-
libspf2 (1.2.5.dfsg-4ubuntu0.7.10.2) gutsy-security; urgency=high
* SECURITY UPDATE:
* 51_actually-keep-track-of-max_var_len.dpatch: Fix possible DoS with
long sender addresses. Thanks to Hannah Schroeter.
* 52_compile_bufoverflow.dpatch: Prevent buffer overflows in SPF_compile
from mechanisms with huge domainspecs. Workaround suggested by
upstream. Limits the size of mechanisms and modifiers, but that
shouldn't be a problem in practice.
* 42_empty_sender.dpatch could previously cause segfaults by trying to
write to a constant string. Fixed.
* Thanks to Magnus Holmgren <email address hidden> for the fixes
* Thanks to Michael Casadevall for testing
-- Scott Kitterman <email address hidden> Mon, 10 Nov 2008 00:17:44 -0500
-
libspf2 (1.2.5.dfsg-4ubuntu0.7.10.1) gutsy-security; urgency=high
* SECURITY UPDATE:
* References CVE-2008-2469
* Add 50_dns_resolv_bufoverflow.dpatch to fix buffer overflows handling DNS
responses. (LP: #271025)
-- Scott Kitterman <email address hidden> Wed, 15 Oct 2008 00:14:25 -0400
-
libspf2 (1.2.5.dfsg-4) unstable; urgency=low
* Added 23_spfquery_ipv6.dpatch: Make spfquery accept IPv6 addresses
(Closes: #440147). Thanks to Matthias Cramer.
* 35_untabify_help.dpatch: Make --help output of utilities less ugly by
converting tabs to spaces.
-- Scott Kitterman <email address hidden> Tue, 02 Oct 2007 21:03:54 +0100
-
libspf2 (1.2.5.dfsg-3) unstable; urgency=low
* 22_spfquery_fallback_segfault.dpatch: Fix fallback-related segfault in
spfquery (Closes: #430414). Thanks to Robert Millan.
* Correct debian/copyright (Closes: #433047). Thanks to Julian Mehnle.
* A second patch from Robert split into three:
* 40_permanent_include_errors.dpatch: Make permanent errors in
processing an include: directive cause the parent evaluation to return
a permanent error as well (Closes: #435139).
* 41_none_not_neutral.dpatch: Use a diffent explanation for
SPF_RESULT_NONE than the one for SPF_RESULT_NEUTRAL (Closes: #435140).
* 42_empty_sender.dpatch: Use the HELO identity in MAIL FROM checks if
the sender address has been set to the empty string (Closes: #431239).
* debian/control: Add XS-Vcs-* fields.
-- Scott Kitterman <email address hidden> Wed, 05 Sep 2007 09:39:28 +0100
-
libspf2 (1.2.5.dfsg-2) unstable; urgency=low
* 21_spfquery_infininte_loop.dpatch: Fix infinite loop when giving
unimplemented options to spfquery.
* 20_printf_types.dpatch: Revert to using standard conversion specifiers
without z modifiers.
* debian/watch: mangle away .dfsg from package version.
* Lower spfquery and spfd alternatives priorities to 25.
* Skip applying 01_line-endings.dpatch; it's meaningless.
-- Ubuntu Archive Auto-Sync <email address hidden> Thu, 07 Jun 2007 15:49:16 +0100
-
libspf2 (1.2.5.dfsg-1) unstable; urgency=low
* New maintainer (Closes: #372629).
* Repacked .orig.tar.gz without non-free IETF Internet Draft (Closes:
#393390).
* Merge updates from Ubuntu:
- Add debian/compat and Build-depend on debhelper >= 5.
- Add alternatives handling for /usr/bin/spfquery (Closes: #306875).
- Conflict on libmail-spf-query-perl << 1:1.999.1-3.
- Add postinst and prerm scripts.
- debian/copyright: update author address.
- debian/control: add final newline.
* debian/control:
* Change description of spfquery (Closes: #410592).
* Add homepage to package descriptions.
* Reduce Debian diff by changing line endings with sed instead.
* Further reduce Debian diff by eliminating config.sub and config.guess
from there. Build-depend on autotools-dev to ensure up-to-date
versions instead.
* The autogenerated spf_lib_version.h was put in the wrong directory,
while there was a static spf_lib_version.h in the right directory.
Fix that with some rules in debian/rules.
* Use dpatch to manage patches.
* Apply 20_64bit_types.dpatch to hopefully prevent segfaults on 64-bit
architectures (Closes: #392793). Thanks to Thomas Jacob, Carsten
Koch-Mauthe and Herbert Straub.
* 20_printf_types.dpatch: Change format strings to use the z flag,
meaning size_t, among other things.
* 30_spfd_check_unlink_failure.dpatch: Fix a typo in spfd (patch from
Thomas Jacob).
* debian/watch: added.
* Update Standards-Version to 3.7.2 without changes.
* Apply 20_spf_dns_include_std_headers.dpatch: Include arpa/nameser.h and
netdb.h from spf_dns.h instead of defining the constants needed unless
certain HAVE_ macros are defined (Closes: #405885).
* Apply 25_maxvals.dpatch, which brings certain processing limits (meant
to mitigate DoS attacks) in line with RFC 4408. Thanks to Scott
Kitterman.
* debian/control: Change libspf2-dev dependency to ${binary:Version} so
that binNMUs will work.
* Ship spfd in the spfquery package (Closes: #258360).
-- Michael Bienia <email address hidden> Thu, 03 May 2007 10:37:00 +0100
-
libspf2 (1.2.5-4ubuntu3) feisty; urgency=low
* Added patch to change MX and PTR limits to match RFC (Closes LP: #92569)
- Patch thanks to Thomas Jacob <email address hidden>
-- Scott Kitterman <email address hidden> Thu, 15 Mar 2007 13:10:08 -0400