mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-08-07 06:17:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

main/libspf2: patch CVE-2023-42118

Browse Source
This commit is contained in:
J0WI 2023-10-02 12:24:10 +02:00 committed by Natanael Copa
parent 4e2affc1e5
commit 1114825ba3
2 changed files with 31 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
main/libspf2/APKBUILD
View File

@ -4,7 +4,7 @@
pkgname=libspf2 pkgname=libspf2
pkgver=1.2.11 pkgver=1.2.11
_commit=8131fe140704eaae695e76b5cd09e39bd1dd220b _commit=8131fe140704eaae695e76b5cd09e39bd1dd220b
pkgrel=2 pkgrel=3
pkgdesc="Sender Policy Framework library, a part of the SPF/SRS protocol pair." pkgdesc="Sender Policy Framework library, a part of the SPF/SRS protocol pair."
url="https://www.libspf2.org/" url="https://www.libspf2.org/"
arch="all" arch="all"
@ -13,6 +13,7 @@ subpackages="$pkgname-dev $pkgname-tools"
makedepends="autoconf automake libtool" makedepends="autoconf automake libtool"
options="!check" # no test suite options="!check" # no test suite
source="$pkgname-$pkgver.tar.gz::https://github.com/shevek/libspf2/archive/$_commit.tar.gz source="$pkgname-$pkgver.tar.gz::https://github.com/shevek/libspf2/archive/$_commit.tar.gz
CVE-2023-42118.patch
00001.patch 00001.patch
00002.patch 00002.patch
netdb_success.patch netdb_success.patch
@ -22,6 +23,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/shevek/libspf2/archive/$_com
builddir="$srcdir/$pkgname-$_commit" builddir="$srcdir/$pkgname-$_commit"
# secfixes: # secfixes:
# 1.2.11-r3:
# - CVE-2023-42118
# 1.2.11-r0: # 1.2.11-r0:
# - CVE-2021-33912 # - CVE-2021-33912
# - CVE-2021-33913 # - CVE-2021-33913
@ -60,6 +63,7 @@ tools() {
sha512sums=" sha512sums="
bbc8b053aa5dc960be7a31ee4d4385d9ed7f42a7c998a392626610de9a7dd9f95f16ad309990d0118f1eab3bed49189ed1be9c30d291c0ca54541677a968ceb3 libspf2-1.2.11.tar.gz bbc8b053aa5dc960be7a31ee4d4385d9ed7f42a7c998a392626610de9a7dd9f95f16ad309990d0118f1eab3bed49189ed1be9c30d291c0ca54541677a968ceb3 libspf2-1.2.11.tar.gz
9e17764f24de8147a27a41a5aeaf0554af6f434c04aa5ddea56fd4692f208c1c2576acd28ff06a2be6ff32945f5a441405b2ebb2f393c6a571e34723b023b1f5 CVE-2023-42118.patch
3b9bff9b5a5b95f6722f86a43373b0c84cbb79a4509cf0c73486612c0a1b33587bb0b42966b0d2e3a317e4d7a730091fa444bd1258afd06bb3553c4a96d3ee34 00001.patch 3b9bff9b5a5b95f6722f86a43373b0c84cbb79a4509cf0c73486612c0a1b33587bb0b42966b0d2e3a317e4d7a730091fa444bd1258afd06bb3553c4a96d3ee34 00001.patch
18ddfe106b652e2fb9e36a9f1743fc7cecf38530da65a06ac892b60d2c430aaad657f5653495950d4af4b9833826366b79e629937498e5ce7f6af716303221c4 00002.patch 18ddfe106b652e2fb9e36a9f1743fc7cecf38530da65a06ac892b60d2c430aaad657f5653495950d4af4b9833826366b79e629937498e5ce7f6af716303221c4 00002.patch
033dd1e959004f7a1026fb1de73813e934560101e04897297e468918ee28e4d7d0f271d6f05d984db22dd43e097f6aa133df18d11419b085d89db89b120750c9 netdb_success.patch 033dd1e959004f7a1026fb1de73813e934560101e04897297e468918ee28e4d7d0f271d6f05d984db22dd43e097f6aa133df18d11419b085d89db89b120750c9 netdb_success.patch

26
main/libspf2/CVE-2023-42118.patch Normal file
View File

@ -0,0 +1,26 @@
From c93823faef044150e1b232928d225ff5ff297e6c Mon Sep 17 00:00:00 2001
From: Simon Arlott <sa.me.uk>
Date: Sat, 30 Sep 2023 12:18:51 +0100
Subject: [PATCH] Fix integer underflow
---
src/libspf2/spf_compile.c | 6 +++++-
1 file changed, 5 insertions(+), 1 deletion(-)
diff --git a/src/libspf2/spf_compile.c b/src/libspf2/spf_compile.c
index b08ffe2..d401028 100644
--- a/src/libspf2/spf_compile.c
+++ b/src/libspf2/spf_compile.c
@@ -455,7 +455,11 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data_var_t *data,
/* Magic numbers for x/Nc in gdb. */ \
data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe; \
dst = SPF_data_str( data ); \
- ds_avail = _avail - sizeof(SPF_data_t); \
+ if ((_avail) < sizeof(SPF_data_t)) \
+ return SPF_response_add_error_ptr(spf_response, \
+ SPF_E_BIG_STRING, NULL, src, \
+ "Out of memory for string literal");\
+ ds_avail = (_avail) - sizeof(SPF_data_t); \
ds_len = 0; \
} while(0)