From owner-freebsd-ports@FreeBSD.ORG Sat Aug 27 21:05:26 2011 Return-Path: Delivered-To: freebsd-ports@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id CF6D21065673; Sat, 27 Aug 2011 21:05:26 +0000 (UTC) (envelope-from dougb@FreeBSD.org) Received: from 172-17-198-245.globalsuite.net (hub.freebsd.org [IPv6:2001:4f8:fff6::36]) by mx2.freebsd.org (Postfix) with ESMTP id 04A5514DB2F; Sat, 27 Aug 2011 21:05:25 +0000 (UTC) Message-ID: <4E595C14.9030503@FreeBSD.org> Date: Sat, 27 Aug 2011 14:05:24 -0700 From: Doug Barton Organization: http://SupersetSolutions.com/ User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:6.0) Gecko/20110824 Thunderbird/6.0 MIME-Version: 1.0 To: urb@twe.net References: <4E57FBC1.1020009@FreeBSD.org> <4E580082.1030202@FreeBSD.org> <4E59324E.5070602@twe.net> In-Reply-To: <4E59324E.5070602@twe.net> X-Enigmail-Version: undefined OpenPGP: id=1A1ABC84 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Cc: mnag@FreeBSD.org, freebsd-ports@freebsd.org Subject: Re: mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10 X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Aug 2011 21:05:26 -0000 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 08/27/2011 11:07, Uffe R. B. Andersen wrote: > Den 26-08-2011 22:22, Doug Barton skrev: >> Howdy, > >> Doing some port updates and noticed that mail/postfix-policyd-spf >> relies on mail/libspf2-10, which according to >> http://portaudit.FreeBSD.org/2ddbfd29-a455-11dd-a55e-00163e000016.html > > > is vulnerable. There is a port of mail/libspf2 which is not vulnerable, >> is it possible to update mail/postfix-policyd-spf to rely on it >> instead? > > libspf2 port is currently libspf2-1.2.9_1 and according to the page > you refer to, the vulnerability affects libspf2 <1.2.8. Yes, that was my point. :) mail/libspf2-10 and mail/libspf2 are different ports. mail/postfix-policyd-spf currently relies on the former, it needs to be fixed to work with the latter instead. Doug - -- Nothin' ever doesn't change, but nothin' changes much. -- OK Go Breadth of IT experience, and depth of knowledge in the DNS. Yours for the right price. :) http://SupersetSolutions.com/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (FreeBSD) iQEcBAEBCAAGBQJOWVwUAAoJEFzGhvEaGryEQRUH/172rPtxYdWnCOotkqPZvYr3 3qRFYd6EqQWklnAZ50WB7TwyrIqHaIv9GdU3GR6wh0Hll+CbdUIqqghn4VkjPKZ1 0pIwD6kqkZmunNzXlfWB9MTscZGFrkSzDfhg69I8pZ5mbtCu3NPi00GSm2rTd+/h IP2LeOz8NkkwVmxpP1ysX36W7E61pP56f4pyv3JUZQ09ZZbM3ipeabOxFEc8E3CL Qf6kNHrJa2ZhNkaaJluQIBhbjXylJ98LGnqBHnhOi0CmIqsGDn64/ujqX+1cZfsb AScG3n0KNMOJCEa9Q3yW3FGlCVcoTNm3tl/HZVSQHvSSCyRakisJcZlK5KMY9fs= =Qms2 -----END PGP SIGNATURE-----