From 2db32df1bc1a42ae8e76a47c58bcfd063db0dc89 Mon Sep 17 00:00:00 2001
From: Jindrich Novy <jnovy@redhat.com>
Date: Tue, 15 Feb 2022 11:45:24 +0100
Subject: [PATCH] slirp4netns-1.1.12-3.el9
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- fix gating - don't use insecure functions - thanks to Marc-André Lureau
- Related: #2000051

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
---
 ...cated-inet_ntoa-with-safer-inet_ntop.patch | 78 +++++++++++++++++++
 slirp4netns.spec                              |  7 +-
 2 files changed, 84 insertions(+), 1 deletion(-)
 create mode 100644 0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch

diff --git a/0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch b/0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch
new file mode 100644
index 0000000..a4390aa
--- /dev/null
+++ b/0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch
@@ -0,0 +1,78 @@
+From 6db5ec8bba65b9eb3bbc0518ad74ed991126320d Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= <marcandre.lureau@redhat.com>
+Date: Tue, 15 Feb 2022 11:46:06 +0400
+Subject: [PATCH] Replace deprecated inet_ntoa with safer inet_ntop
+MIME-Version: 1.0
+Content-Type: text/plain; charset=UTF-8
+Content-Transfer-Encoding: 8bit
+
+inet_ntoa() is a legacy API with MT issues. Use the recommended
+alternative instead. This makes some code checkers happy, and could
+potentially fix issues if other parts of the process were to use
+inet_ntoa() at the same time..
+
+Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
+---
+ main.c | 24 ++++++++++++------------
+ 1 file changed, 12 insertions(+), 12 deletions(-)
+
+diff --git a/main.c b/main.c
+index 3bf585924f7c..109dc59eea29 100644
+--- a/main.c
++++ b/main.c
+@@ -336,6 +336,7 @@ static int recvfd(int sock)
+ static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket,
+                   struct slirp4netns_config *cfg, pid_t target_pid)
+ {
++    char str[INET6_ADDRSTRLEN];
+     int rc, tapfd;
+     struct in_addr vdhcp_end = {
+ #define NB_BOOTP_CLIENTS 16
+@@ -351,25 +352,24 @@ static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket,
+     close(sock);
+     printf("Starting slirp\n");
+     printf("* MTU:             %d\n", cfg->mtu);
+-    printf("* Network:         %s\n", inet_ntoa(cfg->vnetwork));
+-    printf("* Netmask:         %s\n", inet_ntoa(cfg->vnetmask));
+-    printf("* Gateway:         %s\n", inet_ntoa(cfg->vhost));
+-    printf("* DNS:             %s\n", inet_ntoa(cfg->vnameserver));
+-    printf("* DHCP begin:      %s\n", inet_ntoa(cfg->vdhcp_start));
+-    printf("* DHCP end:        %s\n", inet_ntoa(vdhcp_end));
+-    printf("* Recommended IP:  %s\n", inet_ntoa(cfg->recommended_vguest));
++    printf("* Network:         %s\n", inet_ntop(AF_INET, &cfg->vnetwork, str, sizeof(str)));
++    printf("* Netmask:         %s\n", inet_ntop(AF_INET, &cfg->vnetmask, str, sizeof(str)));
++    printf("* Gateway:         %s\n", inet_ntop(AF_INET, &cfg->vhost, str, sizeof(str)));
++    printf("* DNS:             %s\n", inet_ntop(AF_INET, &cfg->vnameserver, str, sizeof(str)));
++    printf("* DHCP begin:      %s\n", inet_ntop(AF_INET, &cfg->vdhcp_start, str, sizeof(str)));
++    printf("* DHCP end:        %s\n", inet_ntop(AF_INET, &vdhcp_end, str, sizeof(str)));
++    printf("* Recommended IP:  %s\n", inet_ntop(AF_INET, &cfg->recommended_vguest, str, sizeof(str)));
+     if (api_socket != NULL) {
+         printf("* API Socket:      %s\n", api_socket);
+     }
+ #if SLIRP_CONFIG_VERSION_MAX >= 2
+     if (cfg->enable_outbound_addr) {
+         printf("* Outbound IPv4:    %s\n",
+-               inet_ntoa(cfg->outbound_addr.sin_addr));
++               inet_ntop(AF_INET, &cfg->outbound_addr.sin_addr, str, sizeof(str)));
+     }
+     if (cfg->enable_outbound_addr6) {
+-        char str[INET6_ADDRSTRLEN];
+-        if (inet_ntop(AF_INET6, &cfg->outbound_addr6.sin6_addr, str,
+-                      INET6_ADDRSTRLEN) != NULL) {
++        if (inet_ntop(AF_INET6, &cfg->outbound_addr6.sin6_addr,
++                      str, sizeof(str)) != NULL) {
+             printf("* Outbound IPv6:    %s\n", str);
+         }
+     }
+@@ -383,7 +383,7 @@ static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket,
+         printf(
+             "WARNING: 127.0.0.1:* on the host is accessible as %s (set "
+             "--disable-host-loopback to prohibit connecting to 127.0.0.1:*)\n",
+-            inet_ntoa(cfg->vhost));
++            inet_ntop(AF_INET, &cfg->vhost, str, sizeof(str)));
+     }
+     if (cfg->enable_sandbox && geteuid() != 0) {
+         if ((rc = nsenter(target_pid, NULL, NULL, true)) < 0) {
+-- 
+2.34.1.428.gdcc0cd074f0c
+
diff --git a/slirp4netns.spec b/slirp4netns.spec
index d63b440..c2e16b1 100644
--- a/slirp4netns.spec
+++ b/slirp4netns.spec
@@ -2,13 +2,14 @@
 
 Name: slirp4netns
 Version: 1.1.12
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: slirp for network namespaces
 License: GPLv2
 URL: %{git0}
 # build fails on i686 with: No matching package to install: 'go-md2man'
 ExcludeArch: i686
 Source0: %{git0}/archive/v%{version}.tar.gz
+Patch0: 0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch
 BuildRequires: autoconf
 BuildRequires: automake
 BuildRequires: gcc
@@ -59,6 +60,10 @@ make DESTDIR=%{buildroot} install install-man
 %{_mandir}/man1/%{name}.1.gz
 
 %changelog
+* Tue Feb 15 2022 Jindrich Novy <jnovy@redhat.com> - 1.1.12-3
+- fix gating - don't use insecure functions - thanks to Marc-André Lureau
+- Related: #2000051
+
 * Tue Feb 15 2022 Jindrich Novy <jnovy@redhat.com> - 1.1.12-2
 - add gating.yaml
 - Related: #2000051