package/slirp: security bump to version 4.6.1

ffontaine · tpetazzoni · commit 61f6d0a8abf9 · 2021-07-03T23:27:28.000+02:00
mtod()-related buffer overflows (CVE-2021-3592 #44, CVE-2021-3593 #45, CVE-2021-3594 #47, CVE-2021-3595 #46). Drop patch (already in version) https://gitlab.freedesktop.org/slirp/libslirp/-/blob/v4.6.1/CHANGELOG.md Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com> Signed-off-by: Thomas Petazzoni <thomas.petazzoni@bootlin.com>
diff --git a/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch b/package/slirp/0001-slirp-check-pkt_len-before-reading-protocol-header.patch
diff --git a/package/slirp/slirp.hash b/package/slirp/slirp.hash
@@ -1,3 +1,3 @@
 # Locally computed:
-sha256  388b4b08a8cc0996cc5155cb027a097dc1a7f2cfe84b1121496608ab5366cc48  libslirp-4.3.1.tar.xz
+sha256  b8a22ac4d601ba16122a67827c0f4361785d4d283f21ff8ed48d4aa1e7693477  libslirp-4.6.1.tar.xz
 sha256  b28aecf4796a6a22054167f0a976de13d9db335669d37afd2dc7ea4c335e1e13  COPYRIGHT
diff --git a/package/slirp/slirp.mk b/package/slirp/slirp.mk
@@ -4,19 +4,14 @@
 #
 ################################################################################
 
-SLIRP_VERSION = 4.3.1
+SLIRP_VERSION = 4.6.1
 SLIRP_SOURCE = libslirp-$(SLIRP_VERSION).tar.xz
-# Other "official" tarballs don't ship .tarball-version resulting in a build
-# failure: https://gitlab.freedesktop.org/slirp/libslirp/-/issues/24
-SLIRP_SITE = https://elmarco.fedorapeople.org
+SLIRP_SITE = https://gitlab.freedesktop.org/slirp/libslirp/uploads/83b199ea6fcdfc0c243dfde8546ee4c9
 SLIRP_LICENSE = BSD-3-Clause
 SLIRP_LICENSE_FILES = COPYRIGHT
 SLIRP_CPE_ID_VENDOR = libslirp_project
 SLIRP_CPE_ID_PRODUCT = libslirp
 SLIRP_INSTALL_STAGING = YES
 SLIRP_DEPENDENCIES = libglib2
 
-# 0001-slirp-check-pkt_len-before-reading-protocol-header.patch
-SLIRP_IGNORE_CVES += CVE-2020-29129 CVE-2020-29130
-
 $(eval $(meson-package))
