New v4.3.0 release

2020-04-23 14:22:21 +02:00 · 2020-04-23 14:22:21 +02:00 · 3640652443
commit 3640652443
parent 8496ac1f98
4 changed files with 10 additions and 55 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,3 +1,5 @@
 /libslirp-v4.0.0.tar.gz
 /libslirp-v4.1.0.tar.gz
 /libslirp-v4.2.0.tar.gz
+/libslirp-v4.3.0.tar.gz
+/libslirp-4.3.0.tar.xz
--- a/0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch
+++ b/0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch
@ -1,48 +0,0 @@
-From 9bd6c5913271eabcb7768a58197ed3301fe19f2d Mon Sep 17 00:00:00 2001
-From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
-Date: Sat, 4 Apr 2020 22:42:13 +0200
-Subject: [PATCH] Fix use-afte-free in ip_reass() (CVE-2020-1983)
-MIME-Version: 1.0
-Content-Type: text/plain; charset=UTF-8
-Content-Transfer-Encoding: 8bit
-
-The q pointer is updated when the mbuf data is moved from m_dat to
-m_ext.
-
-m_ext buffer may also be realloc()'ed and moved during m_cat():
-q should also be updated in this case.
-
-Reported-by: Aviv Sasson <asasson@paloaltonetworks.com>
-Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
-Reviewed-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
---
- src/ip_input.c | 6 ++----
- 1 file changed, 2 insertions(+), 4 deletions(-)
-
-diff --git a/src/ip_input.c b/src/ip_input.c
-index aa514ae..89a01d4 100644
--- a/src/ip_input.c
-+++ b/src/ip_input.c
-@@ -327,8 +327,7 @@ insert:
-      */
-     q = fp->frag_link.next;
-     m = dtom(slirp, q);
-
-    int was_ext = m->m_flags & M_EXT;
-+    int delta = (char *)q - (m->m_flags & M_EXT ? m->m_ext : m->m_dat);
- 
-     q = (struct ipasfrag *)q->ipf_next;
-     while (q != (struct ipasfrag *)&fp->frag_link) {
-@@ -351,8 +350,7 @@ insert:
-      * then an m_ext buffer was alloced. But fp->ipq_next points to the old
-      * buffer (in the mbuf), so we must point ip into the new buffer.
-      */
-    if (!was_ext && m->m_flags & M_EXT) {
-        int delta = (char *)q - m->m_dat;
-+    if (m->m_flags & M_EXT) {
-         q = (struct ipasfrag *)(m->m_ext + delta);
-     }
- 
-- 
-2.26.0.106.g9fadedd637
-
--- a/libslirp.spec
+++ b/libslirp.spec
@ -1,14 +1,12 @@
 Name:           libslirp
-Version:        4.2.0
-Release:        2%{?dist}
+Version:        4.3.0
+Release:        1%{?dist}
 Summary:        A general purpose TCP-IP emulator

 # check the SPDX tags in source files for details
 License:        BSD and MIT
 URL:            https://gitlab.freedesktop.org/slirp/%{name}
-Source0:        %{url}/-/archive/v%{version}/%{name}-v%{version}.tar.gz
-
-Patch0001:      0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch
+Source0:        %{url}/-/archive/v%{version}/%{name}-%{version}.tar.xz

 BuildRequires:  git-core
 BuildRequires:  meson
@ -30,7 +28,7 @@ developing applications that use %{name}.


 %prep
-%autosetup -S git_am -n %{name}-v%{version}
+%autosetup -S git_am

 %build
 %meson
@ -54,6 +52,9 @@ developing applications that use %{name}.


 %changelog
+* Thu Apr 23 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.3.0-1
+- New v4.3.0 release
+
 * Mon Apr 20 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.2.0-2
 - CVE-2020-1983 fix

--- a/2
+++ b/2
@ -1 +1 @@
-SHA512 (libslirp-v4.2.0.tar.gz) = 514744ac8325857915b9946a76f4a55d48c8361b6167cd69c533086928ae06f059d923c5f057e92a0915921bb363b69d34a939a0bcc28233515125a5d1858d25
+SHA512 (libslirp-4.3.0.tar.xz) = 656a57878354b893503af69dfb11ab93dcf4728cc68bd0b6aa352073cbcf1b558924a5932e1996011002f72f5bddfb22ddaffc5a88078a61862c630d908e8beb