diff --git a/.gitignore b/.gitignore index 15449d4..1171dd5 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ bogofilter-1.2.2.tar.gz /bogofilter-1.2.3.tar.gz /bogofilter-1.2.3.repack.tar.gz /bogofilter-1.2.4.repack.tar.gz +/bogofilter-1.2.5.tar.xz diff --git a/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch b/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch deleted file mode 100644 index 09087c3..0000000 --- a/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 861b6c058b36fafefcdca21be180fa44046db4a0 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:01:14 +0100 -Subject: [PATCH 01/11] Fix memory leak when creating a new bdb file (#125) - -cf. https://sourceforge.net/p/bogofilter/bugs/125/ ---- - src/datastore_db.c | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/datastore_db.c b/src/datastore_db.c -index 4b58462..d0bcfa1 100644 ---- a/src/datastore_db.c -+++ b/src/datastore_db.c -@@ -630,13 +630,30 @@ retry_db_open: - if (ret != 0) { - err = (ret != ENOENT) || (opt_flags == DB_RDONLY); - if (!err) { -- if ( -+ ret = - #if DB_EQUAL(4,1) -- (ret = DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || -+ (DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || - #endif - #if DB_AT_LEAST(4,2) - (ret = DB_SET_FLAGS(dbp, DB_CHKSUM)) != 0 || - #endif -+ 0; -+ if (!ret) { -+ dbp->close(dbp, 0); -+ if ((ret = db_create (&dbp, dbe, 0)) != 0) { -+ print_error(__FILE__, __LINE__, "(db) db_create, err: %d, %s", -+ ret, db_strerror(ret)); -+ goto open_err; -+ } -+ handle->dbp = dbp; -+#ifdef ENABLE_MEMDEBUG -+ if (eTransaction == T_DISABLED) -+ dbp->set_alloc(dbp, md_malloc, md_realloc, md_free); -+ else -+ dbe->set_alloc(dbe, md_malloc, md_realloc, md_free); -+#endif -+ } -+ if (ret || - (ret = DB_OPEN(dbp, bfp, NULL, dbtype, opt_flags | DB_CREATE | DB_EXCL | retryflag, DS_MODE))) - err = true; - if (!err) --- -2.20.1 - diff --git a/0002-Fix-out-of-bounds-read-in-spanword-126.patch b/0002-Fix-out-of-bounds-read-in-spanword-126.patch deleted file mode 100644 index 09ece38..0000000 --- a/0002-Fix-out-of-bounds-read-in-spanword-126.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 63317a12e89040badf0cc82d82a8b6f64703cd6d Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:02:21 +0100 -Subject: [PATCH 02/11] Fix out-of-bounds read in spanword (#126) - -cf. https://sourceforge.net/p/bogofilter/bugs/126/ ---- - src/wordlists.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/wordlists.c b/src/wordlists.c -index 735af34..a5d529e 100644 ---- a/src/wordlists.c -+++ b/src/wordlists.c -@@ -307,8 +307,10 @@ static char *spanword(char *p) - { - const char *delim = ", \t"; - p += strcspn(p, delim); /* skip to end of word */ -- *p++ = '\0'; -- p += strspn(p, " \t"); /* skip trailing whitespace */ -+ if (*p) { -+ *p++ = '\0'; -+ p += strspn(p, " \t"); /* skip trailing whitespace */ -+ } - return p; - } - --- -2.20.1 - diff --git a/0003-Fix-memory-leak-already-fixed-in-trunk.patch b/0003-Fix-memory-leak-already-fixed-in-trunk.patch deleted file mode 100644 index e080c5f..0000000 --- a/0003-Fix-memory-leak-already-fixed-in-trunk.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 1e4e4d2ea197c89c2f441a87d62e397f0e139f2e Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:03:20 +0100 -Subject: [PATCH 03/11] Fix memory leak (already fixed in trunk) - -cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/wordlists.c#l360 ---- - src/wordlists.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/wordlists.c b/src/wordlists.c -index a5d529e..717dc80 100644 ---- a/src/wordlists.c -+++ b/src/wordlists.c -@@ -329,7 +329,8 @@ bool configure_wordlist(const char *val) - char* filename; - int precedence; - -- char *tmp = xstrdup(val); -+ char *t = xstrdup(val); -+ char *tmp = t; - - ch= tmp[0]; /* save wordlist type (good/spam) */ - tmp = spanword(tmp); -@@ -357,6 +358,7 @@ bool configure_wordlist(const char *val) - (void)spanword(tmp); - - init_wordlist(listname, filename, precedence, type); -+ xfree(t); - - return true; - } --- -2.20.1 - diff --git a/0004-Fix-msg-id-out-of-bounds-read-118.patch b/0004-Fix-msg-id-out-of-bounds-read-118.patch deleted file mode 100644 index 57657ba..0000000 --- a/0004-Fix-msg-id-out-of-bounds-read-118.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7f4fbcb3a52aa5b0b83aef57bddb33fdd9d5b82e Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:50:40 +0100 -Subject: [PATCH 04/11] Fix msg-id out-of-bounds read (#118) - -cf. https://sourceforge.net/p/bogofilter/bugs/118/ ---- - src/token.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/token.c b/src/token.c -index 3ac43c1..686ddd0 100644 ---- a/src/token.c -+++ b/src/token.c -@@ -33,6 +33,7 @@ AUTHOR: - - word_t *msg_addr; /* First IP Address in Received: statement */ - word_t *msg_id; /* Message ID */ -+static size_t max_msg_id_len; - word_t *queue_id; /* Message's first queue ID */ - - static token_t save_class = NONE; -@@ -573,7 +574,8 @@ void token_init(void) - msg_addr = word_new( NULL, max_token_len ); - - /* Message ID */ -- msg_id = word_new( NULL, max_token_len * 3 ); -+ max_msg_id_len = max_token_len * 3; -+ msg_id = word_new( NULL, max_msg_id_len ); - - /* Message's first queue ID */ - queue_id = word_new( NULL, max_token_len ); -@@ -667,8 +669,8 @@ void set_tag(const char *text) - - void set_msg_id(byte *text, uint leng) - { -- (void) leng; /* suppress compiler warning */ -- token_set( msg_id, text, msg_id->leng ); -+ uint n = min(leng, max_msg_id_len); -+ token_set( msg_id, text, n ); - } - - #define WFREE(n) word_free(n); n = NULL --- -2.20.1 - diff --git a/0005-Fix-mime-cleanup-memory-leak-119.patch b/0005-Fix-mime-cleanup-memory-leak-119.patch deleted file mode 100644 index ca2227a..0000000 --- a/0005-Fix-mime-cleanup-memory-leak-119.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9b9f5113d9fa4292f769f416d824e42a40a57c6f Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:52:08 +0100 -Subject: [PATCH 05/11] Fix mime cleanup memory leak (#119) - -cf. https://sourceforge.net/p/bogofilter/bugs/119/ ---- - src/mime.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/mime.c b/src/mime.c -index 8edaebf..8964b1a 100644 ---- a/src/mime.c -+++ b/src/mime.c -@@ -204,7 +204,7 @@ void mime_cleanup() - if (msg_state == NULL) - return; - -- while (mime_stack_top->parent) -+ while (msg_state->parent) - mime_pop(); - mime_pop(); - msg_state = NULL; --- -2.20.1 - diff --git a/0006-Fix-fgetsl-abort-120.patch b/0006-Fix-fgetsl-abort-120.patch deleted file mode 100644 index 333e3cf..0000000 --- a/0006-Fix-fgetsl-abort-120.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 76f398b072a805f02dc057eb896391c6ad63a78a Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:53:53 +0100 -Subject: [PATCH 06/11] Fix fgetsl abort (#120) - -https://sourceforge.net/p/bogofilter/bugs/120/ ---- - src/fgetsl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/fgetsl.c b/src/fgetsl.c -index 630585f..166246f 100644 ---- a/src/fgetsl.c -+++ b/src/fgetsl.c -@@ -26,6 +26,9 @@ int xfgetsl(char *buf, int max_size, FILE *in, bool no_nul_terminate) - char *end = buf + max_size; /* Physical end of buffer */ - char *fin = end - (no_nul_terminate ? 0 : 1); /* Last available byte */ - -+ if (cp == fin && no_nul_terminate) -+ return 0; -+ - if (cp >= fin) { - fprintf(stderr, "Invalid buffer size, exiting.\n"); - abort(); --- -2.20.1 - diff --git a/0007-Fix-gconv-assert-overlap-buffers-121.patch b/0007-Fix-gconv-assert-overlap-buffers-121.patch deleted file mode 100644 index c582134..0000000 --- a/0007-Fix-gconv-assert-overlap-buffers-121.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 4ebbd6a1c3bcf5a1240413d1447ecf2f1699fc7b Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:54:46 +0100 -Subject: [PATCH 07/11] Fix gconv assert overlap buffers (#121) - -cf. https://sourceforge.net/p/bogofilter/bugs/121/ ---- - src/iconvert.c | 7 ++++++- - src/lexer.c | 4 +++- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/iconvert.c b/src/iconvert.c -index 731ce03..14585b4 100644 ---- a/src/iconvert.c -+++ b/src/iconvert.c -@@ -31,7 +31,7 @@ AUTHOR: - - #include - #include -- -+#include - #include "buff.h" - #include "iconvert.h" - -@@ -163,6 +163,9 @@ static void convert(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) - break; - - default: -+ // Linux man page states that other error codes may occur -+ // thus, safer to leave that loop on unknown error, right? -+ done = true; - break; - } - } -@@ -190,6 +193,7 @@ static void copy(buff_t *restrict src, buff_t *restrict dst) - - void iconvert(buff_t *restrict src, buff_t *restrict dst) - { -+ assert(src->t.u.text != dst->t.u.text); - if (cd == NULL) - copy(src, dst); - else -@@ -198,6 +202,7 @@ void iconvert(buff_t *restrict src, buff_t *restrict dst) - - void iconvert_cd(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) - { -+ assert(src->t.u.text != dst->t.u.text); - if (xd == (iconv_t)-1) - copy(src, dst); - else -diff --git a/src/lexer.c b/src/lexer.c -index ba58d25..0e3e7c7 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -231,8 +231,10 @@ static int get_decoded_line(buff_t *buff) - * a message truncation which we try to avoid by simply - * returning the original input buffer (which has positive - * length) instead. */ -- if(buff->t.leng == 0) -+ if(buff->t.leng == 0) { - memcpy(buff, linebuff, sizeof(*buff)); -+ *linebuff = (const buff_t){0}; -+ } - - /* - * iconvert, treating multi-byte sequences, can shrink or enlarge --- -2.20.1 - diff --git a/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch b/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch deleted file mode 100644 index f79992d..0000000 --- a/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 8f8973aeecd4c3a34efce5cd0a23287cadaf439f Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 11:20:19 +0100 -Subject: [PATCH 08/11] Fix out-of-bounds read (already fixed upstream) - -cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/lexer.c#l144 ---- - src/lexer.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lexer.c b/src/lexer.c -index 0e3e7c7..63bd4cb 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -140,6 +140,7 @@ static int yy_get_new_line(buff_t *buff) - && count != EOF - /* don't skip if inside message/rfc822 */ - && msg_state->parent == NULL -+ && buff->t.leng >= hdrlen - && memcmp(buff->t.u.text,spam_header_name,hdrlen) == 0) { - count = skip_folded_line(buff); - } --- -2.20.1 - diff --git a/0009-Fix-buffer-overflow-in-add_buff-122.patch b/0009-Fix-buffer-overflow-in-add_buff-122.patch deleted file mode 100644 index f7a2fa2..0000000 --- a/0009-Fix-buffer-overflow-in-add_buff-122.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 25412109321aa575647f21b7b8b9f11634071f26 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 14:57:51 +0100 -Subject: [PATCH 09/11] Fix buffer overflow in add_buff (#122) - -cf. https://sourceforge.net/p/bogofilter/bugs/122/ ---- - src/buff.c | 2 +- - src/lexer.c | 10 +++++++--- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/buff.c b/src/buff.c -index 5342cd2..c325945 100644 ---- a/src/buff.c -+++ b/src/buff.c -@@ -58,7 +58,7 @@ int buff_add(buff_t *self, word_t *in) - int readcnt = in->leng; - uint new_size = self->t.leng + in->leng; - if (new_size > self->size) { -- self->t.u.text = xrealloc(self->t.u.text, new_size); -+ self->t.u.text = xrealloc(self->t.u.text, new_size + D); - self->size = new_size; - } - self->read = readpos; -diff --git a/src/lexer.c b/src/lexer.c -index 63bd4cb..60692b6 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -152,12 +152,14 @@ static int get_decoded_line(buff_t *buff) - { - int count; - buff_t *linebuff; -+ // since msg_state might change during calls -+ bool mime_dont_decode = msg_state->mime_dont_decode; - - #ifdef DISABLE_UNICODE - linebuff = buff; - #else - if (encoding == E_RAW || -- msg_state->mime_dont_decode ) { -+ mime_dont_decode ) { - linebuff = buff; - } - else { -@@ -180,6 +182,8 @@ static int get_decoded_line(buff_t *buff) - } - #endif - -+ // note that this call might invoke got_mimeboundary() thus -+ // changing the global msg_state variable - count = yy_get_new_line(linebuff); - - if (count == EOF) { -@@ -200,7 +204,7 @@ static int get_decoded_line(buff_t *buff) - textblock_add(linebuff->t.u.text+linebuff->read, (size_t) count); - - if ( !msg_header && -- !msg_state->mime_dont_decode && -+ !mime_dont_decode && - msg_state->mime_type != MIME_TYPE_UNKNOWN) - { - word_t temp; -@@ -221,7 +225,7 @@ static int get_decoded_line(buff_t *buff) - - #ifndef DISABLE_UNICODE - if (encoding == E_UNICODE && -- !msg_state->mime_dont_decode && -+ !mime_dont_decode && - count > 0) - { - iconvert(linebuff, buff); --- -2.20.1 - diff --git a/0010-Fix-fill_buf-heap-buffer-overflow-123.patch b/0010-Fix-fill_buf-heap-buffer-overflow-123.patch deleted file mode 100644 index 7a68024..0000000 --- a/0010-Fix-fill_buf-heap-buffer-overflow-123.patch +++ /dev/null @@ -1,89 +0,0 @@ -From db3f056da3b16afa09bf807c717664689d35bdcb Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 19:12:29 +0100 -Subject: [PATCH 10/11] Fix fill_buf heap-buffer-overflow (#123) - -cf. https://sourceforge.net/p/bogofilter/bugs/123/ ---- - src/lexer.c | 27 +++++++++++++++------------ - 1 file changed, 15 insertions(+), 12 deletions(-) - -diff --git a/src/lexer.c b/src/lexer.c -index 60692b6..b7b4b3b 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -11,6 +11,7 @@ - - #include - #include -+#include - - #include "base64.h" - #include "bogoconfig.h" -@@ -234,18 +235,16 @@ static int get_decoded_line(buff_t *buff) - * no more bytes left to read, even though before the iconvert - * call we had a positive number of bytes. This *will* lead to - * a message truncation which we try to avoid by simply -- * returning the original input buffer (which has positive -- * length) instead. */ -+ * returning another in-band error code. */ - if(buff->t.leng == 0) { -- memcpy(buff, linebuff, sizeof(*buff)); -- *linebuff = (const buff_t){0}; -+ count = -2; -+ } else { -+ /* -+ * iconvert, treating multi-byte sequences, can shrink or enlarge -+ * the output compared to its input. Correct count. -+ */ -+ count = buff->t.leng; - } -- -- /* -- * iconvert, treating multi-byte sequences, can shrink or enlarge -- * the output compared to its input. Correct count. -- */ -- count = buff->t.leng; - } - #endif - -@@ -299,7 +298,9 @@ int buff_fill(buff_t *buff, size_t used, size_t need) - while (size - leng > 2 && need > leng - used) { - /* too few, read more */ - int add = get_decoded_line(buff); -+ // get_decoded_line never returns EOF!?! - if (add == EOF) return EOF; -+ if (add == -2) continue; - if (add == 0) break ; - cnt += add; - leng += add; -@@ -332,8 +333,8 @@ int yyinput(byte *buf, size_t used, size_t size) - */ - - while ((cnt = get_decoded_line(&buff)) != 0) { -- -- count += cnt; -+ if (cnt > 0) -+ count += cnt; - - /* Note: some malformed messages can cause xfgetsl() to report - ** "Invalid buffer size, exiting." and then abort. This -@@ -365,6 +366,7 @@ int yyinput(byte *buf, size_t used, size_t size) - if (msg_state && - msg_state->mime_dont_decode && - (msg_state->mime_disposition != MIME_DISPOSITION_UNKNOWN)) { -+ assert(count <= (int)size); - return (count == EOF ? 0 : count); /* not decode at all */ - } - -@@ -386,6 +388,7 @@ int yyinput(byte *buf, size_t used, size_t size) - if (DEBUG_LEXER(2)) - fprintf(dbgout, "*** yyinput(\"%-.*s\", %lu, %lu) = %d\n", count, buf, (unsigned long)used, (unsigned long)size, count); - -+ assert(count <= (int)size); - return (count == EOF ? 0 : count); - } - --- -2.20.1 - diff --git a/0011-Fix-buffer-overflow-after-long-tokens-124.patch b/0011-Fix-buffer-overflow-after-long-tokens-124.patch deleted file mode 100644 index f50c4c7..0000000 --- a/0011-Fix-buffer-overflow-after-long-tokens-124.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 23:25:41 +0100 -Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124) - -cf. https://sourceforge.net/p/bogofilter/bugs/124/ ---- - src/lexer.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/lexer.c b/src/lexer.c -index b7b4b3b..77a88d4 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff) - byte *buf = buff->t.u.text; - if (memcmp(buf + count - 2, CRLF, 2) == 0) { - count --; -+ --buff->t.leng; - *(buf + count - 1) = (byte) '\n'; - } - } -@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size) - - while ((cnt = get_decoded_line(&buff)) != 0) { - if (cnt > 0) -- count += cnt; -+ count = buff.t.leng; - - /* Note: some malformed messages can cause xfgetsl() to report - ** "Invalid buffer size, exiting." and then abort. This --- -2.20.1 - diff --git a/bogofilter.spec b/bogofilter.spec index 9720fc7..01d3e24 100644 --- a/bogofilter.spec +++ b/bogofilter.spec @@ -1,53 +1,11 @@ Summary: Fast anti-spam filtering by Bayesian statistical analysis Name: bogofilter -Version: 1.2.4 -Release: 18%{?dist} +Version: 1.2.5 +Release: 1%{?dist} License: GPLv2 URL: http://bogofilter.sourceforge.net/ -# Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz -# The above used to be to the Source: line -# but due to bug 912694 which identified three files with license -# problems the following steps are necessary to repack bogofilter -# wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz -# tar xf bogofilter-1.2.4.tar.gz -# rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2] -# tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4 -Source: bogofilter-%{version}.repack.tar.gz -# Patches are taken from upstreams SVN: -# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code -# cd bogofilter-code -# svndiff -c 6995 > patch.r6995 -Patch1: patch.r6995 -# patch.r7009 is adapted to apply without a previous patch -Patch2: patch.r7009 -Patch3: patch.r7016 -Patch4: patch.r7023 -Patch5: patch.r7030 -Patch6: patch.r7032 -Patch7: patch.r7034 -Patch8: patch.r7035 -# The following patches are from https://bugzilla.redhat.com/show_bug.cgi?id=1676460 -# https://sourceforge.net/p/bogofilter/bugs/125/ -Patch9: 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch -# https://sourceforge.net/p/bogofilter/bugs/126/ -Patch10: 0002-Fix-out-of-bounds-read-in-spanword-126.patch -Patch11: 0003-Fix-memory-leak-already-fixed-in-trunk.patch -# https://sourceforge.net/p/bogofilter/bugs/118/ -Patch12: 0004-Fix-msg-id-out-of-bounds-read-118.patch -# https://sourceforge.net/p/bogofilter/bugs/119/ -Patch13: 0005-Fix-mime-cleanup-memory-leak-119.patch -# https://sourceforge.net/p/bogofilter/bugs/120/ -Patch14: 0006-Fix-fgetsl-abort-120.patch -# https://sourceforge.net/p/bogofilter/bugs/121/ -Patch15: 0007-Fix-gconv-assert-overlap-buffers-121.patch -Patch16: 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch -# https://sourceforge.net/p/bogofilter/bugs/122/ -Patch17: 0009-Fix-buffer-overflow-in-add_buff-122.patch -# https://sourceforge.net/p/bogofilter/bugs/123/ -Patch18: 0010-Fix-fill_buf-heap-buffer-overflow-123.patch -# https://sourceforge.net/p/bogofilter/bugs/124/ -Patch19: 0011-Fix-buffer-overflow-after-long-tokens-124.patch -BuildRequires: gcc +Source0: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.xz +BuildRequires: gcc BuildRequires: flex libdb-devel gsl-devel BuildRequires: /usr/bin/iconv BuildRequires: perl-generators @@ -75,25 +33,6 @@ main bogofilter package. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 iconv -f iso-8859-1 -t utf-8 \ doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8 %{__mv} -f doc/bogofilter-faq-fr.html.utf8 \ @@ -135,6 +74,12 @@ iconv -f iso-8859-1 -t utf-8 \ %exclude %{_mandir}/man1/bogoupgrade* %changelog +* Thu Nov 28 2019 Adrian Reber - 1.2.5-1 +- Updated to 1.2.5 +- No longer necessary to re-package sources: All problematic files have + been re-licensed +- All 19 patches are part of the 1.2.5 release and have been removed + * Tue Aug 20 2019 Susi Lehtola - 1.2.4-18 - Rebuilt for GSL 2.6. diff --git a/patch.r6995 b/patch.r6995 deleted file mode 100644 index a451a13..0000000 --- a/patch.r6995 +++ /dev/null @@ -1,14 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 6994) -+++ bogofilter/NEWS (revision 6995) -@@ -46,7 +46,8 @@ - svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter - - And developers would use, replacing joe by their sf.net login: -- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter -+ svn checkout --username=joe \ -+ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter - - 2012-12-03 - * Add bogofilter-SA-2012-01 (CVE-2012-5468). diff --git a/patch.r7009 b/patch.r7009 deleted file mode 100644 index f5c16a7..0000000 --- a/patch.r7009 +++ /dev/null @@ -1,16 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7008) -+++ bogofilter/NEWS (revision 7009) -@@ -15,6 +15,11 @@ - - ------------------------------------------------------------------------------- - -+ 2013-11-30 -+ -+ * Updated autoconf/automake stuff so that tests work properly with -+ automake versions that default to running parallel-tests. -+ - 1.2.4 2013-07-01 (released) - - 2013-06-28 diff --git a/patch.r7016 b/patch.r7016 deleted file mode 100644 index 9560d45..0000000 --- a/patch.r7016 +++ /dev/null @@ -1,127 +0,0 @@ -Index: bogofilter/AUTHORS -=================================================================== ---- bogofilter/AUTHORS (revision 7015) -+++ bogofilter/AUTHORS (revision 7016) -@@ -55,3 +55,4 @@ - Marco Bozzolan - Paul Mangan - Roman Trunov -+Julius Plenz -Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -=================================================================== ---- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent) -+++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016) - -Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -___________________________________________________________________ -Added: svn:mime-type -## -0,0 +1 ## -+application/octet-stream -\ No newline at end of property -Index: bogofilter/src/tests/t.passthrough-truncation -=================================================================== ---- bogofilter/src/tests/t.passthrough-truncation (nonexistent) -+++ bogofilter/src/tests/t.passthrough-truncation (revision 7016) -@@ -0,0 +1,19 @@ -+#! /bin/sh -+ -+. ${srcdir:=.}/t.frame -+ -+# t.passthrough-hb -+# -+# test for correct passthrough of misdeclared MIME parts -+# test case provided by Julius Plenz, July 2014. -+ -+gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input" -+$BOGOFILTER -e -p -C < "$TMPDIR/input" \ -+| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output" -+ -+if [ $verbose -eq 0 ]; then -+ cmp "$TMPDIR/input" "$TMPDIR/output" -+else -+ set +e -+ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output" -+fi - -Property changes on: bogofilter/src/tests/t.passthrough-truncation -___________________________________________________________________ -Added: svn:executable -## -0,0 +1 ## -+* -\ No newline at end of property -Index: bogofilter/src/tests/Makefile.am -=================================================================== ---- bogofilter/src/tests/Makefile.am (revision 7015) -+++ bogofilter/src/tests/Makefile.am (revision 7016) -@@ -35,7 +35,7 @@ - t.ignore_spam_header \ - t.nullstatsprefix \ - t.integrity t.integrity2 t.integrity3 \ -- t.passthrough-hb \ -+ t.passthrough-hb t.passthrough-truncation \ - t.escaped.html t.escaped.url \ - t.base64 t.split t.parsing \ - t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \ -@@ -97,6 +97,7 @@ - inputs/msg.split.dr.0118.base64 \ - inputs/msg.split.gs.0119.text \ - inputs/spam.mbx \ -+ inputs/t.passthrough-truncation-in.gz \ - outputs/MH.out \ - outputs/bogolex.out \ - outputs/bulkmode.out \ -Index: bogofilter/src/lexer.c -=================================================================== ---- bogofilter/src/lexer.c (revision 7015) -+++ bogofilter/src/lexer.c (revision 7016) -@@ -220,15 +220,25 @@ - - #ifndef DISABLE_UNICODE - if (encoding == E_UNICODE && -- !msg_state->mime_dont_decode) -+ !msg_state->mime_dont_decode && -+ count > 0) - { - iconvert(linebuff, buff); -+ -+ /* If we return count = 0 here, the caller will think we have -+ * no more bytes left to read, even though before the iconvert -+ * call we had a positive number of bytes. This *will* lead to -+ * a message truncation which we try to avoid by simply -+ * returning the original input buffer (which has positive -+ * length) instead. */ -+ if(buff->t.leng == 0) -+ memcpy(buff, linebuff, sizeof(*buff)); -+ - /* - * iconvert, treating multi-byte sequences, can shrink or enlarge - * the output compared to its input. Correct count. - */ -- if (count > 0) -- count = buff->t.leng; -+ count = buff->t.leng; - } - #endif - -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7015) -+++ bogofilter/NEWS (revision 7016) -@@ -15,6 +15,13 @@ - - ------------------------------------------------------------------------------- - -+ 2014-07-10 -+ -+ * Take patch from Julius Plenz to fix a bug in the charset converter -+ that causes truncation of messages in pass-through mode in rare -+ circumstances, for instance, if binary data is misdeclared as -+ text/html. Also add his test case, t.passthrough-truncation. -+ - 2013-11-30 - - * Updated autoconf/automake stuff so that tests work properly with diff --git a/patch.r7023 b/patch.r7023 deleted file mode 100644 index b02f5e8..0000000 --- a/patch.r7023 +++ /dev/null @@ -1,83 +0,0 @@ -Index: bogofilter/src/mime.c -=================================================================== ---- bogofilter/src/mime.c (revision 7022) -+++ bogofilter/src/mime.c (revision 7023) -@@ -279,6 +279,25 @@ - mime_push(parent); - } - -+static bool is_final_boundary( -+ const byte *ins, -+ size_t inlen, -+ size_t blen -+) -+{ -+ if (inlen >= 5 -+ && inlen >= blen + 2 -+ && ins[0] == '-' -+ && ins[1] == '-' -+ && ins[blen+2] == '-' -+ && ins[blen+3] == '-') -+ { -+ return true; -+ } -+ return false; -+} -+ -+ - /** - * Check if the line given in \a boundary is a boundary of one of the - * outer MIME containers and store the results in \a b. -@@ -301,28 +320,18 @@ - (buf[blen - 1] == '\r' || buf[blen - 1] == '\n')) - blen--; - -- /* skip initial -- */ -- buf += 2; -- blen -= 2; -- -- /* skip and note ending --, if any */ -- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') { -- b->is_final = true; -- blen -= 2; -- } else { -- b->is_final = false; -- } -- - /* search stack for matching boundary, in reverse order */ - for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent) - { - if (is_mime_container(ptr) - && ptr->boundary != NULL -- && ptr->boundary_len == blen -- && (memcmp(ptr->boundary, buf, blen) == 0)) -+ && (ptr->boundary_len + 2 == blen -+ || ptr->boundary_len + 4 == blen) -+ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0)) - { - b->depth = ptr->depth; - b->is_valid = true; -+ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len); - break; - } - } -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7022) -+++ bogofilter/NEWS (revision 7023) -@@ -15,6 +15,15 @@ - - ------------------------------------------------------------------------------- - -+ 2015-02-25 -+ -+ * Fix the lexer to handle MIME multipart messages properly when the -+ boundary ended in "--". The parser would previously never find the -+ MIME parts because it mistook all boundaries ending in two dashes to -+ be the final boundary of the multipart, rather than checking if the -+ two dashes were extra. -+ Reported by Matt Garretson to the bogofilter mailing list today. -+ - 2014-07-10 - - * Take patch from Julius Plenz to fix a bug in the charset converter diff --git a/patch.r7030 b/patch.r7030 deleted file mode 100644 index 1465e8a..0000000 --- a/patch.r7030 +++ /dev/null @@ -1,48 +0,0 @@ -Index: bogofilter/src/lexer.c -=================================================================== ---- bogofilter/src/lexer.c (revision 7029) -+++ bogofilter/src/lexer.c (revision 7030) -@@ -329,7 +329,7 @@ - count += cnt; - - /* Note: some malformed messages can cause xfgetsl() to report -- ** "Invalid buffer size, exiting." ** and then abort. This -+ ** "Invalid buffer size, exiting." and then abort. This - ** can happen when the parser is in html mode and there's a - ** leading '<' but no closing '>'. - ** -@@ -343,9 +343,12 @@ - - if (count >= MAX_TOKEN_LEN * 2 && - long_token(buff.t.u.text, (uint) count)) { -- uint start = buff.t.leng - count; -- uint length = count - max_token_len; -- buff_shift(&buff, start, length); -+ /* Make sure not to shift bytes outside the buffer */ -+ if (buff.t.leng >= (uint) count) { -+ uint start = buff.t.leng - count; -+ uint length = count - max_token_len; -+ buff_shift(&buff, start, length); -+ } - count = buff.t.leng; - } - else -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7029) -+++ bogofilter/NEWS (revision 7030) -@@ -15,6 +15,14 @@ - - ------------------------------------------------------------------------------- - -+ 2015-02-28 -+ -+ * Fix the lexer to not try to delete parts from HTML tokens if it is -+ reading garbage (for instance, binary files misdeclared as HTML). -+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64), -+ and is possibly related to its newer flex 2.5.37 that may have -+ changed the way it uses yyinput() a bit. Reported by Matt Garretson. -+ - 2015-02-25 - - * Fix the lexer to handle MIME multipart messages properly when the diff --git a/patch.r7032 b/patch.r7032 deleted file mode 100644 index eaba3ad..0000000 --- a/patch.r7032 +++ /dev/null @@ -1,19 +0,0 @@ -Index: bogofilter/src/maint.c -=================================================================== ---- bogofilter/src/maint.c (revision 7031) -+++ bogofilter/src/maint.c (revision 7032) -@@ -118,11 +118,11 @@ - bool discard; - - if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */ -- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0) -+ if (0 == word_cmps(token, MSG_COUNT)) - return false; -- if (strcmp((const char *)token->u.text, ROBX_W) == 0) -+ if (0 == word_cmps(token, ROBX_W)) - return false; -- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0) -+ if (0 == word_cmps(token, WORDLIST_ENCODING)) - return false; - } - diff --git a/patch.r7034 b/patch.r7034 deleted file mode 100644 index 790b901..0000000 --- a/patch.r7034 +++ /dev/null @@ -1,16 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7033) -+++ bogofilter/NEWS (revision 7034) -@@ -15,6 +15,11 @@ - - ------------------------------------------------------------------------------- - -+ 2015-10-10 -+ -+ * Fix an out-of-bounds memory read in maint.c's discard_token(). -+ Found with clang 3.6's address sanitizer. -+ - 2015-02-28 - - * Fix the lexer to not try to delete parts from HTML tokens if it is diff --git a/patch.r7035 b/patch.r7035 deleted file mode 100644 index 6ef6f81..0000000 --- a/patch.r7035 +++ /dev/null @@ -1,40 +0,0 @@ -Index: bogofilter/src/wordlists.c -=================================================================== ---- bogofilter/src/wordlists.c (revision 7034) -+++ bogofilter/src/wordlists.c (revision 7035) -@@ -265,9 +265,6 @@ - xfree(i); - } - -- if (commit) -- word_lists = NULL; -- - return err; - } - -Index: bogofilter/src/wordlists_base.c -=================================================================== ---- bogofilter/src/wordlists_base.c (revision 7034) -+++ bogofilter/src/wordlists_base.c (revision 7035) -@@ -134,6 +134,8 @@ - list = free_wordlistnode(list); - } - -+ word_lists = NULL; -+ - bogohome_cleanup(); - } - -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7034) -+++ bogofilter/NEWS (revision 7035) -@@ -17,6 +17,8 @@ - - 2015-10-10 - -+ * Fix a memory leak in close_wordlists(). -+ - * Fix an out-of-bounds memory read in maint.c's discard_token(). - Found with clang 3.6's address sanitizer. - diff --git a/sources b/sources index fdc29aa..f5235a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6b3564876c6a571880edfdf57bd501ae bogofilter-1.2.4.repack.tar.gz +SHA512 (bogofilter-1.2.5.tar.xz) = 3a7280485cfe5802dd3e9721c153f88ccf28bff7a6a24590e985e860d1f1e0ddea7bde8a8e5ad1ff643e94c9fd7b26b2a5ed5a9fb991cee3fd5b0ce67ce9abfe