Hi, ports@:
Here is a patch from upstream for mail/libspf2 to
fix CVE-2021-20314. More details please visit:
https://security-tracker.debian.org/tracker/CVE-2021-20314
Cheers !
wen
Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/libspf2/Makefile,v
retrieving revision 1.16
diff -u -p -r1.16 Makefile
--- Makefile 19 Mar 2021 13:09:13 -0000 1.16
+++ Makefile 12 Aug 2021 04:55:33 -0000
@@ -3,7 +3,7 @@
COMMENT= SPF library
DISTNAME= libspf2-1.2.10
-REVISION= 6
+REVISION= 7
SHARED_LIBS += spf2 4.0 # 3.0
Index: patches/patch-src_libspf2_spf_compile_c
===================================================================
RCS file: /cvs/ports/mail/libspf2/patches/patch-src_libspf2_spf_compile_c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-src_libspf2_spf_compile_c
--- patches/patch-src_libspf2_spf_compile_c 19 Apr 2017 16:56:04 -0000
1.4
+++ patches/patch-src_libspf2_spf_compile_c 12 Aug 2021 04:55:33 -0000
@@ -1,6 +1,16 @@
$OpenBSD: patch-src_libspf2_spf_compile_c,v 1.4 2017/04/19 16:56:04 jca Exp $
---- src/libspf2/spf_compile.c.orig Mon Feb 20 08:26:43 2012
-+++ src/libspf2/spf_compile.c Wed Apr 19 18:53:10 2017
+Index: src/libspf2/spf_compile.c
+--- src/libspf2/spf_compile.c.orig
++++ src/libspf2/spf_compile.c
+@@ -455,7 +455,7 @@ SPF_c_parse_var(SPF_response_t *spf_response, SPF_data
+ /* Magic numbers for x/Nc in gdb. */
\
+ data->ds.__unused0 = 0xba; data->ds.__unused1 = 0xbe;
\
+ dst = SPF_data_str( data );
\
+- ds_avail = _avail;
\
++ ds_avail = _avail - sizeof(SPF_data_t);
\
+ ds_len = 0;
\
+ } while(0)
+
@@ -577,7 +577,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
switch (src[idx]) {
case '%':
