import bogofilter-1.2.5-2.el8

This commit is contained in:
CentOS Sources 2020-07-28 06:33:22 -04:00 committed by Stepan Oksanichenko
parent fec5a5378c
commit 6152345006
11 changed files with 13 additions and 397 deletions

View File

@ -1 +1 @@
fdfe478844a2691fe621a0174ede38ae0b4058e2 SOURCES/bogofilter-1.2.4.repack.tar.gz
c779c3afb3e57ae0208ee503a854aff716b0cafd SOURCES/bogofilter-1.2.5.tar.xz

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/bogofilter-1.2.4.repack.tar.gz
SOURCES/bogofilter-1.2.5.tar.xz

View File

@ -1,14 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 6994)
+++ bogofilter/NEWS (revision 6995)
@@ -46,7 +46,8 @@
svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
And developers would use, replacing joe by their sf.net login:
- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter
+ svn checkout --username=joe \
+ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
2012-12-03
* Add bogofilter-SA-2012-01 (CVE-2012-5468).

View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7008)
+++ bogofilter/NEWS (revision 7009)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2013-11-30
+
+ * Updated autoconf/automake stuff so that tests work properly with
+ automake versions that default to running parallel-tests.
+
1.2.4 2013-07-01 (released)
2013-06-28

View File

@ -1,127 +0,0 @@
Index: bogofilter/AUTHORS
===================================================================
--- bogofilter/AUTHORS (revision 7015)
+++ bogofilter/AUTHORS (revision 7016)
@@ -55,3 +55,4 @@
Marco Bozzolan
Paul Mangan
Roman Trunov
+Julius Plenz
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
--- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent)
+++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016)
Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Index: bogofilter/src/tests/t.passthrough-truncation
===================================================================
--- bogofilter/src/tests/t.passthrough-truncation (nonexistent)
+++ bogofilter/src/tests/t.passthrough-truncation (revision 7016)
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+. ${srcdir:=.}/t.frame
+
+# t.passthrough-hb
+#
+# test for correct passthrough of misdeclared MIME parts
+# test case provided by Julius Plenz, July 2014.
+
+gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input"
+$BOGOFILTER -e -p -C < "$TMPDIR/input" \
+| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output"
+
+if [ $verbose -eq 0 ]; then
+ cmp "$TMPDIR/input" "$TMPDIR/output"
+else
+ set +e
+ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output"
+fi
Property changes on: bogofilter/src/tests/t.passthrough-truncation
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: bogofilter/src/tests/Makefile.am
===================================================================
--- bogofilter/src/tests/Makefile.am (revision 7015)
+++ bogofilter/src/tests/Makefile.am (revision 7016)
@@ -35,7 +35,7 @@
t.ignore_spam_header \
t.nullstatsprefix \
t.integrity t.integrity2 t.integrity3 \
- t.passthrough-hb \
+ t.passthrough-hb t.passthrough-truncation \
t.escaped.html t.escaped.url \
t.base64 t.split t.parsing \
t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \
@@ -97,6 +97,7 @@
inputs/msg.split.dr.0118.base64 \
inputs/msg.split.gs.0119.text \
inputs/spam.mbx \
+ inputs/t.passthrough-truncation-in.gz \
outputs/MH.out \
outputs/bogolex.out \
outputs/bulkmode.out \
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7015)
+++ bogofilter/src/lexer.c (revision 7016)
@@ -220,15 +220,25 @@
#ifndef DISABLE_UNICODE
if (encoding == E_UNICODE &&
- !msg_state->mime_dont_decode)
+ !msg_state->mime_dont_decode &&
+ count > 0)
{
iconvert(linebuff, buff);
+
+ /* If we return count = 0 here, the caller will think we have
+ * no more bytes left to read, even though before the iconvert
+ * call we had a positive number of bytes. This *will* lead to
+ * a message truncation which we try to avoid by simply
+ * returning the original input buffer (which has positive
+ * length) instead. */
+ if(buff->t.leng == 0)
+ memcpy(buff, linebuff, sizeof(*buff));
+
/*
* iconvert, treating multi-byte sequences, can shrink or enlarge
* the output compared to its input. Correct count.
*/
- if (count > 0)
- count = buff->t.leng;
+ count = buff->t.leng;
}
#endif
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7015)
+++ bogofilter/NEWS (revision 7016)
@@ -15,6 +15,13 @@
-------------------------------------------------------------------------------
+ 2014-07-10
+
+ * Take patch from Julius Plenz to fix a bug in the charset converter
+ that causes truncation of messages in pass-through mode in rare
+ circumstances, for instance, if binary data is misdeclared as
+ text/html. Also add his test case, t.passthrough-truncation.
+
2013-11-30
* Updated autoconf/automake stuff so that tests work properly with

View File

@ -1,83 +0,0 @@
Index: bogofilter/src/mime.c
===================================================================
--- bogofilter/src/mime.c (revision 7022)
+++ bogofilter/src/mime.c (revision 7023)
@@ -279,6 +279,25 @@
mime_push(parent);
}
+static bool is_final_boundary(
+ const byte *ins,
+ size_t inlen,
+ size_t blen
+)
+{
+ if (inlen >= 5
+ && inlen >= blen + 2
+ && ins[0] == '-'
+ && ins[1] == '-'
+ && ins[blen+2] == '-'
+ && ins[blen+3] == '-')
+ {
+ return true;
+ }
+ return false;
+}
+
+
/**
* Check if the line given in \a boundary is a boundary of one of the
* outer MIME containers and store the results in \a b.
@@ -301,28 +320,18 @@
(buf[blen - 1] == '\r' || buf[blen - 1] == '\n'))
blen--;
- /* skip initial -- */
- buf += 2;
- blen -= 2;
-
- /* skip and note ending --, if any */
- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') {
- b->is_final = true;
- blen -= 2;
- } else {
- b->is_final = false;
- }
-
/* search stack for matching boundary, in reverse order */
for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent)
{
if (is_mime_container(ptr)
&& ptr->boundary != NULL
- && ptr->boundary_len == blen
- && (memcmp(ptr->boundary, buf, blen) == 0))
+ && (ptr->boundary_len + 2 == blen
+ || ptr->boundary_len + 4 == blen)
+ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0))
{
b->depth = ptr->depth;
b->is_valid = true;
+ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len);
break;
}
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7022)
+++ bogofilter/NEWS (revision 7023)
@@ -15,6 +15,15 @@
-------------------------------------------------------------------------------
+ 2015-02-25
+
+ * Fix the lexer to handle MIME multipart messages properly when the
+ boundary ended in "--". The parser would previously never find the
+ MIME parts because it mistook all boundaries ending in two dashes to
+ be the final boundary of the multipart, rather than checking if the
+ two dashes were extra.
+ Reported by Matt Garretson to the bogofilter mailing list today.
+
2014-07-10
* Take patch from Julius Plenz to fix a bug in the charset converter

View File

@ -1,48 +0,0 @@
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7029)
+++ bogofilter/src/lexer.c (revision 7030)
@@ -329,7 +329,7 @@
count += cnt;
/* Note: some malformed messages can cause xfgetsl() to report
- ** "Invalid buffer size, exiting." ** and then abort. This
+ ** "Invalid buffer size, exiting." and then abort. This
** can happen when the parser is in html mode and there's a
** leading '<' but no closing '>'.
**
@@ -343,9 +343,12 @@
if (count >= MAX_TOKEN_LEN * 2 &&
long_token(buff.t.u.text, (uint) count)) {
- uint start = buff.t.leng - count;
- uint length = count - max_token_len;
- buff_shift(&buff, start, length);
+ /* Make sure not to shift bytes outside the buffer */
+ if (buff.t.leng >= (uint) count) {
+ uint start = buff.t.leng - count;
+ uint length = count - max_token_len;
+ buff_shift(&buff, start, length);
+ }
count = buff.t.leng;
}
else
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7029)
+++ bogofilter/NEWS (revision 7030)
@@ -15,6 +15,14 @@
-------------------------------------------------------------------------------
+ 2015-02-28
+
+ * Fix the lexer to not try to delete parts from HTML tokens if it is
+ reading garbage (for instance, binary files misdeclared as HTML).
+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64),
+ and is possibly related to its newer flex 2.5.37 that may have
+ changed the way it uses yyinput() a bit. Reported by Matt Garretson.
+
2015-02-25
* Fix the lexer to handle MIME multipart messages properly when the

View File

@ -1,19 +0,0 @@
Index: bogofilter/src/maint.c
===================================================================
--- bogofilter/src/maint.c (revision 7031)
+++ bogofilter/src/maint.c (revision 7032)
@@ -118,11 +118,11 @@
bool discard;
if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */
- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0)
+ if (0 == word_cmps(token, MSG_COUNT))
return false;
- if (strcmp((const char *)token->u.text, ROBX_W) == 0)
+ if (0 == word_cmps(token, ROBX_W))
return false;
- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0)
+ if (0 == word_cmps(token, WORDLIST_ENCODING))
return false;
}

View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7033)
+++ bogofilter/NEWS (revision 7034)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2015-10-10
+
+ * Fix an out-of-bounds memory read in maint.c's discard_token().
+ Found with clang 3.6's address sanitizer.
+
2015-02-28
* Fix the lexer to not try to delete parts from HTML tokens if it is

View File

@ -1,40 +0,0 @@
Index: bogofilter/src/wordlists.c
===================================================================
--- bogofilter/src/wordlists.c (revision 7034)
+++ bogofilter/src/wordlists.c (revision 7035)
@@ -265,9 +265,6 @@
xfree(i);
}
- if (commit)
- word_lists = NULL;
-
return err;
}
Index: bogofilter/src/wordlists_base.c
===================================================================
--- bogofilter/src/wordlists_base.c (revision 7034)
+++ bogofilter/src/wordlists_base.c (revision 7035)
@@ -134,6 +134,8 @@
list = free_wordlistnode(list);
}
+ word_lists = NULL;
+
bogohome_cleanup();
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7034)
+++ bogofilter/NEWS (revision 7035)
@@ -17,6 +17,8 @@
2015-10-10
+ * Fix a memory leak in close_wordlists().
+
* Fix an out-of-bounds memory read in maint.c's discard_token().
Found with clang 3.6's address sanitizer.

View File

@ -1,32 +1,12 @@
Summary: Fast anti-spam filtering by Bayesian statistical analysis
Name: bogofilter
Version: 1.2.4
Release: 13%{?dist}
Version: 1.2.5
Release: 2%{?dist}
License: GPLv2
Group: Applications/Internet
URL: http://bogofilter.sourceforge.net/
# Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz
# The above used to be to the Source: line
# but due to bug 912694 which identified three files with license
# problems the following steps are necessary to repack bogofilter
# wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz
# tar xf bogofilter-1.2.4.tar.gz
# rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2]
# tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4
Source: bogofilter-%{version}.repack.tar.gz
# Patches are taken from upstreams SVN:
# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code
# cd bogofilter-code
# svndiff -c 6995 > patch.r6995
Patch1: patch.r6995
# patch.r7009 is adapted to apply without a previous patch
Patch2: patch.r7009
Patch3: patch.r7016
Patch4: patch.r7023
Patch5: patch.r7030
Patch6: patch.r7032
Patch7: patch.r7034
Patch8: patch.r7035
Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: flex libdb-devel gsl-devel
BuildRequires: /usr/bin/iconv
BuildRequires: perl-generators
@ -55,14 +35,7 @@ main bogofilter package.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
iconv -f iso-8859-1 -t utf-8 \
doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8
%{__mv} -f doc/bogofilter-faq-fr.html.utf8 \
@ -106,6 +79,12 @@ iconv -f iso-8859-1 -t utf-8 \
%exclude %{_mandir}/man1/bogoupgrade*
%changelog
* Mon May 18 2020 Milan Crha <mcrha@redhat.com> - 1.2.5-2
- Bump version to have OSCI/gating tests rerun with updated tests
* Fri May 15 2020 Milan Crha <mcrha@redhat.com> - 1.2.5-1
- Resolves: #1836279 (Update to 1.2.5)
* Wed Feb 07 2018 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-13
- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild