You're receiving this bug because the package in Summary has produced _FORTIFY_SOURCE related warnings indicating the presence of a sure overflow in a static buffer. Even though this is not always an indication of a security problem it might even be. So please check this out ASAP. By the way, _FORTIFY_SOURCE is disabled when you disable optimisation, so don't try finding out the cause using -O0. Thanks, Your friendly neighborhood tinderboxer
Created attachment 246603 [details] Build log
Created attachment 246800 [details, diff] Patch to tcpreplay-3.4.4.ebuild to add sed statement to fix overflow Upstream declares a char ipaddr[16], then tells snprintf that the length is 17. This sed bumps the buffer up to char ipaddr[20].
Looks like it's fixed in 3.4.5beta2 and in the URL. Maybe we can introduce that patch or get 3.4.5_beta2 in the tree. Or wait for the final 3.4.5.
3.4.5_beta2 is in the tree.
Index: package.mask =================================================================== RCS file: /var/cvsroot/gentoo-x86/profiles/package.mask,v retrieving revision 1.12116 retrieving revision 1.12117 diff -u -B -r1.12116 -r1.12117 --- package.mask 29 Oct 2010 10:15:28 -0000 1.12116 +++ package.mask 29 Oct 2010 13:16:33 -0000 1.12117 @@ -1,5 +1,5 @@ #################################################################### -# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.12116 2010/10/29 10:15:28 ssuominen Exp $ +# $Header: /var/cvsroot/gentoo-x86/profiles/package.mask,v 1.12117 2010/10/29 13:16:33 pva Exp $ # # When you add an entry to the top of this file, add your name, the date, and # an explanation of why something is getting masked. Please be extremely @@ -31,6 +31,10 @@ #--- END OF EXAMPLES --- +# Peter Volkov <pva@gentoo.org> (29 Oct 2010) +# mask beta release +=net-analyzer/tcpreplay-3.4.5* + # Samuli Suominen <ssuominen@gentoo.org> (29 Oct 2010) # freqtweak, bug 336160, uses obsolete wxgtk # mplinuxman, bug 338863, for old MP3 players, overflows buffers
Could the patch be applied to 3.4.4 then?
*tcpreplay-3.4.4-r1 (29 Oct 2010) 29 Oct 2010; Peter Volkov <pva@gentoo.org> +tcpreplay-3.4.4-r1.ebuild, +files/tcpreplay-3.4.4-crash.patch: Fix buffer overflow (bug #336605) in stable version.