libspf2: initial commit, version 1.2.11
This commit is contained in:
parent
019033f21d
commit
7e69f1b0c0
GPG Key ID:
42F8B4E30B673606
25
libspf2/.footprint
Normal file
25
libspf2/.footprint
Normal file
@ -0,0 +1,25 @@
|
||||
drwxr-xr-x root/root usr/
|
||||
drwxr-xr-x root/root usr/bin/
|
||||
-rwxr-xr-x root/root usr/bin/spfquery
|
||||
drwxr-xr-x root/root usr/include/
|
||||
drwxr-xr-x root/root usr/include/spf2/
|
||||
-rw-r--r-- root/root usr/include/spf2/spf.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_cache.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_null.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_resolv.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_rr.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_test.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_dns_zone.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_lib_version.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_log.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_record.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_request.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_response.h
|
||||
-rw-r--r-- root/root usr/include/spf2/spf_server.h
|
||||
drwxr-xr-x root/root usr/lib/
|
||||
-rw-r--r-- root/root usr/lib/libspf2.a
|
||||
-rwxr-xr-x root/root usr/lib/libspf2.la
|
||||
lrwxrwxrwx root/root usr/lib/libspf2.so -> libspf2.so.2.1.0
|
||||
lrwxrwxrwx root/root usr/lib/libspf2.so.2 -> libspf2.so.2.1.0
|
||||
-rwxr-xr-x root/root usr/lib/libspf2.so.2.1.0
|
||||
8
libspf2/.signature
Normal file
8
libspf2/.signature
Normal file
@ -0,0 +1,8 @@
|
||||
untrusted comment: verify with /etc/ports/contrib.pub
|
||||
RWSagIOpLGJF36VZBCg77Gx5m18DzhcBKMu7l6xlAKcYe2jIaluEcQgoPgJhnapGRe+x80c8xbCVDwvNGGyzCYXbrX5rXfbqfQs=
|
||||
SHA256 (Pkgfile) = 5a8731b079d9ad1c6baf80eb2a817776e989f12a0e2bf4efbd8dedae6b085694
|
||||
SHA256 (.footprint) = 8586fdef4d7ec9aa154d10fe89480156f072d31c7b4aa0bd69304fa87b5a38fc
|
||||
SHA256 (libspf2-1.2.11.tar.gz) = 2ba3dc7ea380a72646f5b2fbc1fff0d9a10d5c844a998621f8dd410afc50553a
|
||||
SHA256 (0001-remove-libreplace-unneeded-on-Linux.patch) = 443fe0924f6adb02fa90a02c177c06ab31d6c4e5eb085f8533743231a641052e
|
||||
SHA256 (0002-add-include-string-for-memset.patch) = 145d014a469a6c14ecbcd6ddf3bbd64d7db24c1df3f2d0af4b3e07af4fb5e566
|
||||
SHA256 (CVE-2023-42118-and-other-fixes.patch) = 2712f95e98ce9bf9870ce30c4638bb2988fdab9be834d8381d279b0036152afd
|
||||
61
libspf2/0001-remove-libreplace-unneeded-on-Linux.patch
Normal file
61
libspf2/0001-remove-libreplace-unneeded-on-Linux.patch
Normal file
@ -0,0 +1,61 @@
|
||||
From d559339883f61bfb44188c4fe92851a2905e8a8e Mon Sep 17 00:00:00 2001
|
||||
From: Matt Domsch <mdomsch@fedoraproject.org>
|
||||
Date: Thu, 23 Jan 2014 10:51:07 -0600
|
||||
Subject: [PATCH 1/2] remove libreplace, unneeded on Linux
|
||||
|
||||
---
|
||||
configure.ac | 3 ---
|
||||
src/Makefile.am | 2 +-
|
||||
src/libspf2/Makefile.am | 4 ----
|
||||
3 files changed, 1 insertion(+), 8 deletions(-)
|
||||
|
||||
diff --git a/configure.ac b/configure.ac
|
||||
index 63e398c..63e5392 100644
|
||||
--- a/configure.ac
|
||||
+++ b/configure.ac
|
||||
@@ -273,8 +273,6 @@ AC_CHECK_FUNCS([strchr strcspn strdup strerror])
|
||||
AC_CHECK_FUNCS([strcasecmp strncasecmp strspn strtoul])
|
||||
AC_CHECK_FUNCS([gethostbyname inet_ntoa select strrchr strstr strtol])
|
||||
|
||||
-AC_REPLACE_FUNCS([getopt_long_only strncasecmp])
|
||||
-AC_REPLACE_FUNCS([__ns_initparse __ns_name_uncompress __ns_msg_getflag])
|
||||
dnl Magnus Holmgren says this avoids linking a private function
|
||||
AC_LIBOBJ([__ns_get16])
|
||||
|
||||
@@ -282,7 +280,6 @@ AC_CONFIG_FILES([Makefile
|
||||
Doxyfile
|
||||
src/Makefile
|
||||
src/include/Makefile
|
||||
- src/libreplace/Makefile
|
||||
src/libspf2/Makefile
|
||||
src/spfquery/Makefile
|
||||
src/spftest/Makefile
|
||||
diff --git a/src/Makefile.am b/src/Makefile.am
|
||||
index 307bf10..02f09b4 100644
|
||||
--- a/src/Makefile.am
|
||||
+++ b/src/Makefile.am
|
||||
@@ -4,5 +4,5 @@ AUTOMAKE_OPTIONS = foreign
|
||||
# Attempt to disable parallel processing.
|
||||
.NOTPARALLEL:
|
||||
.NO_PARALLEL:
|
||||
-SUBDIRS = include libreplace libspf2 spfquery spftest spfd spf_example
|
||||
+SUBDIRS = include libspf2 spfquery spftest spfd spf_example
|
||||
TARGETS =
|
||||
diff --git a/src/libspf2/Makefile.am b/src/libspf2/Makefile.am
|
||||
index 6b5a147..77ef3b9 100644
|
||||
--- a/src/libspf2/Makefile.am
|
||||
+++ b/src/libspf2/Makefile.am
|
||||
@@ -34,10 +34,6 @@ libspf2_la_SOURCES = \
|
||||
spf_utils.c \
|
||||
spf_win32.c
|
||||
|
||||
-libspf2_la_LIBADD = $(top_builddir)/src/libreplace/libreplace.la
|
||||
-
|
||||
-
|
||||
-
|
||||
libspf2_la_LDFLAGS = -version-info 3:0:1
|
||||
|
||||
# Copied from the libtool info file:
|
||||
--
|
||||
1.8.4.2
|
||||
|
||||
17
libspf2/0002-add-include-string-for-memset.patch
Normal file
17
libspf2/0002-add-include-string-for-memset.patch
Normal file
@ -0,0 +1,17 @@
|
||||
Add missing include of string.h for memset in spf_utils.c
|
||||
https://github.com/shevek/libspf2/issues/41
|
||||
|
||||
diff --git a/src/libspf2/spf_utils.c b/src/libspf2/spf_utils.c
|
||||
index 54878fa..892cea5 100644
|
||||
--- a/src/libspf2/spf_utils.c
|
||||
+++ b/src/libspf2/spf_utils.c
|
||||
@@ -25,6 +25,9 @@
|
||||
#include <memory.h>
|
||||
#endif
|
||||
|
||||
+#ifdef HAVE_STRING_H
|
||||
+# include <string.h> /* memset */
|
||||
+#endif
|
||||
|
||||
|
||||
#include "spf.h"
|
||||
134
libspf2/CVE-2023-42118-and-other-fixes.patch
Normal file
134
libspf2/CVE-2023-42118-and-other-fixes.patch
Normal file
@ -0,0 +1,134 @@
|
||||
From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Sat, 30 Sep 2023 12:18:51 +0100
|
||||
Subject: [PATCH] Fix integer underflow
|
||||
|
||||
---
|
||||
src/libspf2/spf_compile.c | 6 +++++-
|
||||
1 file changed, 5 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
||||
index b08ffe2..d401028 100644
|
||||
--- a/src/libspf2/spf_compile.c
|
||||
+++ b/src/libspf2/spf_compile.c
|
||||
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
|
||||
/* Magic numbers for x/Nc in gdb. */ \
|
||||
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
|
||||
dst = SPF_data_str( data ); \
|
||||
- ds_avail = _avail - sizeof(SPF_data_t); \
|
||||
+ if ((_avail) < sizeof(SPF_data_t)) \
|
||||
+ return SPF_response_add_error_ptr(spf_response, \
|
||||
+ SPF_E_BIG_STRING, NULL, src, \
|
||||
+ "Out of memory for string literal");\
|
||||
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
|
||||
ds_len = 0; \
|
||||
} while(0)
|
||||
|
||||
From faa9e02887e20d37e112c4ce7df34366e4f2fa2f Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Mon, 2 Oct 2023 19:34:38 +0100
|
||||
Subject: [PATCH] Used a fixed size buffer for DNS responses instead of
|
||||
doubling memory use
|
||||
|
||||
---
|
||||
src/libspf2/spf_dns_resolv.c | 21 +++------------------
|
||||
1 file changed, 3 insertions(+), 18 deletions(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_dns_resolv.c b/src/libspf2/spf_dns_resolv.c
|
||||
index 9dacafe..ec687b8 100644
|
||||
--- a/src/libspf2/spf_dns_resolv.c
|
||||
+++ b/src/libspf2/spf_dns_resolv.c
|
||||
@@ -268,7 +268,7 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
||||
}
|
||||
#endif
|
||||
|
||||
- responselen = 2048;
|
||||
+ responselen = 65536;
|
||||
responsebuf = (u_char *)malloc(responselen);
|
||||
if (! responsebuf)
|
||||
return NULL; /* NULL always means OOM from DNS lookup. */
|
||||
@@ -319,23 +319,8 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server,
|
||||
domain, rr_type, 0, SPF_h_errno);
|
||||
}
|
||||
else if (dns_len > responselen) {
|
||||
- void *tmp;
|
||||
- /* We managed a lookup but our buffer was too small. */
|
||||
- responselen = dns_len + (dns_len >> 1);
|
||||
-#if 0
|
||||
- /* Sanity-trap - we should never hit this. */
|
||||
- if (responselen > 1048576) { /* One megabyte. */
|
||||
- free(responsebuf);
|
||||
- return SPF_dns_rr_new_init(spf_dns_server,
|
||||
- domain, rr_type, 0, SPF_h_errno);
|
||||
- }
|
||||
-#endif
|
||||
- tmp = realloc(responsebuf, responselen);
|
||||
- if (!tmp) {
|
||||
- free(responsebuf);
|
||||
- return NULL;
|
||||
- }
|
||||
- responsebuf = tmp;
|
||||
+ free(responsebuf);
|
||||
+ return NULL;
|
||||
}
|
||||
else {
|
||||
/* We managed a lookup, and our buffer was large enough. */
|
||||
From 1bd4c108b63927cd1229760e30936160d050d997 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Mon, 2 Oct 2023 19:37:00 +0100
|
||||
Subject: [PATCH] Allocate memory for string when the buffer is NULL
|
||||
|
||||
These can't ever be NULL but scan-build complains about them.
|
||||
---
|
||||
src/libspf2/spf_dns_cache.c | 2 +-
|
||||
src/libspf2/spf_get_exp.c | 2 +-
|
||||
2 files changed, 2 insertions(+), 2 deletions(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_dns_cache.c b/src/libspf2/spf_dns_cache.c
|
||||
index 16c9819..50d2660 100644
|
||||
--- a/src/libspf2/spf_dns_cache.c
|
||||
+++ b/src/libspf2/spf_dns_cache.c
|
||||
@@ -327,7 +327,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook,
|
||||
char *new_domain;
|
||||
size_t new_len = strlen(domain) + 1;
|
||||
|
||||
- if (cached_rr->domain_buf_len < new_len) {
|
||||
+ if (cached_rr->domain == NULL || cached_rr->domain_buf_len < new_len) {
|
||||
new_domain = realloc(cached_rr->domain, new_len);
|
||||
if (new_domain == NULL)
|
||||
return SPF_E_NO_MEMORY;
|
||||
diff --git a/src/libspf2/spf_get_exp.c b/src/libspf2/spf_get_exp.c
|
||||
index f4b5055..4a663e4 100644
|
||||
--- a/src/libspf2/spf_get_exp.c
|
||||
+++ b/src/libspf2/spf_get_exp.c
|
||||
@@ -62,7 +62,7 @@ SPF_server_get_default_explanation(SPF_server_t *spf_server,
|
||||
}
|
||||
else {
|
||||
size_t len = sizeof(SPF_LAME_EXP) + 1;
|
||||
- if (*buflenp < len) {
|
||||
+ if (*bufp == NULL || *buflenp < len) {
|
||||
char *tmp = realloc(*bufp, len);
|
||||
if (tmp == NULL)
|
||||
return SPF_E_NO_MEMORY;
|
||||
From 36c3af1dcfeb6c987dac00161f2ed57c6a42ed03 Mon Sep 17 00:00:00 2001
|
||||
From: Simon Arlott <sa.me.uk>
|
||||
Date: Sat, 30 Sep 2023 11:40:47 +0100
|
||||
Subject: [PATCH] Use correct integer size for format string
|
||||
|
||||
---
|
||||
src/libspf2/spf_compile.c | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
|
||||
index b08ffe2..ba3d804 100644
|
||||
--- a/src/libspf2/spf_compile.c
|
||||
+++ b/src/libspf2/spf_compile.c
|
||||
@@ -604,7 +604,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
|
||||
|
||||
default:
|
||||
if (spf_server->debug > 3)
|
||||
- SPF_debugf("Adding illegal %%-follower '%c' at %d",
|
||||
+ SPF_debugf("Adding illegal %%-follower '%c' at %zu",
|
||||
src[idx], idx);
|
||||
/* SPF spec says to treat it as a literal, not
|
||||
* SPF_E_INVALID_ESC */
|
||||
28
libspf2/Pkgfile
Normal file
28
libspf2/Pkgfile
Normal file
@ -0,0 +1,28 @@
|
||||
# Description: Sender Policy Framework record checking library
|
||||
# URL: https://www.libspf2.org/
|
||||
# Maintainer: Tim Biermann, tbier at posteo dot de
|
||||
# Depends on: libnsl libmilter
|
||||
|
||||
name=libspf2
|
||||
version=1.2.11
|
||||
release=1
|
||||
_commit=8131fe140704eaae695e76b5cd09e39bd1dd220b
|
||||
source=(https://github.com/shevek/libspf2/archive/$_commit/$name-$version.tar.gz
|
||||
0001-remove-libreplace-unneeded-on-Linux.patch
|
||||
0002-add-include-string-for-memset.patch
|
||||
CVE-2023-42118-and-other-fixes.patch)
|
||||
|
||||
build() {
|
||||
cd $name-$_commit
|
||||
|
||||
patch -Np1 -i $SRC/0001-remove-libreplace-unneeded-on-Linux.patch
|
||||
patch -Np1 -i $SRC/0002-add-include-string-for-memset.patch
|
||||
patch -Np1 -i $SRC/CVE-2023-42118-and-other-fixes.patch
|
||||
|
||||
autoreconf -vfi
|
||||
./configure --prefix=/usr
|
||||
make
|
||||
make DESTDIR=$PKG install
|
||||
|
||||
rm $PKG/usr/bin/*_static $PKG/usr/bin/spfd $PKG/usr/bin/spf_example $PKG/usr/bin/spftest
|
||||
}
|
||||
Loading…
x
Reference in New Issue
Block a user