCevFa5IS4b+FDpwsMqib1cV+eUIeQ?= =?utf-8?q?njPFtdKZdPDuCBU7wq1OuvXHw/DpJzdglXZv9dcG163GDBRvgsmmV32dhgyRBeoFh?= =?utf-8?q?Px4mm30y566m/lR+DtskGsjvqXVT7oZ6XGgRDuzQ9iB+pqSsiZLB8kY5SnYZgMyoS?= =?utf-8?q?fHS+9F45FlbkN2ld6XiMn0eZky8J0fKn+9N9co9AEvVesQPhzrfv8r5pQNf7MWhCT?= =?utf-8?q?mE1cPmo6+O2rnPoHNuUs0/3euEyJY+LDpodZggxxbGPQ5W35tVec+hab0O5eRPcH+?= =?utf-8?q?XqYTUTdgtUUyGmGy2whErmzgd/D73d3P2eOa80nkNfgkHgZlSjQuDbD09x9tTgBPV?= =?utf-8?q?4VhSCB547ydToVE2R9VaOnBSMYL9M/1eiLEwklJj4GxX94/9kFLQmhaehM+52N3J/?= =?utf-8?q?HgueYpE7kplXS5zsfKmBMVMwnOdLvqPFBH7yKzXikRnErR3HyE4a/4YgyzgKDCaHW?= =?utf-8?q?ZyjVJoAdri7wxytw4I2fxToshBqNg5fY4yzMx3dpTBJaL062Pw+lS/JsWkoDWjT53?= =?utf-8?q?uX6fdpBNEModwUoUpk/+CS2iYcp4FpssFkgqrxjWgJ6eb7GWPfsiL5lUDk4JZ1id3?= =?utf-8?q?eEoEiAzSpP0cZlGipBxDVEmnKGwlGr0KgejBRIK9XlK14DZdKbIn5KDnoapCOyw1U?= =?utf-8?q?0iJ0oTvEGXn8gXeuYUvhGXVaaf5shXJIlOwSo6XLTIxmuJRK6wZ7NmxilvRHdkcS5?= =?utf-8?q?RBzJ0CoWX01IkgqxyazDrAGt5QCtszso3cqBAIvnu237XyZUlIsKFTbeIlyDgpOS1?= =?utf-8?q?sTDR/pq64NUTgCfhICDWSx6qJpXHBEE0FcwYkoY/S87jDqq2iaTeZM=3D?= X-Forefront-Antispam-Report: CIP:255.255.255.255;CTRY:;LANG:en;SCL:1;SRV:;IPV:NLI;SFV:NSPM;H:DS0PR11MB6399.namprd11.prod.outlook.com;PTR:;CAT:NONE;SFS:(13230040)(52116014)(376014)(366016)(1800799024)(13003099007)(38350700014);DIR:OUT;SFP:1101; X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1 X-MS-Exchange-AntiSpam-MessageData-0: =?utf-8?q?y/jeiKz5AtHFRMAMehFwKso2om4g?= =?utf-8?q?SxcAf3+jLHKuW+K2of7BO45CjiDJ/BfcV6QICJ112T10QR6hMWcBObyXumFCe9n4K?= =?utf-8?q?d887KPR5evsz/J/o05ETySMqAga5uzV6NQaA5wqVrUGddV1qBEhHtKxF5WXdUV92t?= =?utf-8?q?m0J49KMfNLIBmAhFjpcwTh0vzskrILZZbB62AzXDjlUXEn+ztosCc06oIRDhl2YZX?= =?utf-8?q?4Ty4fD9UtFEZGBkgsMxlyREflhHu01OeoJdZqhhrf2yowSiW7UST4Tl5sqDrT16OY?= =?utf-8?q?vkkOsKAKtUg1S2YnefrkGGkveZ2zcj2iW5NoQbBfy7/VzRWesDLaOAicA8MHgbh0S?= =?utf-8?q?esjf4tqZCnHogO2EUU6PMERdiLxm/clqCSF6CTthO8/HOJc5ousZxZqlOcgZC2M2I?= =?utf-8?q?EWKeXzyJGJ9Hl1RTxVg8gdEgU61YE1B0Fy7NYhEENZvoFChq1woPB6vol+3PSzJbG?= =?utf-8?q?U4+rI0Xbgeb0HM3ErExU18vwOvHQfF6Rn5gOC6uvdhszEan1e6B5Lp9zo+jocL1EO?= =?utf-8?q?sTm2A/joTBc8WBEmxj+Os3C99qQtcGQrfWyUO84v9EnN1RZlSwOk2UDY1CeRShefX?= =?utf-8?q?vSDncUW5OrADUzCrHkLtSIGxaULjnXffK6kAiUm2p85eo+dqvrBNaGoer3T4zf6Wx?= =?utf-8?q?AGIVtfEl/RVdLi9CHn7Bq3Ci9+cwjrfBG6gKl+r1aciHWVAvlm54eehazcV4NNB8B?= =?utf-8?q?sltv0jZoAtL/IRRWilFCYxqfVbdKSxnpD3GSp+DcgGg+l2Aed73RG/UNjOVQNbxzE?= =?utf-8?q?EiNyfzRfHEhFhwozoCMix9qYdYj4xYIljX5Csk4fBnZ/4L4U+nb2LZmpvPpKu8Mgh?= =?utf-8?q?gcMzSAffKma8bRrxCEB6VJNKQ8MqhqaK6vtVRMwCVPDGNb1uuB01sUZ95zKEnC36U?= =?utf-8?q?wWI1Ug87r9CUzWZtO6+KJ/CtejcrUjk90L0HJ+8LqOopxDxeWUWqbxLl2H+Q+IhaM?= =?utf-8?q?YCkV3EY1yyM99s2D3j0lx9fYqZOtxNpcOcGV/OqOaP0A1V+2I22Pv25oJxYOlf0a4?= =?utf-8?q?JHVinJUlicnAIcR924PRCv4tvFSxdW8w+PCewX4nJFMVL2r8dvqDAsRnUlFxUpN8r?= =?utf-8?q?JSOqjl6Aok8X033geKOHDJSwIFgpT8RNt2Mt5ZGwj7aedKXqJyQMhZCJRolWBHWl/?= =?utf-8?q?p2Zx04L7Kub+j1BL5stExjd6y5JJdSh+fKRwhkSrkzMIboyHsQw+kHsPTDhOTtkyg?= =?utf-8?q?Gol90zE2T10fEvdWMpcNok/y2QWVYkZZiHb4vF0aDmpQq0VaC60ROE4IsOPnOJN8u?= =?utf-8?q?Vq7m1NiKxt0FwYBXtMTMVDEAuakmuSWOoqg7Kn5ISGOmlOZ3Q6aryuVp03qT3Q/in?= =?utf-8?q?sso3lSZQpmhaH3eTy+NjMbZFh2iDbISYXxqs11w+6B2p0AEr+ElgbQ1l5aTFmslq5?= =?utf-8?q?7oyoK2d5RElryq1kP6xHxEm8rZrMWf1FGzdR1rcF1sgYkHsFRCFwYj/0Q9VEsIzVr?= =?utf-8?q?I+7K2OqSRDmNPH0xYKZhT/XDvJwoK/vjCSbbP5a1ofESDMqs5WhX3GSIfbzeoKsSr?= =?utf-8?q?jCU3tbKPHmDB?= X-OriginatorOrg: windriver.com X-MS-Exchange-CrossTenant-Network-Message-Id: d0b2dc6b-83cc-4c81-1d72-08ddac978044 X-MS-Exchange-CrossTenant-AuthSource: DS0PR11MB6399.namprd11.prod.outlook.com X-MS-Exchange-CrossTenant-AuthAs: Internal X-MS-Exchange-CrossTenant-OriginalArrivalTime: 16 Jun 2025 05:34:45.0060 (UTC) X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted X-MS-Exchange-CrossTenant-Id: 8ddb2873-a1ad-4a18-ae4e-4644631433be X-MS-Exchange-CrossTenant-MailboxType: HOSTED X-MS-Exchange-CrossTenant-UserPrincipalName: tZrKcved6R+/4rIJyLJFKM9Ixcb/fbom4LMUPS0RowLyreXUHxuutBMzAVNjp5P5aPogwsUJosKpXT6E3Sueag== X-MS-Exchange-Transport-CrossTenantHeadersStamped: PH0PR11MB4950 X-Proofpoint-ORIG-GUID: 3nOBsrZDRbBAuBCiJnz21yNX0ef1-Qcm X-Authority-Analysis: v=2.4 cv=b9Gy4sGx c=1 sm=1 tr=0 ts=684facf6 cx=c_pps a=VT18+VkyHbPNoTIOWiYcNQ==:117 a=6eWqkTHjU83fiwn7nKZWdM+Sl24=:19 a=lCpzRmAYbLLaTzLvsPZ7Mbvzbb8=:19 a=wKuvFiaSGQ0qltdbU6+NXLB8nM8=:19 a=Ol13hO9ccFRV9qXi2t6ftBPywas=:19 a=xqWC_Br6kY4A:10 a=IkcTkHD0fZMA:10 a=6IFa9wvqVegA:10 a=PYnjg3YJAAAA:8 a=NEAV23lmAAAA:8 a=t7CeM3EgAAAA:8 a=pGLkceISAAAA:8 a=2z1OXlWFAAAA:8 a=6RGDHLEMwk7n6fM-XBkA:9 a=3ZKOabzyN94A:10 a=QEXdDO2ut3YA:10 a=FdTzh2GWekK77mhwV6Dw:22 a=SNRPda0NjyR9MlWdJ_lJ:22 X-Proofpoint-GUID: 3nOBsrZDRbBAuBCiJnz21yNX0ef1-Qcm X-Proofpoint-Spam-Details-Enc: AW1haW4tMjUwNjE2MDAzNSBTYWx0ZWRfXxup/WkXPnSM2 SuoNNgyb362yKQoM50BQAUwEF3G1i+IbKu9JDPknOumIz2etwFavcliJE475sr8oZKZ1HB8gs52 M7bQZF/lqfpcMhhcHUv300c2vJRzhydNiUtLDeW4clgDQACmxcrn7VbmJ9yLoK4SFgrwmVcdYUM Dfv9ZPQLn1ksbP5xqG8t2L/yj8PGFuh1HyVoB3H8SExAfFPJaS3wMhuvY0EP4ZWwziO8Qr39abA pxSworCs7Mo2uux8dr7XTbkSxNZJ7vvnVb2RW+V0l97bTfsXsJdLdeWrFbJ1SMDGUsDTZsxIYfS gaOWwvTyFTYxRzzIt4G5ads5y4S3/yFOjdychnQysfWo9AydlnirBy2EveAIkryTP6x36F6uXDu aXCB+z6Bi2tZNThepmAlrsb0foXAuBhhRqlYMfmJgXyZlpFoOCo1wTnUMIimiQpFC27RxiEQ X-Proofpoint-Virus-Version: vendor=baseguard engine=ICAP:2.0.293,Aquarius:18.0.1099,Hydra:6.0.736,FMLib:17.12.80.40 definitions=2025-06-16_02,2025-06-13_01,2025-03-28_01 X-Proofpoint-Spam-Details: rule=outbound_notspam policy=outbound score=0 mlxscore=0 suspectscore=0 spamscore=0 clxscore=1015 impostorscore=0 malwarescore=0 priorityscore=1501 lowpriorityscore=0 bulkscore=0 phishscore=0 mlxlogscore=999 adultscore=0 classifier=spam authscore=0 authtc=n/a authcc= route=outbound adjust=0 reason=mlx scancount=1 engine=8.21.0-2505280000 definitions=main-2506160035 X-MIME-Autoconverted: from 8bit to quoted-printable by mx0a-0064b401.pphosted.com id 55G4ivj6009786 List-Id: X-Webhook-Received: from li982-79.members.linode.com [45.33.32.79] by aws-us-west-2-korg-lkml-1.web.codeaurora.org with HTTPS for ; Mon, 16 Jun 2025 05:34:51 -0000 X-Groupsio-URL: https://lists.openembedded.org/g/openembedded-core/message/218769 CVE-2025-46836: net-tools is a collection of programs that form the base set of the NET-3 networking distribution for the Linux operating system. Inn versions up to and including 2.10, the Linux network utilities (like ifconfig) from the net-tools package do not properly validate the structure of /proc files when showing interfaces. `get_name()` in `interface.c` copies interface labels from `/proc/net/dev` into a fixed 16-byte stack buffer without bounds checking, leading to possible arbitrary code execution or crash. The known attack path does not require privilege but also does not provide privilege escalation in this scenario. A patch is available and expected to be part of version 2.20. Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-46836 Patch from: https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d https://github.com/ecki/net-tools/commit/ddb0e375fb9ca95bb69335540b85bbdaa2714348 Signed-off-by: Yi Zhao --- .../net-tools/net-tools/CVE-2025-46836.patch | 129 ++++++++++++++++++ .../net-tools/net-tools_2.10.bb | 1 + 2 files changed, 130 insertions(+) create mode 100644 meta/recipes-extended/net-tools/net-tools/CVE-2025-46836.patch diff --git a/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836.patch b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836.patch new file mode 100644 index 0000000000..5ddd0585bc --- /dev/null +++ b/meta/recipes-extended/net-tools/net-tools/CVE-2025-46836.patch @@ -0,0 +1,129 @@ +From 7a8f42fb20013a1493d8cae1c43436f85e656f2d Mon Sep 17 00:00:00 2001 +From: Zephkeks +Date: Tue, 13 May 2025 11:04:17 +0200 +Subject: [PATCH] CVE-2025-46836: interface.c: Stack-based Buffer Overflow in + get_name() + +Coordinated as GHSA-pfwf-h6m3-63wf + +CVE: CVE-2025-46836 + +Upstream-Status: Backport +[https://github.com/ecki/net-tools/commit/7a8f42fb20013a1493d8cae1c43436f85e656f2d] +[https://github.com/ecki/net-tools/commit/ddb0e375fb9ca95bb69335540b85bbdaa2714348] + +Signed-off-by: Yi Zhao +--- + lib/interface.c | 63 ++++++++++++++++++++++++++++++------------------- + 1 file changed, 39 insertions(+), 24 deletions(-) + +diff --git a/lib/interface.c b/lib/interface.c +index 71d4163..a054f12 100644 +--- a/lib/interface.c ++++ b/lib/interface.c +@@ -211,32 +211,47 @@ out: + } + + static const char *get_name(char *name, const char *p) ++/* Safe version — guarantees at most IFNAMSIZ‑1 bytes are copied ++ and the destination buffer is always NUL‑terminated. */ + { +- while (isspace(*p)) +- p++; +- while (*p) { +- if (isspace(*p)) +- break; +- if (*p == ':') { /* could be an alias */ +- const char *dot = p++; +- while (*p && isdigit(*p)) p++; +- if (*p == ':') { +- /* Yes it is, backup and copy it. */ +- p = dot; +- *name++ = *p++; +- while (*p && isdigit(*p)) { +- *name++ = *p++; +- } +- } else { +- /* No, it isn't */ +- p = dot; +- } +- p++; +- break; +- } +- *name++ = *p++; ++ char *dst = name; /* current write ptr */ ++ const char *end = name + IFNAMSIZ - 1; /* last byte we may write */ ++ ++ /* Skip leading white‑space. */ ++ while (isspace((unsigned char)*p)) ++ ++p; ++ ++ /* Copy until white‑space, end of string, or buffer full. */ ++ while (*p && !isspace((unsigned char)*p) && dst < end) { ++ if (*p == ':') { /* possible alias veth0:123: */ ++ const char *dot = p; /* remember the colon */ ++ ++p; ++ while (*p && isdigit((unsigned char)*p)) ++ ++p; ++ ++ if (*p == ':') { /* confirmed alias */ ++ p = dot; /* rewind and copy it all */ ++ ++ /* copy the colon */ ++ if (dst < end) ++ *dst++ = *p++; ++ ++ /* copy the digits */ ++ while (*p && isdigit((unsigned char)*p) && dst < end) ++ *dst++ = *p++; ++ ++ if (*p == ':') /* consume trailing colon */ ++ ++p; ++ } else { /* if so treat as normal */ ++ p = dot; ++ } ++ break; /* interface name ends here */ ++ } ++ ++ *dst++ = *p++; /* ordinary character copy */ + } +- *name++ = '\0'; ++ ++ *dst = '\0'; /* always NUL‑terminate */ + return p; + } + +-- +2.34.1 + +From ddb0e375fb9ca95bb69335540b85bbdaa2714348 Mon Sep 17 00:00:00 2001 +From: Bernd Eckenfels +Date: Sat, 17 May 2025 21:53:23 +0200 +Subject: [PATCH] Interface statistic regression after 7a8f42fb2 + +--- + lib/interface.c | 5 ++--- + 1 file changed, 2 insertions(+), 3 deletions(-) + +diff --git a/lib/interface.c b/lib/interface.c +index a054f12..ca4adf1 100644 +--- a/lib/interface.c ++++ b/lib/interface.c +@@ -239,12 +239,11 @@ static const char *get_name(char *name, const char *p) + /* copy the digits */ + while (*p && isdigit((unsigned char)*p) && dst < end) + *dst++ = *p++; +- +- if (*p == ':') /* consume trailing colon */ +- ++p; + } else { /* if so treat as normal */ + p = dot; + } ++ if (*p == ':') /* consume trailing colon */ ++ ++p; + break; /* interface name ends here */ + } + +-- +2.34.1 + diff --git a/meta/recipes-extended/net-tools/net-tools_2.10.bb b/meta/recipes-extended/net-tools/net-tools_2.10.bb index 7facc0cc8d..d8090b88d2 100644 --- a/meta/recipes-extended/net-tools/net-tools_2.10.bb +++ b/meta/recipes-extended/net-tools/net-tools_2.10.bb @@ -11,6 +11,7 @@ SRC_URI = "git://git.code.sf.net/p/net-tools/code;protocol=https;branch=master \ file://net-tools-config.h \ file://net-tools-config.make \ file://Add_missing_headers.patch \ + file://CVE-2025-46836.patch \ " S = "${WORKDIR}/git"