Upstream update available: slirp4netns 1.3.3 → 1.3.4 #1

New issue

Open

opened 2026-05-27 03:55:39 +03:00 by sbelikov · 0 comments

sbelikov commented

2026-05-27 03:55:39 +03:00

Owner

Upstream update available: `slirp4netns` `1.3.3` → `1.3.4`

Package

Package: slirp4netns
RPM name: slirp4netns
Branch: niceos-5.2
Current EVR: 1.3.3-1
Update class: patch
Compare method: python_rpm
Update policy: leaf
Risk tags: github-upstream, network-facing

Upstream

Upstream type: github
Upstream project: rootless-containers/slirp4netns
Upstream URL: github.com — slirp4netns
Detected version: 1.3.4
Tag/release: v1.3.4
Source: github_release_latest
Published: 2026-05-26T14:27:22Z
Release URL: github.com — v1.3.4
Source URL: api.github.com — v1.3.4
Pre-release: False

Signals

Security-relevant keywords detected: False
Policy blocked: False
Policy reason: -
Labels: ai-summary, bot, needs-build, needs-triage, priority/medium, update/patch, upstream-update, upstream/github

NiceSOFT AI preliminary stability analysis

Analysis of Upstream Update for `slirp4netns` (Nai.S.OS)

1. Key Details

Version:
- Current: 1.3.3
- Latest: 1.3.4
Update Type:
- Patch (Minor): No source code changes, only binary updates.
Dependencies:
- Binaries are updated to use libslirp 4.9.2 (minor version).
Security Status:
- No CVEs or security fixes mentioned.
- Security Keywords detected by script: False (no actual security issues).

2. Risk Assessment

Risk Category	Rating	Details
Security	Low	No vulnerabilities detected. Binaries are updated to a minor version of a dependency, but no runtime changes or exploits are introduced.
ABI/API	Low	No source code changes. Binaries are statically linked, so no runtime ABI/API breakage.
Network-Facing	Low	No new network-related vulnerabilities or configurations.
Compatibility	Low	Binaries are updated to a minor version of a dependency. Ensure compatibility with existing system libraries (e.g., `libslirp`).

3. Recommendations

Verify Dependency Compatibility:
Confirm that libslirp 4.9.2 is compatible with your system's libraries (e.g., libslirp version).
Monitor for Future Updates:
Keep an eye on future patches for potential minor version upgrades.
Documentation:
Refer to the release notes for details on binary changes and dependencies.

4. Conclusion

The update is safe and low-risk for Nai.S.OS. It involves minor binary updates to a dependency (libslirp), with no changes to the source code or runtime components. The risk of security vulnerabilities or ABI/API breakage is zero. However, ensure compatibility with the updated dependency version.

Action: Proceed with the update, monitor for future patches, and verify dependency compatibility.

Источники, найденные web_search

Upstream release notes / description

Changes

No change on the source code. So, this release is not worth upgrading, unless you are using the official statically-linked binary release.
The official statically-linked binaries are updated to be linked with the new version of libslirp: v4.9.1 -> v4.9.2 (github.com — 362).

Full changes: github.com — 15

Install

curl -o slirp4netns --fail -L https://github.com/rootless-containers/slirp4netns/releases/download/v1.3.4/slirp4netns-$(uname -m)
chmod +x slirp4netns

About the binaries

The binaries are statically linked with libslirp 4.9.2 and libseccomp 2.5.3 using Ubuntu jammy-20260509.

The binaries were built automatically on GitHub Actions.
The build log is available for 90 days: github.com — 26452639350

The sha256sum of the SHA256SUMS file itself is 3d920a4c672db2e1cfdd972e2c31ede6706351c9d7dfc161b19121e183cc2c06 .

The binaries should be reproducible with the following command:

docker buildx build   -o /tmp/slirpbuilds   --build-arg SOURCE_DATE_EPOCH=1779781274   --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1   --platform=amd64,arm64,arm,s390x,ppc64le,riscv64   -f Dockerfile.artifact   "https://github.com/rootless-containers/slirp4netns.git#v1.3.4"

NiceOS maintainer checklist

Confirm that the detected version is a stable upstream release.
Check upstream changelog for security fixes, ABI/API changes and build-system changes.
Check ABI/API compatibility and reverse dependencies.
Download source into NiceOS lookaside storage.
Update Version and related fields in SPECS/*.spec only if policy allows it.
Regenerate SOURCES/sources.lock.json, manifests, metadata and SBOM.
Build SRPM/RPM in a clean NiceOS buildroot.
Run package smoke tests.
Link PR/build logs and close this issue after update or triage.

Bot metadata

Tool: niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages
Generated at: 2026-06-12T00:39:44Z

# Upstream update available: `slirp4netns` `1.3.3` → `1.3.4` ## Package - Package: `slirp4netns` - RPM name: `slirp4netns` - Branch: `niceos-5.2` - Current EVR: `1.3.3-1` - Update class: `patch` - Compare method: `python_rpm` - Update policy: `leaf` - Risk tags: `github-upstream, network-facing` ## Upstream - Upstream type: `github` - Upstream project: `rootless-containers/slirp4netns` - Upstream URL: <a href="https://github.com/rootless-containers/slirp4netns" target="_blank" rel="noopener noreferrer">github.com — slirp4netns</a> - Detected version: `1.3.4` - Tag/release: `v1.3.4` - Source: `github_release_latest` - Published: `2026-05-26T14:27:22Z` - Release URL: <a href="https://github.com/rootless-containers/slirp4netns/releases/tag/v1.3.4" target="_blank" rel="noopener noreferrer">github.com — v1.3.4</a> - Source URL: <a href="https://api.github.com/repos/rootless-containers/slirp4netns/tarball/v1.3.4" target="_blank" rel="noopener noreferrer">api.github.com — v1.3.4</a> - Pre-release: `False` ## Signals - Security-relevant keywords detected: `False` - Policy blocked: `False` - Policy reason: `-` - Labels: `ai-summary, bot, needs-build, needs-triage, priority/medium, update/patch, upstream-update, upstream/github` ## NiceSOFT AI preliminary stability analysis ### **Analysis of Upstream Update for `slirp4netns` (Nai.S.OS)** --- #### **1. Key Details** - **Version**: - Current: `1.3.3` - Latest: `1.3.4` - **Update Type**: - **Patch (Minor)**: No source code changes, only binary updates. - **Dependencies**: - Binaries are updated to use **libslirp 4.9.2** (minor version). - **Security Status**: - No **CVEs** or **security fixes** mentioned. - **Security Keywords** detected by script: **False** (no actual security issues). --- #### **2. Risk Assessment** | **Risk Category** | **Rating** | **Details** | |--------------------|------------|-------------| | **Security** | **Low** | No vulnerabilities detected. Binaries are updated to a minor version of a dependency, but no runtime changes or exploits are introduced. | | **ABI/API** | **Low** | No source code changes. Binaries are statically linked, so no runtime ABI/API breakage. | | **Network-Facing** | **Low** | No new network-related vulnerabilities or configurations. | | **Compatibility** | **Low** | Binaries are updated to a minor version of a dependency. Ensure compatibility with existing system libraries (e.g., `libslirp`). | --- #### **3. Recommendations** - **Verify Dependency Compatibility**: Confirm that `libslirp 4.9.2` is compatible with your system's libraries (e.g., `libslirp` version). - **Monitor for Future Updates**: Keep an eye on future patches for potential minor version upgrades. - **Documentation**: Refer to the <a href="https://github.com/rootless-containers/slirp4netns/releases/tag/v1.3.4" target="_blank" rel="noopener noreferrer">release notes</a> for details on binary changes and dependencies. --- #### **4. Conclusion** The update is **safe and low-risk** for Nai.S.OS. It involves minor binary updates to a dependency (libslirp), with no changes to the source code or runtime components. The risk of security vulnerabilities or ABI/API breakage is **zero**. However, ensure compatibility with the updated dependency version. **Action**: Proceed with the update, monitor for future patches, and verify dependency compatibility. ### Источники, найденные web_search 1. <a href="https://github.com/rootless-containers/slirp4netns/releases/tag/v1.3.4" target="_blank" rel="noopener noreferrer">GitHub release API: rootless-containers/slirp4netns v1.3.4</a> 2. <a href="https://github.com/rootless-containers/slirp4netns/tree/v1.3.4" target="_blank" rel="noopener noreferrer">GitHub tag page: rootless-containers/slirp4netns v1.3.4</a> 3. <a href="https://github.com/rootless-containers/slirp4netns/releases" target="_blank" rel="noopener noreferrer">GitHub releases page: rootless-containers/slirp4netns</a> 4. <a href="https://github.com/rootless-containers/slirp4netns/compare/v1.3.3...v1.3.4" target="_blank" rel="noopener noreferrer">GitHub compare page: rootless-containers/slirp4netns v1.3.3...v1.3.4</a> 5. <a href="https://www.portaldasfinancas.gov.pt/" target="_blank" rel="noopener noreferrer">Portal das Finanças</a> 6. <a href="https://archlinux.org/packages/extra/x86_64/slirp4netns/" target="_blank" rel="noopener noreferrer">Arch Linux - slirp4netns 1.3.4-1 (x86_64)</a> 7. <a href="https://www.deco.proteste.pt/dinheiro/impostos/dicas/confira-estado-declaracao-irs-portal-financas" target="_blank" rel="noopener noreferrer">Como aceder à sua declaração de IRS | DECO PROteste</a> 8. <a href="https://build.opensuse.org/package/show/home:alvistack/rootless-containers-slirp4netns-1.3.4" target="_blank" rel="noopener noreferrer">rootless-containers-slirp4netns-1.3.4 - build.opensuse.org</a> 9. <a href="https://tcg.pokemon.com/en-us/" target="_blank" rel="noopener noreferrer">Pokémon Trading Card Game</a> 10. <a href="https://packages.gentoo.org/packages/app-containers/slirp4netns" target="_blank" rel="noopener noreferrer">app-containers/slirp4netns - Gentoo Packages</a> ## Upstream release notes / description #### Changes - No change on the source code. So, this release is not worth upgrading, unless you are using the official statically-linked binary release. - The official statically-linked binaries are updated to be linked with the new version of libslirp: v4.9.1 -> <a href="https://gitlab.freedesktop.org/slirp/libslirp/-/blob/v4.9.2/CHANGELOG.md" target="_blank" rel="noopener noreferrer">v4.9.2</a> (<a href="https://github.com/rootless-containers/slirp4netns/pull/362" target="_blank" rel="noopener noreferrer">github.com — 362</a>). Full changes: <a href="https://github.com/rootless-containers/slirp4netns/milestone/15?closed=1" target="_blank" rel="noopener noreferrer">github.com — 15</a> #### Install ``` curl -o slirp4netns --fail -L https://github.com/rootless-containers/slirp4netns/releases/download/v1.3.4/slirp4netns-$(uname -m) chmod +x slirp4netns ``` #### About the binaries The binaries are statically linked with libslirp 4.9.2 and libseccomp 2.5.3 using Ubuntu jammy-20260509. The binaries were built automatically on GitHub Actions. The build log is available for 90 days: <a href="https://github.com/rootless-containers/slirp4netns/actions/runs/26452639350" target="_blank" rel="noopener noreferrer">github.com — 26452639350</a> The sha256sum of the SHA256SUMS file itself is `3d920a4c672db2e1cfdd972e2c31ede6706351c9d7dfc161b19121e183cc2c06` . The binaries should be reproducible with the following command: ``` docker buildx build -o /tmp/slirpbuilds --build-arg SOURCE_DATE_EPOCH=1779781274 --build-arg BUILDKIT_CONTEXT_KEEP_GIT_DIR=1 --platform=amd64,arm64,arm,s390x,ppc64le,riscv64 -f Dockerfile.artifact "https://github.com/rootless-containers/slirp4netns.git#v1.3.4" ``` ## NiceOS maintainer checklist - [ ] Confirm that the detected version is a stable upstream release. - [ ] Check upstream changelog for security fixes, ABI/API changes and build-system changes. - [ ] Check ABI/API compatibility and reverse dependencies. - [ ] Download source into NiceOS lookaside storage. - [ ] Update `Version` and related fields in `SPECS/*.spec` only if policy allows it. - [ ] Regenerate `SOURCES/sources.lock.json`, manifests, metadata and SBOM. - [ ] Build SRPM/RPM in a clean NiceOS buildroot. - [ ] Run package smoke tests. - [ ] Link PR/build logs and close this issue after update or triage. ## Bot metadata - Tool: `niceos_upstream_monitor.py 2.1.3-local-websearch-github-release-pages` - Generated at: `2026-06-12T00:39:44Z`

sbelikov added the

labels

2026-05-27 03:55:39 +03:00