mail/postfix-policyd-spf relies on vulnerable mail/libspf2-10

Uffe R. B. Andersen urb at
Sun Aug 28 10:36:06 UTC 2011

Hash: SHA1

Den 28-08-2011 02:00, Doug Barton skrev:
> I appreciate your responses, but I think you're missing one or
> more large'ish pieces of the puzzle. Here is what I'm seeing with
> an up to date portaudit db:
> portaudit -a Affected package: libspf2-1.0.4_1 Type of problem:
> libspf2 -- Buffer overflow. Reference: 
>  pkg_info -qo libspf2-1.0.4_1 mail/libspf2-10
> pkg_info -R libspf2-1.0.4_1 Information for libspf2-1.0.4_1:
> Required by: postfix-policyd-spf-1.0.1_3
> cd /usr/ports/mail/libspf2-10/ make -V PKGNAME libspf2-1.0.4_1
> The solution here is that postfix-policyd-spf needs to be updated
> to not rely on a vulnerable version of libspf2.

Indeed you're right. Googling the issue reveal that
postfix-policyd-spf apparently is rather unmaintained and people
suggest using the perl or python versions instead. I do remember
having this issue myself, some 2 years ago and nothing seems to have
happened since then. The Google result also show, that
postfix-policyd-spf doesn't compile with newer versions of libspf2.

Perhaps we should ask to have postfix-policyd-spf removed from the
ports tree altogether?

- -- 
Med venlig hilsen - Sincerely
Uffe R. B. Andersen - mailto:urb at

Version: GnuPG v2.0.12 (MingW32)


More information about the freebsd-ports mailing list