rpms/bogofilter
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Updated to 1.2.5

Browse Source 
No longer necessary to re-package sources: All problematic files have
  been re-licensed
All 19 patches are part of the 1.2.5 release and have been removed

Signed-off-by: Adrian Reber <adrian@lisas.de>
This commit is contained in:
Adrian Reber 2019-11-28 08:35:47 +01:00
parent ec15116093
commit f09b9710a7
No known key found for this signature in database
GPG Key ID: 82C9378ED3C4906A
22 changed files with 12 additions and 934 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -3,3 +3,4 @@ bogofilter-1.2.2.tar.gz
/bogofilter-1.2.3.tar.gz
/bogofilter-1.2.3.repack.tar.gz
/bogofilter-1.2.4.repack.tar.gz
/bogofilter-1.2.5.tar.xz

50
0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch
View File

@ -1,50 +0,0 @@
From 861b6c058b36fafefcdca21be180fa44046db4a0 Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Mon, 11 Feb 2019 10:01:14 +0100
Subject: [PATCH 01/11] Fix memory leak when creating a new bdb file (#125)
cf. https://sourceforge.net/p/bogofilter/bugs/125/
---
src/datastore_db.c | 21 +++++++++++++++++++--
1 file changed, 19 insertions(+), 2 deletions(-)
diff --git a/src/datastore_db.c b/src/datastore_db.c
index 4b58462..d0bcfa1 100644
--- a/src/datastore_db.c
+++ b/src/datastore_db.c
@@ -630,13 +630,30 @@ retry_db_open:
if (ret != 0) {
err = (ret != ENOENT) || (opt_flags == DB_RDONLY);
if (!err) {
- if (
+ ret =
#if DB_EQUAL(4,1)
- (ret = DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 ||
+ (DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 ||
#endif
#if DB_AT_LEAST(4,2)
(ret = DB_SET_FLAGS(dbp, DB_CHKSUM)) != 0 ||
#endif
+ 0;
+ if (!ret) {
+ dbp->close(dbp, 0);
+ if ((ret = db_create (&dbp, dbe, 0)) != 0) {
+ print_error(__FILE__, __LINE__, "(db) db_create, err: %d, %s",
+ ret, db_strerror(ret));
+ goto open_err;
+ }
+ handle->dbp = dbp;
+#ifdef ENABLE_MEMDEBUG
+ if (eTransaction == T_DISABLED)
+ dbp->set_alloc(dbp, md_malloc, md_realloc, md_free);
+ else
+ dbe->set_alloc(dbe, md_malloc, md_realloc, md_free);
+#endif
+ }
+ if (ret ||
(ret = DB_OPEN(dbp, bfp, NULL, dbtype, opt_flags | DB_CREATE | DB_EXCL | retryflag, DS_MODE)))
err = true;
if (!err)
--
2.20.1

30
0002-Fix-out-of-bounds-read-in-spanword-126.patch
View File

@ -1,30 +0,0 @@
From 63317a12e89040badf0cc82d82a8b6f64703cd6d Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Mon, 11 Feb 2019 10:02:21 +0100
Subject: [PATCH 02/11] Fix out-of-bounds read in spanword (#126)
cf. https://sourceforge.net/p/bogofilter/bugs/126/
---
src/wordlists.c | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/src/wordlists.c b/src/wordlists.c
index 735af34..a5d529e 100644
--- a/src/wordlists.c
+++ b/src/wordlists.c
@@ -307,8 +307,10 @@ static char *spanword(char *p)
{
const char *delim = ", \t";
p += strcspn(p, delim); /* skip to end of word */
- *p++ = '\0';
- p += strspn(p, " \t"); /* skip trailing whitespace */
+ if (*p) {
+ *p++ = '\0';
+ p += strspn(p, " \t"); /* skip trailing whitespace */
+ }
return p;
}
--
2.20.1

35
0003-Fix-memory-leak-already-fixed-in-trunk.patch
View File

@ -1,35 +0,0 @@
From 1e4e4d2ea197c89c2f441a87d62e397f0e139f2e Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Mon, 11 Feb 2019 10:03:20 +0100
Subject: [PATCH 03/11] Fix memory leak (already fixed in trunk)
cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/wordlists.c#l360
---
src/wordlists.c | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/src/wordlists.c b/src/wordlists.c
index a5d529e..717dc80 100644
--- a/src/wordlists.c
+++ b/src/wordlists.c
@@ -329,7 +329,8 @@ bool configure_wordlist(const char *val)
char* filename;
int precedence;
- char *tmp = xstrdup(val);
+ char *t = xstrdup(val);
+ char *tmp = t;
ch= tmp[0]; /* save wordlist type (good/spam) */
tmp = spanword(tmp);
@@ -357,6 +358,7 @@ bool configure_wordlist(const char *val)
(void)spanword(tmp);
init_wordlist(listname, filename, precedence, type);
+ xfree(t);
return true;
}
--
2.20.1

46
0004-Fix-msg-id-out-of-bounds-read-118.patch
View File

@ -1,46 +0,0 @@
From 7f4fbcb3a52aa5b0b83aef57bddb33fdd9d5b82e Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 10:50:40 +0100
Subject: [PATCH 04/11] Fix msg-id out-of-bounds read (#118)
cf. https://sourceforge.net/p/bogofilter/bugs/118/
---
src/token.c | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/token.c b/src/token.c
index 3ac43c1..686ddd0 100644
--- a/src/token.c
+++ b/src/token.c
@@ -33,6 +33,7 @@ AUTHOR:
word_t *msg_addr; /* First IP Address in Received: statement */
word_t *msg_id; /* Message ID */
+static size_t max_msg_id_len;
word_t *queue_id; /* Message's first queue ID */
static token_t save_class = NONE;
@@ -573,7 +574,8 @@ void token_init(void)
msg_addr = word_new( NULL, max_token_len );
/* Message ID */
- msg_id = word_new( NULL, max_token_len * 3 );
+ max_msg_id_len = max_token_len * 3;
+ msg_id = word_new( NULL, max_msg_id_len );
/* Message's first queue ID */
queue_id = word_new( NULL, max_token_len );
@@ -667,8 +669,8 @@ void set_tag(const char *text)
void set_msg_id(byte *text, uint leng)
{
- (void) leng; /* suppress compiler warning */
- token_set( msg_id, text, msg_id->leng );
+ uint n = min(leng, max_msg_id_len);
+ token_set( msg_id, text, n );
}
#define WFREE(n) word_free(n); n = NULL
--
2.20.1

26
0005-Fix-mime-cleanup-memory-leak-119.patch
View File

@ -1,26 +0,0 @@
From 9b9f5113d9fa4292f769f416d824e42a40a57c6f Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 10:52:08 +0100
Subject: [PATCH 05/11] Fix mime cleanup memory leak (#119)
cf. https://sourceforge.net/p/bogofilter/bugs/119/
---
src/mime.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/mime.c b/src/mime.c
index 8edaebf..8964b1a 100644
--- a/src/mime.c
+++ b/src/mime.c
@@ -204,7 +204,7 @@ void mime_cleanup()
if (msg_state == NULL)
return;
- while (mime_stack_top->parent)
+ while (msg_state->parent)
mime_pop();
mime_pop();
msg_state = NULL;
--
2.20.1

27
0006-Fix-fgetsl-abort-120.patch
View File

@ -1,27 +0,0 @@
From 76f398b072a805f02dc057eb896391c6ad63a78a Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 10:53:53 +0100
Subject: [PATCH 06/11] Fix fgetsl abort (#120)
https://sourceforge.net/p/bogofilter/bugs/120/
---
src/fgetsl.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/src/fgetsl.c b/src/fgetsl.c
index 630585f..166246f 100644
--- a/src/fgetsl.c
+++ b/src/fgetsl.c
@@ -26,6 +26,9 @@ int xfgetsl(char *buf, int max_size, FILE *in, bool no_nul_terminate)
char *end = buf + max_size; /* Physical end of buffer */
char *fin = end - (no_nul_terminate ? 0 : 1); /* Last available byte */
+ if (cp == fin && no_nul_terminate)
+ return 0;
+
if (cp >= fin) {
fprintf(stderr, "Invalid buffer size, exiting.\n");
abort();
--
2.20.1

69
0007-Fix-gconv-assert-overlap-buffers-121.patch
View File

@ -1,69 +0,0 @@
From 4ebbd6a1c3bcf5a1240413d1447ecf2f1699fc7b Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 10:54:46 +0100
Subject: [PATCH 07/11] Fix gconv assert overlap buffers (#121)
cf. https://sourceforge.net/p/bogofilter/bugs/121/
---
src/iconvert.c | 7 ++++++-
src/lexer.c | 4 +++-
2 files changed, 9 insertions(+), 2 deletions(-)
diff --git a/src/iconvert.c b/src/iconvert.c
index 731ce03..14585b4 100644
--- a/src/iconvert.c
+++ b/src/iconvert.c
@@ -31,7 +31,7 @@ AUTHOR:
#include <stdlib.h>
#include <errno.h>
-
+#include <assert.h>
#include "buff.h"
#include "iconvert.h"
@@ -163,6 +163,9 @@ static void convert(iconv_t xd, buff_t *restrict src, buff_t *restrict dst)
break;
default:
+ // Linux man page states that other error codes may occur
+ // thus, safer to leave that loop on unknown error, right?
+ done = true;
break;
}
}
@@ -190,6 +193,7 @@ static void copy(buff_t *restrict src, buff_t *restrict dst)
void iconvert(buff_t *restrict src, buff_t *restrict dst)
{
+ assert(src->t.u.text != dst->t.u.text);
if (cd == NULL)
copy(src, dst);
else
@@ -198,6 +202,7 @@ void iconvert(buff_t *restrict src, buff_t *restrict dst)
void iconvert_cd(iconv_t xd, buff_t *restrict src, buff_t *restrict dst)
{
+ assert(src->t.u.text != dst->t.u.text);
if (xd == (iconv_t)-1)
copy(src, dst);
else
diff --git a/src/lexer.c b/src/lexer.c
index ba58d25..0e3e7c7 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -231,8 +231,10 @@ static int get_decoded_line(buff_t *buff)
* a message truncation which we try to avoid by simply
* returning the original input buffer (which has positive
* length) instead. */
- if(buff->t.leng == 0)
+ if(buff->t.leng == 0) {
memcpy(buff, linebuff, sizeof(*buff));
+ *linebuff = (const buff_t){0};
+ }
/*
* iconvert, treating multi-byte sequences, can shrink or enlarge
--
2.20.1

25
0008-Fix-out-of-bounds-read-already-fixed-upstream.patch
View File

@ -1,25 +0,0 @@
From 8f8973aeecd4c3a34efce5cd0a23287cadaf439f Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 11:20:19 +0100
Subject: [PATCH 08/11] Fix out-of-bounds read (already fixed upstream)
cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/lexer.c#l144
---
src/lexer.c | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/lexer.c b/src/lexer.c
index 0e3e7c7..63bd4cb 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -140,6 +140,7 @@ static int yy_get_new_line(buff_t *buff)
&& count != EOF
/* don't skip if inside message/rfc822 */
&& msg_state->parent == NULL
+ && buff->t.leng >= hdrlen
&& memcmp(buff->t.u.text,spam_header_name,hdrlen) == 0) {
count = skip_folded_line(buff);
}
--
2.20.1

74
0009-Fix-buffer-overflow-in-add_buff-122.patch
View File

@ -1,74 +0,0 @@
From 25412109321aa575647f21b7b8b9f11634071f26 Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 14:57:51 +0100
Subject: [PATCH 09/11] Fix buffer overflow in add_buff (#122)
cf. https://sourceforge.net/p/bogofilter/bugs/122/
---
src/buff.c | 2 +-
src/lexer.c | 10 +++++++---
2 files changed, 8 insertions(+), 4 deletions(-)
diff --git a/src/buff.c b/src/buff.c
index 5342cd2..c325945 100644
--- a/src/buff.c
+++ b/src/buff.c
@@ -58,7 +58,7 @@ int buff_add(buff_t *self, word_t *in)
int readcnt = in->leng;
uint new_size = self->t.leng + in->leng;
if (new_size > self->size) {
- self->t.u.text = xrealloc(self->t.u.text, new_size);
+ self->t.u.text = xrealloc(self->t.u.text, new_size + D);
self->size = new_size;
}
self->read = readpos;
diff --git a/src/lexer.c b/src/lexer.c
index 63bd4cb..60692b6 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -152,12 +152,14 @@ static int get_decoded_line(buff_t *buff)
{
int count;
buff_t *linebuff;
+ // since msg_state might change during calls
+ bool mime_dont_decode = msg_state->mime_dont_decode;
#ifdef DISABLE_UNICODE
linebuff = buff;
#else
if (encoding == E_RAW ||
- msg_state->mime_dont_decode ) {
+ mime_dont_decode ) {
linebuff = buff;
}
else {
@@ -180,6 +182,8 @@ static int get_decoded_line(buff_t *buff)
}
#endif
+ // note that this call might invoke got_mimeboundary() thus
+ // changing the global msg_state variable
count = yy_get_new_line(linebuff);
if (count == EOF) {
@@ -200,7 +204,7 @@ static int get_decoded_line(buff_t *buff)
textblock_add(linebuff->t.u.text+linebuff->read, (size_t) count);
if ( !msg_header &&
- !msg_state->mime_dont_decode &&
+ !mime_dont_decode &&
msg_state->mime_type != MIME_TYPE_UNKNOWN)
{
word_t temp;
@@ -221,7 +225,7 @@ static int get_decoded_line(buff_t *buff)
#ifndef DISABLE_UNICODE
if (encoding == E_UNICODE &&
- !msg_state->mime_dont_decode &&
+ !mime_dont_decode &&
count > 0)
{
iconvert(linebuff, buff);
--
2.20.1

89
0010-Fix-fill_buf-heap-buffer-overflow-123.patch
View File

@ -1,89 +0,0 @@
From db3f056da3b16afa09bf807c717664689d35bdcb Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 19:12:29 +0100
Subject: [PATCH 10/11] Fix fill_buf heap-buffer-overflow (#123)
cf. https://sourceforge.net/p/bogofilter/bugs/123/
---
src/lexer.c | 27 +++++++++++++++------------
1 file changed, 15 insertions(+), 12 deletions(-)
diff --git a/src/lexer.c b/src/lexer.c
index 60692b6..b7b4b3b 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -11,6 +11,7 @@
#include <ctype.h>
#include <stdlib.h>
+#include <assert.h>
#include "base64.h"
#include "bogoconfig.h"
@@ -234,18 +235,16 @@ static int get_decoded_line(buff_t *buff)
* no more bytes left to read, even though before the iconvert
* call we had a positive number of bytes. This *will* lead to
* a message truncation which we try to avoid by simply
- * returning the original input buffer (which has positive
- * length) instead. */
+ * returning another in-band error code. */
if(buff->t.leng == 0) {
- memcpy(buff, linebuff, sizeof(*buff));
- *linebuff = (const buff_t){0};
+ count = -2;
+ } else {
+ /*
+ * iconvert, treating multi-byte sequences, can shrink or enlarge
+ * the output compared to its input. Correct count.
+ */
+ count = buff->t.leng;
}
-
- /*
- * iconvert, treating multi-byte sequences, can shrink or enlarge
- * the output compared to its input. Correct count.
- */
- count = buff->t.leng;
}
#endif
@@ -299,7 +298,9 @@ int buff_fill(buff_t *buff, size_t used, size_t need)
while (size - leng > 2 && need > leng - used) {
/* too few, read more */
int add = get_decoded_line(buff);
+ // get_decoded_line never returns EOF!?!
if (add == EOF) return EOF;
+ if (add == -2) continue;
if (add == 0) break ;
cnt += add;
leng += add;
@@ -332,8 +333,8 @@ int yyinput(byte *buf, size_t used, size_t size)
*/
while ((cnt = get_decoded_line(&buff)) != 0) {
-
- count += cnt;
+ if (cnt > 0)
+ count += cnt;
/* Note: some malformed messages can cause xfgetsl() to report
** "Invalid buffer size, exiting." and then abort. This
@@ -365,6 +366,7 @@ int yyinput(byte *buf, size_t used, size_t size)
if (msg_state &&
msg_state->mime_dont_decode &&
(msg_state->mime_disposition != MIME_DISPOSITION_UNKNOWN)) {
+ assert(count <= (int)size);
return (count == EOF ? 0 : count); /* not decode at all */
}
@@ -386,6 +388,7 @@ int yyinput(byte *buf, size_t used, size_t size)
if (DEBUG_LEXER(2))
fprintf(dbgout, "*** yyinput(\"%-.*s\", %lu, %lu) = %d\n", count, buf, (unsigned long)used, (unsigned long)size, count);
+ assert(count <= (int)size);
return (count == EOF ? 0 : count);
}
--
2.20.1

34
0011-Fix-buffer-overflow-after-long-tokens-124.patch
View File

@ -1,34 +0,0 @@
From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001
From: Georg Sauthoff <mail@georg.so>
Date: Fri, 8 Feb 2019 23:25:41 +0100
Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124)
cf. https://sourceforge.net/p/bogofilter/bugs/124/
---
src/lexer.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/lexer.c b/src/lexer.c
index b7b4b3b..77a88d4 100644
--- a/src/lexer.c
+++ b/src/lexer.c
@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff)
byte *buf = buff->t.u.text;
if (memcmp(buf + count - 2, CRLF, 2) == 0) {
count --;
+ --buff->t.leng;
*(buf + count - 1) = (byte) '\n';
}
}
@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size)
while ((cnt = get_decoded_line(&buff)) != 0) {
if (cnt > 0)
- count += cnt;
+ count = buff.t.leng;
/* Note: some malformed messages can cause xfgetsl() to report
** "Invalid buffer size, exiting." and then abort. This
--
2.20.1

75
bogofilter.spec
View File

@ -1,53 +1,11 @@
Summary: Fast anti-spam filtering by Bayesian statistical analysis
Name: bogofilter
Version: 1.2.4
Release: 18%{?dist}
Version: 1.2.5
Release: 1%{?dist}
License: GPLv2
URL: http://bogofilter.sourceforge.net/
# Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz
# The above used to be to the Source: line
# but due to bug 912694 which identified three files with license
# problems the following steps are necessary to repack bogofilter
# wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz
# tar xf bogofilter-1.2.4.tar.gz
# rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2]
# tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4
Source: bogofilter-%{version}.repack.tar.gz
# Patches are taken from upstreams SVN:
# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code
# cd bogofilter-code
# svndiff -c 6995 > patch.r6995
Patch1: patch.r6995
# patch.r7009 is adapted to apply without a previous patch
Patch2: patch.r7009
Patch3: patch.r7016
Patch4: patch.r7023
Patch5: patch.r7030
Patch6: patch.r7032
Patch7: patch.r7034
Patch8: patch.r7035
# The following patches are from https://bugzilla.redhat.com/show_bug.cgi?id=1676460
# https://sourceforge.net/p/bogofilter/bugs/125/
Patch9: 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch
# https://sourceforge.net/p/bogofilter/bugs/126/
Patch10: 0002-Fix-out-of-bounds-read-in-spanword-126.patch
Patch11: 0003-Fix-memory-leak-already-fixed-in-trunk.patch
# https://sourceforge.net/p/bogofilter/bugs/118/
Patch12: 0004-Fix-msg-id-out-of-bounds-read-118.patch
# https://sourceforge.net/p/bogofilter/bugs/119/
Patch13: 0005-Fix-mime-cleanup-memory-leak-119.patch
# https://sourceforge.net/p/bogofilter/bugs/120/
Patch14: 0006-Fix-fgetsl-abort-120.patch
# https://sourceforge.net/p/bogofilter/bugs/121/
Patch15: 0007-Fix-gconv-assert-overlap-buffers-121.patch
Patch16: 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch
# https://sourceforge.net/p/bogofilter/bugs/122/
Patch17: 0009-Fix-buffer-overflow-in-add_buff-122.patch
# https://sourceforge.net/p/bogofilter/bugs/123/
Patch18: 0010-Fix-fill_buf-heap-buffer-overflow-123.patch
# https://sourceforge.net/p/bogofilter/bugs/124/
Patch19: 0011-Fix-buffer-overflow-after-long-tokens-124.patch
BuildRequires: gcc
Source0: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.xz
BuildRequires: gcc
BuildRequires: flex libdb-devel gsl-devel
BuildRequires: /usr/bin/iconv
BuildRequires: perl-generators
@ -75,25 +33,6 @@ main bogofilter package.
%prep
%setup -q
%patch1 -p1
%patch2 -p1
%patch3 -p1
%patch4 -p1
%patch5 -p1
%patch6 -p1
%patch7 -p1
%patch8 -p1
%patch9 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p1
%patch16 -p1
%patch17 -p1
%patch18 -p1
%patch19 -p1
iconv -f iso-8859-1 -t utf-8 \
doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8
%{__mv} -f doc/bogofilter-faq-fr.html.utf8 \
@ -135,6 +74,12 @@ iconv -f iso-8859-1 -t utf-8 \
%exclude %{_mandir}/man1/bogoupgrade*
%changelog
* Thu Nov 28 2019 Adrian Reber <adrian@lisas.de> - 1.2.5-1
- Updated to 1.2.5
- No longer necessary to re-package sources: All problematic files have
been re-licensed
- All 19 patches are part of the 1.2.5 release and have been removed
* Tue Aug 20 2019 Susi Lehtola <jussilehtola@fedoraproject.org> - 1.2.4-18
- Rebuilt for GSL 2.6.

14
patch.r6995
View File

@ -1,14 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 6994)
+++ bogofilter/NEWS (revision 6995)
@@ -46,7 +46,8 @@
svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
And developers would use, replacing joe by their sf.net login:
- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter
+ svn checkout --username=joe \
+ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
2012-12-03
* Add bogofilter-SA-2012-01 (CVE-2012-5468).

16
patch.r7009
View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7008)
+++ bogofilter/NEWS (revision 7009)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2013-11-30
+
+ * Updated autoconf/automake stuff so that tests work properly with
+ automake versions that default to running parallel-tests.
+
1.2.4 2013-07-01 (released)
2013-06-28

127
patch.r7016
View File

@ -1,127 +0,0 @@
Index: bogofilter/AUTHORS
===================================================================
--- bogofilter/AUTHORS (revision 7015)
+++ bogofilter/AUTHORS (revision 7016)
@@ -55,3 +55,4 @@
Marco Bozzolan
Paul Mangan
Roman Trunov
+Julius Plenz
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
Cannot display: file marked as a binary type.
svn:mime-type = application/octet-stream
Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
===================================================================
--- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent)
+++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016)
Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz
___________________________________________________________________
Added: svn:mime-type
## -0,0 +1 ##
+application/octet-stream
\ No newline at end of property
Index: bogofilter/src/tests/t.passthrough-truncation
===================================================================
--- bogofilter/src/tests/t.passthrough-truncation (nonexistent)
+++ bogofilter/src/tests/t.passthrough-truncation (revision 7016)
@@ -0,0 +1,19 @@
+#! /bin/sh
+
+. ${srcdir:=.}/t.frame
+
+# t.passthrough-hb
+#
+# test for correct passthrough of misdeclared MIME parts
+# test case provided by Julius Plenz, July 2014.
+
+gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input"
+$BOGOFILTER -e -p -C < "$TMPDIR/input" \
+| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output"
+
+if [ $verbose -eq 0 ]; then
+ cmp "$TMPDIR/input" "$TMPDIR/output"
+else
+ set +e
+ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output"
+fi
Property changes on: bogofilter/src/tests/t.passthrough-truncation
___________________________________________________________________
Added: svn:executable
## -0,0 +1 ##
+*
\ No newline at end of property
Index: bogofilter/src/tests/Makefile.am
===================================================================
--- bogofilter/src/tests/Makefile.am (revision 7015)
+++ bogofilter/src/tests/Makefile.am (revision 7016)
@@ -35,7 +35,7 @@
t.ignore_spam_header \
t.nullstatsprefix \
t.integrity t.integrity2 t.integrity3 \
- t.passthrough-hb \
+ t.passthrough-hb t.passthrough-truncation \
t.escaped.html t.escaped.url \
t.base64 t.split t.parsing \
t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \
@@ -97,6 +97,7 @@
inputs/msg.split.dr.0118.base64 \
inputs/msg.split.gs.0119.text \
inputs/spam.mbx \
+ inputs/t.passthrough-truncation-in.gz \
outputs/MH.out \
outputs/bogolex.out \
outputs/bulkmode.out \
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7015)
+++ bogofilter/src/lexer.c (revision 7016)
@@ -220,15 +220,25 @@
#ifndef DISABLE_UNICODE
if (encoding == E_UNICODE &&
- !msg_state->mime_dont_decode)
+ !msg_state->mime_dont_decode &&
+ count > 0)
{
iconvert(linebuff, buff);
+
+ /* If we return count = 0 here, the caller will think we have
+ * no more bytes left to read, even though before the iconvert
+ * call we had a positive number of bytes. This *will* lead to
+ * a message truncation which we try to avoid by simply
+ * returning the original input buffer (which has positive
+ * length) instead. */
+ if(buff->t.leng == 0)
+ memcpy(buff, linebuff, sizeof(*buff));
+
/*
* iconvert, treating multi-byte sequences, can shrink or enlarge
* the output compared to its input. Correct count.
*/
- if (count > 0)
- count = buff->t.leng;
+ count = buff->t.leng;
}
#endif
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7015)
+++ bogofilter/NEWS (revision 7016)
@@ -15,6 +15,13 @@
-------------------------------------------------------------------------------
+ 2014-07-10
+
+ * Take patch from Julius Plenz to fix a bug in the charset converter
+ that causes truncation of messages in pass-through mode in rare
+ circumstances, for instance, if binary data is misdeclared as
+ text/html. Also add his test case, t.passthrough-truncation.
+
2013-11-30
* Updated autoconf/automake stuff so that tests work properly with

83
patch.r7023
View File

@ -1,83 +0,0 @@
Index: bogofilter/src/mime.c
===================================================================
--- bogofilter/src/mime.c (revision 7022)
+++ bogofilter/src/mime.c (revision 7023)
@@ -279,6 +279,25 @@
mime_push(parent);
}
+static bool is_final_boundary(
+ const byte *ins,
+ size_t inlen,
+ size_t blen
+)
+{
+ if (inlen >= 5
+ && inlen >= blen + 2
+ && ins[0] == '-'
+ && ins[1] == '-'
+ && ins[blen+2] == '-'
+ && ins[blen+3] == '-')
+ {
+ return true;
+ }
+ return false;
+}
+
+
/**
* Check if the line given in \a boundary is a boundary of one of the
* outer MIME containers and store the results in \a b.
@@ -301,28 +320,18 @@
(buf[blen - 1] == '\r' || buf[blen - 1] == '\n'))
blen--;
- /* skip initial -- */
- buf += 2;
- blen -= 2;
-
- /* skip and note ending --, if any */
- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') {
- b->is_final = true;
- blen -= 2;
- } else {
- b->is_final = false;
- }
-
/* search stack for matching boundary, in reverse order */
for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent)
{
if (is_mime_container(ptr)
&& ptr->boundary != NULL
- && ptr->boundary_len == blen
- && (memcmp(ptr->boundary, buf, blen) == 0))
+ && (ptr->boundary_len + 2 == blen
+ || ptr->boundary_len + 4 == blen)
+ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0))
{
b->depth = ptr->depth;
b->is_valid = true;
+ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len);
break;
}
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7022)
+++ bogofilter/NEWS (revision 7023)
@@ -15,6 +15,15 @@
-------------------------------------------------------------------------------
+ 2015-02-25
+
+ * Fix the lexer to handle MIME multipart messages properly when the
+ boundary ended in "--". The parser would previously never find the
+ MIME parts because it mistook all boundaries ending in two dashes to
+ be the final boundary of the multipart, rather than checking if the
+ two dashes were extra.
+ Reported by Matt Garretson to the bogofilter mailing list today.
+
2014-07-10
* Take patch from Julius Plenz to fix a bug in the charset converter

48
patch.r7030
View File

@ -1,48 +0,0 @@
Index: bogofilter/src/lexer.c
===================================================================
--- bogofilter/src/lexer.c (revision 7029)
+++ bogofilter/src/lexer.c (revision 7030)
@@ -329,7 +329,7 @@
count += cnt;
/* Note: some malformed messages can cause xfgetsl() to report
- ** "Invalid buffer size, exiting." ** and then abort. This
+ ** "Invalid buffer size, exiting." and then abort. This
** can happen when the parser is in html mode and there's a
** leading '<' but no closing '>'.
**
@@ -343,9 +343,12 @@
if (count >= MAX_TOKEN_LEN * 2 &&
long_token(buff.t.u.text, (uint) count)) {
- uint start = buff.t.leng - count;
- uint length = count - max_token_len;
- buff_shift(&buff, start, length);
+ /* Make sure not to shift bytes outside the buffer */
+ if (buff.t.leng >= (uint) count) {
+ uint start = buff.t.leng - count;
+ uint length = count - max_token_len;
+ buff_shift(&buff, start, length);
+ }
count = buff.t.leng;
}
else
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7029)
+++ bogofilter/NEWS (revision 7030)
@@ -15,6 +15,14 @@
-------------------------------------------------------------------------------
+ 2015-02-28
+
+ * Fix the lexer to not try to delete parts from HTML tokens if it is
+ reading garbage (for instance, binary files misdeclared as HTML).
+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64),
+ and is possibly related to its newer flex 2.5.37 that may have
+ changed the way it uses yyinput() a bit. Reported by Matt Garretson.
+
2015-02-25
* Fix the lexer to handle MIME multipart messages properly when the

19
patch.r7032
View File

@ -1,19 +0,0 @@
Index: bogofilter/src/maint.c
===================================================================
--- bogofilter/src/maint.c (revision 7031)
+++ bogofilter/src/maint.c (revision 7032)
@@ -118,11 +118,11 @@
bool discard;
if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */
- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0)
+ if (0 == word_cmps(token, MSG_COUNT))
return false;
- if (strcmp((const char *)token->u.text, ROBX_W) == 0)
+ if (0 == word_cmps(token, ROBX_W))
return false;
- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0)
+ if (0 == word_cmps(token, WORDLIST_ENCODING))
return false;
}

16
patch.r7034
View File

@ -1,16 +0,0 @@
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7033)
+++ bogofilter/NEWS (revision 7034)
@@ -15,6 +15,11 @@
-------------------------------------------------------------------------------
+ 2015-10-10
+
+ * Fix an out-of-bounds memory read in maint.c's discard_token().
+ Found with clang 3.6's address sanitizer.
+
2015-02-28
* Fix the lexer to not try to delete parts from HTML tokens if it is

40
patch.r7035
View File

@ -1,40 +0,0 @@
Index: bogofilter/src/wordlists.c
===================================================================
--- bogofilter/src/wordlists.c (revision 7034)
+++ bogofilter/src/wordlists.c (revision 7035)
@@ -265,9 +265,6 @@
xfree(i);
}
- if (commit)
- word_lists = NULL;
-
return err;
}
Index: bogofilter/src/wordlists_base.c
===================================================================
--- bogofilter/src/wordlists_base.c (revision 7034)
+++ bogofilter/src/wordlists_base.c (revision 7035)
@@ -134,6 +134,8 @@
list = free_wordlistnode(list);
}
+ word_lists = NULL;
+
bogohome_cleanup();
}
Index: bogofilter/NEWS
===================================================================
--- bogofilter/NEWS (revision 7034)
+++ bogofilter/NEWS (revision 7035)
@@ -17,6 +17,8 @@
2015-10-10
+ * Fix a memory leak in close_wordlists().
+
* Fix an out-of-bounds memory read in maint.c's discard_token().
Found with clang 3.6's address sanitizer.

2
sources
View File

@ -1 +1 @@
6b3564876c6a571880edfdf57bd501ae bogofilter-1.2.4.repack.tar.gz
SHA512 (bogofilter-1.2.5.tar.xz) = 3a7280485cfe5802dd3e9721c153f88ccf28bff7a6a24590e985e860d1f1e0ddea7bde8a8e5ad1ff643e94c9fd7b26b2a5ed5a9fb991cee3fd5b0ce67ce9abfe