powerel9
/
libslirp
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

initial package creation 

Signed-off-by: Toshaan Bharvani <toshaan@powerel.org>
master
Toshaan Bharvani 3 years ago
commit
a9ef3cc711
11 changed files with 1122 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 54
      SOURCES/0001-Add-mtod_check.patch
  2. 30
      SOURCES/0001-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
  3. 186
      SOURCES/0001-New-utility-slirp_ether_ntoa.patch
  4. 173
      SOURCES/0002-Replace-inet_ntoa-with-safer-inet_ntop.patch
  5. 161
      SOURCES/0002-bootp-limit-vendor-specific-area-to-input-packet-mem.patch
  6. 36
      SOURCES/0003-bootp-check-bootp_input-buffer-size.patch
  7. 36
      SOURCES/0004-upd6-check-udp6_input-buffer-size.patch
  8. 37
      SOURCES/0005-tftp-check-tftp_input-buffer-size.patch
  9. 249
      SOURCES/0006-tftp-introduce-a-header-structure.patch
  10. 36
      SOURCES/0007-udp-check-upd_input-buffer-size.patch
  11. 124
      SPECS/libslirp.spec

54
SOURCES/0001-Add-mtod_check.patch
Unescape View File

@ -0,0 +1,54 @@ @@ -0,0 +1,54 @@
From 87f5d0c70bdb46d467d32e3c3a8d7a472c97e148 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 15:58:25 +0400
Subject: [PATCH 1/7] Add mtod_check()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Recent security issues demonstrate the lack of safety care when casting
a mbuf to a particular structure type. At least, it should check that
the buffer is large enough. The following patches will make use of this
function.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 93e645e72a056ec0b2c16e0299fc5c6b94e4ca17)
---
src/mbuf.c | 11 +++++++++++
src/mbuf.h | 1 +
2 files changed, 12 insertions(+)

diff --git a/src/mbuf.c b/src/mbuf.c
index 54ec721..cb2e971 100644
--- a/src/mbuf.c
+++ b/src/mbuf.c
@@ -222,3 +222,14 @@ struct mbuf *dtom(Slirp *slirp, void *dat)
return (struct mbuf *)0;
}
+
+void *mtod_check(struct mbuf *m, size_t len)
+{
+ if (m->m_len >= len) {
+ return m->m_data;
+ }
+
+ DEBUG_ERROR("mtod failed");
+
+ return NULL;
+}
diff --git a/src/mbuf.h b/src/mbuf.h
index 546e785..2015e32 100644
--- a/src/mbuf.h
+++ b/src/mbuf.h
@@ -118,6 +118,7 @@ void m_inc(struct mbuf *, int);
void m_adj(struct mbuf *, int);
int m_copy(struct mbuf *, struct mbuf *, int, int);
struct mbuf *dtom(Slirp *, void *);
+void *mtod_check(struct mbuf *, size_t len);
static inline void ifs_init(struct mbuf *ifm)
{
--
2.29.0

30
SOURCES/0001-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
Unescape View File

@ -0,0 +1,30 @@ @@ -0,0 +1,30 @@
From c9f314f6e315a5518432761fea864196a290f799 Mon Sep 17 00:00:00 2001
From: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
Date: Thu, 17 Jun 2021 18:01:32 +0900
Subject: [PATCH] Fix "DHCP broken in libslirp v4.6.0"

Fix issue 48

Signed-off-by: Akihiro Suda <akihiro.suda.cz@hco.ntt.co.jp>
---
src/bootp.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/bootp.c b/src/bootp.c
index cafa1eb..0a35873 100644
--- a/src/bootp.c
+++ b/src/bootp.c
@@ -359,7 +359,9 @@ static void bootp_reply(Slirp *slirp,
daddr.sin_addr.s_addr = 0xffffffffu;
- m->m_len = sizeof(struct bootp_t) - sizeof(struct ip) - sizeof(struct udphdr);
+ assert ((q - rbp->bp_vend + 1) <= DHCP_OPT_LEN);
+
+ m->m_len = sizeof(struct bootp_t) + (q - rbp->bp_vend + 1) - sizeof(struct ip) - sizeof(struct udphdr);
udp_output(NULL, m, &saddr, &daddr, IPTOS_LOWDELAY);
}
--
2.29.0

186
SOURCES/0001-New-utility-slirp_ether_ntoa.patch
Unescape View File

@ -0,0 +1,186 @@ @@ -0,0 +1,186 @@
From c6fcedf4f53e070dfcb7a6910624705cdcc0a027 Mon Sep 17 00:00:00 2001
From: Doug Evans <dje@google.com>
Date: Tue, 23 Feb 2021 15:23:19 -0800
Subject: [PATCH 1/2] New utility slirp_ether_ntoa

... and call it everywhere a macaddr is pretty-printed.

Signed-off-by: Doug Evans <dje@google.com>
(cherry picked from commit ac00ba460e101bbce0a167b4f0517378a0fbe6b8)
---
src/arp_table.c | 12 +++++++-----
src/ndp_table.c | 18 ++++++++++--------
src/slirp.c | 11 +++++------
src/util.c | 11 +++++++++++
src/util.h | 8 ++++++++
5 files changed, 41 insertions(+), 19 deletions(-)

diff --git a/src/arp_table.c b/src/arp_table.c
index 959e5b9ec0af..ba8c8a4eee88 100644
--- a/src/arp_table.c
+++ b/src/arp_table.c
@@ -34,11 +34,12 @@ void arp_table_add(Slirp *slirp, uint32_t ip_addr,
~slirp->vnetwork_mask.s_addr | slirp->vnetwork_addr.s_addr;
ArpTable *arptbl = &slirp->arp_table;
int i;
+ char ethaddr_str[ETH_ADDRSTRLEN];
DEBUG_CALL("arp_table_add");
DEBUG_ARG("ip = %s", inet_ntoa((struct in_addr){ .s_addr = ip_addr }));
- DEBUG_ARG("hw addr = %02x:%02x:%02x:%02x:%02x:%02x", ethaddr[0], ethaddr[1],
- ethaddr[2], ethaddr[3], ethaddr[4], ethaddr[5]);
+ DEBUG_ARG("hw addr = %s", slirp_ether_ntoa(ethaddr, ethaddr_str,
+ sizeof(ethaddr_str)));
if (ip_addr == 0 || ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
/* Do not register broadcast addresses */
@@ -67,6 +68,7 @@ bool arp_table_search(Slirp *slirp, uint32_t ip_addr,
~slirp->vnetwork_mask.s_addr | slirp->vnetwork_addr.s_addr;
ArpTable *arptbl = &slirp->arp_table;
int i;
+ char ethaddr_str[ETH_ADDRSTRLEN];
DEBUG_CALL("arp_table_search");
DEBUG_ARG("ip = %s", inet_ntoa((struct in_addr){ .s_addr = ip_addr }));
@@ -81,9 +83,9 @@ bool arp_table_search(Slirp *slirp, uint32_t ip_addr,
for (i = 0; i < ARP_TABLE_SIZE; i++) {
if (arptbl->table[i].ar_sip == ip_addr) {
memcpy(out_ethaddr, arptbl->table[i].ar_sha, ETH_ALEN);
- DEBUG_ARG("found hw addr = %02x:%02x:%02x:%02x:%02x:%02x",
- out_ethaddr[0], out_ethaddr[1], out_ethaddr[2],
- out_ethaddr[3], out_ethaddr[4], out_ethaddr[5]);
+ DEBUG_ARG("found hw addr = %s",
+ slirp_ether_ntoa(out_ethaddr, ethaddr_str,
+ sizeof(ethaddr_str)));
return 1;
}
}
diff --git a/src/ndp_table.c b/src/ndp_table.c
index 110d6ea0e43f..61ae8e0468fc 100644
--- a/src/ndp_table.c
+++ b/src/ndp_table.c
@@ -12,13 +12,14 @@ void ndp_table_add(Slirp *slirp, struct in6_addr ip_addr,
char addrstr[INET6_ADDRSTRLEN];
NdpTable *ndp_table = &slirp->ndp_table;
int i;
+ char ethaddr_str[ETH_ADDRSTRLEN];
inet_ntop(AF_INET6, &(ip_addr), addrstr, INET6_ADDRSTRLEN);
DEBUG_CALL("ndp_table_add");
DEBUG_ARG("ip = %s", addrstr);
- DEBUG_ARG("hw addr = %02x:%02x:%02x:%02x:%02x:%02x", ethaddr[0], ethaddr[1],
- ethaddr[2], ethaddr[3], ethaddr[4], ethaddr[5]);
+ DEBUG_ARG("hw addr = %s", slirp_ether_ntoa(ethaddr, ethaddr_str,
+ sizeof(ethaddr_str)));
if (IN6_IS_ADDR_MULTICAST(&ip_addr) || in6_zero(&ip_addr)) {
/* Do not register multicast or unspecified addresses */
@@ -50,6 +51,7 @@ bool ndp_table_search(Slirp *slirp, struct in6_addr ip_addr,
char addrstr[INET6_ADDRSTRLEN];
NdpTable *ndp_table = &slirp->ndp_table;
int i;
+ char ethaddr_str[ETH_ADDRSTRLEN];
inet_ntop(AF_INET6, &(ip_addr), addrstr, INET6_ADDRSTRLEN);
@@ -66,18 +68,18 @@ bool ndp_table_search(Slirp *slirp, struct in6_addr ip_addr,
out_ethaddr[3] = ip_addr.s6_addr[13];
out_ethaddr[4] = ip_addr.s6_addr[14];
out_ethaddr[5] = ip_addr.s6_addr[15];
- DEBUG_ARG("multicast addr = %02x:%02x:%02x:%02x:%02x:%02x",
- out_ethaddr[0], out_ethaddr[1], out_ethaddr[2],
- out_ethaddr[3], out_ethaddr[4], out_ethaddr[5]);
+ DEBUG_ARG("multicast addr = %s",
+ slirp_ether_ntoa(out_ethaddr, ethaddr_str,
+ sizeof(ethaddr_str)));
return 1;
}
for (i = 0; i < NDP_TABLE_SIZE; i++) {
if (in6_equal(&ndp_table->table[i].ip_addr, &ip_addr)) {
memcpy(out_ethaddr, ndp_table->table[i].eth_addr, ETH_ALEN);
- DEBUG_ARG("found hw addr = %02x:%02x:%02x:%02x:%02x:%02x",
- out_ethaddr[0], out_ethaddr[1], out_ethaddr[2],
- out_ethaddr[3], out_ethaddr[4], out_ethaddr[5]);
+ DEBUG_ARG("found hw addr = %s",
+ slirp_ether_ntoa(out_ethaddr, ethaddr_str,
+ sizeof(ethaddr_str)));
return 1;
}
}
diff --git a/src/slirp.c b/src/slirp.c
index abb6f9a966d8..1f2513a9e1a4 100644
--- a/src/slirp.c
+++ b/src/slirp.c
@@ -1054,6 +1054,7 @@ int if_encap(Slirp *slirp, struct mbuf *ifm)
uint8_t ethaddr[ETH_ALEN];
const struct ip *iph = (const struct ip *)ifm->m_data;
int ret;
+ char ethaddr_str[ETH_ADDRSTRLEN];
if (ifm->m_len + ETH_HLEN > sizeof(buf)) {
return 1;
@@ -1079,12 +1080,10 @@ int if_encap(Slirp *slirp, struct mbuf *ifm)
}
memcpy(eh->h_dest, ethaddr, ETH_ALEN);
- DEBUG_ARG("src = %02x:%02x:%02x:%02x:%02x:%02x", eh->h_source[0],
- eh->h_source[1], eh->h_source[2], eh->h_source[3],
- eh->h_source[4], eh->h_source[5]);
- DEBUG_ARG("dst = %02x:%02x:%02x:%02x:%02x:%02x", eh->h_dest[0],
- eh->h_dest[1], eh->h_dest[2], eh->h_dest[3], eh->h_dest[4],
- eh->h_dest[5]);
+ DEBUG_ARG("src = %s", slirp_ether_ntoa(eh->h_source, ethaddr_str,
+ sizeof(ethaddr_str)));
+ DEBUG_ARG("dst = %s", slirp_ether_ntoa(eh->h_dest, ethaddr_str,
+ sizeof(ethaddr_str)));
memcpy(buf + sizeof(struct ethhdr), ifm->m_data, ifm->m_len);
slirp_send_packet_all(slirp, buf, ifm->m_len + ETH_HLEN);
return 1;
diff --git a/src/util.c b/src/util.c
index 2d8fb9642e76..67ef66786f54 100644
--- a/src/util.c
+++ b/src/util.c
@@ -427,3 +427,14 @@ int slirp_fmt0(char *str, size_t size, const char *format, ...)
return rv;
}
+
+const char *slirp_ether_ntoa(const uint8_t *addr, char *out_str,
+ size_t out_str_size)
+{
+ assert(out_str_size >= ETH_ADDRSTRLEN);
+
+ slirp_fmt0(out_str, out_str_size, "%02x:%02x:%02x:%02x:%02x:%02x",
+ addr[0], addr[1], addr[2], addr[3], addr[4], addr[5]);
+
+ return out_str;
+}
diff --git a/src/util.h b/src/util.h
index d67b3d0de9aa..8134db961779 100644
--- a/src/util.h
+++ b/src/util.h
@@ -84,6 +84,7 @@ struct iovec {
#define SCALE_MS 1000000
#define ETH_ALEN 6
+#define ETH_ADDRSTRLEN 18 /* "xx:xx:xx:xx:xx:xx", with trailing NUL */
#define ETH_HLEN 14
#define ETH_P_IP (0x0800) /* Internet Protocol packet */
#define ETH_P_ARP (0x0806) /* Address Resolution packet */
@@ -186,4 +187,11 @@ void slirp_pstrcpy(char *buf, int buf_size, const char *str);
int slirp_fmt(char *str, size_t size, const char *format, ...) G_GNUC_PRINTF(3, 4);
int slirp_fmt0(char *str, size_t size, const char *format, ...) G_GNUC_PRINTF(3, 4);
+/*
+ * Pretty print a MAC address into out_str.
+ * As a convenience returns out_str.
+ */
+const char *slirp_ether_ntoa(const uint8_t *addr, char *out_str,
+ size_t out_str_len);
+
#endif
--
2.34.1.428.gdcc0cd074f0c

173
SOURCES/0002-Replace-inet_ntoa-with-safer-inet_ntop.patch
Unescape View File

@ -0,0 +1,173 @@ @@ -0,0 +1,173 @@
From 849c972aa16a85c860f67d7e7f1fbe58e45187d2 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Wed, 9 Feb 2022 22:15:08 +0400
Subject: [PATCH 2/2] Replace inet_ntoa() with safer inet_ntop()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

inet_ntoa() returns a static pointer which is subject to safety issues.
Use the recommended alternative.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
---
src/arp_table.c | 8 ++++++--
src/ip_icmp.c | 10 ++++++----
src/misc.c | 22 +++++++++++++---------
src/socket.c | 5 +++--
src/udp.c | 5 +++--
5 files changed, 31 insertions(+), 19 deletions(-)

diff --git a/src/arp_table.c b/src/arp_table.c
index ba8c8a4eee88..3cf2ecc238bc 100644
--- a/src/arp_table.c
+++ b/src/arp_table.c
@@ -35,9 +35,11 @@ void arp_table_add(Slirp *slirp, uint32_t ip_addr,
ArpTable *arptbl = &slirp->arp_table;
int i;
char ethaddr_str[ETH_ADDRSTRLEN];
+ char addr[INET_ADDRSTRLEN];
DEBUG_CALL("arp_table_add");
- DEBUG_ARG("ip = %s", inet_ntoa((struct in_addr){ .s_addr = ip_addr }));
+ DEBUG_ARG("ip = %s", inet_ntop(AF_INET, &(struct in_addr){ .s_addr = ip_addr },
+ addr, sizeof(addr)));
DEBUG_ARG("hw addr = %s", slirp_ether_ntoa(ethaddr, ethaddr_str,
sizeof(ethaddr_str)));
@@ -69,9 +71,11 @@ bool arp_table_search(Slirp *slirp, uint32_t ip_addr,
ArpTable *arptbl = &slirp->arp_table;
int i;
char ethaddr_str[ETH_ADDRSTRLEN];
+ char addr[INET_ADDRSTRLEN];
DEBUG_CALL("arp_table_search");
- DEBUG_ARG("ip = %s", inet_ntoa((struct in_addr){ .s_addr = ip_addr }));
+ DEBUG_ARG("ip = %s", inet_ntop(AF_INET, &(struct in_addr){ .s_addr = ip_addr },
+ addr, sizeof(addr)));
/* If broadcast address */
if (ip_addr == 0 || ip_addr == 0xffffffff || ip_addr == broadcast_addr) {
diff --git a/src/ip_icmp.c b/src/ip_icmp.c
index f4d686b0222d..26e44a3fd49c 100644
--- a/src/ip_icmp.c
+++ b/src/ip_icmp.c
@@ -291,10 +291,12 @@ void icmp_forward_error(struct mbuf *msrc, uint8_t type, uint8_t code, int minsi
goto end_error;
ip = mtod(msrc, struct ip *);
if (slirp_debug & DBG_MISC) {
- char bufa[20], bufb[20];
- slirp_pstrcpy(bufa, sizeof(bufa), inet_ntoa(ip->ip_src));
- slirp_pstrcpy(bufb, sizeof(bufb), inet_ntoa(ip->ip_dst));
- DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
+ char addr_src[INET_ADDRSTRLEN];
+ char addr_dst[INET_ADDRSTRLEN];
+
+ inet_ntop(AF_INET, &ip->ip_src, addr_src, sizeof(addr_src));
+ inet_ntop(AF_INET, &ip->ip_dst, addr_dst, sizeof(addr_dst));
+ DEBUG_MISC(" %.16s to %.16s", addr_src, addr_dst);
}
if (ip->ip_off & IP_OFFMASK)
goto end_error; /* Only reply to fragment 0 */
diff --git a/src/misc.c b/src/misc.c
index e6bc0a207d0b..1306f68eb539 100644
--- a/src/misc.c
+++ b/src/misc.c
@@ -293,6 +293,7 @@ char *slirp_connection_info(Slirp *slirp)
uint16_t dst_port;
struct socket *so;
const char *state;
+ char addr[INET_ADDRSTRLEN];
char buf[20];
g_string_append_printf(str,
@@ -322,10 +323,11 @@ char *slirp_connection_info(Slirp *slirp)
}
slirp_fmt0(buf, sizeof(buf), " TCP[%s]", state);
g_string_append_printf(str, "%-19s %3d %15s %5d ", buf, so->s,
- src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) :
- "*",
+ src.sin_addr.s_addr ?
+ inet_ntop(AF_INET, &src.sin_addr, addr, sizeof(addr)) : "*",
ntohs(src.sin_port));
- g_string_append_printf(str, "%15s %5d %5d %5d\n", inet_ntoa(dst_addr),
+ g_string_append_printf(str, "%15s %5d %5d %5d\n",
+ inet_ntop(AF_INET, &dst_addr, addr, sizeof(addr)),
ntohs(dst_port), so->so_rcv.sb_cc,
so->so_snd.sb_cc);
}
@@ -346,10 +348,11 @@ char *slirp_connection_info(Slirp *slirp)
dst_port = so->so_fport;
}
g_string_append_printf(str, "%-19s %3d %15s %5d ", buf, so->s,
- src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) :
- "*",
+ src.sin_addr.s_addr ?
+ inet_ntop(AF_INET, &src.sin_addr, addr, sizeof(addr)) : "*",
ntohs(src.sin_port));
- g_string_append_printf(str, "%15s %5d %5d %5d\n", inet_ntoa(dst_addr),
+ g_string_append_printf(str, "%15s %5d %5d %5d\n",
+ inet_ntop(AF_INET, &dst_addr, addr, sizeof(addr)),
ntohs(dst_port), so->so_rcv.sb_cc,
so->so_snd.sb_cc);
}
@@ -360,9 +363,10 @@ char *slirp_connection_info(Slirp *slirp)
src.sin_addr = so->so_laddr;
dst_addr = so->so_faddr;
g_string_append_printf(str, "%-19s %3d %15s - ", buf, so->s,
- src.sin_addr.s_addr ? inet_ntoa(src.sin_addr) :
- "*");
- g_string_append_printf(str, "%15s - %5d %5d\n", inet_ntoa(dst_addr),
+ src.sin_addr.s_addr ?
+ inet_ntop(AF_INET, &src.sin_addr, addr, sizeof(addr)) : "*");
+ g_string_append_printf(str, "%15s - %5d %5d\n",
+ inet_ntop(AF_INET, &dst_addr, addr, sizeof(addr)),
so->so_rcv.sb_cc, so->so_snd.sb_cc);
}
diff --git a/src/socket.c b/src/socket.c
index c0b02ad131f3..6607e319ad6c 100644
--- a/src/socket.c
+++ b/src/socket.c
@@ -743,13 +743,14 @@ struct socket *tcp_listen(Slirp *slirp, uint32_t haddr, unsigned hport,
struct sockaddr_in addr;
struct socket *so;
int s, opt = 1;
+ char inet_addr[INET_ADDRSTRLEN];
socklen_t addrlen = sizeof(addr);
memset(&addr, 0, addrlen);
DEBUG_CALL("tcp_listen");
- DEBUG_ARG("haddr = %s", inet_ntoa((struct in_addr){ .s_addr = haddr }));
+ DEBUG_ARG("haddr = %s", inet_ntop(AF_INET, &(struct in_addr){ .s_addr = haddr }, inet_addr, sizeof(inet_addr)));
DEBUG_ARG("hport = %d", ntohs(hport));
- DEBUG_ARG("laddr = %s", inet_ntoa((struct in_addr){ .s_addr = laddr }));
+ DEBUG_ARG("laddr = %s", inet_ntop(AF_INET, &(struct in_addr){ .s_addr = laddr }, inet_addr, sizeof(inet_addr)));
DEBUG_ARG("lport = %d", ntohs(lport));
DEBUG_ARG("flags = %x", flags);
diff --git a/src/udp.c b/src/udp.c
index e4578aa94ed5..0547cd6fc5c3 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -248,14 +248,15 @@ bad:
int udp_output(struct socket *so, struct mbuf *m, struct sockaddr_in *saddr,
struct sockaddr_in *daddr, int iptos)
{
+ char addr[INET_ADDRSTRLEN];
register struct udpiphdr *ui;
int error = 0;
DEBUG_CALL("udp_output");
DEBUG_ARG("so = %p", so);
DEBUG_ARG("m = %p", m);
- DEBUG_ARG("saddr = %s", inet_ntoa(saddr->sin_addr));
- DEBUG_ARG("daddr = %s", inet_ntoa(daddr->sin_addr));
+ DEBUG_ARG("saddr = %s", inet_ntop(AF_INET, &saddr->sin_addr, addr, sizeof(addr)));
+ DEBUG_ARG("daddr = %s", inet_ntop(AF_INET, &daddr->sin_addr, addr, sizeof(addr)));
/*
* Adjust for header
--
2.34.1.428.gdcc0cd074f0c

161
SOURCES/0002-bootp-limit-vendor-specific-area-to-input-packet-mem.patch
Unescape View File

@ -0,0 +1,161 @@ @@ -0,0 +1,161 @@
From f0d4faae8258385338bc1ec252250454346b7ef7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 19:25:28 +0400
Subject: [PATCH 2/7] bootp: limit vendor-specific area to input packet memory
buffer
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

sizeof(bootp_t) currently holds DHCP_OPT_LEN. Remove this optional field
from the structure, to help with the following patch checking for
minimal header size. Modify the bootp_reply() function to take the
buffer boundaries and avoiding potential buffer overflow.

Related to CVE-2021-3592.

https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit f13cad45b25d92760bb0ad67bec0300a4d7d5275)
---
src/bootp.c | 26 +++++++++++++++-----------
src/bootp.h | 2 +-
src/mbuf.c | 5 +++++
src/mbuf.h | 1 +
4 files changed, 22 insertions(+), 12 deletions(-)

diff --git a/src/bootp.c b/src/bootp.c
index 46e9681..e0db8d1 100644
--- a/src/bootp.c
+++ b/src/bootp.c
@@ -92,21 +92,22 @@ found:
return bc;
}
-static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
+static void dhcp_decode(const struct bootp_t *bp,
+ const uint8_t *bp_end,
+ int *pmsg_type,
struct in_addr *preq_addr)
{
- const uint8_t *p, *p_end;
+ const uint8_t *p;
int len, tag;
*pmsg_type = 0;
preq_addr->s_addr = htonl(0L);
p = bp->bp_vend;
- p_end = p + DHCP_OPT_LEN;
if (memcmp(p, rfc1533_cookie, 4) != 0)
return;
p += 4;
- while (p < p_end) {
+ while (p < bp_end) {
tag = p[0];
if (tag == RFC1533_PAD) {
p++;
@@ -114,10 +115,10 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
break;
} else {
p++;
- if (p >= p_end)
+ if (p >= bp_end)
break;
len = *p++;
- if (p + len > p_end) {
+ if (p + len > bp_end) {
break;
}
DPRINTF("dhcp: tag=%d len=%d\n", tag, len);
@@ -144,7 +145,9 @@ static void dhcp_decode(const struct bootp_t *bp, int *pmsg_type,
}
}
-static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
+static void bootp_reply(Slirp *slirp,
+ const struct bootp_t *bp,
+ const uint8_t *bp_end)
{
BOOTPClient *bc = NULL;
struct mbuf *m;
@@ -157,7 +160,7 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
uint8_t client_ethaddr[ETH_ALEN];
/* extract exact DHCP msg type */
- dhcp_decode(bp, &dhcp_msg_type, &preq_addr);
+ dhcp_decode(bp, bp_end, &dhcp_msg_type, &preq_addr);
DPRINTF("bootp packet op=%d msgtype=%d", bp->bp_op, dhcp_msg_type);
if (preq_addr.s_addr != htonl(0L))
DPRINTF(" req_addr=%08" PRIx32 "\n", ntohl(preq_addr.s_addr));
@@ -179,9 +182,10 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
return;
}
m->m_data += IF_MAXLINKHDR;
+ m_inc(m, sizeof(struct bootp_t) + DHCP_OPT_LEN);
rbp = (struct bootp_t *)m->m_data;
m->m_data += sizeof(struct udpiphdr);
- memset(rbp, 0, sizeof(struct bootp_t));
+ memset(rbp, 0, sizeof(struct bootp_t) + DHCP_OPT_LEN);
if (dhcp_msg_type == DHCPDISCOVER) {
if (preq_addr.s_addr != htonl(0L)) {
@@ -235,7 +239,7 @@ static void bootp_reply(Slirp *slirp, const struct bootp_t *bp)
rbp->bp_siaddr = saddr.sin_addr; /* Server IP address */
q = rbp->bp_vend;
- end = (uint8_t *)&rbp[1];
+ end = rbp->bp_vend + DHCP_OPT_LEN;
memcpy(q, rfc1533_cookie, 4);
q += 4;
@@ -364,6 +368,6 @@ void bootp_input(struct mbuf *m)
struct bootp_t *bp = mtod(m, struct bootp_t *);
if (bp->bp_op == BOOTP_REQUEST) {
- bootp_reply(m->slirp, bp);
+ bootp_reply(m->slirp, bp, m_end(m));
}
}
diff --git a/src/bootp.h b/src/bootp.h
index a57fa51..31ce5fd 100644
--- a/src/bootp.h
+++ b/src/bootp.h
@@ -114,7 +114,7 @@ struct bootp_t {
uint8_t bp_hwaddr[16];
uint8_t bp_sname[64];
char bp_file[128];
- uint8_t bp_vend[DHCP_OPT_LEN];
+ uint8_t bp_vend[];
};
typedef struct {
diff --git a/src/mbuf.c b/src/mbuf.c
index cb2e971..0c1a530 100644
--- a/src/mbuf.c
+++ b/src/mbuf.c
@@ -233,3 +233,8 @@ void *mtod_check(struct mbuf *m, size_t len)
return NULL;
}
+
+void *m_end(struct mbuf *m)
+{
+ return m->m_data + m->m_len;
+}
diff --git a/src/mbuf.h b/src/mbuf.h
index 2015e32..a9752a3 100644
--- a/src/mbuf.h
+++ b/src/mbuf.h
@@ -119,6 +119,7 @@ void m_adj(struct mbuf *, int);
int m_copy(struct mbuf *, struct mbuf *, int, int);
struct mbuf *dtom(Slirp *, void *);
void *mtod_check(struct mbuf *, size_t len);
+void *m_end(struct mbuf *);
static inline void ifs_init(struct mbuf *ifm)
{
--
2.29.0

36
SOURCES/0003-bootp-check-bootp_input-buffer-size.patch
Unescape View File

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
From 0f017f39a390d8fa4ae817f45fbf71a0c8332860 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 16:15:14 +0400
Subject: [PATCH 3/7] bootp: check bootp_input buffer size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: CVE-2021-3592
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/44

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 2eca0838eee1da96204545e22cdaed860d9d7c6c)
---
src/bootp.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/bootp.c b/src/bootp.c
index e0db8d1..cafa1eb 100644
--- a/src/bootp.c
+++ b/src/bootp.c
@@ -365,9 +365,9 @@ static void bootp_reply(Slirp *slirp,
void bootp_input(struct mbuf *m)
{
- struct bootp_t *bp = mtod(m, struct bootp_t *);
+ struct bootp_t *bp = mtod_check(m, sizeof(struct bootp_t));
- if (bp->bp_op == BOOTP_REQUEST) {
+ if (bp && bp->bp_op == BOOTP_REQUEST) {
bootp_reply(m->slirp, bp, m_end(m));
}
}
--
2.29.0

36
SOURCES/0004-upd6-check-udp6_input-buffer-size.patch
Unescape View File

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
From 30feadb676a0792036a0f64309235c5767e2ee76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 16:32:55 +0400
Subject: [PATCH 4/7] upd6: check udp6_input buffer size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: CVE-2021-3593
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/45

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit de71c15de66ba9350bf62c45b05f8fbff166517b)
---
src/udp6.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/udp6.c b/src/udp6.c
index fdd8089..236b962 100644
--- a/src/udp6.c
+++ b/src/udp6.c
@@ -29,7 +29,10 @@ void udp6_input(struct mbuf *m)
ip = mtod(m, struct ip6 *);
m->m_len -= iphlen;
m->m_data += iphlen;
- uh = mtod(m, struct udphdr *);
+ uh = mtod_check(m, sizeof(struct udphdr));
+ if (uh == NULL) {
+ goto bad;
+ }
m->m_len += iphlen;
m->m_data -= iphlen;
--
2.29.0

37
SOURCES/0005-tftp-check-tftp_input-buffer-size.patch
Unescape View File

@ -0,0 +1,37 @@ @@ -0,0 +1,37 @@
From 31aaf902aa6ba31ab8f41543b2d4da8c01f3b861 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 16:34:30 +0400
Subject: [PATCH 5/7] tftp: check tftp_input buffer size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: CVE-2021-3595
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/46

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 3f17948137155f025f7809fdc38576d5d2451c3d)
---
src/tftp.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/tftp.c b/src/tftp.c
index c6950ee..e06911d 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -446,7 +446,11 @@ static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
void tftp_input(struct sockaddr_storage *srcsas, struct mbuf *m)
{
- struct tftp_t *tp = (struct tftp_t *)m->m_data;
+ struct tftp_t *tp = mtod_check(m, offsetof(struct tftp_t, x.tp_buf));
+
+ if (tp == NULL) {
+ return;
+ }
switch (ntohs(tp->tp_op)) {
case TFTP_RRQ:
--
2.29.0

249
SOURCES/0006-tftp-introduce-a-header-structure.patch
Unescape View File

@ -0,0 +1,249 @@ @@ -0,0 +1,249 @@
From c8665ebbdadb72f7c2cb74b9704f68704c13653b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 20:01:20 +0400
Subject: [PATCH 6/7] tftp: introduce a header structure
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Instead of using a composed structure and potentially reading past the
incoming buffer, use a different structure for the header.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 990163cf3ac86b7875559f49602c4d76f46f6f30)
---
src/tftp.c | 60 ++++++++++++++++++++++++++++--------------------------
src/tftp.h | 6 +++++-
2 files changed, 36 insertions(+), 30 deletions(-)

diff --git a/src/tftp.c b/src/tftp.c
index e06911d..a19c889 100644
--- a/src/tftp.c
+++ b/src/tftp.c
@@ -50,7 +50,7 @@ static void tftp_session_terminate(struct tftp_session *spt)
}
static int tftp_session_allocate(Slirp *slirp, struct sockaddr_storage *srcsas,
- struct tftp_t *tp)
+ struct tftphdr *hdr)
{
struct tftp_session *spt;
int k;
@@ -75,7 +75,7 @@ found:
memcpy(&spt->client_addr, srcsas, sockaddr_size(srcsas));
spt->fd = -1;
spt->block_size = 512;
- spt->client_port = tp->udp.uh_sport;
+ spt->client_port = hdr->udp.uh_sport;
spt->slirp = slirp;
tftp_session_update(spt);
@@ -84,7 +84,7 @@ found:
}
static int tftp_session_find(Slirp *slirp, struct sockaddr_storage *srcsas,
- struct tftp_t *tp)
+ struct tftphdr *hdr)
{
struct tftp_session *spt;
int k;
@@ -94,7 +94,7 @@ static int tftp_session_find(Slirp *slirp, struct sockaddr_storage *srcsas,
if (tftp_session_in_use(spt)) {
if (sockaddr_equal(&spt->client_addr, srcsas)) {
- if (spt->client_port == tp->udp.uh_sport) {
+ if (spt->client_port == hdr->udp.uh_sport) {
return k;
}
}
@@ -148,13 +148,13 @@ static struct tftp_t *tftp_prep_mbuf_data(struct tftp_session *spt,
}
static void tftp_udp_output(struct tftp_session *spt, struct mbuf *m,
- struct tftp_t *recv_tp)
+ struct tftphdr *hdr)
{
if (spt->client_addr.ss_family == AF_INET6) {
struct sockaddr_in6 sa6, da6;
sa6.sin6_addr = spt->slirp->vhost_addr6;
- sa6.sin6_port = recv_tp->udp.uh_dport;
+ sa6.sin6_port = hdr->udp.uh_dport;
da6.sin6_addr = ((struct sockaddr_in6 *)&spt->client_addr)->sin6_addr;
da6.sin6_port = spt->client_port;
@@ -163,7 +163,7 @@ static void tftp_udp_output(struct tftp_session *spt, struct mbuf *m,
struct sockaddr_in sa4, da4;
sa4.sin_addr = spt->slirp->vhost_addr;
- sa4.sin_port = recv_tp->udp.uh_dport;
+ sa4.sin_port = hdr->udp.uh_dport;
da4.sin_addr = ((struct sockaddr_in *)&spt->client_addr)->sin_addr;
da4.sin_port = spt->client_port;
@@ -185,14 +185,14 @@ static int tftp_send_oack(struct tftp_session *spt, const char *keys[],
tp = tftp_prep_mbuf_data(spt, m);
- tp->tp_op = htons(TFTP_OACK);
+ tp->hdr.tp_op = htons(TFTP_OACK);
for (i = 0; i < nb; i++) {
n += slirp_fmt0(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%s", keys[i]);
n += slirp_fmt0(tp->x.tp_buf + n, sizeof(tp->x.tp_buf) - n, "%u", values[i]);
}
- m->m_len = G_SIZEOF_MEMBER(struct tftp_t, tp_op) + n;
- tftp_udp_output(spt, m, recv_tp);
+ m->m_len = G_SIZEOF_MEMBER(struct tftp_t, hdr.tp_op) + n;
+ tftp_udp_output(spt, m, &recv_tp->hdr);
return 0;
}
@@ -213,21 +213,21 @@ static void tftp_send_error(struct tftp_session *spt, uint16_t errorcode,
tp = tftp_prep_mbuf_data(spt, m);
- tp->tp_op = htons(TFTP_ERROR);
+ tp->hdr.tp_op = htons(TFTP_ERROR);
tp->x.tp_error.tp_error_code = htons(errorcode);
slirp_pstrcpy((char *)tp->x.tp_error.tp_msg, sizeof(tp->x.tp_error.tp_msg),
msg);
m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX + 2) + 3 +
strlen(msg) - sizeof(struct udphdr);
- tftp_udp_output(spt, m, recv_tp);
+ tftp_udp_output(spt, m, &recv_tp->hdr);
out:
tftp_session_terminate(spt);
}
static void tftp_send_next_block(struct tftp_session *spt,
- struct tftp_t *recv_tp)
+ struct tftphdr *hdr)
{
struct mbuf *m;
struct tftp_t *tp;
@@ -241,7 +241,7 @@ static void tftp_send_next_block(struct tftp_session *spt,
tp = tftp_prep_mbuf_data(spt, m);
- tp->tp_op = htons(TFTP_DATA);
+ tp->hdr.tp_op = htons(TFTP_DATA);
tp->x.tp_data.tp_block_nr = htons((spt->block_nr + 1) & 0xffff);
nobytes = tftp_read_data(spt, spt->block_nr, tp->x.tp_data.tp_buf,
@@ -259,7 +259,7 @@ static void tftp_send_next_block(struct tftp_session *spt,
m->m_len = sizeof(struct tftp_t) - (TFTP_BLOCKSIZE_MAX - nobytes) -
sizeof(struct udphdr);
- tftp_udp_output(spt, m, recv_tp);
+ tftp_udp_output(spt, m, hdr);
if (nobytes == spt->block_size) {
tftp_session_update(spt);
@@ -282,12 +282,12 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
int nb_options = 0;
/* check if a session already exists and if so terminate it */
- s = tftp_session_find(slirp, srcsas, tp);
+ s = tftp_session_find(slirp, srcsas, &tp->hdr);
if (s >= 0) {
tftp_session_terminate(&slirp->tftp_sessions[s]);
}
- s = tftp_session_allocate(slirp, srcsas, tp);
+ s = tftp_session_allocate(slirp, srcsas, &tp->hdr);
if (s < 0) {
return;
@@ -413,29 +413,29 @@ static void tftp_handle_rrq(Slirp *slirp, struct sockaddr_storage *srcsas,
}
spt->block_nr = 0;
- tftp_send_next_block(spt, tp);
+ tftp_send_next_block(spt, &tp->hdr);
}
static void tftp_handle_ack(Slirp *slirp, struct sockaddr_storage *srcsas,
- struct tftp_t *tp, int pktlen)
+ struct tftphdr *hdr)
{
int s;
- s = tftp_session_find(slirp, srcsas, tp);
+ s = tftp_session_find(slirp, srcsas, hdr);
if (s < 0) {
return;
}
- tftp_send_next_block(&slirp->tftp_sessions[s], tp);
+ tftp_send_next_block(&slirp->tftp_sessions[s], hdr);
}
static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
- struct tftp_t *tp, int pktlen)
+ struct tftphdr *hdr)
{
int s;
- s = tftp_session_find(slirp, srcsas, tp);
+ s = tftp_session_find(slirp, srcsas, hdr);
if (s < 0) {
return;
@@ -446,23 +446,25 @@ static void tftp_handle_error(Slirp *slirp, struct sockaddr_storage *srcsas,
void tftp_input(struct sockaddr_storage *srcsas, struct mbuf *m)
{
- struct tftp_t *tp = mtod_check(m, offsetof(struct tftp_t, x.tp_buf));
+ struct tftphdr *hdr = mtod_check(m, sizeof(struct tftphdr));
- if (tp == NULL) {
+ if (hdr == NULL) {
return;
}
- switch (ntohs(tp->tp_op)) {
+ switch (ntohs(hdr->tp_op)) {
case TFTP_RRQ:
- tftp_handle_rrq(m->slirp, srcsas, tp, m->m_len);
+ tftp_handle_rrq(m->slirp, srcsas,
+ mtod(m, struct tftp_t *),
+ m->m_len);
break;
case TFTP_ACK:
- tftp_handle_ack(m->slirp, srcsas, tp, m->m_len);
+ tftp_handle_ack(m->slirp, srcsas, hdr);
break;
case TFTP_ERROR:
- tftp_handle_error(m->slirp, srcsas, tp, m->m_len);
+ tftp_handle_error(m->slirp, srcsas, hdr);
break;
}
}
diff --git a/src/tftp.h b/src/tftp.h
index 6d75478..cafab03 100644
--- a/src/tftp.h
+++ b/src/tftp.h
@@ -20,9 +20,13 @@
#define TFTP_FILENAME_MAX 512
#define TFTP_BLOCKSIZE_MAX 1428
-struct tftp_t {
+struct tftphdr {
struct udphdr udp;
uint16_t tp_op;
+} SLIRP_PACKED;
+
+struct tftp_t {
+ struct tftphdr hdr;
union {
struct {
uint16_t tp_block_nr;
--
2.29.0

36
SOURCES/0007-udp-check-upd_input-buffer-size.patch
Unescape View File

@ -0,0 +1,36 @@ @@ -0,0 +1,36 @@
From ca41f7eaa58d3f63a3df58d812b3cec32343ab6a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
Date: Fri, 4 Jun 2021 16:40:23 +0400
Subject: [PATCH 7/7] udp: check upd_input buffer size
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Fixes: CVE-2021-3594
Fixes: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/47

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
(cherry picked from commit 74572be49247c8c5feae7c6e0b50c4f569ca9824)
---
src/udp.c | 5 ++++-
1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/udp.c b/src/udp.c
index 050cee4..e4578aa 100644
--- a/src/udp.c
+++ b/src/udp.c
@@ -94,7 +94,10 @@ void udp_input(register struct mbuf *m, int iphlen)
/*
* Get IP and UDP header together in first mbuf.
*/
- ip = mtod(m, struct ip *);
+ ip = mtod_check(m, iphlen + sizeof(struct udphdr));
+ if (ip == NULL) {
+ goto bad;
+ }
uh = (struct udphdr *)((char *)ip + iphlen);
/*
--
2.29.0

124
SPECS/libslirp.spec
Unescape View File

@ -0,0 +1,124 @@ @@ -0,0 +1,124 @@
Name: libslirp
Version: 4.4.0
Release: 7%{?dist}
Summary: A general purpose TCP-IP emulator

# check the SPDX tags in source files for details
License: BSD and MIT
URL: https://gitlab.freedesktop.org/slirp/%{name}
Source0: %{url}/-/archive/v%{version}/%{name}-%{version}.tar.xz
Patch0001: 0001-Add-mtod_check.patch
Patch0002: 0002-bootp-limit-vendor-specific-area-to-input-packet-mem.patch
Patch0003: 0003-bootp-check-bootp_input-buffer-size.patch
Patch0004: 0004-upd6-check-udp6_input-buffer-size.patch
Patch0005: 0005-tftp-check-tftp_input-buffer-size.patch
Patch0006: 0006-tftp-introduce-a-header-structure.patch
Patch0007: 0007-udp-check-upd_input-buffer-size.patch
Patch0008: 0001-Fix-DHCP-broken-in-libslirp-v4.6.0.patch
Patch0009: 0001-New-utility-slirp_ether_ntoa.patch
Patch00010: 0002-Replace-inet_ntoa-with-safer-inet_ntop.patch


BuildRequires: git-core
BuildRequires: meson
BuildRequires: gcc
BuildRequires: glib2-devel

%description
A general purpose TCP-IP emulator used by virtual machine hypervisors
to provide virtual networking services.


%package devel
Summary: Development files for %{name}
Requires: %{name}%{?_isa} = %{version}-%{release}

%description devel
The %{name}-devel package contains libraries and header files for
developing applications that use %{name}.


%prep
%autosetup -S git_am

%build
%meson
%meson_build


%install
%meson_install


%files
%license COPYRIGHT
%doc README.md CHANGELOG.md
%{_libdir}/%{name}.so.0*

%files devel
%dir %{_includedir}/slirp/
%{_includedir}/slirp/*
%{_libdir}/%{name}.so
%{_libdir}/pkgconfig/slirp.pc


%changelog
* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 4.4.0-7
- fix also socket.c, thanks to Marc-André Lureau
- Related: #2000051

* Fri Feb 11 2022 Jindrich Novy <jnovy@redhat.com> - 4.4.0-6
- add patches fixing gating tests from Marc-André Lureau
- Related: #2000051

* Wed Feb 09 2022 Jindrich Novy <jnovy@redhat.com> - 4.4.0-5
- add gating.yaml
- Related: #2000051

* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.0-4
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688

* Fri Jun 18 2021 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.4.0-3
- Fix CVE-2021-3592 CVE-2021-3593 CVE-2021-3594 CVE-2021-3595 out-of-bounds access
Resolves: rhbz#1970826 rhbz#1970839 rhbz#1970857 rhbz#1970847

* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 4.4.0-2
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937

* Wed Dec 2 18:19:30 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.4.0-1
- new version

* Fri Nov 27 20:10:28 +04 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.3.1-3
- Fix CVE-2020-29129 CVE-2020-29130 out-of-bounds access while processing ARP/NCSI packets
rhbz#1902232

* Tue Jul 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.3.1-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

* Wed Jul 08 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.3.1-1
- New v4.3.1 release

* Thu Apr 23 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.3.0-1
- New v4.3.0 release

* Mon Apr 20 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.2.0-2
- CVE-2020-1983 fix

* Tue Mar 17 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.2.0-1
- New v4.2.0 release

* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

* Tue Dec 03 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.1.0-1
- New v4.1.0 release

* Fri Aug 2 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.0.0-3
- Fix CVE-2019-14378, rhbz#1735654

* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild

* Wed May 22 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.0.0-1
- Initial package, rhbz#1712980
Write Preview
Loading…
Cancel
Save