On 2021/08/12 04:58, wen heping wrote:
> Hi, ports@:
>
> Here is a patch from upstream for mail/libspf2 to
> fix CVE-2021-20314. More details please visit:
> https://security-tracker.debian.org/tracker/CVE-2021-20314
I've used this for -stable, and updated to a git checkout in -current,
some other security problems were fixed too.
https://seclists.org/oss-sec/2021/q3/94
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/mail/libspf2/Makefile,v
> retrieving revision 1.16
> diff -u -p -r1.16 Makefile
> --- Makefile 19 Mar 2021 13:09:13 -0000 1.16
> +++ Makefile 12 Aug 2021 04:55:33 -0000
> @@ -3,7 +3,7 @@
> COMMENT= SPF library
>
> DISTNAME= libspf2-1.2.10
> -REVISION= 6
> +REVISION= 7
>
> SHARED_LIBS += spf2 4.0 # 3.0
>
> Index: patches/patch-src_libspf2_spf_compile_c
> ===================================================================
> RCS file: /cvs/ports/mail/libspf2/patches/patch-src_libspf2_spf_compile_c,v
> retrieving revision 1.4
> diff -u -p -r1.4 patch-src_libspf2_spf_compile_c
> --- patches/patch-src_libspf2_spf_compile_c 19 Apr 2017 16:56:04 -0000 1.4
> +++ patches/patch-src_libspf2_spf_compile_c 12 Aug 2021 04:55:33 -0000
> @@ -1,6 +1,16 @@
> $OpenBSD: patch-src_libspf2_spf_compile_c,v 1.4 2017/04/19 16:56:04 jca Exp $
> ---- src/libspf2/spf_compile.c.orig Mon Feb 20 08:26:43 2012
> -+++ src/libspf2/spf_compile.c Wed Apr 19 18:53:10 2017
> +Index: src/libspf2/spf_compile.c
> +--- src/libspf2/spf_compile.c.orig
> ++++ src/libspf2/spf_compile.c
> +@@ -455,7 +455,7 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data
> + /* Magic numbers for x/Nc in gdb. */ \
> + data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
> + dst = SPF_data_str( data ); \
> +- ds_avail = _avail; \
> ++ ds_avail = _avail - sizeof(SPF_data_t); \
> + ds_len = 0; \
> + } while(0)
> +
> @@ -577,7 +577,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
> switch (src[idx]) {
> case '%':
No comments:
Post a Comment