diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..48ea2f4 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/v1.1.8.tar.gz diff --git a/.slirp4netns.metadata b/.slirp4netns.metadata new file mode 100644 index 0000000..84c8057 --- /dev/null +++ b/.slirp4netns.metadata @@ -0,0 +1 @@ +9f7965d1151311e6af4be9d3c0093ff86f1a3e4d SOURCES/v1.1.8.tar.gz diff --git a/SOURCES/1.1.8-0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch b/SOURCES/1.1.8-0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch new file mode 100644 index 0000000..968c18d --- /dev/null +++ b/SOURCES/1.1.8-0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch @@ -0,0 +1,74 @@ +From 103cf5a3f83406f4a22b8d1899518e5fa4a351d8 Mon Sep 17 00:00:00 2001 +From: =?UTF-8?q?Marc-Andr=C3=A9=20Lureau?= +Date: Tue, 15 Feb 2022 11:46:06 +0400 +Subject: [PATCH] Replace deprecated inet_ntoa with safer inet_ntop +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +inet_ntoa() is a legacy API with MT issues. Use the recommended +alternative instead. This makes some code checkers happy, and could +potentially fix issues if other parts of the process were to use +inet_ntoa() at the same time.. + +Signed-off-by: Marc-André Lureau +--- + main.c | 20 ++++++++++---------- + 1 file changed, 10 insertions(+), 10 deletions(-) + +diff --git a/main.c b/main.c +index c79508e10f4d..2c38dc0da1af 100644 +--- a/main.c ++++ b/main.c +@@ -257,6 +257,7 @@ static int recvfd(int sock) + static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket, + struct slirp4netns_config *cfg, pid_t target_pid) + { ++ char str[INET6_ADDRSTRLEN]; + int rc, tapfd; + if ((tapfd = recvfd(sock)) < 0) { + return tapfd; +@@ -265,23 +266,22 @@ static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket, + close(sock); + printf("Starting slirp\n"); + printf("* MTU: %d\n", cfg->mtu); +- printf("* Network: %s\n", inet_ntoa(cfg->vnetwork)); +- printf("* Netmask: %s\n", inet_ntoa(cfg->vnetmask)); +- printf("* Gateway: %s\n", inet_ntoa(cfg->vhost)); +- printf("* DNS: %s\n", inet_ntoa(cfg->vnameserver)); +- printf("* Recommended IP: %s\n", inet_ntoa(cfg->recommended_vguest)); ++ printf("* Network: %s\n", inet_ntop(AF_INET, &cfg->vnetwork, str, sizeof(str))); ++ printf("* Netmask: %s\n", inet_ntop(AF_INET, &cfg->vnetmask, str, sizeof(str))); ++ printf("* Gateway: %s\n", inet_ntop(AF_INET, &cfg->vhost, str, sizeof(str))); ++ printf("* DNS: %s\n", inet_ntop(AF_INET, &cfg->vnameserver, str, sizeof(str))); ++ printf("* Recommended IP: %s\n", inet_ntop(AF_INET, &cfg->recommended_vguest, str, sizeof(str))); + if (api_socket != NULL) { + printf("* API Socket: %s\n", api_socket); + } + #if SLIRP_CONFIG_VERSION_MAX >= 2 + if (cfg->enable_outbound_addr) { + printf("* Outbound IPv4: %s\n", +- inet_ntoa(cfg->outbound_addr.sin_addr)); ++ inet_ntop(AF_INET, &cfg->outbound_addr.sin_addr, str, sizeof(str))); + } + if (cfg->enable_outbound_addr6) { +- char str[INET6_ADDRSTRLEN]; +- if (inet_ntop(AF_INET6, &cfg->outbound_addr6.sin6_addr, str, +- INET6_ADDRSTRLEN) != NULL) { ++ if (inet_ntop(AF_INET6, &cfg->outbound_addr6.sin6_addr, ++ str, sizeof(str)) != NULL) { + printf("* Outbound IPv6: %s\n", str); + } + } +@@ -290,7 +290,7 @@ static int parent(int sock, int ready_fd, int exit_fd, const char *api_socket, + printf( + "WARNING: 127.0.0.1:* on the host is accessible as %s (set " + "--disable-host-loopback to prohibit connecting to 127.0.0.1:*)\n", +- inet_ntoa(cfg->vhost)); ++ inet_ntop(AF_INET, &cfg->vhost, str, sizeof(str))); + } + if (cfg->enable_sandbox && geteuid() != 0) { + if ((rc = nsenter(target_pid, NULL, NULL, true)) < 0) { +-- +2.34.1.428.gdcc0cd074f0c + diff --git a/SPECS/slirp4netns.spec b/SPECS/slirp4netns.spec new file mode 100644 index 0000000..daefbbd --- /dev/null +++ b/SPECS/slirp4netns.spec @@ -0,0 +1,158 @@ +%global git0 https://github.com/rootless-containers/%{name} + +Name: slirp4netns +Version: 1.1.8 +Release: 2%{?dist} +Summary: slirp for network namespaces +License: GPLv2 +URL: %{git0} +# build fails on i686 with: No matching package to install: 'go-md2man' +ExcludeArch: i686 +Source0: %{git0}/archive/v%{version}.tar.gz +Patch0: 1.1.8-0001-Replace-deprecated-inet_ntoa-with-safer-inet_ntop.patch +BuildRequires: autoconf +BuildRequires: automake +BuildRequires: gcc +BuildRequires: glib2-devel +BuildRequires: git +BuildRequires: go-md2man +BuildRequires: libcap-devel +BuildRequires: libseccomp-devel +BuildRequires: make +BuildRequires: libslirp-devel + +%description +slirp for network namespaces, without copying buffers across the namespaces. + +%package devel +Summary: %{summary} +BuildArch: noarch + +%description devel +%{summary} + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. + +%prep +%autosetup -Sgit + +%build +export CFLAGS="%{optflags} -D_GNU_SOURCE -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64" +export LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" +./autogen.sh +./configure --prefix=%{_usr} --libdir=%{_libdir} +%{__make} generate-man + +%install +make DESTDIR=%{buildroot} install install-man + +%check + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%files +%license COPYING +%doc README.md +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1.gz + +%changelog +* Fri Feb 18 2022 Jindrich Novy - 1.1.8-2 +- fix gating - don't use insecure functions - thanks to Marc-André Lureau +- Related: #2001445 + +* Fri Dec 04 2020 Jindrich Novy - 1.1.8-1 +- update to + https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.8 +- Related: #1883490 + +* Thu Dec 03 2020 Jindrich Novy - 1.1.7-2 +- exclude i686 because of build failures +- Related: #1883490 + +* Thu Nov 26 2020 Jindrich Novy - 1.1.7-1 +- update to + https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.7 +- Related: #1883490 + +* Mon Nov 09 2020 Jindrich Novy - 1.1.6-2 +- - be sure to harden the linked binary +- Related: #1883490 + +* Thu Nov 05 2020 Jindrich Novy - 1.1.6-1 +- update to + https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.6 +- Related: #1883490 + +* Tue Aug 11 2020 Jindrich Novy - 1.1.4-2 +- use proper CFLAGS +- Related: #1821193 + +* Mon Jul 13 2020 Jindrich Novy - 1.1.4-1 +- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.4 +- Related: #1821193 + +* Thu Jul 09 2020 Jindrich Novy - 1.1.3-1 +- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.3 +- Related: #1821193 + +* Mon Jul 06 2020 Jindrich Novy - 1.1.2-1 +- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.2 +- Related: #1821193 + +* Fri Jun 05 2020 Jindrich Novy - 1.1.1-1 +- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.1 +- Related: #1821193 + +* Fri Jun 05 2020 Jindrich Novy - 1.1.0-1 +- update to https://github.com/rootless-containers/slirp4netns/releases/tag/v1.1.0 +- Related: #1821193 + +* Tue May 12 2020 Jindrich Novy - 1.0.1-1 +- update to https://github.com/rootless-containers/slirp4netns/archive/v1.0.1.tar.gz +- Related: #1821193 + +* Thu Feb 06 2020 Jindrich Novy - 0.4.2-3.git21fdece +- Fix CVE-2020-8608 +- Resolves: #1798979 + +* Thu Jan 16 2020 Jindrich Novy - 0.4.2-2.git21fdece +- Fix CVE-2020-7039. +Resolves: #1791576 + +* Mon Nov 25 2019 Jindrich Novy - 0.4.2-1.git21fdece +- update to latest 0.4.2, fixes bug 1763454 +- Related: RHELPLAN-25139 + +* Thu Oct 31 2019 Jindrich Novy - 0.4.0-2 +- add new BR: libseccomp-devel +- Related: #1766774 + +* Wed Oct 30 2019 Jindrich Novy - 0.4.0-1 +- update to v.0.4.0 +- sync with fedora spec +- drop applied CVE-2019-14378 patch +- Resolves: #1766774 + +* Thu Sep 26 2019 Jindrich Novy - 0.3.0-4 +- Fix CVE-2019-14378 (#1755595). + +* Fri Jun 07 2019 Lokesh Mandvekar - 0.3.0-3 +- Resolves: #1683217 - BR: glib2-devel + +* Fri Jun 07 2019 Lokesh Mandvekar - 0.3.0-2 +- Resolves: #1683217 - bump slirp4netns to v0.3.0 + +* Thu Feb 28 2019 Lokesh Mandvekar - 0.3.0-1.alpha.2.git30883b5 +- bump to v0.3.0-alpha.2 + +* Fri Nov 16 2018 Frantisek Kluknavsky - 0.1-2.dev.gitc4e1bc5 +- changed summary + +* Fri Aug 10 2018 Lokesh Mandvekar - 0.1-1.dev.gitc4e1bc5 +- First package for RHEL 8 +- import from Fedora rawhide +- Exclude ix86 and ppc64