Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: opu Tags: squeeze I got a request (see below, Bug#718581) for an oldstable upload to fix the couple of additional bugs, causing crashes when libspf2 is called to validate email received over IPv6, that were fixed in wheeze but not in squeeze. The diff is quite minimal. Do you think this is worthwhile? friday 2 August 2013 16.51.12, Olivier Diserens wrote: > The packaged version in Squeeze does not includes the full ipv6-bugs patch > that comes in Wheezy. It means that some SPF resolutions do not correctly > work in IPv6 and lead to possible refusal of valid messages. > > I recompiled the package with this patch (taken from the Wheezy packages) > and it fixed the issue. I don't know of any security implication for now, > but since it implies some wrong return values it seems quite important. -- Magnus Holmgren Debian Developer
Index: debian/patches/ipv6_buffer_miscalculation.dpatch =================================================================== --- debian/patches/ipv6_buffer_miscalculation.dpatch (revision 74) +++ debian/patches/ipv6_buffer_miscalculation.dpatch (arbetskopia) @@ -1,10 +1,10 @@ #! /bin/sh /usr/share/dpatch/dpatch-run -## ipv6_buffer_miscalculation.dpatch by Matthias Scheler <tron@netbsd.org> +## ipv6_buffer_miscalculation.dpatch by Matthias Scheler <tron@netbsd.org> and others ## -## DP: Fix an abort() caused by miscalculating the size of an internal buffer. -## DP: This can crash applications using "libspf2" (e.g. "milter-greylist") -## DP: in an e-mail gets delivered via SMTP over IPv6 depending on the -## DP: remote machine's IPv6 address. +## DP: Fix various IPv6-related typos, C&P bugs etc. +## DP: These can crash applications using libspf2 or give the wrong result if +## DP: an e-mail gets delivered via SMTP over IPv6 depending on the remote +## DP: machine's IPv6 address. @DPATCH@ --- a/src/libspf2/spf_expand.c 2008-11-03 21:29:00.000000000 +0000 @@ -18,3 +18,42 @@ if (d->dv.url_encode) len *= 3; buflen += len; +--- a/src/libspf2/spf_interpret.c 2008-10-22 11:47:43.000000000 -0400 ++++ b/src/libspf2/spf_interpret.c 2009-09-08 00:42:25.000000000 -0400 +@@ -505,7 +505,7 @@ + char dst_ip6_buf[ INET6_ADDRSTRLEN ]; + + struct in6_addr src_ipv6; +- int cidr, mask; ++ int cidr, cidr_save, mask; + int i; + int match; + +@@ -517,6 +517,7 @@ + cidr = SPF_i_mech_cidr(spf_request, mech); + if ( cidr == 0 ) + cidr = 128; ++ cidr_save = cidr; + + match = TRUE; + for( i = 0; i < array_elem( ipv6.s6_addr ) && match; i++ ) +@@ -538,7 +539,7 @@ + INET_NTOP(AF_INET6, &ipv6.s6_addr, + dst_ip6_buf, sizeof(dst_ip6_buf)); + SPF_debugf( "ip_match: %s == %s (/%d): %d", +- src_ip6_buf, dst_ip6_buf, cidr, match ); ++ src_ip6_buf, dst_ip6_buf, cidr_save, match ); + } + + return match; +--- a/src/libspf2/spf_compile.c 2008-11-03 15:37:33.000000000 -0500 ++++ b/src/libspf2/spf_compile.c 2009-09-07 23:46:02.000000000 -0400 +@@ -778,7 +778,7 @@ + const char *end; + const char *p; + +- char buf[ INET_ADDRSTRLEN ]; ++ char buf[ INET6_ADDRSTRLEN ]; + size_t len; + int err; + Index: debian/changelog =================================================================== --- debian/changelog (revision 74) +++ debian/changelog (arbetskopia) @@ -1,3 +1,10 @@ +libspf2 (1.2.9-4squeeze1) oldstable; urgency=low + + * ipv6_buffer_miscalculation.dpatch: Include further fixes from wheezy + (Closes: #718581). + + -- Magnus Holmgren <holmgren@debian.org> Tue, 13 Aug 2013 10:27:39 +0200 + libspf2 (1.2.9-4) unstable; urgency=low * Drop obsolete README.Debian-source; move non-obsolete info to
Attachment:
signature.asc
Description: This is a digitally signed message part.