Improve changes text

Add context about relation of bsc#142461 and bsc#1243581.

0002-Do-not-warn-about-interface-socket-not-binded.patch

@@ -1,33 +0,0 @@
-From 5b612570220e66ea3197b88b5f9d81e064f9e873 Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
-Date: Sat, 17 Jun 2017 22:15:06 +0200
-Subject: [PATCH 2/7] Do not warn about interface socket not binded
-
----
- lib/interface.c | 10 ++++------
- 1 file changed, 4 insertions(+), 6 deletions(-)
-
-diff --git a/lib/interface.c b/lib/interface.c
-index e8ab2b8..94e554b 100644
---- a/lib/interface.c
-+++ b/lib/interface.c
-@@ -173,12 +173,10 @@ static int if_readconf(void)
-        (as of 2.1.128) */
-     skfd = get_socket_for_af(AF_INET);
-     if (skfd < 0) {
--	fprintf(stderr, _("warning: no inet socket available: %s\n"),
--		strerror(errno));
--	/* Try to soldier on with whatever socket we can get hold of.  */
--	skfd = sockets_open(0);
--	if (skfd < 0)
--	    return -1;
-+	    /* Try to soldier on with whatever socket we can get hold of.  */
-+	    skfd = sockets_open(0);
-+	    if (skfd < 0)
-+	        return -1;
-     }
- 
-     ifc.ifc_buf = NULL;
--- 
-2.13.1
-

0004-By-default-do-not-fopen-anything-in-netrom_gr.patch

@@ -1,28 +0,0 @@
-From 70a4077962be2dc3ea7dc20a3687e9f1c7458ade Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
-Date: Sat, 17 Jun 2017 22:26:14 +0200
-Subject: [PATCH 4/7] By default do not fopen anything in netrom_gr
-
-This is SUSE specific patch basically disabling this functionality.
----
- lib/netrom_gr.c | 4 ++--
- 1 file changed, 2 insertions(+), 2 deletions(-)
-
-diff --git a/lib/netrom_gr.c b/lib/netrom_gr.c
-index ec82fe8..eecf148 100644
---- a/lib/netrom_gr.c
-+++ b/lib/netrom_gr.c
-@@ -32,8 +32,8 @@
- 
- int NETROM_rprint(int options)
- {
--    FILE *f1 = fopen(_PATH_PROCNET_NR_NODES, "r");
--    FILE *f2 = fopen(_PATH_PROCNET_NR_NEIGH, "r");
-+    FILE *f1 = NULL;
-+    FILE *f2 = NULL;
-     char buffer[256];
-     int qual, n, w;
-     /*int ext = options & FLAG_EXT;
--- 
-2.13.1
-

0006-Allow-interface-stacking.patch

@@ -1,85 +0,0 @@
-From 3e27ced0c24be18dc443f7eb1421c7c3c1755cfe Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= <tchvatal@suse.com>
-Date: Sun, 18 Jun 2017 08:54:17 +0200
-Subject: [PATCH 6/7] Allow interface stacking
-
----
- lib/interface.c | 25 +++++++++++++++----------
- 1 file changed, 15 insertions(+), 10 deletions(-)
-
-diff --git a/lib/interface.c b/lib/interface.c
-index 7e326a0..42d86fb 100644
---- a/lib/interface.c
-+++ b/lib/interface.c
-@@ -208,10 +208,11 @@ out:
-     return err;
- }
- 
--static const char *get_name(char *name, const char *p)
-+static const char *get_name(char **namep, const char *p)
- {
-     while (isspace(*p))
- 	p++;
-+    char *name = *namep = p;
-     while (*p) {
- 	if (isspace(*p))
- 	    break;
-@@ -314,9 +315,10 @@ static int get_dev_fields(const char *bp, struct interface *ife)
- static int if_readlist_proc(const char *target)
- {
-     FILE *fh;
--    char buf[512];
-     struct interface *ife;
-     int err;
-+    char *line = NULL;
-+    size_t linelen = 0;
- 
-     fh = fopen(_PATH_PROCNET_DEV, "r");
-     if (!fh) {
-@@ -324,10 +326,11 @@ static int if_readlist_proc(const char *target)
- 			_PATH_PROCNET_DEV, strerror(errno));
- 		return -2;
- 	}
--    if (fgets(buf, sizeof buf, fh))
--		/* eat line */;
--    if (fgets(buf, sizeof buf, fh))
--		/* eat line */;
-+    if (getline(&line, &linelen, fh) == -1 /* eat line */
-+	|| getline(&line, &linelen, fh) == -1) {
-+		err = -1;
-+		goto out;
-+    }
- 
- #if 0				/* pretty, but can't cope with missing fields */
-     fmt = proc_gen_fmt(_PATH_PROCNET_DEV, 1, fh,
-@@ -352,14 +355,14 @@ static int if_readlist_proc(const char *target)
-     if (!fmt)
- 	return -1;
- #else
--    procnetdev_vsn = procnetdev_version(buf);
-+    procnetdev_vsn = procnetdev_version(line);
- #endif
- 
-     err = 0;
--    while (fgets(buf, sizeof buf, fh)) {
-+    while (getline(&line, &linelen, fh) != -1) {
- 	const char *s;
--	char name[IFNAMSIZ];
--	s = get_name(name, buf);
-+	char *name;
-+	s = get_name(&name, line);
- 	ife = if_cache_add(name);
- 	get_dev_fields(s, ife);
- 	ife->statistics_valid = 1;
-@@ -374,6 +377,8 @@ static int if_readlist_proc(const char *target)
- #if 0
-     free(fmt);
- #endif
-+  out:
-+    free(line);
-     fclose(fh);
-     return err;
- }
--- 
-2.13.1
-

net-tools-CVE-2025-46836.patch

@@ -9,23 +9,19 @@ Coordinated as GHSA-pfwf-h6m3-63wf
  lib/interface.c | 63 ++++++++++++++++++++++++++++++-------------------
  1 file changed, 39 insertions(+), 24 deletions(-)
 
-Index: net-tools-2.10/lib/interface.c
-===================================================================
---- net-tools-2.10.orig/lib/interface.c
-+++ net-tools-2.10/lib/interface.c
-@@ -209,33 +209,46 @@ out:
+diff --git a/lib/interface.c b/lib/interface.c
+index 71d4163..a054f12 100644
+--- a/lib/interface.c
++++ b/lib/interface.c
+@@ -211,32 +211,47 @@ out:
  }
  
- static const char *get_name(char **namep, const char *p)
+ static const char *get_name(char *name, const char *p)
 +/* Safe version — guarantees at most IFNAMSIZ‑1 bytes are copied
 +   and the destination buffer is always NUL‑terminated.             */
  {
 -    while (isspace(*p))
 -	p++;
-+    /* Skip leading white‑space. */
-+    while (isspace((unsigned char)*p))
-+        ++p;
-     char *name = *namep = p;
 -    while (*p) {
 -	if (isspace(*p))
 -	    break;
@@ -49,6 +45,11 @@ Index: net-tools-2.10/lib/interface.c
 -	*name++ = *p++;
 +    char       *dst = name;                 /* current write ptr          */
 +    const char *end = name + IFNAMSIZ - 1;  /* last byte we may write     */
++
++    /* Skip leading white‑space. */
++    while (isspace((unsigned char)*p))
++        ++p;
++
 +    /* Copy until white‑space, end of string, or buffer full. */
 +    while (*p && !isspace((unsigned char)*p) && dst < end) {
 +        if (*p == ':') {                    /* possible alias veth0:123:  */
@@ -84,3 +85,6 @@ Index: net-tools-2.10/lib/interface.c
      return p;
  }
  
+-- 
+2.48.1
+

net-tools-ax25+netrom-overflow-1.patch

@@ -0,0 +1,79 @@
+From c084d1fea5de0f6dcaed4a59b38a4140bd2e9f13 Mon Sep 17 00:00:00 2001
+From: Bernd Eckenfels <net-tools@lina.inka.de>
+Date: Sat, 16 Aug 2025 22:29:13 +0200
+Subject: [PATCH 1/2] Prevent overflow in ax25 and netrom
+
+Fixes sourceforge #48
+
+Thanks to Bernard Pidoux.
+---
+ lib/ax25.c   | 12 +++++++++---
+ lib/netrom.c | 10 ++++++++--
+ 2 files changed, 17 insertions(+), 5 deletions(-)
+
+diff --git a/lib/ax25.c b/lib/ax25.c
+index 80a82c4..ab40e00 100644
+--- a/lib/ax25.c
++++ b/lib/ax25.c
+@@ -47,9 +47,10 @@ static char AX25_errmsg[128];
+ 
+ extern struct aftype ax25_aftype;
+ 
++// align with NETROM_orint
+ static const char *AX25_print(const char *ptr)
+ {
+-    static char buff[8];
++    static char buff[10]; // N0CALL-15
+     int i;
+ 
+     for (i = 0; i < 6; i++) {
+@@ -58,9 +59,14 @@ static const char *AX25_print(const char *ptr)
+ 	    buff[i] = '\0';
+     }
+     buff[6] = '\0';
++
++    // add SSID
+     i = ((ptr[6] & 0x1E) >> 1);
+-    if (i != 0)
+-	sprintf(&buff[strlen(buff)], "-%d", i);
++    if (i != 0) {
++        int l = strlen(buff);
++        sprintf(&buff[l], sizeof(buff)-l, "-%d", i);
++    }
++
+     return (buff);
+ }
+ 
+diff --git a/lib/netrom.c b/lib/netrom.c
+index 6bcde2d..309e7cb 100644
+--- a/lib/netrom.c
++++ b/lib/netrom.c
+@@ -54,7 +54,7 @@ extern struct aftype netrom_aftype;
+ 
+ static const char *NETROM_print(const char *ptr)
+ {
+-    static char buff[8];
++    static char buff[10]; // N0CALL-15\0
+     int i;
+ 
+     for (i = 0; i < 6; i++) {
+@@ -63,9 +63,15 @@ static const char *NETROM_print(const char *ptr)
+ 	    buff[i] = '\0';
+     }
+     buff[6] = '\0';
++
++    // add SSID
+     i = ((ptr[6] & 0x1E) >> 1);
+     if (i != 0)
+-	sprintf(&buff[strlen(buff)], "-%d", i);
++    {
++        int l = strlen(buff); // 0-6
++        snprintf(&buff[l],sizeof(buff)-l, "-%d", i);
++    }
++
+     return (buff);
+ }
+ 
+-- 
+2.48.1
+

net-tools-ax25+netrom-overflow-2.patch

@@ -0,0 +1,27 @@
+From 139f5d85e4e93bd75bc1072349bce19bf56c058a Mon Sep 17 00:00:00 2001
+From: Adam Sampson <ats@offog.org>
+Date: Sun, 17 Aug 2025 02:33:45 +0100
+Subject: [PATCH 2/2] Fix sprintf that should be snprintf
+
+c084d1fea5de0f6dcaed4a59b38a4140bd2e9f13 ("Prevent overflow in ax25 and
+netrom") added the length argument, but didn't change the function name.
+---
+ lib/ax25.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/lib/ax25.c b/lib/ax25.c
+index ab40e00..aee4214 100644
+--- a/lib/ax25.c
++++ b/lib/ax25.c
+@@ -64,7 +64,7 @@ static const char *AX25_print(const char *ptr)
+     i = ((ptr[6] & 0x1E) >> 1);
+     if (i != 0) {
+         int l = strlen(buff);
+-        sprintf(&buff[l], sizeof(buff)-l, "-%d", i);
++        snprintf(&buff[l], sizeof(buff)-l, "-%d", i);
+     }
+ 
+     return (buff);
+-- 
+2.48.1
+

net-tools-ifconfig-avoid-unsafe-memcpy.patch

@@ -0,0 +1,26 @@
+From 28097633198312316ca99ec648fbe5856b1b58f7 Mon Sep 17 00:00:00 2001
+From: Bernd <bernd@eckenfels.net>
+Date: Sat, 17 May 2025 22:33:34 +0200
+Subject: [PATCH] Avoid memcpy (reverted from Last)
+
+It cant overflow at this place, but if we have a Safe function we might as well keep using it.
+---
+ ifconfig.c | 2 +-
+ 1 file changed, 1 insertion(+), 1 deletion(-)
+
+diff --git a/ifconfig.c b/ifconfig.c
+index 7688a79..696abb9 100644
+--- a/ifconfig.c
++++ b/ifconfig.c
+@@ -336,7 +336,7 @@ int main(int argc, char **argv)
+ 	fprintf(stderr, "%s(%lu): interface name length must be < %i\n", *spp, len, IFNAMSIZ);
+ 	return EXIT_FAILURE;
+     }
+-    memcpy(ifr.ifr_name, *spp++, len+1);
++    safe_strncpy(ifr.ifr_name, *spp++, IFNAMSIZ);
+     if (*spp == (char *) NULL) {
+ 	int err = if_print(ifr.ifr_name);
+ 	(void) close(skfd);
+-- 
+2.48.1
+

net-tools-ifconfig-long-name-warning.patch

@@ -0,0 +1,30 @@
+From f7a6ecf2782a96ef38477bb22c3c17713179b05f Mon Sep 17 00:00:00 2001
+From: Stanislav Brabec <sbrabec@suse.com>
+Date: Mon, 25 Aug 2025 22:51:19 +0200
+Subject: [PATCH] Change interface name length overflow to warning.
+
+Interface name is limited to IFNAMSIZ. To keep compatibility with the
+old behavior before 61f4890, change the error to warning.
+---
+ ifconfig.c | 5 +----
+ 1 file changed, 1 insertion(+), 4 deletions(-)
+
+diff --git a/ifconfig.c b/ifconfig.c
+index 696abb9..d42a694 100644
+--- a/ifconfig.c
++++ b/ifconfig.c
+@@ -332,10 +332,7 @@ int main(int argc, char **argv)
+     spp = argv;
+     size_t len = strlen(*spp);
+     if (len >= IFNAMSIZ)
+-    {
+-	fprintf(stderr, "%s(%lu): interface name length must be < %i\n", *spp, len, IFNAMSIZ);
+-	return EXIT_FAILURE;
+-    }
++	fprintf(stderr, _("Warning: truncating interface name %s length %lu to %u\n"), *spp, len, IFNAMSIZ-1);
+     safe_strncpy(ifr.ifr_name, *spp++, IFNAMSIZ);
+     if (*spp == (char *) NULL) {
+ 	int err = if_print(ifr.ifr_name);
+-- 
+2.48.1
+

net-tools-parse_hex-stack-overflow.patch

@@ -0,0 +1,56 @@
+From a7926399a04ee8e629a02a2aeb6de1952d42d559 Mon Sep 17 00:00:00 2001
+From: Bernd Eckenfels <net-tools@lina.inka.de>
+Date: Sat, 17 May 2025 21:11:07 +0200
+Subject: [PATCH] ipmaddr.c: Stack-based buffer Overflow in parse_hex()
+
+Coordinated as GHSA-h667-qrp8-gj58.
+---
+ ipmaddr.c | 10 +++++-----
+ 1 file changed, 5 insertions(+), 5 deletions(-)
+
+diff --git a/ipmaddr.c b/ipmaddr.c
+index 64b7564..623fadd 100644
+--- a/ipmaddr.c
++++ b/ipmaddr.c
+@@ -91,17 +91,17 @@ static int parse_lla(char *str, char *addr)
+ 	return len;
+ }
+ 
+-static int parse_hex(char *str, unsigned char *addr)
++static int parse_hex(char *str, unsigned char *dst, size_t dstlen)
+ {
+ 	int len=0;
+ 
+-	while (*str) {
++	while (len < dstlen && *str) {
+ 		int tmp;
+ 		if (str[1] == 0)
+ 			return -1;
+ 		if (sscanf(str, "%02x", &tmp) != 1)
+ 			return -1;
+-		addr[len] = tmp;
++		dst[len] = tmp;
+ 		len++;
+ 		str += 2;
+ 	}
+@@ -152,7 +152,7 @@ void read_dev_mcast(struct ma_info **result_p)
+ 
+ 		m.addr.family = AF_PACKET;
+ 
+-		len = parse_hex(hexa, (unsigned char*)&m.addr.data);
++		len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof(m.addr.data));
+ 		if (len >= 0) {
+ 			struct ma_info *ma = xmalloc(sizeof(m));
+ 			memcpy(ma, &m, sizeof(m));
+@@ -222,7 +222,7 @@ void read_igmp6(struct ma_info **result_p)
+ 
+ 		m.addr.family = AF_INET6;
+ 
+-		len = parse_hex(hexa, (unsigned char*)&m.addr.data);
++		len = parse_hex(hexa, (unsigned char*)&m.addr.data, sizeof(m.addr.data));
+ 		if (len >= 0) {
+ 			struct ma_info *ma = xmalloc(sizeof(m));
+ 			memcpy(ma, &m, sizeof(m));
+-- 
+2.48.1
+

net-tools-proc_gen_fmt-buffer-overflow.patch

@@ -0,0 +1,75 @@
+Backported to exclude f84cd22a921c25c56a6c194d4825dbd9ceea0e5f
+From 84041080a5d4794045b098ced90e0309bcbcff44 Mon Sep 17 00:00:00 2001
+From: Zephkeks <zephyrofficialdiscord@gmail.com>
+Date: Sat, 17 May 2025 22:11:37 +0200
+Subject: [PATCH] proc.c: Stack-based Buffer Overflow in net-tools
+ (proc_gen_fmt)
+
+Coordinated as GHSA-w7jq-cmw2-cq59.
+---
+ lib/proc.c | 37 ++++++++++++++++++++++++++++++++++---
+ 1 file changed, 34 insertions(+), 3 deletions(-)
+
+diff --git a/lib/proc.c b/lib/proc.c
+index d51d09f..02aae49 100644
+--- a/lib/proc.c
++++ b/lib/proc.c
+@@ -17,6 +17,8 @@ char *proc_gen_fmt(const char *name, int more, FILE * fh,...)
+     char buf[512], format[512] = "";
+     char *title, *head, *hdr;
+     va_list ap;
++    size_t format_len = 0;
++    size_t format_size = sizeof(format);
+ 
+     if (!fgets(buf, (sizeof buf) - 1, fh))
+ 	return NULL;
+@@ -33,14 +35,43 @@ char *proc_gen_fmt(const char *name, int more, FILE * fh,...)
+ 	    *hdr++ = 0;
+ 
+ 	if (!strcmp(title, head)) {
+-	    strcat(format, va_arg(ap, char *));
++	    const char *arg = va_arg(ap, char *);
++	    size_t arg_len = strlen(arg);
++
++	    /* Check if we have enough space for format specifier + space */
++	    if (format_len + arg_len + 1 >= format_size) {
++		fprintf(stderr, "warning: format buffer overflow in %s\n", name);
++		va_end(ap);
++		return NULL;
++	    }
++
++	    strcpy(format + format_len, arg);
++	    format_len += arg_len;
++
+ 	    title = va_arg(ap, char *);
+ 	    if (!title || !head)
+ 		break;
+ 	} else {
+-	    strcat(format, "%*s");	/* XXX */
++	    /* Check if we have enough space for "%*s" */
++	    if (format_len + 3 >= format_size) {
++		fprintf(stderr, "warning: format buffer overflow in %s\n", name);
++		va_end(ap);
++		return NULL;
++	    }
++
++	    strcpy(format + format_len, "%*s");
++	    format_len += 3;
+ 	}
+-	strcat(format, " ");
++
++	/* Check if we have space for the trailing space */
++	if (format_len + 1 >= format_size) {
++	    fprintf(stderr, "warning: format buffer overflow in %s\n", name);
++	    va_end(ap);
++	    return NULL;
++	}
++
++	format[format_len++] = ' ';
++	format[format_len] = '\0';
+     }
+     va_end(ap);
+ 
+-- 
+2.48.1
+

net-tools.changes

@@ -1,3 +1,43 @@
+-------------------------------------------------------------------
+Mon Sep  8 15:38:28 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
+
+- Drop 0002-Do-not-warn-about-interface-socket-not-binded.patch. It
+  worked around a net-tools-1.60 specific problem, that does not
+  happen in net-tools-2.10. It is more harmful than useful, as it
+  can hide real problems. (bsc#430864#c15,
+  https://github.com/ecki/net-tools/issues/32#issuecomment-3265471116).
+
+-------------------------------------------------------------------
+Sat Sep  6 15:35:13 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
+
+- Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It
+  was net-tools-1.60 specific leak fix and breaks netrom in
+  net-tools-2.10 (bnc#544339#c2).
+
+-------------------------------------------------------------------
+Thu Aug 28 18:46:35 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
+
+- Drop old Fedora patch 0006-Allow-interface-stacking.patch. It
+  provided a fix for the stack corruption (bsc#142461), later
+  reported as CVE-2025-46836 (bsc#1243581) and fixed by the
+  upstream in a different way. Revert interfering
+  net-tools-CVE-2025-46836.patch back to the upstream version.
+- Fix stack buffer overflow in parse_hex (bsc#1248687,
+  GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch).
+- Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687,
+  GHSA-w7jq-cmw2-cq59,
+  net-tools-proc_gen_fmt-buffer-overflow.patch).
+- Avoid unsafe memcpy in ifconfig (bsc#1248687,
+  net-tools-ifconfig-avoid-unsafe-memcpy.patch).
+- Prevent overflow in ax25 and netrom (bsc#1248687,
+  net-tools-ax25+netrom-overflow-1.patch,
+  net-tools-ax25+netrom-overflow-2.patch).
+- Keep possibility to enter long interface names, even if they are
+  not accepted by the kernel, because it was always possible up to
+  CVE-2025-46836 fix. But issue a warning about an interface name
+  concatenation (bsc#1248410,
+  net-tools-ifconfig-long-name-warning.patch).
+
 -------------------------------------------------------------------
 Mon Aug 11 12:42:17 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
 
@@ -14,15 +54,10 @@ Mon Aug  4 06:27:05 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
 Thu Jul 10 03:44:15 UTC 2025 - Stanislav Brabec <sbrabec@suse.com>
 
 - Perform bound checks when parsing interface labels in
-  /proc/net/dev (bsc#1243581, CVE-2025-46836,
+  /proc/net/dev (bsc#1243581, CVE-2025-46836, GHSA-pfwf-h6m3-63wf,
   net-tools-CVE-2025-46836.patch,
   net-tools-CVE-2025-46836-regression.patch).
 
--------------------------------------------------------------------
-Mon Jan 20 09:41:44 UTC 2025 - Thorsten Kukuk <kukuk@suse.com>
-
-- hostname is not required anymore [bsc#1236061]
-
 -------------------------------------------------------------------
 Tue Dec 27 13:12:55 UTC 2022 - Ludwig Nussel <lnussel@suse.com>
 

net-tools.spec

@@ -29,9 +29,6 @@ Source:         https://sourceforge.net/projects/net-tools/files/net-tools-%{ver
 Patch0:         net-tools-configure.patch
 # Git formatted patches described in each patch
 Patch1:         0001-Add-ether-wake-binary.patch
-Patch2:         0002-Do-not-warn-about-interface-socket-not-binded.patch
-Patch4:         0004-By-default-do-not-fopen-anything-in-netrom_gr.patch
-Patch6:         0006-Allow-interface-stacking.patch
 Patch7:         0007-Introduce-T-notrim-option-in-netstat.patch
 # PATCH-FIX-SECURITY net-tools-CVE-2025-46836.patch bsc1243581 sbrabec@suse.com -- Perform bound checks when parsing interface labels in /proc/net/dev.
 Patch8:         net-tools-CVE-2025-46836.patch
@@ -39,7 +36,20 @@ Patch8:         net-tools-CVE-2025-46836.patch
 Patch9:         net-tools-CVE-2025-46836-regression.patch
 # PATCH-FIX-UPSTREAM net-tools-CVE-2025-46836-error-reporting.patch bsc1243581 sbrabec@suse.com -- Provide more readable error for interface name size checking.
 Patch10:        net-tools-CVE-2025-46836-error-reporting.patch
+# PATCH-FIX-SECURITY net-tools-parse_hex-stack-overflow.patch bsc1248410 sbrabec@suse.com -- Fix stack buffer overflow in parse_hex.
+Patch11:        net-tools-parse_hex-stack-overflow.patch
+# PATCH-FIX-SECURITY net-tools-proc_gen_fmt-buffer-overflow.patch bsc1248410 sbrabec@suse.com -- Fix stack-based buffer overflow in proc_gen_fmt.
+Patch12:        net-tools-proc_gen_fmt-buffer-overflow.patch
+# PATCH-FIX-SECURITY net-tools-ifconfig-avoid-unsafe-memcpy.patch bsc1248410 sbrabec@suse.com -- Avoid unsafe memcpy in ifconfig.
+Patch13:        net-tools-ifconfig-avoid-unsafe-memcpy.patch
+# PATCH-FIX-SECURITY net-tools-ax25+netrom-overflow-1.patch bsc1248410 sbrabec@suse.com -- Prevent overflow in ax25 and netrom.
+Patch14:        net-tools-ax25+netrom-overflow-1.patch
+# PATCH-FIX-SECURITY net-tools-ax25+netrom-overflow-2.patch bsc1248410 sbrabec@suse.com -- Prevent overflow in ax25 and netrom.
+Patch15:        net-tools-ax25+netrom-overflow-2.patch
+# PATCH-FIX-UPSTREAM net-tools-ifconfig-long-name-warning.patch bsc1248410 sbrabec@suse.com -- Allow to enter long interface names again.
+Patch16:        net-tools-ifconfig-long-name-warning.patch
 BuildRequires:  help2man
+Requires:       hostname
 Recommends:     traceroute >= 2.0.0
 Provides:       net_tool = %{version}
 Obsoletes:      net_tool < %{version}