import libslirp-4.3.0-3.module+el8.3.0+7084+c16098dd

.gitignore

@@ -0,0 +1 @@
+SOURCES/libslirp-4.3.0.tar.xz

.libslirp.metadata

@@ -0,0 +1 @@
+09f0c96d08a37a21eda73f4df8fb81a321361ad4 SOURCES/libslirp-4.3.0.tar.xz

SOURCES/libslirp-coverity.patch

@@ -0,0 +1,191 @@
+From 0b83636e914a894b324836e3fb2f20a2f7599fc4 Mon Sep 17 00:00:00 2001
+From: Jindrich Novy <jnovy@redhat.com>
+Date: Wed, 27 May 2020 11:01:02 +0200
+Subject: [PATCH] Fix possible infinite loops and use-after-free
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error: USE_AFTER_FREE (CWE-416): [#def1]
+libslirp-4.3.0/src/ip_icmp.c:79: freed_arg: "icmp_detach" frees "slirp->icmp.so_next".
+libslirp-4.3.0/src/ip_icmp.c:79: deref_arg: Calling "icmp_detach" dereferences freed pointer "slirp->icmp.so_next".
+   77|   {
+   78|       while (slirp->icmp.so_next != &slirp->icmp) {
+   79|->         icmp_detach(slirp->icmp.so_next);
+   80|       }
+   81|   }
+
+Error: USE_AFTER_FREE (CWE-416): [#def27]
+libslirp-4.3.0/src/udp.c:56: freed_arg: "udp_detach" frees "slirp->udb.so_next".
+libslirp-4.3.0/src/udp.c:56: deref_arg: Calling "udp_detach" dereferences freed pointer "slirp->udb.so_next".
+   54|   {
+   55|       while (slirp->udb.so_next != &slirp->udb) {
+   56|->         udp_detach(slirp->udb.so_next);
+   57|       }
+   58|   }
+
+Signed-off-by: Jindrich Novy <jnovy@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ src/ip_icmp.c | 7 +++++--
+ src/udp.c     | 5 ++++-
+ 2 files changed, 9 insertions(+), 3 deletions(-)
+
+diff --git a/src/ip_icmp.c b/src/ip_icmp.c
+index fe0add4..7533595 100644
+--- libslirp-4.3.0/src/ip_icmp.c
++++ libslirp-4.3.0/src/ip_icmp.c
+@@ -75,8 +75,11 @@ void icmp_init(Slirp *slirp)
+ 
+ void icmp_cleanup(Slirp *slirp)
+ {
+-    while (slirp->icmp.so_next != &slirp->icmp) {
+-        icmp_detach(slirp->icmp.so_next);
++    struct socket *so, *so_next;
++
++    for (so = slirp->icmp.so_next; so != &slirp->icmp; so = so_next) {
++        so_next = so->so_next;
++        icmp_detach(so);
+     }
+ }
+ 
+diff --git a/src/udp.c b/src/udp.c
+index 6bde20f..9ed1e74 100644
+--- libslirp-4.3.0/src/udp.c
++++ libslirp-4.3.0/src/udp.c
+@@ -52,7 +52,10 @@ void udp_init(Slirp *slirp)
+ 
+ void udp_cleanup(Slirp *slirp)
+ {
+-    while (slirp->udb.so_next != &slirp->udb) {
++    struct socket *so, *so_next;
++
++    for (so = slirp->udb.so_next; so != &slirp->udb; so = so_next) {
++        so_next = so->so_next;
+         udp_detach(slirp->udb.so_next);
+     }
+ }
+-- 
+2.26.2
+
+From 2d79c0b7d78e55624790a102fbd924a4259eef16 Mon Sep 17 00:00:00 2001
+From: Jindrich Novy <jnovy@redhat.com>
+Date: Wed, 27 May 2020 11:07:19 +0200
+Subject: [PATCH] Use secure string copy to avoid overflow
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error: STRING_OVERFLOW (CWE-120): [#def2]
+libslirp-4.3.0/src/ip_icmp.c:277: fixed_size_dest: You might overrun the 20-character fixed-size string "bufa" by copying the return value of "inet_ntoa" without checking the length.
+  275|       if (slirp_debug & DBG_MISC) {
+  276|           char bufa[20], bufb[20];
+  277|->         strcpy(bufa, inet_ntoa(ip->ip_src));
+  278|           strcpy(bufb, inet_ntoa(ip->ip_dst));
+  279|           DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
+
+Error: STRING_OVERFLOW (CWE-120): [#def3]
+libslirp-4.3.0/src/ip_icmp.c:278: fixed_size_dest: You might overrun the 20-character fixed-size string "bufb" by copying the return value of "inet_ntoa" without checking the length.
+  276|           char bufa[20], bufb[20];
+  277|           strcpy(bufa, inet_ntoa(ip->ip_src));
+  278|->         strcpy(bufb, inet_ntoa(ip->ip_dst));
+  279|           DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
+  280|       }
+
+Signed-off-by: Jindrich Novy <jnovy@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ src/ip_icmp.c | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/src/ip_icmp.c b/src/ip_icmp.c
+index 7533595..13a0e55 100644
+--- libslirp-4.3.0/src/ip_icmp.c
++++ libslirp-4.3.0/src/ip_icmp.c
+@@ -277,8 +277,8 @@ void icmp_send_error(struct mbuf *msrc, uint8_t type, uint8_t code, int minsize,
+     ip = mtod(msrc, struct ip *);
+     if (slirp_debug & DBG_MISC) {
+         char bufa[20], bufb[20];
+-        strcpy(bufa, inet_ntoa(ip->ip_src));
+-        strcpy(bufb, inet_ntoa(ip->ip_dst));
++        slirp_pstrcpy(bufa, sizeof(bufa), inet_ntoa(ip->ip_src));
++        slirp_pstrcpy(bufb, sizeof(bufb), inet_ntoa(ip->ip_dst));
+         DEBUG_MISC(" %.16s to %.16s", bufa, bufb);
+     }
+     if (ip->ip_off & IP_OFFMASK)
+-- 
+2.26.2
+
+From 961a676e93fe7d599d3856e63bd132fe0d2decb2 Mon Sep 17 00:00:00 2001
+From: Jindrich Novy <jnovy@redhat.com>
+Date: Wed, 27 May 2020 11:16:57 +0200
+Subject: [PATCH] Check lseek() for failure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error: CHECKED_RETURN (CWE-252): [#def26]
+libslirp-4.3.0/src/tftp.c:121: check_return: Calling "lseek(spt->fd, block_nr * spt->block_size, 0)" without checking return value. This library function may fail and return an error code.
+  119|
+  120|       if (len) {
+  121|->         lseek(spt->fd, block_nr * spt->block_size, SEEK_SET);
+  122|
+  123|           bytes_read = read(spt->fd, buf, len);
+
+Signed-off-by: Jindrich Novy <jnovy@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ src/tftp.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff --git a/src/tftp.c b/src/tftp.c
+index c209145..c6950ee 100644
+--- libslirp-4.3.0/src/tftp.c
++++ libslirp-4.3.0/src/tftp.c
+@@ -118,7 +118,9 @@ static int tftp_read_data(struct tftp_session *spt, uint32_t block_nr,
+     }
+ 
+     if (len) {
+-        lseek(spt->fd, block_nr * spt->block_size, SEEK_SET);
++        if (lseek(spt->fd, block_nr * spt->block_size, SEEK_SET) == (off_t)-1) {
++            return -1;
++        }
+ 
+         bytes_read = read(spt->fd, buf, len);
+     }
+-- 
+2.26.2
+
+From b0fc01a6b8cf6a50a1af69845cca692cc42dd970 Mon Sep 17 00:00:00 2001
+From: Jindrich Novy <jnovy@redhat.com>
+Date: Wed, 27 May 2020 11:18:36 +0200
+Subject: [PATCH] Be sure to initialize sockaddr structure
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+Error: UNINIT (CWE-457): [#def30]
+libslirp-4.3.0/src/udp.c:325: var_decl: Declaring variable "addr" without initializer.
+libslirp-4.3.0/src/udp.c:342: uninit_use_in_call: Using uninitialized value "addr". Field "addr.sin_zero" is uninitialized when calling "bind".
+
+Signed-off-by: Jindrich Novy <jnovy@redhat.com>
+Reviewed-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ src/udp.c | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/src/udp.c b/src/udp.c
+index 9ed1e74..0ad44d7 100644
+--- libslirp-4.3.0/src/udp.c
++++ libslirp-4.3.0/src/udp.c
+@@ -329,6 +329,7 @@ struct socket *udp_listen(Slirp *slirp, uint32_t haddr, unsigned hport,
+     struct socket *so;
+     socklen_t addrlen = sizeof(struct sockaddr_in);
+ 
++    memset(&addr, 0, sizeof(addr));
+     so = socreate(slirp);
+     so->s = slirp_socket(AF_INET, SOCK_DGRAM, 0);
+     if (so->s < 0) {
+-- 
+2.26.2
+

SPECS/libslirp.spec

@@ -0,0 +1,89 @@
+Name:           libslirp
+Version:        4.3.0
+Release:        3%{?dist}
+Summary:        A general purpose TCP-IP emulator
+
+# check the SPDX tags in source files for details
+License:        BSD and MIT
+URL:            https://gitlab.freedesktop.org/slirp/%{name}
+Source0:        %{url}/-/archive/v%{version}/%{name}-%{version}.tar.xz
+# related bug: https://bugzilla.redhat.com/show_bug.cgi?id=1821193
+# backported:  https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41
+Patch0:         libslirp-coverity.patch
+
+BuildRequires:  git-core
+BuildRequires:  meson
+BuildRequires:  gcc
+BuildRequires:  glib2-devel
+
+%description
+A general purpose TCP-IP emulator used by virtual machine hypervisors
+to provide virtual networking services.
+
+
+%package        devel
+Summary:        Development files for %{name}
+Requires:       %{name}%{?_isa} = %{version}-%{release}
+
+%description    devel
+The %{name}-devel package contains libraries and header files for
+developing applications that use %{name}.
+
+
+%prep
+%autosetup -S git_am
+
+%build
+%meson
+%meson_build
+
+
+%install
+%meson_install
+
+
+%files
+%license COPYRIGHT
+%doc README.md CHANGELOG.md
+%{_libdir}/%{name}.so.0*
+
+%files devel
+%dir %{_includedir}/slirp/
+%{_includedir}/slirp/*
+%{_libdir}/%{name}.so
+%{_libdir}/pkgconfig/slirp.pc
+
+
+%changelog
+* Thu May 28 2020 Jindrich Novy <jnovy@redhat.com> - 4.3.0-3
+- fix static analysis issues merged upstream
+  (https://gitlab.freedesktop.org/slirp/libslirp/-/merge_requests/41)
+- Related: #1821193
+
+* Mon May 11 2020 Jindrich Novy <jnovy@redhat.com> - 4.3.0-2
+- initial libslirp build for container-tools 8.3.0 module
+- Resolves: #1821193
+
+* Thu Apr 23 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.3.0-1
+- New v4.3.0 release
+
+* Mon Apr 20 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.2.0-2
+- CVE-2020-1983 fix
+
+* Tue Mar 17 2020 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.2.0-1
+- New v4.2.0 release
+
+* Wed Jan 29 2020 Fedora Release Engineering <releng@fedoraproject.org> - 4.1.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
+
+* Tue Dec 03 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.1.0-1
+- New v4.1.0 release
+
+* Fri Aug  2 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.0.0-3
+- Fix CVE-2019-14378, rhbz#1735654
+
+* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 4.0.0-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
+
+* Wed May 22 2019 Marc-André Lureau <marcandre.lureau@redhat.com> - 4.0.0-1
+- Initial package, rhbz#1712980