58ba99ebdd
- Drop 0002-Do-not-warn-about-interface-socket-not-binded.patch. It worked around a net-tools-1.60 specific problem, that does not happen in net-tools-2.10. It is more harmful than useful, as it can hide real problems. (bsc#430864#c15, https://github.com/ecki/net-tools/issues/32#issuecomment-3265471116). - Drop 0004-By-default-do-not-fopen-anything-in-netrom_gr.patch. It was net-tools-1.60 specific leak fix and breaks netrom in net-tools-2.10 (bnc#544339#c2). - Drop old Fedora patch 0006-Allow-interface-stacking.patch. It provided a fix for CVE-2025-46836 (bsc#142461), but it was fixes by the upstream in 2025 in a different way. Revert interferring net-tools-CVE-2025-46836.patch back to the upstream version. - Fix stack buffer overflow in parse_hex (bsc#1248687, GHSA-h667-qrp8-gj58, net-tools-parse_hex-stack-overflow.patch). - Fix stack-based buffer overflow in proc_gen_fmt (bsc#1248687, GHSA-w7jq-cmw2-cq59, net-tools-proc_gen_fmt-buffer-overflow.patch). - Avoid unsafe memcpy in ifconfig (bsc#1248687, net-tools-ifconfig-avoid-unsafe-memcpy.patch). - Prevent overflow in ax25 and netrom (bsc#1248687, net-tools-ax25+netrom-overflow-1.patch, net-tools-ax25+netrom-overflow-2.patch). - Keep possibility to enter long interface names, even if they are not accepted by the kernel, because it was always possible up to CVE-2025-46836 fix. But issue a warning about an interface name concatenation (bsc#1248410, net-tools-ifconfig-long-name-warning.patch).
1.5 KiB
1.5 KiB