[PULL 1/2] Update libslirp to v4.5.0

marcandre.lureau@redhat.com posted 2 patches 6 months ago

[PULL 1/2] Update libslirp to v4.5.0

Posted by marcandre.lureau@redhat.com 6 months ago
From: Marc-André Lureau <marcandre.lureau@redhat.com>

Switch from stable-4.2 branch to upstream v4.5.0 release.

## [4.5.0] - 2021-05-18

### Added

 - IPv6 forwarding. !62 !75 !77
 - slirp_neighbor_info() to dump the ARP/NDP tables. !71

### Changed

 - Lazy guest address resolution for IPv6. !81
 - Improve signal handling when spawning a child. !61
 - Set macOS deployment target to macOS 10.4. !72
 - slirp_add_hostfwd: Ensure all error paths set errno. !80
 - More API documentation.

### Fixed

 - Assertion failure on unspecified IPv6 address. !86
 - Disable polling for PRI on MacOS, fixing some closing streams issues. !73
 - Various memory leak fixes on fastq/batchq. !68
 - Memory leak on IPv6 fast-send. !67
 - Slow socket response on Windows. !64
 - Misc build and code cleanups. !60 !63 !76 !79 !84

## [4.4.0] - 2020-12-02

### Added

 - udp, udp6, icmp: handle TTL value. !48
 - Enable forwarding ICMP errors. !49
 - Add DNS resolving for iOS. !54

### Changed

 - Improve meson subproject() support. !53
 - Removed Makefile-based build system. !56

### Fixed

 - socket: consume empty packets. !55
 - check pkt_len before reading protocol header (CVE-2020-29129). !57
 - ip_stripoptions use memmove (fixes undefined behaviour). !47
 - various Coverity-related changes/fixes.

## [4.3.1] - 2020-07-08

### Changed

 - A silent truncation could occur in `slirp_fmt()`, which will now print a
   critical message. See also #22.

### Fixed

 - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data leakage.
   See !44 and !42.
 - Fix win32 builds by using the SLIRP_PACKED definition.
 - Various coverity scan errors fixed. !41
 - Fix new GCC warnings. !43

## [4.3.0] - 2020-04-22

### Added

 - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building from git
 - `SlirpConfig.disable_dns`, to disable DNS redirection #16

### Changed

 - `slirp_version_string()` now has the git sha suffix when building form git
 - Limit DNS redirection to port 53 #16

### Fixed

 - Fix build regression with mingw & NetBSD
 - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
Reviewed-by: Doug Evans <dje@google.com>
---
 slirp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/slirp b/slirp
index 8f43a99191..a62890e711 160000
--- a/slirp
+++ b/slirp
@@ -1 +1 @@
-Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
+Subproject commit a62890e71126795ca593affa747f669bed88e89c
-- 
2.29.0


Re: [PULL 1/2] Update libslirp to v4.5.0

Posted by Doug Evans 5 months, 1 week ago
Hi. Does anything more need to be done here?
I just checked and I don't see this patch in the tree yet but it could have
been due to pilot error.

On Sat, May 29, 2021 at 11:55 AM <marcandre.lureau@redhat.com> wrote:

> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>
> Switch from stable-4.2 branch to upstream v4.5.0 release.
>
> ## [4.5.0] - 2021-05-18
>
> ### Added
>
>  - IPv6 forwarding. !62 !75 !77
>  - slirp_neighbor_info() to dump the ARP/NDP tables. !71
>
> ### Changed
>
>  - Lazy guest address resolution for IPv6. !81
>  - Improve signal handling when spawning a child. !61
>  - Set macOS deployment target to macOS 10.4. !72
>  - slirp_add_hostfwd: Ensure all error paths set errno. !80
>  - More API documentation.
>
> ### Fixed
>
>  - Assertion failure on unspecified IPv6 address. !86
>  - Disable polling for PRI on MacOS, fixing some closing streams issues.
> !73
>  - Various memory leak fixes on fastq/batchq. !68
>  - Memory leak on IPv6 fast-send. !67
>  - Slow socket response on Windows. !64
>  - Misc build and code cleanups. !60 !63 !76 !79 !84
>
> ## [4.4.0] - 2020-12-02
>
> ### Added
>
>  - udp, udp6, icmp: handle TTL value. !48
>  - Enable forwarding ICMP errors. !49
>  - Add DNS resolving for iOS. !54
>
> ### Changed
>
>  - Improve meson subproject() support. !53
>  - Removed Makefile-based build system. !56
>
> ### Fixed
>
>  - socket: consume empty packets. !55
>  - check pkt_len before reading protocol header (CVE-2020-29129). !57
>  - ip_stripoptions use memmove (fixes undefined behaviour). !47
>  - various Coverity-related changes/fixes.
>
> ## [4.3.1] - 2020-07-08
>
> ### Changed
>
>  - A silent truncation could occur in `slirp_fmt()`, which will now print a
>    critical message. See also #22.
>
> ### Fixed
>
>  - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data
> leakage.
>    See !44 and !42.
>  - Fix win32 builds by using the SLIRP_PACKED definition.
>  - Various coverity scan errors fixed. !41
>  - Fix new GCC warnings. !43
>
> ## [4.3.0] - 2020-04-22
>
> ### Added
>
>  - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building
> from git
>  - `SlirpConfig.disable_dns`, to disable DNS redirection #16
>
> ### Changed
>
>  - `slirp_version_string()` now has the git sha suffix when building form
> git
>  - Limit DNS redirection to port 53 #16
>
> ### Fixed
>
>  - Fix build regression with mingw & NetBSD
>  - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)
>
> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
> Reviewed-by: Doug Evans <dje@google.com>
> ---
>  slirp | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/slirp b/slirp
> index 8f43a99191..a62890e711 160000
> --- a/slirp
> +++ b/slirp
> @@ -1 +1 @@
> -Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
> +Subproject commit a62890e71126795ca593affa747f669bed88e89c
> --
> 2.29.0
>
>
>

Re: [PULL 1/2] Update libslirp to v4.5.0

Posted by Marc-André Lureau 5 months, 1 week ago
Hi

On Fri, Jun 18, 2021 at 8:05 PM Doug Evans <dje@google.com> wrote:

> Hi. Does anything more need to be done here?
> I just checked and I don't see this patch in the tree yet but it could
> have been due to pilot error.
>
>
My pull request failed on Peter side for non-obvious reasons:
https://patchew.org/QEMU/20210529185522.78816-1-marcandre.lureau@redhat.com/
.

I can drop the patch for the meson build changes for now (although I would
really like to understand what's missing).

Anyway, we will want to update libslirp copy to 4.6.1 now (current git
master) which has recent CVE fixes.

On Sat, May 29, 2021 at 11:55 AM <marcandre.lureau@redhat.com> wrote:
>
>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>
>> Switch from stable-4.2 branch to upstream v4.5.0 release.
>>
>> ## [4.5.0] - 2021-05-18
>>
>> ### Added
>>
>>  - IPv6 forwarding. !62 !75 !77
>>  - slirp_neighbor_info() to dump the ARP/NDP tables. !71
>>
>> ### Changed
>>
>>  - Lazy guest address resolution for IPv6. !81
>>  - Improve signal handling when spawning a child. !61
>>  - Set macOS deployment target to macOS 10.4. !72
>>  - slirp_add_hostfwd: Ensure all error paths set errno. !80
>>  - More API documentation.
>>
>> ### Fixed
>>
>>  - Assertion failure on unspecified IPv6 address. !86
>>  - Disable polling for PRI on MacOS, fixing some closing streams issues.
>> !73
>>  - Various memory leak fixes on fastq/batchq. !68
>>  - Memory leak on IPv6 fast-send. !67
>>  - Slow socket response on Windows. !64
>>  - Misc build and code cleanups. !60 !63 !76 !79 !84
>>
>> ## [4.4.0] - 2020-12-02
>>
>> ### Added
>>
>>  - udp, udp6, icmp: handle TTL value. !48
>>  - Enable forwarding ICMP errors. !49
>>  - Add DNS resolving for iOS. !54
>>
>> ### Changed
>>
>>  - Improve meson subproject() support. !53
>>  - Removed Makefile-based build system. !56
>>
>> ### Fixed
>>
>>  - socket: consume empty packets. !55
>>  - check pkt_len before reading protocol header (CVE-2020-29129). !57
>>  - ip_stripoptions use memmove (fixes undefined behaviour). !47
>>  - various Coverity-related changes/fixes.
>>
>> ## [4.3.1] - 2020-07-08
>>
>> ### Changed
>>
>>  - A silent truncation could occur in `slirp_fmt()`, which will now print
>> a
>>    critical message. See also #22.
>>
>> ### Fixed
>>
>>  - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data
>> leakage.
>>    See !44 and !42.
>>  - Fix win32 builds by using the SLIRP_PACKED definition.
>>  - Various coverity scan errors fixed. !41
>>  - Fix new GCC warnings. !43
>>
>> ## [4.3.0] - 2020-04-22
>>
>> ### Added
>>
>>  - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building
>> from git
>>  - `SlirpConfig.disable_dns`, to disable DNS redirection #16
>>
>> ### Changed
>>
>>  - `slirp_version_string()` now has the git sha suffix when building form
>> git
>>  - Limit DNS redirection to port 53 #16
>>
>> ### Fixed
>>
>>  - Fix build regression with mingw & NetBSD
>>  - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)
>>
>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>> Reviewed-by: Doug Evans <dje@google.com>
>> ---
>>  slirp | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/slirp b/slirp
>> index 8f43a99191..a62890e711 160000
>> --- a/slirp
>> +++ b/slirp
>> @@ -1 +1 @@
>> -Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
>> +Subproject commit a62890e71126795ca593affa747f669bed88e89c
>> --
>> 2.29.0
>>
>>
>>

-- 
Marc-André Lureau

Re: [PULL 1/2] Update libslirp to v4.5.0

Posted by Doug Evans 4 months ago
Hi all.
Just checking in to see where we are.
I just checked and master is still using the older libslirp.

On Fri, Jun 18, 2021 at 11:14 AM Marc-André Lureau <
marcandre.lureau@gmail.com> wrote:

> Hi
>
> On Fri, Jun 18, 2021 at 8:05 PM Doug Evans <dje@google.com> wrote:
>
>> Hi. Does anything more need to be done here?
>> I just checked and I don't see this patch in the tree yet but it could
>> have been due to pilot error.
>>
>>
> My pull request failed on Peter side for non-obvious reasons:
> https://patchew.org/QEMU/20210529185522.78816-1-marcandre.lureau@redhat.com/
> .
>
> I can drop the patch for the meson build changes for now (although I would
> really like to understand what's missing).
>
> Anyway, we will want to update libslirp copy to 4.6.1 now (current git
> master) which has recent CVE fixes.
>
> On Sat, May 29, 2021 at 11:55 AM <marcandre.lureau@redhat.com> wrote:
>>
>>> From: Marc-André Lureau <marcandre.lureau@redhat.com>
>>>
>>> Switch from stable-4.2 branch to upstream v4.5.0 release.
>>>
>>> ## [4.5.0] - 2021-05-18
>>>
>>> ### Added
>>>
>>>  - IPv6 forwarding. !62 !75 !77
>>>  - slirp_neighbor_info() to dump the ARP/NDP tables. !71
>>>
>>> ### Changed
>>>
>>>  - Lazy guest address resolution for IPv6. !81
>>>  - Improve signal handling when spawning a child. !61
>>>  - Set macOS deployment target to macOS 10.4. !72
>>>  - slirp_add_hostfwd: Ensure all error paths set errno. !80
>>>  - More API documentation.
>>>
>>> ### Fixed
>>>
>>>  - Assertion failure on unspecified IPv6 address. !86
>>>  - Disable polling for PRI on MacOS, fixing some closing streams issues.
>>> !73
>>>  - Various memory leak fixes on fastq/batchq. !68
>>>  - Memory leak on IPv6 fast-send. !67
>>>  - Slow socket response on Windows. !64
>>>  - Misc build and code cleanups. !60 !63 !76 !79 !84
>>>
>>> ## [4.4.0] - 2020-12-02
>>>
>>> ### Added
>>>
>>>  - udp, udp6, icmp: handle TTL value. !48
>>>  - Enable forwarding ICMP errors. !49
>>>  - Add DNS resolving for iOS. !54
>>>
>>> ### Changed
>>>
>>>  - Improve meson subproject() support. !53
>>>  - Removed Makefile-based build system. !56
>>>
>>> ### Fixed
>>>
>>>  - socket: consume empty packets. !55
>>>  - check pkt_len before reading protocol header (CVE-2020-29129). !57
>>>  - ip_stripoptions use memmove (fixes undefined behaviour). !47
>>>  - various Coverity-related changes/fixes.
>>>
>>> ## [4.3.1] - 2020-07-08
>>>
>>> ### Changed
>>>
>>>  - A silent truncation could occur in `slirp_fmt()`, which will now
>>> print a
>>>    critical message. See also #22.
>>>
>>> ### Fixed
>>>
>>>  - CVE-2020-10756 - Drop bogus IPv6 messages that could lead to data
>>> leakage.
>>>    See !44 and !42.
>>>  - Fix win32 builds by using the SLIRP_PACKED definition.
>>>  - Various coverity scan errors fixed. !41
>>>  - Fix new GCC warnings. !43
>>>
>>> ## [4.3.0] - 2020-04-22
>>>
>>> ### Added
>>>
>>>  - `SLIRP_VERSION_STRING` macro, with the git sha suffix when building
>>> from git
>>>  - `SlirpConfig.disable_dns`, to disable DNS redirection #16
>>>
>>> ### Changed
>>>
>>>  - `slirp_version_string()` now has the git sha suffix when building
>>> form git
>>>  - Limit DNS redirection to port 53 #16
>>>
>>> ### Fixed
>>>
>>>  - Fix build regression with mingw & NetBSD
>>>  - Fix use-afte-free in `ip_reass()` (CVE-2020-1983)
>>>
>>> Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
>>> Reviewed-by: Doug Evans <dje@google.com>
>>> ---
>>>  slirp | 2 +-
>>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>>
>>> diff --git a/slirp b/slirp
>>> index 8f43a99191..a62890e711 160000
>>> --- a/slirp
>>> +++ b/slirp
>>> @@ -1 +1 @@
>>> -Subproject commit 8f43a99191afb47ca3f3c6972f6306209f367ece
>>> +Subproject commit a62890e71126795ca593affa747f669bed88e89c
>>> --
>>> 2.29.0
>>>
>>>
>>>
>
> --
> Marc-André Lureau
>