rpms
/
bogofilter
7
0
Fork 0
Code Issues Pull Requests Releases Activity

import bogofilter-1.2.5-2.el8

This commit is contained in:
CentOS Sources 2020-11-03 06:57:51 -05:00 committed by Andrew Lukoshko
parent 961b2c6e0f
commit 51668face4
11 changed files with 13 additions and 397 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.bogofilter.metadata
View File

@ -1 +1 @@
fdfe478844a2691fe621a0174ede38ae0b4058e2 SOURCES/bogofilter-1.2.4.repack.tar.gz
c779c3afb3e57ae0208ee503a854aff716b0cafd SOURCES/bogofilter-1.2.5.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bogofilter-1.2.4.repack.tar.gz
SOURCES/bogofilter-1.2.5.tar.xz

14
SOURCES/patch.r6995
View File

@ -1,14 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 6994)
+++ bogofilter/NEWS (revision 6995)
@@ -46,7 +46,8 @@
svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
And developers would use, replacing joe by their sf.net login:
- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter
+ svn checkout --username=joe \
+ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
2012-12-03
* Add bogofilter-SA-2012-01 (CVE-2012-5468).

16
SOURCES/patch.r7009
View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7008)
+++ bogofilter/NEWS (revision 7009)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2013-11-30
+
+ * Updated autoconf/automake stuff so that tests work properly with
+ automake versions that default to running parallel-tests.
+
1.2.4 2013-07-01 (released)
2013-06-28

127
SOURCES/patch.r7016
View File

@ -1,127 +0,0 @@
Index: bogofilter/AUTHORS
===================================================================
--- bogofilter/AUTHORS (revision 7015)
+++ bogofilter/AUTHORS (revision 7016)
@@ -55,3 +55,4 @@
Marco Bozzolan
Paul Mangan
Roman Trunov
+Julius Plenz
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
--- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent)
+++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016)
Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Index: bogofilter/src/tests/t.passthrough-truncation
===================================================================
--- bogofilter/src/tests/t.passthrough-truncation (nonexistent)
+++ bogofilter/src/tests/t.passthrough-truncation (revision 7016)
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+. ${srcdir:=.}/t.frame
+
+# t.passthrough-hb
+#
+# test for correct passthrough of misdeclared MIME parts
+# test case provided by Julius Plenz, July 2014.
+
+gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input"
+$BOGOFILTER -e -p -C < "$TMPDIR/input" \
+| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output"
+
+if [ $verbose -eq 0 ]; then
+ cmp "$TMPDIR/input" "$TMPDIR/output"
+else
+ set +e
+ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output"
+fi
Property changes on: bogofilter/src/tests/t.passthrough-truncation
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: bogofilter/src/tests/Makefile.am
===================================================================
--- bogofilter/src/tests/Makefile.am (revision 7015)
+++ bogofilter/src/tests/Makefile.am (revision 7016)
@@ -35,7 +35,7 @@
t.ignore_spam_header \
t.nullstatsprefix \
t.integrity t.integrity2 t.integrity3 \
- t.passthrough-hb \
+ t.passthrough-hb t.passthrough-truncation \
t.escaped.html t.escaped.url \
t.base64 t.split t.parsing \
t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \
@@ -97,6 +97,7 @@
inputs/msg.split.dr.0118.base64 \
inputs/msg.split.gs.0119.text \
inputs/spam.mbx \
+ inputs/t.passthrough-truncation-in.gz \
outputs/MH.out \
outputs/bogolex.out \
outputs/bulkmode.out \
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7015)
+++ bogofilter/src/lexer.c (revision 7016)
@@ -220,15 +220,25 @@
#ifndef DISABLE_UNICODE
if (encoding == E_UNICODE &&
- !msg_state->mime_dont_decode)
+ !msg_state->mime_dont_decode &&
+ count > 0)
{
iconvert(linebuff, buff);
+
+ /* If we return count = 0 here, the caller will think we have
+ * no more bytes left to read, even though before the iconvert
+ * call we had a positive number of bytes. This *will* lead to
+ * a message truncation which we try to avoid by simply
+ * returning the original input buffer (which has positive
+ * length) instead. */
+ if(buff->t.leng == 0)
+ memcpy(buff, linebuff, sizeof(*buff));
+
/*
* iconvert, treating multi-byte sequences, can shrink or enlarge
* the output compared to its input. Correct count.
*/
- if (count > 0)
- count = buff->t.leng;
+ count = buff->t.leng;
}
#endif
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7015)
+++ bogofilter/NEWS (revision 7016)
@@ -15,6 +15,13 @@
-------------------------------------------------------------------------------
+ 2014-07-10
+
+ * Take patch from Julius Plenz to fix a bug in the charset converter
+ that causes truncation of messages in pass-through mode in rare
+ circumstances, for instance, if binary data is misdeclared as
+ text/html. Also add his test case, t.passthrough-truncation.
+
2013-11-30
* Updated autoconf/automake stuff so that tests work properly with

83
SOURCES/patch.r7023
View File

@ -1,83 +0,0 @@
Index: bogofilter/src/mime.c
===================================================================
--- bogofilter/src/mime.c (revision 7022)
+++ bogofilter/src/mime.c (revision 7023)
@@ -279,6 +279,25 @@
mime_push(parent);
}
+static bool is_final_boundary(
+ const byte *ins,
+ size_t inlen,
+ size_t blen
+)
+{
+ if (inlen >= 5
+ && inlen >= blen + 2
+ && ins[0] == '-'
+ && ins[1] == '-'
+ && ins[blen+2] == '-'
+ && ins[blen+3] == '-')
+ {
+ return true;
+ }
+ return false;
+}
+
+
/**
* Check if the line given in \a boundary is a boundary of one of the
* outer MIME containers and store the results in \a b.
@@ -301,28 +320,18 @@
(buf[blen - 1] == '\r' || buf[blen - 1] == '\n'))
blen--;
- /* skip initial -- */
- buf += 2;
- blen -= 2;
-
- /* skip and note ending --, if any */
- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') {
- b->is_final = true;
- blen -= 2;
- } else {
- b->is_final = false;
- }
-
/* search stack for matching boundary, in reverse order */
for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent)
{
if (is_mime_container(ptr)
&& ptr->boundary != NULL
- && ptr->boundary_len == blen
- && (memcmp(ptr->boundary, buf, blen) == 0))
+ && (ptr->boundary_len + 2 == blen
+ || ptr->boundary_len + 4 == blen)
+ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0))
{
b->depth = ptr->depth;
b->is_valid = true;
+ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len);
break;
}
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7022)
+++ bogofilter/NEWS (revision 7023)
@@ -15,6 +15,15 @@
-------------------------------------------------------------------------------
+ 2015-02-25
+
+ * Fix the lexer to handle MIME multipart messages properly when the
+ boundary ended in "--". The parser would previously never find the
+ MIME parts because it mistook all boundaries ending in two dashes to
+ be the final boundary of the multipart, rather than checking if the
+ two dashes were extra.
+ Reported by Matt Garretson to the bogofilter mailing list today.
+
2014-07-10
* Take patch from Julius Plenz to fix a bug in the charset converter

48
SOURCES/patch.r7030
View File

@ -1,48 +0,0 @@
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7029)
+++ bogofilter/src/lexer.c (revision 7030)
@@ -329,7 +329,7 @@
count += cnt;
/* Note: some malformed messages can cause xfgetsl() to report
- ** "Invalid buffer size, exiting." ** and then abort. This
+ ** "Invalid buffer size, exiting." and then abort. This
** can happen when the parser is in html mode and there's a
** leading '<' but no closing '>'.
**
@@ -343,9 +343,12 @@
if (count >= MAX_TOKEN_LEN * 2 &&
long_token(buff.t.u.text, (uint) count)) {
- uint start = buff.t.leng - count;
- uint length = count - max_token_len;
- buff_shift(&buff, start, length);
+ /* Make sure not to shift bytes outside the buffer */
+ if (buff.t.leng >= (uint) count) {
+ uint start = buff.t.leng - count;
+ uint length = count - max_token_len;
+ buff_shift(&buff, start, length);
+ }
count = buff.t.leng;
}
else
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7029)
+++ bogofilter/NEWS (revision 7030)
@@ -15,6 +15,14 @@
-------------------------------------------------------------------------------
+ 2015-02-28
+
+ * Fix the lexer to not try to delete parts from HTML tokens if it is
+ reading garbage (for instance, binary files misdeclared as HTML).
+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64),
+ and is possibly related to its newer flex 2.5.37 that may have
+ changed the way it uses yyinput() a bit. Reported by Matt Garretson.
+
2015-02-25
* Fix the lexer to handle MIME multipart messages properly when the

19
SOURCES/patch.r7032
View File

@ -1,19 +0,0 @@
Index: bogofilter/src/maint.c
===================================================================
--- bogofilter/src/maint.c (revision 7031)
+++ bogofilter/src/maint.c (revision 7032)
@@ -118,11 +118,11 @@
bool discard;
if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */
- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0)
+ if (0 == word_cmps(token, MSG_COUNT))
return false;
- if (strcmp((const char *)token->u.text, ROBX_W) == 0)
+ if (0 == word_cmps(token, ROBX_W))
return false;
- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0)
+ if (0 == word_cmps(token, WORDLIST_ENCODING))
return false;
}

16
SOURCES/patch.r7034
View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7033)
+++ bogofilter/NEWS (revision 7034)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2015-10-10
+
+ * Fix an out-of-bounds memory read in maint.c's discard_token().
+ Found with clang 3.6's address sanitizer.
+
2015-02-28
* Fix the lexer to not try to delete parts from HTML tokens if it is

40
SOURCES/patch.r7035
View File

@ -1,40 +0,0 @@
Index: bogofilter/src/wordlists.c
===================================================================
--- bogofilter/src/wordlists.c (revision 7034)
+++ bogofilter/src/wordlists.c (revision 7035)
@@ -265,9 +265,6 @@
xfree(i);
}
- if (commit)
- word_lists = NULL;
-
return err;
}
Index: bogofilter/src/wordlists_base.c
===================================================================
--- bogofilter/src/wordlists_base.c (revision 7034)
+++ bogofilter/src/wordlists_base.c (revision 7035)
@@ -134,6 +134,8 @@
list = free_wordlistnode(list);
}
+ word_lists = NULL;
+
bogohome_cleanup();
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7034)
+++ bogofilter/NEWS (revision 7035)
@@ -17,6 +17,8 @@
2015-10-10
+ * Fix a memory leak in close_wordlists().
+
* Fix an out-of-bounds memory read in maint.c's discard_token().
Found with clang 3.6's address sanitizer.

43
SPECS/bogofilter.spec
View File

@ -1,32 +1,12 @@
Summary: Fast anti-spam filtering by Bayesian statistical analysis
Name: bogofilter
Version: 1.2.4
Release: 13%{?dist}
Version: 1.2.5
Release: 2%{?dist}
License: GPLv2
Group: Applications/Internet
URL: http://bogofilter.sourceforge.net/
# Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz
# The above used to be to the Source: line
# but due to bug 912694 which identified three files with license
# problems the following steps are necessary to repack bogofilter
# wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz
# tar xf bogofilter-1.2.4.tar.gz
# rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2]
# tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4
Source: bogofilter-%{version}.repack.tar.gz
# Patches are taken from upstreams SVN:
# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code
# cd bogofilter-code
# svndiff -c 6995 > patch.r6995
Patch1: patch.r6995
# patch.r7009 is adapted to apply without a previous patch
Patch2: patch.r7009
Patch3: patch.r7016
Patch4: patch.r7023
Patch5: patch.r7030
Patch6: patch.r7032
Patch7: patch.r7034
Patch8: patch.r7035
Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: flex libdb-devel gsl-devel
BuildRequires: /usr/bin/iconv
BuildRequires: perl-generators
@ -55,14 +35,7 @@ main bogofilter package.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
iconv -f iso-8859-1 -t utf-8 \
doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8
%{__mv} -f doc/bogofilter-faq-fr.html.utf8 \
@ -106,6 +79,12 @@ iconv -f iso-8859-1 -t utf-8 \
%exclude %{_mandir}/man1/bogoupgrade*
%changelog
* Mon May 18 2020 Milan Crha <mcrha@redhat.com> - 1.2.5-2
- Bump version to have OSCI/gating tests rerun with updated tests
* Fri May 15 2020 Milan Crha <mcrha@redhat.com> - 1.2.5-1
- Resolves: #1836279 (Update to 1.2.5)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild