libspf2 (re: exim vulns)

Stuart Henderson Mon, 02 Oct 2023 04:20:41 -0700

This forked repo has some libspf2 fixes:
https://github.com/nomis/libspf2/commits/sa


It does have a fix for an int underflow in macro parsing
(https://github.com/shevek/libspf2/pull/44) but there's not
enough information about the anonymous/ZDI reported vulnerability
to know if that's the same.

The commits look sane to me. Might be worth picking this up for
release, though let's also see if anything further is mentioned about
libspf2 when exim release something in ~40 mins.

Index: Makefile
===================================================================
RCS file: /cvs/ports/mail/libspf2/Makefile,v
retrieving revision 1.18
diff -u -p -r1.18 Makefile
--- Makefile    11 Mar 2022 19:34:39 -0000      1.18
+++ Makefile    2 Oct 2023 10:59:28 -0000
@@ -1,10 +1,11 @@
 COMMENT=       SPF library
 
-GH_ACCOUNT=    shevek
+#GH_ACCOUNT=   shevek
+GH_ACCOUNT=    nomis
 GH_PROJECT=    libspf2
-GH_COMMIT=     4915c308d57ff3abac9fb241f09c4bed2ab54815
+GH_COMMIT=     57320dc7fd54f4cdff23067999416d9e66102452
 
-DISTNAME=      libspf2-1.2.11pre20210609
+DISTNAME=      libspf2-1.2.11pre20230930
 
 SHARED_LIBS += spf2                 4.0      # 3.0
 
Index: distinfo
===================================================================
RCS file: /cvs/ports/mail/libspf2/distinfo,v
retrieving revision 1.5
diff -u -p -r1.5 distinfo
--- distinfo    12 Aug 2021 10:44:23 -0000      1.5
+++ distinfo    2 Oct 2023 10:59:28 -0000
@@ -1,2 +1,2 @@
-SHA256 (libspf2-1.2.11pre20210609-4915c308.tar.gz) = 
1S2zOt1D7pPnkpo+eLk4lVkrdHJltj+W2m97PeLiZEk=
-SIZE (libspf2-1.2.11pre20210609-4915c308.tar.gz) = 565497
+SHA256 (libspf2-1.2.11pre20230930-57320dc7.tar.gz) = 
4Amk57q3+OiIp2/N1jCsy1Q5236y02fhhz+2wefTEI8=
+SIZE (libspf2-1.2.11pre20230930-57320dc7.tar.gz) = 565432
Index: patches/patch-src_libspf2_spf_compile_c
===================================================================
RCS file: /cvs/ports/mail/libspf2/patches/patch-src_libspf2_spf_compile_c,v
retrieving revision 1.6
diff -u -p -r1.6 patch-src_libspf2_spf_compile_c
--- patches/patch-src_libspf2_spf_compile_c     11 Mar 2022 19:34:39 -0000      
1.6
+++ patches/patch-src_libspf2_spf_compile_c     2 Oct 2023 10:59:28 -0000
@@ -1,6 +1,7 @@
---- src/libspf2/spf_compile.c.orig     Mon Feb 20 08:26:43 2012
-+++ src/libspf2/spf_compile.c  Wed Apr 19 18:53:10 2017
-@@ -577,7 +577,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
+Index: src/libspf2/spf_compile.c
+--- src/libspf2/spf_compile.c.orig
++++ src/libspf2/spf_compile.c
+@@ -582,7 +582,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
                switch (src[idx]) {
                case '%':
                        if (spf_server->debug > 3)
@@ -9,7 +10,7 @@
                        SPF_ENSURE_STRING_AVAIL(1);
                        *dst++ = '%';
                        ds_len++;
-@@ -586,7 +586,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
+@@ -591,7 +591,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
                        
                case '_':
                        if (spf_server->debug > 3)
@@ -18,7 +19,7 @@
                        SPF_ENSURE_STRING_AVAIL(1);
                        *dst++ = ' ';
                        ds_len++;
-@@ -595,7 +595,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
+@@ -600,7 +600,7 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
  
                case '-':
                        if (spf_server->debug > 3)
@@ -27,14 +28,3 @@
                        SPF_ENSURE_STRING_AVAIL(3);
                        *dst++ = '%'; *dst++ = '2'; *dst++ = '0';
                        ds_len += 3;
-@@ -604,8 +604,8 @@ SPF_c_parse_macro(SPF_server_t *spf_server,
- 
-               default:
-                       if (spf_server->debug > 3)
--                              SPF_debugf("Adding illegal %%-follower '%c' at 
%d",
--                              src[idx], idx);
-+                              SPF_debugf("Adding illegal %%-follower '%c' at 
%lu",
-+                              src[idx], (unsigned long)idx);
-                       /* SPF spec says to treat it as a literal, not
-                        * SPF_E_INVALID_ESC */
-                       /* FIXME   issue a warning? */
Index: patches/patch-src_libspf2_spf_dns_c
===================================================================
RCS file: /cvs/ports/mail/libspf2/patches/patch-src_libspf2_spf_dns_c,v
retrieving revision 1.3
diff -u -p -r1.3 patch-src_libspf2_spf_dns_c
--- patches/patch-src_libspf2_spf_dns_c 11 Mar 2022 19:34:39 -0000      1.3
+++ patches/patch-src_libspf2_spf_dns_c 2 Oct 2023 10:59:28 -0000
@@ -1,6 +1,7 @@
---- src/libspf2/spf_dns.c.orig Wed Apr 19 18:35:29 2017
-+++ src/libspf2/spf_dns.c      Wed Apr 19 18:35:40 2017
-@@ -105,7 +105,7 @@ SPF_dns_debug_post(SPF_dns_server_t *spf_dns_server, S
+Index: src/libspf2/spf_dns.c
+--- src/libspf2/spf_dns.c.orig
++++ src/libspf2/spf_dns.c
+@@ -101,7 +101,7 @@ SPF_dns_debug_post(SPF_dns_server_t *spf_dns_server, S
                                        break;
  
                                default:
Index: patches/patch-src_libspf2_spf_dns_cache_c
===================================================================
RCS file: patches/patch-src_libspf2_spf_dns_cache_c
diff -N patches/patch-src_libspf2_spf_dns_cache_c
--- /dev/null   1 Jan 1970 00:00:00 -0000
+++ patches/patch-src_libspf2_spf_dns_cache_c   2 Oct 2023 10:59:28 -0000
@@ -0,0 +1,15 @@
+985d7d0fdca3 removes the fallback definition for ns_t_spf and other
+uses of the SPF RRtype, but this was left
+
+Index: src/libspf2/spf_dns_cache.c
+--- src/libspf2/spf_dns_cache.c.orig
++++ src/libspf2/spf_dns_cache.c
+@@ -342,7 +342,7 @@ SPF_dns_cache_rr_fixup(SPF_dns_cache_config_t *spfhook
+               cached_rr->ttl = spfhook->min_ttl;
+ 
+     if ( cached_rr->ttl < spfhook->txt_ttl
+-                      && cached_rr->rr_type == ns_t_txt || cached_rr->rr_type 
== ns_t_spf )
++                      && cached_rr->rr_type == ns_t_txt )
+               cached_rr->ttl = spfhook->txt_ttl;
+ 
+     if ( cached_rr->ttl < spfhook->err_ttl
Index: patches/patch-src_libspf2_spf_dns_resolv_c
===================================================================
RCS file: /cvs/ports/mail/libspf2/patches/patch-src_libspf2_spf_dns_resolv_c,v
retrieving revision 1.5
diff -u -p -r1.5 patch-src_libspf2_spf_dns_resolv_c
--- patches/patch-src_libspf2_spf_dns_resolv_c  11 Mar 2022 19:34:39 -0000      
1.5
+++ patches/patch-src_libspf2_spf_dns_resolv_c  2 Oct 2023 10:59:28 -0000
@@ -1,7 +1,27 @@
+#1, #2:
+985d7d0fdca3 removes the fallback definition for ns_t_spf and other
+uses of the SPF RRtype, but this was left
+
 Index: src/libspf2/spf_dns_resolv.c
 --- src/libspf2/spf_dns_resolv.c.orig
 +++ src/libspf2/spf_dns_resolv.c
-@@ -609,7 +609,10 @@ SPF_dns_resolv_free(SPF_dns_server_t *spf_dns_server)
+@@ -179,7 +179,6 @@ SPF_dns_resolv_debug(SPF_dns_server_t *spf_dns_server,
+                               SPF_debugf("MX: %d %s", prio, name_buf);
+                       break;
+ 
+-              case ns_t_spf:
+               case ns_t_txt:
+                       if (rdlen < 1) {
+                               SPF_debugf(ns_rr_type(rr) == ns_t_txt ? "TXT" : 
"SPF" ": rdlen too short: %lu", (unsigned long)rdlen);
+@@ -510,7 +509,6 @@ SPF_dns_resolv_lookup(SPF_dns_server_t *spf_dns_server
+                                       cnt++;
+                                       break;
+ 
+-                              case ns_t_spf:
+                               case ns_t_txt:
+                                       if (rdlen > 1) {
+                                               u_char *src, *dst;
+@@ -608,7 +606,10 @@ SPF_dns_resolv_free(SPF_dns_server_t *spf_dns_server)
        SPF_ASSERT_NOTNULL(spf_dns_server);
  
  #if ! HAVE_DECL_RES_NINIT

libspf2 (re: exim vulns)

Reply via email to