[packages/libspf2] rel 2; CVE thing probably
arekm
arekm at pld-linux.org
Sat Sep 30 14:48:02 CEST 2023
commit 465bf3829043e4e04730b76efea12bbf06103dff
Author: Arkadiusz Miśkiewicz <arekm at maven.pl>
Date: Sat Sep 30 13:59:27 2023 +0200
rel 2; CVE thing probably
integer-underflow.patch | 26 ++++++++++++++++++++++++++
libspf2.spec | 5 ++++-
2 files changed, 30 insertions(+), 1 deletion(-)
---
diff --git a/libspf2.spec b/libspf2.spec
index c99eed0..5d1f41f 100644
--- a/libspf2.spec
+++ b/libspf2.spec
@@ -5,7 +5,7 @@ Summary: Implementation of the SPF specification
Summary(pl.UTF-8): Implementacja specyfikacji SPF
Name: libspf2
Version: 1.2.11
-Release: 1
+Release: 2
License: LGPL
Group: Libraries
# Source0: http://www.libspf2.org/spf/%{name}-%{version}.tar.gz
@@ -13,6 +13,8 @@ Source0: https://github.com/shevek/libspf2/tarball/4915c30#/%{name}.tar.gz
# Source0-md5: ad5f1b48e4f2b5561df99ca7cbf30e92
Patch0: %{name}-link.patch
Patch1: 0001-remove-libreplace-unneeded-on-Linux.patch
+# https://github.com/shevek/libspf2/pull/44
+Patch2: integer-underflow.patch
URL: http://www.libspf2.org/
BuildRequires: autoconf >= 2.59
BuildRequires: automake
@@ -74,6 +76,7 @@ Statyczna biblioteka libspf2.
%setup -q -n shevek-libspf2-4915c30
%patch0 -p1
%patch1 -p1
+%patch2 -p1
%build
%{__libtoolize}
diff --git a/integer-underflow.patch b/integer-underflow.patch
new file mode 100644
index 0000000..e13f364
--- /dev/null
+++ b/integer-underflow.patch
@@ -0,0 +1,26 @@
+From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
+From: Simon Arlott <sa.me.uk>
+Date: Sat, 30 Sep 2023 12:18:51 +0100
+Subject: [PATCH] Fix integer underflow
+
+---
+ src/libspf2/spf_compile.c | 6 +++++-
+ 1 file changed, 5 insertions(+), 1 deletion(-)
+
+diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
+index b08ffe2..d401028 100644
+--- a/src/libspf2/spf_compile.c
++++ b/src/libspf2/spf_compile.c
+@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
+ /* Magic numbers for x/Nc in gdb. */ \
+ data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
+ dst = SPF_data_str( data ); \
+- ds_avail = _avail - sizeof(SPF_data_t); \
++ if ((_avail) < sizeof(SPF_data_t)) \
++ return SPF_response_add_error_ptr(spf_response, \
++ SPF_E_BIG_STRING, NULL, src, \
++ "Out of memory for string literal");\
++ ds_avail = (_avail) - sizeof(SPF_data_t); \
+ ds_len = 0; \
+ } while(0)
+
================================================================
---- gitweb:
http://git.pld-linux.org/gitweb.cgi/packages/libspf2.git/commitdiff/465bf3829043e4e04730b76efea12bbf06103dff
More information about the pld-cvs-commit
mailing list