commit 9790207338ed19ce4afd3297ff27668e452fec12 Author: CentOS Sources Date: Tue Nov 5 14:04:24 2019 -0500 import slirp4netns-0.1-3.dev.gitc4e1bc5.module+el8.1.0+4308+9d868e48 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..85cb472 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/slirp4netns-c4e1bc5.tar.gz diff --git a/.slirp4netns.metadata b/.slirp4netns.metadata new file mode 100644 index 0000000..04c495f --- /dev/null +++ b/.slirp4netns.metadata @@ -0,0 +1 @@ +c80717510d48cfe56eec27e93a4fe92182faca0b SOURCES/slirp4netns-c4e1bc5.tar.gz diff --git a/SOURCES/slirp4netns-CVE-2019-14378.patch b/SOURCES/slirp4netns-CVE-2019-14378.patch new file mode 100644 index 0000000..9696269 --- /dev/null +++ b/SOURCES/slirp4netns-CVE-2019-14378.patch @@ -0,0 +1,34 @@ +From 126c04acbabd7ad32c2b018fe10dfac2a3bc1210 Mon Sep 17 00:00:00 2001 +From: Samuel Thibault +Date: Sun, 28 Jul 2019 19:11:24 +0200 +Subject: [PATCH] Fix heap overflow in ip_reass on big packet input + +When the first fragment does not fit in the preallocated buffer, q will +already be pointing to the ext buffer, so we mustn't try to update it. + +Signed-off-by: Samuel Thibault +--- + src/ip_input.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff -up ./slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c.CVE-2019-14378 ./slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c +--- slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c.CVE-2019-14378 2019-09-27 11:04:30.215413671 +0200 ++++ slirp4netns-c4e1bc5a5e6987f3a352ca524f13320a2d483398/qemu/slirp/ip_input.c 2019-09-27 11:04:30.216413682 +0200 +@@ -333,6 +333,8 @@ insert: + q = fp->frag_link.next; + m = dtom(slirp, q); + ++ int was_ext = m->m_flags & M_EXT; ++ + q = (struct ipasfrag *) q->ipf_next; + while (q != (struct ipasfrag*)&fp->frag_link) { + struct mbuf *t = dtom(slirp, q); +@@ -355,7 +357,7 @@ insert: + * the old buffer (in the mbuf), so we must point ip + * into the new buffer. + */ +- if (m->m_flags & M_EXT) { ++ if (!was_ext && m->m_flags & M_EXT) { + int delta = (char *)q - m->m_dat; + q = (struct ipasfrag *)(m->m_ext + delta); + } diff --git a/SPECS/slirp4netns.spec b/SPECS/slirp4netns.spec new file mode 100644 index 0000000..d292425 --- /dev/null +++ b/SPECS/slirp4netns.spec @@ -0,0 +1,68 @@ +%global git0 https://github.com/rootless-containers/%{name} +%global commit0 c4e1bc5a5e6987f3a352ca524f13320a2d483398 +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) + +Name: slirp4netns +Version: 0.1 +Release: 3.dev.git%{shortcommit0}%{?dist} +# no go-md2man in ix86 and ppc64 +ExcludeArch: %{ix86} ppc64 +Summary: slirp for network namespaces +License: GPLv2 +URL: %{git0} +Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Patch0: slirp4netns-CVE-2019-14378.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: make + +%description +User-mode networking for unprivileged network namespaces. + +%package devel +Summary: %{summary} +BuildArch: noarch + +%description devel +%{summary} + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. + +%prep +%autosetup -Sgit -n %{name}-%{commit0} + +%build +./autogen.sh +./configure --prefix=%{_usr} --libdir=%{_libdir} +%{__make} generate-man + +%install +make DESTDIR=%{buildroot} install install-man + +%check + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license COPYING +%doc README.md +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1.gz + +%changelog +* Fri Sep 27 2019 Jindrich Novy - 0.1-3.dev.gitc4e1bc5 +- Fix CVE-2019-14378 (#1755595). + +* Fri Nov 16 2018 Frantisek Kluknavsky - 0.1-2.dev.gitc4e1bc5 +- changed summary + +* Fri Aug 10 2018 Lokesh Mandvekar - 0.1-1.dev.gitc4e1bc5 +- First package for RHEL 8 +- import from Fedora rawhide +- Exclude ix86 and ppc64