diff --git a/.gitignore b/.gitignore index b876364..06322ba 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,5 @@ /libslirp-v4.0.0.tar.gz /libslirp-v4.1.0.tar.gz /libslirp-v4.2.0.tar.gz +/libslirp-v4.3.0.tar.gz +/libslirp-4.3.0.tar.xz diff --git a/0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch b/0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch deleted file mode 100644 index 3516a7f..0000000 --- a/0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 9bd6c5913271eabcb7768a58197ed3301fe19f2d Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= -Date: Sat, 4 Apr 2020 22:42:13 +0200 -Subject: [PATCH] Fix use-afte-free in ip_reass() (CVE-2020-1983) -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -The q pointer is updated when the mbuf data is moved from m_dat to -m_ext. - -m_ext buffer may also be realloc()'ed and moved during m_cat(): -q should also be updated in this case. - -Reported-by: Aviv Sasson -Signed-off-by: Marc-André Lureau -Reviewed-by: Samuel Thibault ---- - src/ip_input.c | 6 ++---- - 1 file changed, 2 insertions(+), 4 deletions(-) - -diff --git a/src/ip_input.c b/src/ip_input.c -index aa514ae..89a01d4 100644 ---- a/src/ip_input.c -+++ b/src/ip_input.c -@@ -327,8 +327,7 @@ insert: - */ - q = fp->frag_link.next; - m = dtom(slirp, q); -- -- int was_ext = m->m_flags & M_EXT; -+ int delta = (char *)q - (m->m_flags & M_EXT ? m->m_ext : m->m_dat); - - q = (struct ipasfrag *)q->ipf_next; - while (q != (struct ipasfrag *)&fp->frag_link) { -@@ -351,8 +350,7 @@ insert: - * then an m_ext buffer was alloced. But fp->ipq_next points to the old - * buffer (in the mbuf), so we must point ip into the new buffer. - */ -- if (!was_ext && m->m_flags & M_EXT) { -- int delta = (char *)q - m->m_dat; -+ if (m->m_flags & M_EXT) { - q = (struct ipasfrag *)(m->m_ext + delta); - } - --- -2.26.0.106.g9fadedd637 - diff --git a/libslirp.spec b/libslirp.spec index 135b3c2..4141ddb 100644 --- a/libslirp.spec +++ b/libslirp.spec @@ -1,14 +1,12 @@ Name: libslirp -Version: 4.2.0 -Release: 2%{?dist} +Version: 4.3.0 +Release: 1%{?dist} Summary: A general purpose TCP-IP emulator # check the SPDX tags in source files for details License: BSD and MIT URL: https://gitlab.freedesktop.org/slirp/%{name} -Source0: %{url}/-/archive/v%{version}/%{name}-v%{version}.tar.gz - -Patch0001: 0001-Fix-use-afte-free-in-ip_reass-CVE-2020-1983.patch +Source0: %{url}/-/archive/v%{version}/%{name}-%{version}.tar.xz BuildRequires: git-core BuildRequires: meson @@ -30,7 +28,7 @@ developing applications that use %{name}. %prep -%autosetup -S git_am -n %{name}-v%{version} +%autosetup -S git_am %build %meson @@ -54,6 +52,9 @@ developing applications that use %{name}. %changelog +* Thu Apr 23 2020 Marc-André Lureau - 4.3.0-1 +- New v4.3.0 release + * Mon Apr 20 2020 Marc-André Lureau - 4.2.0-2 - CVE-2020-1983 fix diff --git a/sources b/sources index 6f5bc92..78fda5b 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -SHA512 (libslirp-v4.2.0.tar.gz) = 514744ac8325857915b9946a76f4a55d48c8361b6167cd69c533086928ae06f059d923c5f057e92a0915921bb363b69d34a939a0bcc28233515125a5d1858d25 +SHA512 (libslirp-4.3.0.tar.xz) = 656a57878354b893503af69dfb11ab93dcf4728cc68bd0b6aa352073cbcf1b558924a5932e1996011002f72f5bddfb22ddaffc5a88078a61862c630d908e8beb