Hello community, here is the log from the commit of package slirp4netns for openSUSE:Leap:15.2 checked in at 2020-05-12 11:31:32 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2/slirp4netns (Old) and /work/SRC/openSUSE:Leap:15.2/.slirp4netns.new.2738 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "slirp4netns" Tue May 12 11:31:32 2020 rev:5 rq:801193 version:0.4.5 Changes: -------- --- /work/SRC/openSUSE:Leap:15.2/slirp4netns/slirp4netns.changes 2020-04-08 12:48:08.546335167 +0200 +++ /work/SRC/openSUSE:Leap:15.2/.slirp4netns.new.2738/slirp4netns.changes 2020-05-12 11:31:45.447663334 +0200 @@ -1,0 +2,7 @@ +Mon May 4 10:51:25 UTC 2020 - Ralf Haferkamp <[email protected]> + +- Update to 0.4.5 (bsc#1170940) + * libslirp: update to v4.3.0: + * Fix use-afte-free in ip_reass() (CVE-2020-1983) + +------------------------------------------------------------------- Old: ---- slirp4netns-0.4.4.tar.xz New: ---- slirp4netns-0.4.5.tar.xz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ slirp4netns.spec ++++++ --- /var/tmp/diff_new_pack.paVoni/_old 2020-05-12 11:31:45.951664393 +0200 +++ /var/tmp/diff_new_pack.paVoni/_new 2020-05-12 11:31:45.955664402 +0200 @@ -17,7 +17,7 @@ Name: slirp4netns -Version: 0.4.4 +Version: 0.4.5 Release: 0 Summary: User-mode networking for unprivileged network namespaces License: GPL-2.0-only AND MIT AND BSD-2-Clause ++++++ _service ++++++ --- /var/tmp/diff_new_pack.paVoni/_old 2020-05-12 11:31:45.991664477 +0200 +++ /var/tmp/diff_new_pack.paVoni/_new 2020-05-12 11:31:45.991664477 +0200 @@ -4,8 +4,8 @@ <param name="url">https://github.com/rootless-containers/slirp4netns.git</param> <param name="scm">git</param> <param name="filename">slirp4netns</param> -<param name="versionformat">0.4.4</param> -<param name="revision">v0.4.4</param> +<param name="versionformat">0.4.5</param> +<param name="revision">v0.4.5</param> </service> <service name="recompress" mode="disabled"> ++++++ slirp4netns-0.4.4.tar.xz -> slirp4netns-0.4.5.tar.xz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/Dockerfile.buildtests new/slirp4netns-0.4.5/Dockerfile.buildtests --- old/slirp4netns-0.4.4/Dockerfile.buildtests 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/Dockerfile.buildtests 2020-04-23 11:23:02.000000000 +0200 @@ -30,7 +30,7 @@ FROM buildtest-centos76-common AS buildtest-centos76-static RUN yum install -y glibc-static glib2-static -RUN yum-config-manager --add-repo=https://cbs.centos.org/repos/virt7-container-common-candidate/x86_64/os/ && \ +RUN yum-config-manager --add-repo=https://buildlogs.centos.org/centos/7/virt/x86_64/container && \ yum install --nogpgcheck -y libseccomp-static RUN ./configure LDFLAGS="-static" && make && cp -f slirp4netns / diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/configure.ac new/slirp4netns-0.4.5/configure.ac --- old/slirp4netns-0.4.4/configure.ac 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/configure.ac 2020-04-23 11:23:02.000000000 +0200 @@ -1,5 +1,5 @@ AC_PREREQ([2.69]) -AC_INIT([slirp4netns], [0.4.4], [https://github.com/rootless-containers/slirp4netns/issues]) +AC_INIT([slirp4netns], [0.4.5], [https://github.com/rootless-containers/slirp4netns/issues]) AC_CONFIG_SRCDIR([main.c]) AC_CONFIG_HEADERS([config.h]) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/README.md new/slirp4netns-0.4.5/vendor/README.md --- old/slirp4netns-0.4.4/vendor/README.md 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/README.md 2020-04-23 11:23:02.000000000 +0200 @@ -1,7 +1,7 @@ # DO NOT EDIT MANUALLY Vendored components: -* libslirp: https://gitlab.freedesktop.org/slirp/libslirp.git (`daba14c3416fa9641ab4453a9a11e7f8bde08875`) +* libslirp: https://gitlab.freedesktop.org/slirp/libslirp.git (`3b478b0028d210518b5cc16ec9f208192ad31caa`) * parson: https://github.com/kgabis/parson.git (`70dc239f8f54c80bf58477b25435fd3dd3102804`) Please do not edit the contents under this directory manually. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/ip_input.c new/slirp4netns-0.4.5/vendor/libslirp/src/ip_input.c --- old/slirp4netns-0.4.4/vendor/libslirp/src/ip_input.c 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/ip_input.c 2020-04-23 11:23:02.000000000 +0200 @@ -327,8 +327,7 @@ */ q = fp->frag_link.next; m = dtom(slirp, q); - - int was_ext = m->m_flags & M_EXT; + int delta = (char *)q - (m->m_flags & M_EXT ? m->m_ext : m->m_dat); q = (struct ipasfrag *)q->ipf_next; while (q != (struct ipasfrag *)&fp->frag_link) { @@ -351,8 +350,7 @@ * then an m_ext buffer was alloced. But fp->ipq_next points to the old * buffer (in the mbuf), so we must point ip into the new buffer. */ - if (!was_ext && m->m_flags & M_EXT) { - int delta = (char *)q - m->m_dat; + if (m->m_flags & M_EXT) { q = (struct ipasfrag *)(m->m_ext + delta); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/libslirp-version.h new/slirp4netns-0.4.5/vendor/libslirp/src/libslirp-version.h --- old/slirp4netns-0.4.4/vendor/libslirp/src/libslirp-version.h 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/libslirp-version.h 2020-04-23 11:23:02.000000000 +0200 @@ -7,8 +7,9 @@ #endif #define SLIRP_MAJOR_VERSION 4 -#define SLIRP_MINOR_VERSION 2 +#define SLIRP_MINOR_VERSION 3 #define SLIRP_MICRO_VERSION 0 +#define SLIRP_VERSION_STRING "4.3.0-git" #define SLIRP_CHECK_VERSION(major,minor,micro) \ (SLIRP_MAJOR_VERSION > (major) || \ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/libslirp.h new/slirp4netns-0.4.5/vendor/libslirp/src/libslirp.h --- old/slirp4netns-0.4.4/vendor/libslirp/src/libslirp.h 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/libslirp.h 2020-04-23 11:23:02.000000000 +0200 @@ -67,7 +67,7 @@ } SlirpCb; #define SLIRP_CONFIG_VERSION_MIN 1 -#define SLIRP_CONFIG_VERSION_MAX 2 +#define SLIRP_CONFIG_VERSION_MAX 3 typedef struct SlirpConfig { /* Version must be provided */ @@ -109,6 +109,10 @@ */ struct sockaddr_in *outbound_addr; struct sockaddr_in6 *outbound_addr6; + /* + * Fields introduced in SlirpConfig version 3 begin + */ + bool disable_dns; /* slirp will not redirect/serve any DNS packet */ } SlirpConfig; Slirp *slirp_new(const SlirpConfig *cfg, const SlirpCb *callbacks, diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/slirp.c new/slirp4netns-0.4.5/vendor/libslirp/src/slirp.c --- old/slirp4netns-0.4.4/vendor/libslirp/src/slirp.c 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/slirp.c 2020-04-23 11:23:02.000000000 +0200 @@ -29,6 +29,11 @@ #include <net/if.h> #endif +/* https://gitlab.freedesktop.org/slirp/libslirp/issues/18 */ +#if defined(__NetBSD__) && defined(if_mtu) +#undef if_mtu +#endif + int slirp_debug; /* Define to 1 if you want KEEPALIVE timers */ @@ -333,6 +338,13 @@ slirp->outbound_addr = NULL; slirp->outbound_addr6 = NULL; } + + if (cfg->version >= 3) { + slirp->disable_dns = cfg->disable_dns; + } else { + slirp->disable_dns = false; + } + return slirp; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/slirp.h new/slirp4netns-0.4.5/vendor/libslirp/src/slirp.h --- old/slirp4netns-0.4.4/vendor/libslirp/src/slirp.h 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/slirp.h 2020-04-23 11:23:02.000000000 +0200 @@ -202,6 +202,7 @@ struct sockaddr_in *outbound_addr; struct sockaddr_in6 *outbound_addr6; + bool disable_dns; /* slirp will not redirect/serve any DNS packet */ }; void if_start(Slirp *); diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/socket.c new/slirp4netns-0.4.5/vendor/libslirp/src/socket.c --- old/slirp4netns-0.4.4/vendor/libslirp/src/socket.c 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/socket.c 2020-04-23 11:23:02.000000000 +0200 @@ -821,8 +821,8 @@ static bool sotranslate_out4(Slirp *s, struct socket *so, struct sockaddr_in *sin) { - if (so->so_faddr.s_addr == s->vnameserver_addr.s_addr) { - return get_dns_addr(&sin->sin_addr) >= 0; + if (!s->disable_dns && so->so_faddr.s_addr == s->vnameserver_addr.s_addr) { + return so->so_fport == htons(53) && get_dns_addr(&sin->sin_addr) >= 0; } if (so->so_faddr.s_addr == s->vhost_addr.s_addr || @@ -839,8 +839,13 @@ static bool sotranslate_out6(Slirp *s, struct socket *so, struct sockaddr_in6 *sin) { - if (in6_equal(&so->so_faddr6, &s->vnameserver_addr6)) { - return get_dns6_addr(&sin->sin6_addr, &sin->sin6_scope_id) >= 0; + if (!s->disable_dns && in6_equal(&so->so_faddr6, &s->vnameserver_addr6)) { + uint32_t scope_id; + if (so->so_fport == htons(53) && get_dns6_addr(&sin->sin6_addr, &scope_id) >= 0) { + sin->sin6_scope_id = scope_id; + return true; + } + return false; } if (in6_equal_net(&so->so_faddr6, &s->vprefix_addr6, s->vprefix_len) || diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor/libslirp/src/version.c new/slirp4netns-0.4.5/vendor/libslirp/src/version.c --- old/slirp4netns-0.4.4/vendor/libslirp/src/version.c 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor/libslirp/src/version.c 2020-04-23 11:23:02.000000000 +0200 @@ -1,11 +1,8 @@ /* SPDX-License-Identifier: BSD-3-Clause */ #include "libslirp.h" -#include "util.h" const char * slirp_version_string(void) { - return stringify(SLIRP_MAJOR_VERSION) "." - stringify(SLIRP_MINOR_VERSION) "." - stringify(SLIRP_MICRO_VERSION); + return SLIRP_VERSION_STRING; } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/slirp4netns-0.4.4/vendor.sh new/slirp4netns-0.4.5/vendor.sh --- old/slirp4netns-0.4.4/vendor.sh 2020-03-19 01:38:45.000000000 +0100 +++ new/slirp4netns-0.4.5/vendor.sh 2020-04-23 11:23:02.000000000 +0200 @@ -1,7 +1,7 @@ #!/bin/bash set -eux -o pipefail -# Mar 17, 2020 (v4.2.0) -LIBSLIRP_COMMIT=daba14c3416fa9641ab4453a9a11e7f8bde08875 +# Apr 22, 2020 (v4.3.0) +LIBSLIRP_COMMIT=3b478b0028d210518b5cc16ec9f208192ad31caa LIBSLIRP_REPO=https://gitlab.freedesktop.org/slirp/libslirp.git # Feb 21, 2020
