libspf2: initial commit, version 1.2.11

2024-07-10 20:43:01 +02:00 · 2024-07-10 20:43:01 +02:00 · 7e69f1b0c0
commit 7e69f1b0c0
parent 019033f21d
6 changed files with 273 additions and 0 deletions
--- a/libspf2/.footprint
+++ b/libspf2/.footprint
@ -0,0 +1,25 @@
 drwxr-xr-x	root/root	usr/
 drwxr-xr-x	root/root	usr/bin/
 -rwxr-xr-x	root/root	usr/bin/spfquery
 drwxr-xr-x	root/root	usr/include/
 drwxr-xr-x	root/root	usr/include/spf2/
 -rw-r--r--	root/root	usr/include/spf2/spf.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_cache.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_null.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_resolv.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_rr.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_test.h
 -rw-r--r--	root/root	usr/include/spf2/spf_dns_zone.h
 -rw-r--r--	root/root	usr/include/spf2/spf_lib_version.h
 -rw-r--r--	root/root	usr/include/spf2/spf_log.h
 -rw-r--r--	root/root	usr/include/spf2/spf_record.h
 -rw-r--r--	root/root	usr/include/spf2/spf_request.h
 -rw-r--r--	root/root	usr/include/spf2/spf_response.h
 -rw-r--r--	root/root	usr/include/spf2/spf_server.h
 drwxr-xr-x	root/root	usr/lib/
 -rw-r--r--	root/root	usr/lib/libspf2.a
 -rwxr-xr-x	root/root	usr/lib/libspf2.la
 lrwxrwxrwx	root/root	usr/lib/libspf2.so -> libspf2.so.2.1.0
 lrwxrwxrwx	root/root	usr/lib/libspf2.so.2 -> libspf2.so.2.1.0
 -rwxr-xr-x	root/root	usr/lib/libspf2.so.2.1.0
--- a/libspf2/.signature
+++ b/libspf2/.signature
@ -0,0 +1,8 @@
 untrusted comment: verify with /etc/ports/contrib.pub
 RWSagIOpLGJF36VZBCg77Gx5m18DzhcBKMu7l6xlAKcYe2jIaluEcQgoPgJhnapGRe+x80c8xbCVDwvNGGyzCYXbrX5rXfbqfQs=
 SHA256 (Pkgfile) = 5a8731b079d9ad1c6baf80eb2a817776e989f12a0e2bf4efbd8dedae6b085694
 SHA256 (.footprint) = 8586fdef4d7ec9aa154d10fe89480156f072d31c7b4aa0bd69304fa87b5a38fc
 SHA256 (libspf2-1.2.11.tar.gz) = 2ba3dc7ea380a72646f5b2fbc1fff0d9a10d5c844a998621f8dd410afc50553a
 SHA256 (0001-remove-libreplace-unneeded-on-Linux.patch) = 443fe0924f6adb02fa90a02c177c06ab31d6c4e5eb085f8533743231a641052e
 SHA256 (0002-add-include-string-for-memset.patch) = 145d014a469a6c14ecbcd6ddf3bbd64d7db24c1df3f2d0af4b3e07af4fb5e566
 SHA256 (CVE-2023-42118-and-other-fixes.patch) = 2712f95e98ce9bf9870ce30c4638bb2988fdab9be834d8381d279b0036152afd
--- a/libspf2/0001-remove-libreplace-unneeded-on-Linux.patch
+++ b/libspf2/0001-remove-libreplace-unneeded-on-Linux.patch
@ -0,0 +1,61 @@
 From d559339883f61bfb44188c4fe92851a2905e8a8e Mon Sep 17 00:00:00 2001
 From: Matt Domsch <mdomsch@fedoraproject.org>
 Date: Thu, 23 Jan 2014 10:51:07 -0600
 Subject: [PATCH 1/2] remove libreplace, unneeded on Linux
 ---
 configure.ac            | 3 ---
 src/Makefile.am         | 2 +-
 src/libspf2/Makefile.am | 4 ----
 3 files changed, 1 insertion(+), 8 deletions(-)
 diff --git a/configure.ac b/configure.ac
 index 63e398c..63e5392 100644
 --- a/configure.ac
 +++ b/configure.ac
@@ -273,8 +273,6 @@ AC_CHECK_FUNCS([strchr strcspn strdup strerror])
 AC_CHECK_FUNCS([strcasecmp strncasecmp strspn strtoul])
 AC_CHECK_FUNCS([gethostbyname inet_ntoa select strrchr strstr strtol])
 -AC_REPLACE_FUNCS([getopt_long_only strncasecmp])
 -AC_REPLACE_FUNCS([__ns_initparse __ns_name_uncompress __ns_msg_getflag])
 dnl Magnus Holmgren says this avoids linking a private function
 AC_LIBOBJ([__ns_get16])
@@ -282,7 +280,6 @@ AC_CONFIG_FILES([Makefile
                  Doxyfile
                  src/Makefile
                  src/include/Makefile
 -                 src/libreplace/Makefile
                  src/libspf2/Makefile
                  src/spfquery/Makefile
                  src/spftest/Makefile
 diff --git a/src/Makefile.am b/src/Makefile.am
 index 307bf10..02f09b4 100644
 --- a/src/Makefile.am
 +++ b/src/Makefile.am
@@ -4,5 +4,5 @@ AUTOMAKE_OPTIONS = foreign
 # Attempt to disable parallel processing.
 .NOTPARALLEL:
 .NO_PARALLEL:
 -SUBDIRS =	include libreplace libspf2 spfquery spftest spfd spf_example
 +SUBDIRS =	include libspf2 spfquery spftest spfd spf_example
 TARGETS =
 diff --git a/src/libspf2/Makefile.am b/src/libspf2/Makefile.am
 index 6b5a147..77ef3b9 100644
 --- a/src/libspf2/Makefile.am
 +++ b/src/libspf2/Makefile.am
@@ -34,10 +34,6 @@ libspf2_la_SOURCES	= \
 	spf_utils.c \
 	spf_win32.c
 -libspf2_la_LIBADD	= $(top_builddir)/src/libreplace/libreplace.la
 -
 -
 -
 libspf2_la_LDFLAGS	= -version-info 3:0:1
 # Copied from the libtool info file:
 -- 
 1.8.4.2
--- a/libspf2/0002-add-include-string-for-memset.patch
+++ b/libspf2/0002-add-include-string-for-memset.patch
@ -0,0 +1,17 @@
 Add missing include of string.h for memset in spf_utils.c
 https://github.com/shevek/libspf2/issues/41
 diff --git a/src/libspf2/spf_utils.c b/src/libspf2/spf_utils.c
 index 54878fa..892cea5 100644
 --- a/src/libspf2/spf_utils.c
 +++ b/src/libspf2/spf_utils.c
@@ -25,6 +25,9 @@
 #include <memory.h>
 #endif
 +#ifdef HAVE_STRING_H
 +# include <string.h>       /* memset */
 +#endif
 #include "spf.h"
--- a/libspf2/CVE-2023-42118-and-other-fixes.patch
+++ b/libspf2/CVE-2023-42118-and-other-fixes.patch
@ -0,0 +1,134 @@
 From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
 From: Simon Arlott <sa.me.uk>
 Date: Sat, 30 Sep 2023 12:18:51 +0100
 Subject: [PATCH] Fix integer underflow
 ---
 src/libspf2/spf_compile.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)
 diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
 index b08ffe2..d401028 100644
 --- a/src/libspf2/spf_compile.c
 +++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
 			/* Magic numbers for x/Nc in gdb. */					\
 			data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe;	\
 			dst = SPF_data_str( data );								\
 -			ds_avail = _avail - sizeof(SPF_data_t);					\
 +			if ((_avail) < sizeof(SPF_data_t))						\
 +				return SPF_response_add_error_ptr(spf_response,		\
 +									SPF_E_BIG_STRING, NULL, src,	\
 +								"Out of memory for string literal");\
 +			ds_avail = (_avail) - sizeof(SPF_data_t);				\
 			ds_len = 0;												\
 		} while(0)
 From faa9e02887e20d37e112c4ce7df34366e4f2fa2f Mon Sep 17 00:00:00 2001
 From: Simon Arlott <sa.me.uk>
 Date: Mon, 2 Oct 2023 19:34:38 +0100
 Subject: [PATCH] Used a fixed size buffer for DNS responses instead of
 doubling memory use
 ---
 src/libspf2/spf_dns_resolv.c | 21 +++------------------
 1 file changed, 3 insertions(+), 18 deletions(-)
 diff --git a/src/libspf2/spf_dns_resolv.c b/src/libspf2/spf_dns_resolv.c
 index 9dacafe..ec687b8 100644
 --- a/src/libspf2/spf_dns_resolv.c
 +++ b/src/libspf2/spf_dns_resolv.c
@@ -268,7 +268,7 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
 	}
 #endif
 -	responselen = 2048;
 +	responselen = 65536;
 	responsebuf = (u_char *)malloc(responselen);
 	if (! responsebuf)
 		return NULL;	/* NULL always means OOM from DNS lookup. */
@@ -319,23 +319,8 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
 							domain, rr_type, 0, SPF_h_errno);
 		}
 		else if (dns_len > responselen) {
 -			void	*tmp;
 -			/* We managed a lookup but our buffer was too small. */
 -			responselen = dns_len + (dns_len >> 1);
 -#if 0
 -			/* Sanity-trap - we should never hit this. */
 -			if (responselen > 1048576) {	/* One megabyte. */
 -				free(responsebuf);
 -				return SPF_dns_rr_new_init(spf_dns_server,
 -								domain, rr_type, 0, SPF_h_errno);
 -			}
 -#endif
 -			tmp = realloc(responsebuf, responselen);
 -			if (!tmp) {
 -				free(responsebuf);
 -				return NULL;
 -			}
 -			responsebuf = tmp;
 +			free(responsebuf);
 +			return NULL;
 		}
 		else {
 			/* We managed a lookup, and our buffer was large enough. */
 From 1bd4c108b63927cd1229760e30936160d050d997 Mon Sep 17 00:00:00 2001
 From: Simon Arlott <sa.me.uk>
 Date: Mon, 2 Oct 2023 19:37:00 +0100
 Subject: [PATCH] Allocate memory for string when the buffer is NULL
 These can't ever be NULL but scan-build complains about them.
 ---
 src/libspf2/spf_dns_cache.c | 2 +-
 src/libspf2/spf_get_exp.c   | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)
 diff --git a/src/libspf2/spf_dns_cache.c b/src/libspf2/spf_dns_cache.c
 index 16c9819..50d2660 100644
 --- a/src/libspf2/spf_dns_cache.c
 +++ b/src/libspf2/spf_dns_cache.c
@@ -327,7 +327,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook,
 		char	*new_domain;
 		size_t	 new_len = strlen(domain) + 1;
 -		if (cached_rr->domain_buf_len < new_len) {
 +		if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
 			new_domain = realloc(cached_rr->domain, new_len);
 			if (new_domain == NULL)
 				return SPF_E_NO_MEMORY;
 diff --git a/src/libspf2/spf_get_exp.c b/src/libspf2/spf_get_exp.c
 index f4b5055..4a663e4 100644
 --- a/src/libspf2/spf_get_exp.c
 +++ b/src/libspf2/spf_get_exp.c
@@ -62,7 +62,7 @@ SPF_server_get_default_explanation(SPF_server_t *spf_server,
 	}
 	else {
 		size_t	len = sizeof(SPF_LAME_EXP) + 1;
 -		if (*buflenp < len) {
 +		if (*bufp == NULL || *buflenp < len) {
 			char	*tmp = realloc(*bufp, len);
 			if (tmp == NULL)
 				return SPF_E_NO_MEMORY;
 From 36c3af1dcfeb6c987dac00161f2ed57c6a42ed03 Mon Sep 17 00:00:00 2001
 From: Simon Arlott <sa.me.uk>
 Date: Sat, 30 Sep 2023 11:40:47 +0100
 Subject: [PATCH] Use correct integer size for format string
 ---
 src/libspf2/spf_compile.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
 diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
 index b08ffe2..ba3d804 100644
 --- a/src/libspf2/spf_compile.c
 +++ b/src/libspf2/spf_compile.c
@@ -604,7 +604,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
 		default:
 			if (spf_server->debug > 3)
 -				SPF_debugf("Adding illegal %%-follower '%c' at %d",
 +				SPF_debugf("Adding illegal %%-follower '%c' at %zu",
 				src[idx], idx);
 			/* SPF spec says to treat it as a literal, not
 			 * SPF_E_INVALID_ESC */
--- a/libspf2/Pkgfile
+++ b/libspf2/Pkgfile
@ -0,0 +1,28 @@
 # Description: Sender Policy Framework record checking library
 # URL: https://www.libspf2.org/
 # Maintainer: Tim Biermann, tbier at posteo dot de
 # Depends on: libnsl libmilter
 name=libspf2
 version=1.2.11
 release=1
 _commit=8131fe140704eaae695e76b5cd09e39bd1dd220b
 source=(https://github.com/shevek/libspf2/archive/$_commit/$name-$version.tar.gz
  0001-remove-libreplace-unneeded-on-Linux.patch
  0002-add-include-string-for-memset.patch
  CVE-2023-42118-and-other-fixes.patch)
 build() {
  cd $name-$_commit
  patch -Np1 -i $SRC/0001-remove-libreplace-unneeded-on-Linux.patch
  patch -Np1 -i $SRC/0002-add-include-string-for-memset.patch
  patch -Np1 -i $SRC/CVE-2023-42118-and-other-fixes.patch
  autoreconf -vfi
  ./configure --prefix=/usr
  make
  make DESTDIR=$PKG install
  rm $PKG/usr/bin/*_static $PKG/usr/bin/spfd $PKG/usr/bin/spf_example $PKG/usr/bin/spftest
 }