mirror of
https://gitlab.alpinelinux.org/alpine/aports.git
synced 2025-07-12 18:59:50 +03:00
main/libspf2: patch CVE-2021-20314
This commit is contained in:
J0WI
Natanael Copa
parent
8467811fd8
commit
110025aa06
2 changed files with 28 additions and 1 deletions
|
|
@ -4,7 +4,7 @@
|
|||
pkgname=libspf2
|
||||
pkgver=1.2.11
|
||||
_commit=8131fe140704eaae695e76b5cd09e39bd1dd220b
|
||||
pkgrel=3
|
||||
pkgrel=4
|
||||
pkgdesc="Sender Policy Framework library, a part of the SPF/SRS protocol pair."
|
||||
url="https://www.libspf2.org/"
|
||||
arch="all"
|
||||
|
|
@ -13,6 +13,7 @@ subpackages="$pkgname-dev $pkgname-tools"
|
|||
makedepends="autoconf automake libtool"
|
||||
options="!check" # no test suite
|
||||
source="$pkgname-$pkgver.tar.gz::https://github.com/shevek/libspf2/archive/$_commit.tar.gz
|
||||
CVE-2021-20314.patch
|
||||
CVE-2023-42118.patch
|
||||
00001.patch
|
||||
00002.patch
|
||||
|
|
@ -23,6 +24,8 @@ source="$pkgname-$pkgver.tar.gz::https://github.com/shevek/libspf2/archive/$_com
|
|||
builddir="$srcdir/$pkgname-$_commit"
|
||||
|
||||
# secfixes:
|
||||
# 1.2.11-r4:
|
||||
# - CVE-2021-20314
|
||||
# 1.2.11-r3:
|
||||
# - CVE-2023-42118
|
||||
# 1.2.11-r0:
|
||||
|
|
@ -63,6 +66,7 @@ tools() {
|
|||
|
||||
sha512sums="
|
||||
bbc8b053aa5dc960be7a31ee4d4385d9ed7f42a7c998a392626610de9a7dd9f95f16ad309990d0118f1eab3bed49189ed1be9c30d291c0ca54541677a968ceb3 libspf2-1.2.11.tar.gz
|
||||
af4800fa95693676e5c5f669d865ca1ef8e109515de24ef044689ae92bd1e7ab17cae3c9f35ca9c41a37456d9b019f28a004f45fdbe1700a74cf65d3e59880be CVE-2021-20314.patch
|
||||
9e17764f24de8147a27a41a5aeaf0554af6f434c04aa5ddea56fd4692f208c1c2576acd28ff06a2be6ff32945f5a441405b2ebb2f393c6a571e34723b023b1f5 CVE-2023-42118.patch
|
||||
3b9bff9b5a5b95f6722f86a43373b0c84cbb79a4509cf0c73486612c0a1b33587bb0b42966b0d2e3a317e4d7a730091fa444bd1258afd06bb3553c4a96d3ee34 00001.patch
|
||||
18ddfe106b652e2fb9e36a9f1743fc7cecf38530da65a06ac892b60d2c430aaad657f5653495950d4af4b9833826366b79e629937498e5ce7f6af716303221c4 00002.patch
|
||||
|
|
|
|||
23
main/libspf2/CVE-2021-20314.patch
Normal file
23
main/libspf2/CVE-2021-20314.patch
Normal file
|
|
@ -0,0 +1,23 @@
|
|||
From 8b50e5cef36fc7fbc3c8808168e51cc33a3cc940 Mon Sep 17 00:00:00 2001
|
||||
From: bdijkstra82 <boudewijn@indes.com>
|
||||
Date: Wed, 30 Mar 2016 21:47:46 +0200
|
||||
Subject: [PATCH] fix use-after-free
|
||||
|
||||
Not sure what the intention is here, but in no case should
|
||||
spf_record_exp point to a freed object. (Fixes crash on OpenBSD 5.9.)
|
||||
---
|
||||
src/libspf2/spf_request.c | 1 +
|
||||
1 file changed, 1 insertion(+)
|
||||
|
||||
diff --git a/src/libspf2/spf_request.c b/src/libspf2/spf_request.c
|
||||
index c310a5a..8a73275 100644
|
||||
--- a/src/libspf2/spf_request.c
|
||||
+++ b/src/libspf2/spf_request.c
|
||||
@@ -259,6 +259,7 @@ SPF_request_query_record(SPF_request_t *spf_request,
|
||||
err = SPF_record_interpret(spf_record,
|
||||
spf_request, spf_response, 0);
|
||||
SPF_record_free(spf_record);
|
||||
+ spf_response->spf_record_exp = NULL;
|
||||
|
||||
return err;
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue