commit 465bf3829043e4e04730b76efea12bbf06103dff Author: Arkadiusz MiĆkiewicz <ar...@maven.pl> Date: Sat Sep 30 13:59:27 2023 +0200
rel 2; CVE thing probably integer-underflow.patch | 26 ++++++++++++++++++++++++++ libspf2.spec | 5 ++++- 2 files changed, 30 insertions(+), 1 deletion(-) --- diff --git a/libspf2.spec b/libspf2.spec index c99eed0..5d1f41f 100644 --- a/libspf2.spec +++ b/libspf2.spec @@ -5,7 +5,7 @@ Summary: Implementation of the SPF specification Summary(pl.UTF-8): Implementacja specyfikacji SPF Name: libspf2 Version: 1.2.11 -Release: 1 +Release: 2 License: LGPL Group: Libraries # Source0: http://www.libspf2.org/spf/%{name}-%{version}.tar.gz @@ -13,6 +13,8 @@ Source0: https://github.com/shevek/libspf2/tarball/4915c30#/%{name}.tar.gz # Source0-md5: ad5f1b48e4f2b5561df99ca7cbf30e92 Patch0: %{name}-link.patch Patch1: 0001-remove-libreplace-unneeded-on-Linux.patch +# https://github.com/shevek/libspf2/pull/44 +Patch2: integer-underflow.patch URL: http://www.libspf2.org/ BuildRequires: autoconf >= 2.59 BuildRequires: automake @@ -74,6 +76,7 @@ Statyczna biblioteka libspf2. %setup -q -n shevek-libspf2-4915c30 %patch0 -p1 %patch1 -p1 +%patch2 -p1 %build %{__libtoolize} diff --git a/integer-underflow.patch b/integer-underflow.patch new file mode 100644 index 0000000..e13f364 --- /dev/null +++ b/integer-underflow.patch @@ -0,0 +1,26 @@ +From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001 +From: Simon Arlott <sa.me.uk> +Date: Sat, 30 Sep 2023 12:18:51 +0100 +Subject: [PATCH] Fix integer underflow + +--- + src/libspf2/spf_compile.c | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c +index b08ffe2..d401028 100644 +--- a/src/libspf2/spf_compile.c ++++ b/src/libspf2/spf_compile.c +@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data, + /* Magic numbers for x/Nc in gdb. */ \ + data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \ + dst = SPF_data_str( data ); \ +- ds_avail = _avail - sizeof(SPF_data_t); \ ++ if ((_avail) < sizeof(SPF_data_t)) \ ++ return SPF_response_add_error_ptr(spf_response, \ ++ SPF_E_BIG_STRING, NULL, src, \ ++ "Out of memory for string literal");\ ++ ds_avail = (_avail) - sizeof(SPF_data_t); \ + ds_len = 0; \ + } while(0) + ================================================================ ---- gitweb: http://git.pld-linux.org/gitweb.cgi/packages/libspf2.git/commitdiff/465bf3829043e4e04730b76efea12bbf06103dff _______________________________________________ pld-cvs-commit mailing list pld-cvs-commit@lists.pld-linux.org http://lists.pld-linux.org/mailman/listinfo/pld-cvs-commit