import slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48

2019-11-05 14:04:24 -05:00 · 2019-11-05 14:04:24 -05:00 · 9790207338
commit 9790207338
4 changed files with 104 additions and 0 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+SOURCES/slirp4netns-c4e1bc5.tar.gz
--- a/.slirp4netns.metadata
+++ b/.slirp4netns.metadata
@ -0,0 +1 @@
+c80717510d48cfe56eec27e93a4fe92182faca0b SOURCES/slirp4netns-c4e1bc5.tar.gz
--- a/SOURCES/slirp4netns-CVE-2019-14378.patch
+++ b/SOURCES/slirp4netns-CVE-2019-14378.patch
@ -0,0 +1,34 @@
+From 126c04acbabd7ad32c2b018fe10dfac2a3bc1210 Mon Sep 17 00:00:00 2001
+From: Samuel Thibault <samuel.thibault@ens-lyon.org>
+Date: Sun, 28 Jul 2019 19:11:24 +0200
+Subject: [PATCH] Fix heap overflow in ip_reass on big packet input
+
+When the first fragment does not fit in the preallocated buffer, q will
+already be pointing to the ext buffer, so we mustn't try to update it.
+
+Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
+---
+ src/ip_input.c | 4 +++-
+ 1 file changed, 3 insertions(+), 1 deletion(-)
+
+diff -up ./slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c.CVE-2019-14378 ./slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c
+--- slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c.CVE-2019-14378	2019-09-27 11:04:30.215413671 +0200
+++ slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c	2019-09-27 11:04:30.216413682 +0200
+@@ -333,6 +333,8 @@ insert:
+     q = fp->frag_link.next;
+ 	m = dtom(slirp, q);
+ 
+	int was_ext = m->m_flags & M_EXT;
+
+ 	q = (struct ipasfrag *) q->ipf_next;
+ 	while (q != (struct ipasfrag*)&fp->frag_link) {
+ 	  struct mbuf *t = dtom(slirp, q);
+@@ -355,7 +357,7 @@ insert:
+ 	 * the old buffer (in the mbuf), so we must point ip
+ 	 * into the new buffer.
+ 	 */
+-	if (m->m_flags & M_EXT) {
+	if (!was_ext && m->m_flags & M_EXT) {
+ 	  int delta = (char *)q - m->m_dat;
+ 	  q = (struct ipasfrag *)(m->m_ext + delta);
+ 	}
--- a/SPECS/slirp4netns.spec
+++ b/SPECS/slirp4netns.spec
@ -0,0 +1,68 @@
+%global git0 https://github.com/rootless-containers/%{name}
+%global commit0 c4e1bc5a5e6987f3a352ca524f13320a2d483398
+%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
+
+Name: slirp4netns
+Version: 0.1
+Release: 3.dev.git%{shortcommit0}%{?dist}
+# no go-md2man in ix86 and ppc64
+ExcludeArch: %{ix86} ppc64
+Summary: slirp for network namespaces
+License: GPLv2
+URL: %{git0}
+Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
+Patch0: slirp4netns-CVE-2019-14378.patch
+BuildRequires: autoconf
+BuildRequires: automake
+BuildRequires: gcc
+BuildRequires: git
+BuildRequires: go-md2man
+BuildRequires: make
+
+%description
+User-mode networking for unprivileged network namespaces.
+
+%package devel
+Summary: %{summary}
+BuildArch: noarch
+
+%description devel
+%{summary}
+
+This package contains library source intended for
+building other packages which use import path with
+%{import_path} prefix.
+
+%prep
+%autosetup -Sgit -n %{name}-%{commit0}
+
+%build
+./autogen.sh
+./configure --prefix=%{_usr} --libdir=%{_libdir}
+%{__make} generate-man
+
+%install
+make DESTDIR=%{buildroot} install install-man
+
+%check
+
+#define license tag if not already defined
+%{!?_licensedir:%global license %doc}
+
+%files
+%license COPYING
+%doc README.md
+%{_bindir}/%{name}
+%{_mandir}/man1/%{name}.1.gz
+
+%changelog
+* Fri Sep 27 2019 Jindrich Novy <jnovy@redhat.com> - 0.1-3.dev.gitc4e1bc5
+- Fix CVE-2019-14378 (#1755595).
+
+* Fri Nov 16 2018 Frantisek Kluknavsky <fkluknav@redhat.com> - 0.1-2.dev.gitc4e1bc5
+- changed summary
+
+* Fri Aug 10 2018 Lokesh Mandvekar <lsm5@redhat.com> - 0.1-1.dev.gitc4e1bc5
+- First package for RHEL 8
+- import from Fedora rawhide
+- Exclude ix86 and ppc64
				`@ -0,0 +1 @@`
				`c80717510d48cfe56eec27e93a4fe92182faca0b SOURCES/slirp4netns-c4e1bc5.tar.gz`