From f09b9710a7ea50e4c5e8f41c80610a43bc4e4e81 Mon Sep 17 00:00:00 2001 From: Adrian Reber Date: Thu, 28 Nov 2019 08:35:47 +0100 Subject: [PATCH] Updated to 1.2.5 No longer necessary to re-package sources: All problematic files have been re-licensed All 19 patches are part of the 1.2.5 release and have been removed Signed-off-by: Adrian Reber --- .gitignore | 1 + ...eak-when-creating-a-new-bdb-file-125.patch | 50 ------- ...x-out-of-bounds-read-in-spanword-126.patch | 30 ----- ...x-memory-leak-already-fixed-in-trunk.patch | 35 ----- 0004-Fix-msg-id-out-of-bounds-read-118.patch | 46 ------- 0005-Fix-mime-cleanup-memory-leak-119.patch | 26 ---- 0006-Fix-fgetsl-abort-120.patch | 27 ---- ...Fix-gconv-assert-overlap-buffers-121.patch | 69 ---------- ...f-bounds-read-already-fixed-upstream.patch | 25 ---- ...-Fix-buffer-overflow-in-add_buff-122.patch | 74 ---------- ...ix-fill_buf-heap-buffer-overflow-123.patch | 89 ------------ ...uffer-overflow-after-long-tokens-124.patch | 34 ----- bogofilter.spec | 75 ++--------- patch.r6995 | 14 -- patch.r7009 | 16 --- patch.r7016 | 127 ------------------ patch.r7023 | 83 ------------ patch.r7030 | 48 ------- patch.r7032 | 19 --- patch.r7034 | 16 --- patch.r7035 | 40 ------ sources | 2 +- 22 files changed, 12 insertions(+), 934 deletions(-) delete mode 100644 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch delete mode 100644 0002-Fix-out-of-bounds-read-in-spanword-126.patch delete mode 100644 0003-Fix-memory-leak-already-fixed-in-trunk.patch delete mode 100644 0004-Fix-msg-id-out-of-bounds-read-118.patch delete mode 100644 0005-Fix-mime-cleanup-memory-leak-119.patch delete mode 100644 0006-Fix-fgetsl-abort-120.patch delete mode 100644 0007-Fix-gconv-assert-overlap-buffers-121.patch delete mode 100644 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch delete mode 100644 0009-Fix-buffer-overflow-in-add_buff-122.patch delete mode 100644 0010-Fix-fill_buf-heap-buffer-overflow-123.patch delete mode 100644 0011-Fix-buffer-overflow-after-long-tokens-124.patch delete mode 100644 patch.r6995 delete mode 100644 patch.r7009 delete mode 100644 patch.r7016 delete mode 100644 patch.r7023 delete mode 100644 patch.r7030 delete mode 100644 patch.r7032 delete mode 100644 patch.r7034 delete mode 100644 patch.r7035 diff --git a/.gitignore b/.gitignore index 15449d4..1171dd5 100644 --- a/.gitignore +++ b/.gitignore @@ -3,3 +3,4 @@ bogofilter-1.2.2.tar.gz /bogofilter-1.2.3.tar.gz /bogofilter-1.2.3.repack.tar.gz /bogofilter-1.2.4.repack.tar.gz +/bogofilter-1.2.5.tar.xz diff --git a/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch b/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch deleted file mode 100644 index 09087c3..0000000 --- a/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch +++ /dev/null @@ -1,50 +0,0 @@ -From 861b6c058b36fafefcdca21be180fa44046db4a0 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:01:14 +0100 -Subject: [PATCH 01/11] Fix memory leak when creating a new bdb file (#125) - -cf. https://sourceforge.net/p/bogofilter/bugs/125/ ---- - src/datastore_db.c | 21 +++++++++++++++++++-- - 1 file changed, 19 insertions(+), 2 deletions(-) - -diff --git a/src/datastore_db.c b/src/datastore_db.c -index 4b58462..d0bcfa1 100644 ---- a/src/datastore_db.c -+++ b/src/datastore_db.c -@@ -630,13 +630,30 @@ retry_db_open: - if (ret != 0) { - err = (ret != ENOENT) || (opt_flags == DB_RDONLY); - if (!err) { -- if ( -+ ret = - #if DB_EQUAL(4,1) -- (ret = DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || -+ (DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || - #endif - #if DB_AT_LEAST(4,2) - (ret = DB_SET_FLAGS(dbp, DB_CHKSUM)) != 0 || - #endif -+ 0; -+ if (!ret) { -+ dbp->close(dbp, 0); -+ if ((ret = db_create (&dbp, dbe, 0)) != 0) { -+ print_error(__FILE__, __LINE__, "(db) db_create, err: %d, %s", -+ ret, db_strerror(ret)); -+ goto open_err; -+ } -+ handle->dbp = dbp; -+#ifdef ENABLE_MEMDEBUG -+ if (eTransaction == T_DISABLED) -+ dbp->set_alloc(dbp, md_malloc, md_realloc, md_free); -+ else -+ dbe->set_alloc(dbe, md_malloc, md_realloc, md_free); -+#endif -+ } -+ if (ret || - (ret = DB_OPEN(dbp, bfp, NULL, dbtype, opt_flags | DB_CREATE | DB_EXCL | retryflag, DS_MODE))) - err = true; - if (!err) --- -2.20.1 - diff --git a/0002-Fix-out-of-bounds-read-in-spanword-126.patch b/0002-Fix-out-of-bounds-read-in-spanword-126.patch deleted file mode 100644 index 09ece38..0000000 --- a/0002-Fix-out-of-bounds-read-in-spanword-126.patch +++ /dev/null @@ -1,30 +0,0 @@ -From 63317a12e89040badf0cc82d82a8b6f64703cd6d Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:02:21 +0100 -Subject: [PATCH 02/11] Fix out-of-bounds read in spanword (#126) - -cf. https://sourceforge.net/p/bogofilter/bugs/126/ ---- - src/wordlists.c | 6 ++++-- - 1 file changed, 4 insertions(+), 2 deletions(-) - -diff --git a/src/wordlists.c b/src/wordlists.c -index 735af34..a5d529e 100644 ---- a/src/wordlists.c -+++ b/src/wordlists.c -@@ -307,8 +307,10 @@ static char *spanword(char *p) - { - const char *delim = ", \t"; - p += strcspn(p, delim); /* skip to end of word */ -- *p++ = '\0'; -- p += strspn(p, " \t"); /* skip trailing whitespace */ -+ if (*p) { -+ *p++ = '\0'; -+ p += strspn(p, " \t"); /* skip trailing whitespace */ -+ } - return p; - } - --- -2.20.1 - diff --git a/0003-Fix-memory-leak-already-fixed-in-trunk.patch b/0003-Fix-memory-leak-already-fixed-in-trunk.patch deleted file mode 100644 index e080c5f..0000000 --- a/0003-Fix-memory-leak-already-fixed-in-trunk.patch +++ /dev/null @@ -1,35 +0,0 @@ -From 1e4e4d2ea197c89c2f441a87d62e397f0e139f2e Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Mon, 11 Feb 2019 10:03:20 +0100 -Subject: [PATCH 03/11] Fix memory leak (already fixed in trunk) - -cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/wordlists.c#l360 ---- - src/wordlists.c | 4 +++- - 1 file changed, 3 insertions(+), 1 deletion(-) - -diff --git a/src/wordlists.c b/src/wordlists.c -index a5d529e..717dc80 100644 ---- a/src/wordlists.c -+++ b/src/wordlists.c -@@ -329,7 +329,8 @@ bool configure_wordlist(const char *val) - char* filename; - int precedence; - -- char *tmp = xstrdup(val); -+ char *t = xstrdup(val); -+ char *tmp = t; - - ch= tmp[0]; /* save wordlist type (good/spam) */ - tmp = spanword(tmp); -@@ -357,6 +358,7 @@ bool configure_wordlist(const char *val) - (void)spanword(tmp); - - init_wordlist(listname, filename, precedence, type); -+ xfree(t); - - return true; - } --- -2.20.1 - diff --git a/0004-Fix-msg-id-out-of-bounds-read-118.patch b/0004-Fix-msg-id-out-of-bounds-read-118.patch deleted file mode 100644 index 57657ba..0000000 --- a/0004-Fix-msg-id-out-of-bounds-read-118.patch +++ /dev/null @@ -1,46 +0,0 @@ -From 7f4fbcb3a52aa5b0b83aef57bddb33fdd9d5b82e Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:50:40 +0100 -Subject: [PATCH 04/11] Fix msg-id out-of-bounds read (#118) - -cf. https://sourceforge.net/p/bogofilter/bugs/118/ ---- - src/token.c | 8 +++++--- - 1 file changed, 5 insertions(+), 3 deletions(-) - -diff --git a/src/token.c b/src/token.c -index 3ac43c1..686ddd0 100644 ---- a/src/token.c -+++ b/src/token.c -@@ -33,6 +33,7 @@ AUTHOR: - - word_t *msg_addr; /* First IP Address in Received: statement */ - word_t *msg_id; /* Message ID */ -+static size_t max_msg_id_len; - word_t *queue_id; /* Message's first queue ID */ - - static token_t save_class = NONE; -@@ -573,7 +574,8 @@ void token_init(void) - msg_addr = word_new( NULL, max_token_len ); - - /* Message ID */ -- msg_id = word_new( NULL, max_token_len * 3 ); -+ max_msg_id_len = max_token_len * 3; -+ msg_id = word_new( NULL, max_msg_id_len ); - - /* Message's first queue ID */ - queue_id = word_new( NULL, max_token_len ); -@@ -667,8 +669,8 @@ void set_tag(const char *text) - - void set_msg_id(byte *text, uint leng) - { -- (void) leng; /* suppress compiler warning */ -- token_set( msg_id, text, msg_id->leng ); -+ uint n = min(leng, max_msg_id_len); -+ token_set( msg_id, text, n ); - } - - #define WFREE(n) word_free(n); n = NULL --- -2.20.1 - diff --git a/0005-Fix-mime-cleanup-memory-leak-119.patch b/0005-Fix-mime-cleanup-memory-leak-119.patch deleted file mode 100644 index ca2227a..0000000 --- a/0005-Fix-mime-cleanup-memory-leak-119.patch +++ /dev/null @@ -1,26 +0,0 @@ -From 9b9f5113d9fa4292f769f416d824e42a40a57c6f Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:52:08 +0100 -Subject: [PATCH 05/11] Fix mime cleanup memory leak (#119) - -cf. https://sourceforge.net/p/bogofilter/bugs/119/ ---- - src/mime.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/mime.c b/src/mime.c -index 8edaebf..8964b1a 100644 ---- a/src/mime.c -+++ b/src/mime.c -@@ -204,7 +204,7 @@ void mime_cleanup() - if (msg_state == NULL) - return; - -- while (mime_stack_top->parent) -+ while (msg_state->parent) - mime_pop(); - mime_pop(); - msg_state = NULL; --- -2.20.1 - diff --git a/0006-Fix-fgetsl-abort-120.patch b/0006-Fix-fgetsl-abort-120.patch deleted file mode 100644 index 333e3cf..0000000 --- a/0006-Fix-fgetsl-abort-120.patch +++ /dev/null @@ -1,27 +0,0 @@ -From 76f398b072a805f02dc057eb896391c6ad63a78a Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:53:53 +0100 -Subject: [PATCH 06/11] Fix fgetsl abort (#120) - -https://sourceforge.net/p/bogofilter/bugs/120/ ---- - src/fgetsl.c | 3 +++ - 1 file changed, 3 insertions(+) - -diff --git a/src/fgetsl.c b/src/fgetsl.c -index 630585f..166246f 100644 ---- a/src/fgetsl.c -+++ b/src/fgetsl.c -@@ -26,6 +26,9 @@ int xfgetsl(char *buf, int max_size, FILE *in, bool no_nul_terminate) - char *end = buf + max_size; /* Physical end of buffer */ - char *fin = end - (no_nul_terminate ? 0 : 1); /* Last available byte */ - -+ if (cp == fin && no_nul_terminate) -+ return 0; -+ - if (cp >= fin) { - fprintf(stderr, "Invalid buffer size, exiting.\n"); - abort(); --- -2.20.1 - diff --git a/0007-Fix-gconv-assert-overlap-buffers-121.patch b/0007-Fix-gconv-assert-overlap-buffers-121.patch deleted file mode 100644 index c582134..0000000 --- a/0007-Fix-gconv-assert-overlap-buffers-121.patch +++ /dev/null @@ -1,69 +0,0 @@ -From 4ebbd6a1c3bcf5a1240413d1447ecf2f1699fc7b Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 10:54:46 +0100 -Subject: [PATCH 07/11] Fix gconv assert overlap buffers (#121) - -cf. https://sourceforge.net/p/bogofilter/bugs/121/ ---- - src/iconvert.c | 7 ++++++- - src/lexer.c | 4 +++- - 2 files changed, 9 insertions(+), 2 deletions(-) - -diff --git a/src/iconvert.c b/src/iconvert.c -index 731ce03..14585b4 100644 ---- a/src/iconvert.c -+++ b/src/iconvert.c -@@ -31,7 +31,7 @@ AUTHOR: - - #include - #include -- -+#include - #include "buff.h" - #include "iconvert.h" - -@@ -163,6 +163,9 @@ static void convert(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) - break; - - default: -+ // Linux man page states that other error codes may occur -+ // thus, safer to leave that loop on unknown error, right? -+ done = true; - break; - } - } -@@ -190,6 +193,7 @@ static void copy(buff_t *restrict src, buff_t *restrict dst) - - void iconvert(buff_t *restrict src, buff_t *restrict dst) - { -+ assert(src->t.u.text != dst->t.u.text); - if (cd == NULL) - copy(src, dst); - else -@@ -198,6 +202,7 @@ void iconvert(buff_t *restrict src, buff_t *restrict dst) - - void iconvert_cd(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) - { -+ assert(src->t.u.text != dst->t.u.text); - if (xd == (iconv_t)-1) - copy(src, dst); - else -diff --git a/src/lexer.c b/src/lexer.c -index ba58d25..0e3e7c7 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -231,8 +231,10 @@ static int get_decoded_line(buff_t *buff) - * a message truncation which we try to avoid by simply - * returning the original input buffer (which has positive - * length) instead. */ -- if(buff->t.leng == 0) -+ if(buff->t.leng == 0) { - memcpy(buff, linebuff, sizeof(*buff)); -+ *linebuff = (const buff_t){0}; -+ } - - /* - * iconvert, treating multi-byte sequences, can shrink or enlarge --- -2.20.1 - diff --git a/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch b/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch deleted file mode 100644 index f79992d..0000000 --- a/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch +++ /dev/null @@ -1,25 +0,0 @@ -From 8f8973aeecd4c3a34efce5cd0a23287cadaf439f Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 11:20:19 +0100 -Subject: [PATCH 08/11] Fix out-of-bounds read (already fixed upstream) - -cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/lexer.c#l144 ---- - src/lexer.c | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/src/lexer.c b/src/lexer.c -index 0e3e7c7..63bd4cb 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -140,6 +140,7 @@ static int yy_get_new_line(buff_t *buff) - && count != EOF - /* don't skip if inside message/rfc822 */ - && msg_state->parent == NULL -+ && buff->t.leng >= hdrlen - && memcmp(buff->t.u.text,spam_header_name,hdrlen) == 0) { - count = skip_folded_line(buff); - } --- -2.20.1 - diff --git a/0009-Fix-buffer-overflow-in-add_buff-122.patch b/0009-Fix-buffer-overflow-in-add_buff-122.patch deleted file mode 100644 index f7a2fa2..0000000 --- a/0009-Fix-buffer-overflow-in-add_buff-122.patch +++ /dev/null @@ -1,74 +0,0 @@ -From 25412109321aa575647f21b7b8b9f11634071f26 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 14:57:51 +0100 -Subject: [PATCH 09/11] Fix buffer overflow in add_buff (#122) - -cf. https://sourceforge.net/p/bogofilter/bugs/122/ ---- - src/buff.c | 2 +- - src/lexer.c | 10 +++++++--- - 2 files changed, 8 insertions(+), 4 deletions(-) - -diff --git a/src/buff.c b/src/buff.c -index 5342cd2..c325945 100644 ---- a/src/buff.c -+++ b/src/buff.c -@@ -58,7 +58,7 @@ int buff_add(buff_t *self, word_t *in) - int readcnt = in->leng; - uint new_size = self->t.leng + in->leng; - if (new_size > self->size) { -- self->t.u.text = xrealloc(self->t.u.text, new_size); -+ self->t.u.text = xrealloc(self->t.u.text, new_size + D); - self->size = new_size; - } - self->read = readpos; -diff --git a/src/lexer.c b/src/lexer.c -index 63bd4cb..60692b6 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -152,12 +152,14 @@ static int get_decoded_line(buff_t *buff) - { - int count; - buff_t *linebuff; -+ // since msg_state might change during calls -+ bool mime_dont_decode = msg_state->mime_dont_decode; - - #ifdef DISABLE_UNICODE - linebuff = buff; - #else - if (encoding == E_RAW || -- msg_state->mime_dont_decode ) { -+ mime_dont_decode ) { - linebuff = buff; - } - else { -@@ -180,6 +182,8 @@ static int get_decoded_line(buff_t *buff) - } - #endif - -+ // note that this call might invoke got_mimeboundary() thus -+ // changing the global msg_state variable - count = yy_get_new_line(linebuff); - - if (count == EOF) { -@@ -200,7 +204,7 @@ static int get_decoded_line(buff_t *buff) - textblock_add(linebuff->t.u.text+linebuff->read, (size_t) count); - - if ( !msg_header && -- !msg_state->mime_dont_decode && -+ !mime_dont_decode && - msg_state->mime_type != MIME_TYPE_UNKNOWN) - { - word_t temp; -@@ -221,7 +225,7 @@ static int get_decoded_line(buff_t *buff) - - #ifndef DISABLE_UNICODE - if (encoding == E_UNICODE && -- !msg_state->mime_dont_decode && -+ !mime_dont_decode && - count > 0) - { - iconvert(linebuff, buff); --- -2.20.1 - diff --git a/0010-Fix-fill_buf-heap-buffer-overflow-123.patch b/0010-Fix-fill_buf-heap-buffer-overflow-123.patch deleted file mode 100644 index 7a68024..0000000 --- a/0010-Fix-fill_buf-heap-buffer-overflow-123.patch +++ /dev/null @@ -1,89 +0,0 @@ -From db3f056da3b16afa09bf807c717664689d35bdcb Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 19:12:29 +0100 -Subject: [PATCH 10/11] Fix fill_buf heap-buffer-overflow (#123) - -cf. https://sourceforge.net/p/bogofilter/bugs/123/ ---- - src/lexer.c | 27 +++++++++++++++------------ - 1 file changed, 15 insertions(+), 12 deletions(-) - -diff --git a/src/lexer.c b/src/lexer.c -index 60692b6..b7b4b3b 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -11,6 +11,7 @@ - - #include - #include -+#include - - #include "base64.h" - #include "bogoconfig.h" -@@ -234,18 +235,16 @@ static int get_decoded_line(buff_t *buff) - * no more bytes left to read, even though before the iconvert - * call we had a positive number of bytes. This *will* lead to - * a message truncation which we try to avoid by simply -- * returning the original input buffer (which has positive -- * length) instead. */ -+ * returning another in-band error code. */ - if(buff->t.leng == 0) { -- memcpy(buff, linebuff, sizeof(*buff)); -- *linebuff = (const buff_t){0}; -+ count = -2; -+ } else { -+ /* -+ * iconvert, treating multi-byte sequences, can shrink or enlarge -+ * the output compared to its input. Correct count. -+ */ -+ count = buff->t.leng; - } -- -- /* -- * iconvert, treating multi-byte sequences, can shrink or enlarge -- * the output compared to its input. Correct count. -- */ -- count = buff->t.leng; - } - #endif - -@@ -299,7 +298,9 @@ int buff_fill(buff_t *buff, size_t used, size_t need) - while (size - leng > 2 && need > leng - used) { - /* too few, read more */ - int add = get_decoded_line(buff); -+ // get_decoded_line never returns EOF!?! - if (add == EOF) return EOF; -+ if (add == -2) continue; - if (add == 0) break ; - cnt += add; - leng += add; -@@ -332,8 +333,8 @@ int yyinput(byte *buf, size_t used, size_t size) - */ - - while ((cnt = get_decoded_line(&buff)) != 0) { -- -- count += cnt; -+ if (cnt > 0) -+ count += cnt; - - /* Note: some malformed messages can cause xfgetsl() to report - ** "Invalid buffer size, exiting." and then abort. This -@@ -365,6 +366,7 @@ int yyinput(byte *buf, size_t used, size_t size) - if (msg_state && - msg_state->mime_dont_decode && - (msg_state->mime_disposition != MIME_DISPOSITION_UNKNOWN)) { -+ assert(count <= (int)size); - return (count == EOF ? 0 : count); /* not decode at all */ - } - -@@ -386,6 +388,7 @@ int yyinput(byte *buf, size_t used, size_t size) - if (DEBUG_LEXER(2)) - fprintf(dbgout, "*** yyinput(\"%-.*s\", %lu, %lu) = %d\n", count, buf, (unsigned long)used, (unsigned long)size, count); - -+ assert(count <= (int)size); - return (count == EOF ? 0 : count); - } - --- -2.20.1 - diff --git a/0011-Fix-buffer-overflow-after-long-tokens-124.patch b/0011-Fix-buffer-overflow-after-long-tokens-124.patch deleted file mode 100644 index f50c4c7..0000000 --- a/0011-Fix-buffer-overflow-after-long-tokens-124.patch +++ /dev/null @@ -1,34 +0,0 @@ -From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001 -From: Georg Sauthoff -Date: Fri, 8 Feb 2019 23:25:41 +0100 -Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124) - -cf. https://sourceforge.net/p/bogofilter/bugs/124/ ---- - src/lexer.c | 3 ++- - 1 file changed, 2 insertions(+), 1 deletion(-) - -diff --git a/src/lexer.c b/src/lexer.c -index b7b4b3b..77a88d4 100644 ---- a/src/lexer.c -+++ b/src/lexer.c -@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff) - byte *buf = buff->t.u.text; - if (memcmp(buf + count - 2, CRLF, 2) == 0) { - count --; -+ --buff->t.leng; - *(buf + count - 1) = (byte) '\n'; - } - } -@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size) - - while ((cnt = get_decoded_line(&buff)) != 0) { - if (cnt > 0) -- count += cnt; -+ count = buff.t.leng; - - /* Note: some malformed messages can cause xfgetsl() to report - ** "Invalid buffer size, exiting." and then abort. This --- -2.20.1 - diff --git a/bogofilter.spec b/bogofilter.spec index 9720fc7..01d3e24 100644 --- a/bogofilter.spec +++ b/bogofilter.spec @@ -1,53 +1,11 @@ Summary: Fast anti-spam filtering by Bayesian statistical analysis Name: bogofilter -Version: 1.2.4 -Release: 18%{?dist} +Version: 1.2.5 +Release: 1%{?dist} License: GPLv2 URL: http://bogofilter.sourceforge.net/ -# Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz -# The above used to be to the Source: line -# but due to bug 912694 which identified three files with license -# problems the following steps are necessary to repack bogofilter -# wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz -# tar xf bogofilter-1.2.4.tar.gz -# rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2] -# tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4 -Source: bogofilter-%{version}.repack.tar.gz -# Patches are taken from upstreams SVN: -# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code -# cd bogofilter-code -# svndiff -c 6995 > patch.r6995 -Patch1: patch.r6995 -# patch.r7009 is adapted to apply without a previous patch -Patch2: patch.r7009 -Patch3: patch.r7016 -Patch4: patch.r7023 -Patch5: patch.r7030 -Patch6: patch.r7032 -Patch7: patch.r7034 -Patch8: patch.r7035 -# The following patches are from https://bugzilla.redhat.com/show_bug.cgi?id=1676460 -# https://sourceforge.net/p/bogofilter/bugs/125/ -Patch9: 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch -# https://sourceforge.net/p/bogofilter/bugs/126/ -Patch10: 0002-Fix-out-of-bounds-read-in-spanword-126.patch -Patch11: 0003-Fix-memory-leak-already-fixed-in-trunk.patch -# https://sourceforge.net/p/bogofilter/bugs/118/ -Patch12: 0004-Fix-msg-id-out-of-bounds-read-118.patch -# https://sourceforge.net/p/bogofilter/bugs/119/ -Patch13: 0005-Fix-mime-cleanup-memory-leak-119.patch -# https://sourceforge.net/p/bogofilter/bugs/120/ -Patch14: 0006-Fix-fgetsl-abort-120.patch -# https://sourceforge.net/p/bogofilter/bugs/121/ -Patch15: 0007-Fix-gconv-assert-overlap-buffers-121.patch -Patch16: 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch -# https://sourceforge.net/p/bogofilter/bugs/122/ -Patch17: 0009-Fix-buffer-overflow-in-add_buff-122.patch -# https://sourceforge.net/p/bogofilter/bugs/123/ -Patch18: 0010-Fix-fill_buf-heap-buffer-overflow-123.patch -# https://sourceforge.net/p/bogofilter/bugs/124/ -Patch19: 0011-Fix-buffer-overflow-after-long-tokens-124.patch -BuildRequires: gcc +Source0: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.xz +BuildRequires: gcc BuildRequires: flex libdb-devel gsl-devel BuildRequires: /usr/bin/iconv BuildRequires: perl-generators @@ -75,25 +33,6 @@ main bogofilter package. %prep %setup -q -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 -%patch10 -p1 -%patch11 -p1 -%patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 iconv -f iso-8859-1 -t utf-8 \ doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8 %{__mv} -f doc/bogofilter-faq-fr.html.utf8 \ @@ -135,6 +74,12 @@ iconv -f iso-8859-1 -t utf-8 \ %exclude %{_mandir}/man1/bogoupgrade* %changelog +* Thu Nov 28 2019 Adrian Reber - 1.2.5-1 +- Updated to 1.2.5 +- No longer necessary to re-package sources: All problematic files have + been re-licensed +- All 19 patches are part of the 1.2.5 release and have been removed + * Tue Aug 20 2019 Susi Lehtola - 1.2.4-18 - Rebuilt for GSL 2.6. diff --git a/patch.r6995 b/patch.r6995 deleted file mode 100644 index a451a13..0000000 --- a/patch.r6995 +++ /dev/null @@ -1,14 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 6994) -+++ bogofilter/NEWS (revision 6995) -@@ -46,7 +46,8 @@ - svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter - - And developers would use, replacing joe by their sf.net login: -- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter -+ svn checkout --username=joe \ -+ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter - - 2012-12-03 - * Add bogofilter-SA-2012-01 (CVE-2012-5468). diff --git a/patch.r7009 b/patch.r7009 deleted file mode 100644 index f5c16a7..0000000 --- a/patch.r7009 +++ /dev/null @@ -1,16 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7008) -+++ bogofilter/NEWS (revision 7009) -@@ -15,6 +15,11 @@ - - ------------------------------------------------------------------------------- - -+ 2013-11-30 -+ -+ * Updated autoconf/automake stuff so that tests work properly with -+ automake versions that default to running parallel-tests. -+ - 1.2.4 2013-07-01 (released) - - 2013-06-28 diff --git a/patch.r7016 b/patch.r7016 deleted file mode 100644 index 9560d45..0000000 --- a/patch.r7016 +++ /dev/null @@ -1,127 +0,0 @@ -Index: bogofilter/AUTHORS -=================================================================== ---- bogofilter/AUTHORS (revision 7015) -+++ bogofilter/AUTHORS (revision 7016) -@@ -55,3 +55,4 @@ - Marco Bozzolan - Paul Mangan - Roman Trunov -+Julius Plenz -Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -=================================================================== -Cannot display: file marked as a binary type. -svn:mime-type = application/octet-stream -Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -=================================================================== ---- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent) -+++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016) - -Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz -___________________________________________________________________ -Added: svn:mime-type -## -0,0 +1 ## -+application/octet-stream -\ No newline at end of property -Index: bogofilter/src/tests/t.passthrough-truncation -=================================================================== ---- bogofilter/src/tests/t.passthrough-truncation (nonexistent) -+++ bogofilter/src/tests/t.passthrough-truncation (revision 7016) -@@ -0,0 +1,19 @@ -+#! /bin/sh -+ -+. ${srcdir:=.}/t.frame -+ -+# t.passthrough-hb -+# -+# test for correct passthrough of misdeclared MIME parts -+# test case provided by Julius Plenz, July 2014. -+ -+gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input" -+$BOGOFILTER -e -p -C < "$TMPDIR/input" \ -+| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output" -+ -+if [ $verbose -eq 0 ]; then -+ cmp "$TMPDIR/input" "$TMPDIR/output" -+else -+ set +e -+ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output" -+fi - -Property changes on: bogofilter/src/tests/t.passthrough-truncation -___________________________________________________________________ -Added: svn:executable -## -0,0 +1 ## -+* -\ No newline at end of property -Index: bogofilter/src/tests/Makefile.am -=================================================================== ---- bogofilter/src/tests/Makefile.am (revision 7015) -+++ bogofilter/src/tests/Makefile.am (revision 7016) -@@ -35,7 +35,7 @@ - t.ignore_spam_header \ - t.nullstatsprefix \ - t.integrity t.integrity2 t.integrity3 \ -- t.passthrough-hb \ -+ t.passthrough-hb t.passthrough-truncation \ - t.escaped.html t.escaped.url \ - t.base64 t.split t.parsing \ - t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \ -@@ -97,6 +97,7 @@ - inputs/msg.split.dr.0118.base64 \ - inputs/msg.split.gs.0119.text \ - inputs/spam.mbx \ -+ inputs/t.passthrough-truncation-in.gz \ - outputs/MH.out \ - outputs/bogolex.out \ - outputs/bulkmode.out \ -Index: bogofilter/src/lexer.c -=================================================================== ---- bogofilter/src/lexer.c (revision 7015) -+++ bogofilter/src/lexer.c (revision 7016) -@@ -220,15 +220,25 @@ - - #ifndef DISABLE_UNICODE - if (encoding == E_UNICODE && -- !msg_state->mime_dont_decode) -+ !msg_state->mime_dont_decode && -+ count > 0) - { - iconvert(linebuff, buff); -+ -+ /* If we return count = 0 here, the caller will think we have -+ * no more bytes left to read, even though before the iconvert -+ * call we had a positive number of bytes. This *will* lead to -+ * a message truncation which we try to avoid by simply -+ * returning the original input buffer (which has positive -+ * length) instead. */ -+ if(buff->t.leng == 0) -+ memcpy(buff, linebuff, sizeof(*buff)); -+ - /* - * iconvert, treating multi-byte sequences, can shrink or enlarge - * the output compared to its input. Correct count. - */ -- if (count > 0) -- count = buff->t.leng; -+ count = buff->t.leng; - } - #endif - -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7015) -+++ bogofilter/NEWS (revision 7016) -@@ -15,6 +15,13 @@ - - ------------------------------------------------------------------------------- - -+ 2014-07-10 -+ -+ * Take patch from Julius Plenz to fix a bug in the charset converter -+ that causes truncation of messages in pass-through mode in rare -+ circumstances, for instance, if binary data is misdeclared as -+ text/html. Also add his test case, t.passthrough-truncation. -+ - 2013-11-30 - - * Updated autoconf/automake stuff so that tests work properly with diff --git a/patch.r7023 b/patch.r7023 deleted file mode 100644 index b02f5e8..0000000 --- a/patch.r7023 +++ /dev/null @@ -1,83 +0,0 @@ -Index: bogofilter/src/mime.c -=================================================================== ---- bogofilter/src/mime.c (revision 7022) -+++ bogofilter/src/mime.c (revision 7023) -@@ -279,6 +279,25 @@ - mime_push(parent); - } - -+static bool is_final_boundary( -+ const byte *ins, -+ size_t inlen, -+ size_t blen -+) -+{ -+ if (inlen >= 5 -+ && inlen >= blen + 2 -+ && ins[0] == '-' -+ && ins[1] == '-' -+ && ins[blen+2] == '-' -+ && ins[blen+3] == '-') -+ { -+ return true; -+ } -+ return false; -+} -+ -+ - /** - * Check if the line given in \a boundary is a boundary of one of the - * outer MIME containers and store the results in \a b. -@@ -301,28 +320,18 @@ - (buf[blen - 1] == '\r' || buf[blen - 1] == '\n')) - blen--; - -- /* skip initial -- */ -- buf += 2; -- blen -= 2; -- -- /* skip and note ending --, if any */ -- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') { -- b->is_final = true; -- blen -= 2; -- } else { -- b->is_final = false; -- } -- - /* search stack for matching boundary, in reverse order */ - for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent) - { - if (is_mime_container(ptr) - && ptr->boundary != NULL -- && ptr->boundary_len == blen -- && (memcmp(ptr->boundary, buf, blen) == 0)) -+ && (ptr->boundary_len + 2 == blen -+ || ptr->boundary_len + 4 == blen) -+ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0)) - { - b->depth = ptr->depth; - b->is_valid = true; -+ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len); - break; - } - } -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7022) -+++ bogofilter/NEWS (revision 7023) -@@ -15,6 +15,15 @@ - - ------------------------------------------------------------------------------- - -+ 2015-02-25 -+ -+ * Fix the lexer to handle MIME multipart messages properly when the -+ boundary ended in "--". The parser would previously never find the -+ MIME parts because it mistook all boundaries ending in two dashes to -+ be the final boundary of the multipart, rather than checking if the -+ two dashes were extra. -+ Reported by Matt Garretson to the bogofilter mailing list today. -+ - 2014-07-10 - - * Take patch from Julius Plenz to fix a bug in the charset converter diff --git a/patch.r7030 b/patch.r7030 deleted file mode 100644 index 1465e8a..0000000 --- a/patch.r7030 +++ /dev/null @@ -1,48 +0,0 @@ -Index: bogofilter/src/lexer.c -=================================================================== ---- bogofilter/src/lexer.c (revision 7029) -+++ bogofilter/src/lexer.c (revision 7030) -@@ -329,7 +329,7 @@ - count += cnt; - - /* Note: some malformed messages can cause xfgetsl() to report -- ** "Invalid buffer size, exiting." ** and then abort. This -+ ** "Invalid buffer size, exiting." and then abort. This - ** can happen when the parser is in html mode and there's a - ** leading '<' but no closing '>'. - ** -@@ -343,9 +343,12 @@ - - if (count >= MAX_TOKEN_LEN * 2 && - long_token(buff.t.u.text, (uint) count)) { -- uint start = buff.t.leng - count; -- uint length = count - max_token_len; -- buff_shift(&buff, start, length); -+ /* Make sure not to shift bytes outside the buffer */ -+ if (buff.t.leng >= (uint) count) { -+ uint start = buff.t.leng - count; -+ uint length = count - max_token_len; -+ buff_shift(&buff, start, length); -+ } - count = buff.t.leng; - } - else -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7029) -+++ bogofilter/NEWS (revision 7030) -@@ -15,6 +15,14 @@ - - ------------------------------------------------------------------------------- - -+ 2015-02-28 -+ -+ * Fix the lexer to not try to delete parts from HTML tokens if it is -+ reading garbage (for instance, binary files misdeclared as HTML). -+ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64), -+ and is possibly related to its newer flex 2.5.37 that may have -+ changed the way it uses yyinput() a bit. Reported by Matt Garretson. -+ - 2015-02-25 - - * Fix the lexer to handle MIME multipart messages properly when the diff --git a/patch.r7032 b/patch.r7032 deleted file mode 100644 index eaba3ad..0000000 --- a/patch.r7032 +++ /dev/null @@ -1,19 +0,0 @@ -Index: bogofilter/src/maint.c -=================================================================== ---- bogofilter/src/maint.c (revision 7031) -+++ bogofilter/src/maint.c (revision 7032) -@@ -118,11 +118,11 @@ - bool discard; - - if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */ -- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0) -+ if (0 == word_cmps(token, MSG_COUNT)) - return false; -- if (strcmp((const char *)token->u.text, ROBX_W) == 0) -+ if (0 == word_cmps(token, ROBX_W)) - return false; -- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0) -+ if (0 == word_cmps(token, WORDLIST_ENCODING)) - return false; - } - diff --git a/patch.r7034 b/patch.r7034 deleted file mode 100644 index 790b901..0000000 --- a/patch.r7034 +++ /dev/null @@ -1,16 +0,0 @@ -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7033) -+++ bogofilter/NEWS (revision 7034) -@@ -15,6 +15,11 @@ - - ------------------------------------------------------------------------------- - -+ 2015-10-10 -+ -+ * Fix an out-of-bounds memory read in maint.c's discard_token(). -+ Found with clang 3.6's address sanitizer. -+ - 2015-02-28 - - * Fix the lexer to not try to delete parts from HTML tokens if it is diff --git a/patch.r7035 b/patch.r7035 deleted file mode 100644 index 6ef6f81..0000000 --- a/patch.r7035 +++ /dev/null @@ -1,40 +0,0 @@ -Index: bogofilter/src/wordlists.c -=================================================================== ---- bogofilter/src/wordlists.c (revision 7034) -+++ bogofilter/src/wordlists.c (revision 7035) -@@ -265,9 +265,6 @@ - xfree(i); - } - -- if (commit) -- word_lists = NULL; -- - return err; - } - -Index: bogofilter/src/wordlists_base.c -=================================================================== ---- bogofilter/src/wordlists_base.c (revision 7034) -+++ bogofilter/src/wordlists_base.c (revision 7035) -@@ -134,6 +134,8 @@ - list = free_wordlistnode(list); - } - -+ word_lists = NULL; -+ - bogohome_cleanup(); - } - -Index: bogofilter/NEWS -=================================================================== ---- bogofilter/NEWS (revision 7034) -+++ bogofilter/NEWS (revision 7035) -@@ -17,6 +17,8 @@ - - 2015-10-10 - -+ * Fix a memory leak in close_wordlists(). -+ - * Fix an out-of-bounds memory read in maint.c's discard_token(). - Found with clang 3.6's address sanitizer. - diff --git a/sources b/sources index fdc29aa..f5235a1 100644 --- a/sources +++ b/sources @@ -1 +1 @@ -6b3564876c6a571880edfdf57bd501ae bogofilter-1.2.4.repack.tar.gz +SHA512 (bogofilter-1.2.5.tar.xz) = 3a7280485cfe5802dd3e9721c153f88ccf28bff7a6a24590e985e860d1f1e0ddea7bde8a8e5ad1ff643e94c9fd7b26b2a5ed5a9fb991cee3fd5b0ce67ce9abfe