diff options
author | Adrian Reber <adrian@lisas.de> | 2019-02-13 09:12:49 +0100 |
---|---|---|
committer | Adrian Reber <adrian@lisas.de> | 2019-02-13 09:13:03 +0100 |
commit | 5055f4fee07f3eac283b1ce9484713f2a394f4fb (patch) | |
tree | d9e5a9b7feb46cbdf96b211c7162288c924fd8bc | |
parent | f4b8b6f1d01eadf54c12db9be4addfe8d28f8536 (diff) | |
download | bogofilter_EL6-5055f4fee07f3eac283b1ce9484713f2a394f4fb.tar.gz |
Applied 11 patches from Georg Sauthoff (#1676460)
-rw-r--r-- | 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch | 50 | ||||
-rw-r--r-- | 0002-Fix-out-of-bounds-read-in-spanword-126.patch | 30 | ||||
-rw-r--r-- | 0003-Fix-memory-leak-already-fixed-in-trunk.patch | 35 | ||||
-rw-r--r-- | 0004-Fix-msg-id-out-of-bounds-read-118.patch | 46 | ||||
-rw-r--r-- | 0005-Fix-mime-cleanup-memory-leak-119.patch | 26 | ||||
-rw-r--r-- | 0006-Fix-fgetsl-abort-120.patch | 27 | ||||
-rw-r--r-- | 0007-Fix-gconv-assert-overlap-buffers-121.patch | 69 | ||||
-rw-r--r-- | 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch | 25 | ||||
-rw-r--r-- | 0009-Fix-buffer-overflow-in-add_buff-122.patch | 74 | ||||
-rw-r--r-- | 0010-Fix-fill_buf-heap-buffer-overflow-123.patch | 89 | ||||
-rw-r--r-- | 0011-Fix-buffer-overflow-after-long-tokens-124.patch | 34 | ||||
-rw-r--r-- | bogofilter.spec | 37 |
12 files changed, 541 insertions, 1 deletions
diff --git a/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch b/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch new file mode 100644 index 0000000..09087c3 --- /dev/null +++ b/0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch @@ -0,0 +1,50 @@ +From 861b6c058b36fafefcdca21be180fa44046db4a0 Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Mon, 11 Feb 2019 10:01:14 +0100 +Subject: [PATCH 01/11] Fix memory leak when creating a new bdb file (#125) + +cf. https://sourceforge.net/p/bogofilter/bugs/125/ +--- + src/datastore_db.c | 21 +++++++++++++++++++-- + 1 file changed, 19 insertions(+), 2 deletions(-) + +diff --git a/src/datastore_db.c b/src/datastore_db.c +index 4b58462..d0bcfa1 100644 +--- a/src/datastore_db.c ++++ b/src/datastore_db.c +@@ -630,13 +630,30 @@ retry_db_open: + if (ret != 0) { + err = (ret != ENOENT) || (opt_flags == DB_RDONLY); + if (!err) { +- if ( ++ ret = + #if DB_EQUAL(4,1) +- (ret = DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || ++ (DB_SET_FLAGS(dbp, DB_CHKSUM_SHA1)) != 0 || + #endif + #if DB_AT_LEAST(4,2) + (ret = DB_SET_FLAGS(dbp, DB_CHKSUM)) != 0 || + #endif ++ 0; ++ if (!ret) { ++ dbp->close(dbp, 0); ++ if ((ret = db_create (&dbp, dbe, 0)) != 0) { ++ print_error(__FILE__, __LINE__, "(db) db_create, err: %d, %s", ++ ret, db_strerror(ret)); ++ goto open_err; ++ } ++ handle->dbp = dbp; ++#ifdef ENABLE_MEMDEBUG ++ if (eTransaction == T_DISABLED) ++ dbp->set_alloc(dbp, md_malloc, md_realloc, md_free); ++ else ++ dbe->set_alloc(dbe, md_malloc, md_realloc, md_free); ++#endif ++ } ++ if (ret || + (ret = DB_OPEN(dbp, bfp, NULL, dbtype, opt_flags | DB_CREATE | DB_EXCL | retryflag, DS_MODE))) + err = true; + if (!err) +-- +2.20.1 + diff --git a/0002-Fix-out-of-bounds-read-in-spanword-126.patch b/0002-Fix-out-of-bounds-read-in-spanword-126.patch new file mode 100644 index 0000000..09ece38 --- /dev/null +++ b/0002-Fix-out-of-bounds-read-in-spanword-126.patch @@ -0,0 +1,30 @@ +From 63317a12e89040badf0cc82d82a8b6f64703cd6d Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Mon, 11 Feb 2019 10:02:21 +0100 +Subject: [PATCH 02/11] Fix out-of-bounds read in spanword (#126) + +cf. https://sourceforge.net/p/bogofilter/bugs/126/ +--- + src/wordlists.c | 6 ++++-- + 1 file changed, 4 insertions(+), 2 deletions(-) + +diff --git a/src/wordlists.c b/src/wordlists.c +index 735af34..a5d529e 100644 +--- a/src/wordlists.c ++++ b/src/wordlists.c +@@ -307,8 +307,10 @@ static char *spanword(char *p) + { + const char *delim = ", \t"; + p += strcspn(p, delim); /* skip to end of word */ +- *p++ = '\0'; +- p += strspn(p, " \t"); /* skip trailing whitespace */ ++ if (*p) { ++ *p++ = '\0'; ++ p += strspn(p, " \t"); /* skip trailing whitespace */ ++ } + return p; + } + +-- +2.20.1 + diff --git a/0003-Fix-memory-leak-already-fixed-in-trunk.patch b/0003-Fix-memory-leak-already-fixed-in-trunk.patch new file mode 100644 index 0000000..e080c5f --- /dev/null +++ b/0003-Fix-memory-leak-already-fixed-in-trunk.patch @@ -0,0 +1,35 @@ +From 1e4e4d2ea197c89c2f441a87d62e397f0e139f2e Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Mon, 11 Feb 2019 10:03:20 +0100 +Subject: [PATCH 03/11] Fix memory leak (already fixed in trunk) + +cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/wordlists.c#l360 +--- + src/wordlists.c | 4 +++- + 1 file changed, 3 insertions(+), 1 deletion(-) + +diff --git a/src/wordlists.c b/src/wordlists.c +index a5d529e..717dc80 100644 +--- a/src/wordlists.c ++++ b/src/wordlists.c +@@ -329,7 +329,8 @@ bool configure_wordlist(const char *val) + char* filename; + int precedence; + +- char *tmp = xstrdup(val); ++ char *t = xstrdup(val); ++ char *tmp = t; + + ch= tmp[0]; /* save wordlist type (good/spam) */ + tmp = spanword(tmp); +@@ -357,6 +358,7 @@ bool configure_wordlist(const char *val) + (void)spanword(tmp); + + init_wordlist(listname, filename, precedence, type); ++ xfree(t); + + return true; + } +-- +2.20.1 + diff --git a/0004-Fix-msg-id-out-of-bounds-read-118.patch b/0004-Fix-msg-id-out-of-bounds-read-118.patch new file mode 100644 index 0000000..57657ba --- /dev/null +++ b/0004-Fix-msg-id-out-of-bounds-read-118.patch @@ -0,0 +1,46 @@ +From 7f4fbcb3a52aa5b0b83aef57bddb33fdd9d5b82e Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 10:50:40 +0100 +Subject: [PATCH 04/11] Fix msg-id out-of-bounds read (#118) + +cf. https://sourceforge.net/p/bogofilter/bugs/118/ +--- + src/token.c | 8 +++++--- + 1 file changed, 5 insertions(+), 3 deletions(-) + +diff --git a/src/token.c b/src/token.c +index 3ac43c1..686ddd0 100644 +--- a/src/token.c ++++ b/src/token.c +@@ -33,6 +33,7 @@ AUTHOR: + + word_t *msg_addr; /* First IP Address in Received: statement */ + word_t *msg_id; /* Message ID */ ++static size_t max_msg_id_len; + word_t *queue_id; /* Message's first queue ID */ + + static token_t save_class = NONE; +@@ -573,7 +574,8 @@ void token_init(void) + msg_addr = word_new( NULL, max_token_len ); + + /* Message ID */ +- msg_id = word_new( NULL, max_token_len * 3 ); ++ max_msg_id_len = max_token_len * 3; ++ msg_id = word_new( NULL, max_msg_id_len ); + + /* Message's first queue ID */ + queue_id = word_new( NULL, max_token_len ); +@@ -667,8 +669,8 @@ void set_tag(const char *text) + + void set_msg_id(byte *text, uint leng) + { +- (void) leng; /* suppress compiler warning */ +- token_set( msg_id, text, msg_id->leng ); ++ uint n = min(leng, max_msg_id_len); ++ token_set( msg_id, text, n ); + } + + #define WFREE(n) word_free(n); n = NULL +-- +2.20.1 + diff --git a/0005-Fix-mime-cleanup-memory-leak-119.patch b/0005-Fix-mime-cleanup-memory-leak-119.patch new file mode 100644 index 0000000..ca2227a --- /dev/null +++ b/0005-Fix-mime-cleanup-memory-leak-119.patch @@ -0,0 +1,26 @@ +From 9b9f5113d9fa4292f769f416d824e42a40a57c6f Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 10:52:08 +0100 +Subject: [PATCH 05/11] Fix mime cleanup memory leak (#119) + +cf. https://sourceforge.net/p/bogofilter/bugs/119/ +--- + src/mime.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/mime.c b/src/mime.c +index 8edaebf..8964b1a 100644 +--- a/src/mime.c ++++ b/src/mime.c +@@ -204,7 +204,7 @@ void mime_cleanup() + if (msg_state == NULL) + return; + +- while (mime_stack_top->parent) ++ while (msg_state->parent) + mime_pop(); + mime_pop(); + msg_state = NULL; +-- +2.20.1 + diff --git a/0006-Fix-fgetsl-abort-120.patch b/0006-Fix-fgetsl-abort-120.patch new file mode 100644 index 0000000..333e3cf --- /dev/null +++ b/0006-Fix-fgetsl-abort-120.patch @@ -0,0 +1,27 @@ +From 76f398b072a805f02dc057eb896391c6ad63a78a Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 10:53:53 +0100 +Subject: [PATCH 06/11] Fix fgetsl abort (#120) + +https://sourceforge.net/p/bogofilter/bugs/120/ +--- + src/fgetsl.c | 3 +++ + 1 file changed, 3 insertions(+) + +diff --git a/src/fgetsl.c b/src/fgetsl.c +index 630585f..166246f 100644 +--- a/src/fgetsl.c ++++ b/src/fgetsl.c +@@ -26,6 +26,9 @@ int xfgetsl(char *buf, int max_size, FILE *in, bool no_nul_terminate) + char *end = buf + max_size; /* Physical end of buffer */ + char *fin = end - (no_nul_terminate ? 0 : 1); /* Last available byte */ + ++ if (cp == fin && no_nul_terminate) ++ return 0; ++ + if (cp >= fin) { + fprintf(stderr, "Invalid buffer size, exiting.\n"); + abort(); +-- +2.20.1 + diff --git a/0007-Fix-gconv-assert-overlap-buffers-121.patch b/0007-Fix-gconv-assert-overlap-buffers-121.patch new file mode 100644 index 0000000..c582134 --- /dev/null +++ b/0007-Fix-gconv-assert-overlap-buffers-121.patch @@ -0,0 +1,69 @@ +From 4ebbd6a1c3bcf5a1240413d1447ecf2f1699fc7b Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 10:54:46 +0100 +Subject: [PATCH 07/11] Fix gconv assert overlap buffers (#121) + +cf. https://sourceforge.net/p/bogofilter/bugs/121/ +--- + src/iconvert.c | 7 ++++++- + src/lexer.c | 4 +++- + 2 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/src/iconvert.c b/src/iconvert.c +index 731ce03..14585b4 100644 +--- a/src/iconvert.c ++++ b/src/iconvert.c +@@ -31,7 +31,7 @@ AUTHOR: + + #include <stdlib.h> + #include <errno.h> +- ++#include <assert.h> + #include "buff.h" + #include "iconvert.h" + +@@ -163,6 +163,9 @@ static void convert(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) + break; + + default: ++ // Linux man page states that other error codes may occur ++ // thus, safer to leave that loop on unknown error, right? ++ done = true; + break; + } + } +@@ -190,6 +193,7 @@ static void copy(buff_t *restrict src, buff_t *restrict dst) + + void iconvert(buff_t *restrict src, buff_t *restrict dst) + { ++ assert(src->t.u.text != dst->t.u.text); + if (cd == NULL) + copy(src, dst); + else +@@ -198,6 +202,7 @@ void iconvert(buff_t *restrict src, buff_t *restrict dst) + + void iconvert_cd(iconv_t xd, buff_t *restrict src, buff_t *restrict dst) + { ++ assert(src->t.u.text != dst->t.u.text); + if (xd == (iconv_t)-1) + copy(src, dst); + else +diff --git a/src/lexer.c b/src/lexer.c +index ba58d25..0e3e7c7 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -231,8 +231,10 @@ static int get_decoded_line(buff_t *buff) + * a message truncation which we try to avoid by simply + * returning the original input buffer (which has positive + * length) instead. */ +- if(buff->t.leng == 0) ++ if(buff->t.leng == 0) { + memcpy(buff, linebuff, sizeof(*buff)); ++ *linebuff = (const buff_t){0}; ++ } + + /* + * iconvert, treating multi-byte sequences, can shrink or enlarge +-- +2.20.1 + diff --git a/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch b/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch new file mode 100644 index 0000000..f79992d --- /dev/null +++ b/0008-Fix-out-of-bounds-read-already-fixed-upstream.patch @@ -0,0 +1,25 @@ +From 8f8973aeecd4c3a34efce5cd0a23287cadaf439f Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 11:20:19 +0100 +Subject: [PATCH 08/11] Fix out-of-bounds read (already fixed upstream) + +cf. https://sourceforge.net/p/bogofilter/code/HEAD/tree/trunk/bogofilter/src/lexer.c#l144 +--- + src/lexer.c | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/src/lexer.c b/src/lexer.c +index 0e3e7c7..63bd4cb 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -140,6 +140,7 @@ static int yy_get_new_line(buff_t *buff) + && count != EOF + /* don't skip if inside message/rfc822 */ + && msg_state->parent == NULL ++ && buff->t.leng >= hdrlen + && memcmp(buff->t.u.text,spam_header_name,hdrlen) == 0) { + count = skip_folded_line(buff); + } +-- +2.20.1 + diff --git a/0009-Fix-buffer-overflow-in-add_buff-122.patch b/0009-Fix-buffer-overflow-in-add_buff-122.patch new file mode 100644 index 0000000..f7a2fa2 --- /dev/null +++ b/0009-Fix-buffer-overflow-in-add_buff-122.patch @@ -0,0 +1,74 @@ +From 25412109321aa575647f21b7b8b9f11634071f26 Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 14:57:51 +0100 +Subject: [PATCH 09/11] Fix buffer overflow in add_buff (#122) + +cf. https://sourceforge.net/p/bogofilter/bugs/122/ +--- + src/buff.c | 2 +- + src/lexer.c | 10 +++++++--- + 2 files changed, 8 insertions(+), 4 deletions(-) + +diff --git a/src/buff.c b/src/buff.c +index 5342cd2..c325945 100644 +--- a/src/buff.c ++++ b/src/buff.c +@@ -58,7 +58,7 @@ int buff_add(buff_t *self, word_t *in) + int readcnt = in->leng; + uint new_size = self->t.leng + in->leng; + if (new_size > self->size) { +- self->t.u.text = xrealloc(self->t.u.text, new_size); ++ self->t.u.text = xrealloc(self->t.u.text, new_size + D); + self->size = new_size; + } + self->read = readpos; +diff --git a/src/lexer.c b/src/lexer.c +index 63bd4cb..60692b6 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -152,12 +152,14 @@ static int get_decoded_line(buff_t *buff) + { + int count; + buff_t *linebuff; ++ // since msg_state might change during calls ++ bool mime_dont_decode = msg_state->mime_dont_decode; + + #ifdef DISABLE_UNICODE + linebuff = buff; + #else + if (encoding == E_RAW || +- msg_state->mime_dont_decode ) { ++ mime_dont_decode ) { + linebuff = buff; + } + else { +@@ -180,6 +182,8 @@ static int get_decoded_line(buff_t *buff) + } + #endif + ++ // note that this call might invoke got_mimeboundary() thus ++ // changing the global msg_state variable + count = yy_get_new_line(linebuff); + + if (count == EOF) { +@@ -200,7 +204,7 @@ static int get_decoded_line(buff_t *buff) + textblock_add(linebuff->t.u.text+linebuff->read, (size_t) count); + + if ( !msg_header && +- !msg_state->mime_dont_decode && ++ !mime_dont_decode && + msg_state->mime_type != MIME_TYPE_UNKNOWN) + { + word_t temp; +@@ -221,7 +225,7 @@ static int get_decoded_line(buff_t *buff) + + #ifndef DISABLE_UNICODE + if (encoding == E_UNICODE && +- !msg_state->mime_dont_decode && ++ !mime_dont_decode && + count > 0) + { + iconvert(linebuff, buff); +-- +2.20.1 + diff --git a/0010-Fix-fill_buf-heap-buffer-overflow-123.patch b/0010-Fix-fill_buf-heap-buffer-overflow-123.patch new file mode 100644 index 0000000..7a68024 --- /dev/null +++ b/0010-Fix-fill_buf-heap-buffer-overflow-123.patch @@ -0,0 +1,89 @@ +From db3f056da3b16afa09bf807c717664689d35bdcb Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 19:12:29 +0100 +Subject: [PATCH 10/11] Fix fill_buf heap-buffer-overflow (#123) + +cf. https://sourceforge.net/p/bogofilter/bugs/123/ +--- + src/lexer.c | 27 +++++++++++++++------------ + 1 file changed, 15 insertions(+), 12 deletions(-) + +diff --git a/src/lexer.c b/src/lexer.c +index 60692b6..b7b4b3b 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -11,6 +11,7 @@ + + #include <ctype.h> + #include <stdlib.h> ++#include <assert.h> + + #include "base64.h" + #include "bogoconfig.h" +@@ -234,18 +235,16 @@ static int get_decoded_line(buff_t *buff) + * no more bytes left to read, even though before the iconvert + * call we had a positive number of bytes. This *will* lead to + * a message truncation which we try to avoid by simply +- * returning the original input buffer (which has positive +- * length) instead. */ ++ * returning another in-band error code. */ + if(buff->t.leng == 0) { +- memcpy(buff, linebuff, sizeof(*buff)); +- *linebuff = (const buff_t){0}; ++ count = -2; ++ } else { ++ /* ++ * iconvert, treating multi-byte sequences, can shrink or enlarge ++ * the output compared to its input. Correct count. ++ */ ++ count = buff->t.leng; + } +- +- /* +- * iconvert, treating multi-byte sequences, can shrink or enlarge +- * the output compared to its input. Correct count. +- */ +- count = buff->t.leng; + } + #endif + +@@ -299,7 +298,9 @@ int buff_fill(buff_t *buff, size_t used, size_t need) + while (size - leng > 2 && need > leng - used) { + /* too few, read more */ + int add = get_decoded_line(buff); ++ // get_decoded_line never returns EOF!?! + if (add == EOF) return EOF; ++ if (add == -2) continue; + if (add == 0) break ; + cnt += add; + leng += add; +@@ -332,8 +333,8 @@ int yyinput(byte *buf, size_t used, size_t size) + */ + + while ((cnt = get_decoded_line(&buff)) != 0) { +- +- count += cnt; ++ if (cnt > 0) ++ count += cnt; + + /* Note: some malformed messages can cause xfgetsl() to report + ** "Invalid buffer size, exiting." and then abort. This +@@ -365,6 +366,7 @@ int yyinput(byte *buf, size_t used, size_t size) + if (msg_state && + msg_state->mime_dont_decode && + (msg_state->mime_disposition != MIME_DISPOSITION_UNKNOWN)) { ++ assert(count <= (int)size); + return (count == EOF ? 0 : count); /* not decode at all */ + } + +@@ -386,6 +388,7 @@ int yyinput(byte *buf, size_t used, size_t size) + if (DEBUG_LEXER(2)) + fprintf(dbgout, "*** yyinput(\"%-.*s\", %lu, %lu) = %d\n", count, buf, (unsigned long)used, (unsigned long)size, count); + ++ assert(count <= (int)size); + return (count == EOF ? 0 : count); + } + +-- +2.20.1 + diff --git a/0011-Fix-buffer-overflow-after-long-tokens-124.patch b/0011-Fix-buffer-overflow-after-long-tokens-124.patch new file mode 100644 index 0000000..f50c4c7 --- /dev/null +++ b/0011-Fix-buffer-overflow-after-long-tokens-124.patch @@ -0,0 +1,34 @@ +From 452cfd60f89c9258f97af16b9c3496aa1aa293b0 Mon Sep 17 00:00:00 2001 +From: Georg Sauthoff <mail@georg.so> +Date: Fri, 8 Feb 2019 23:25:41 +0100 +Subject: [PATCH 11/11] Fix buffer-overflow after long tokens (#124) + +cf. https://sourceforge.net/p/bogofilter/bugs/124/ +--- + src/lexer.c | 3 ++- + 1 file changed, 2 insertions(+), 1 deletion(-) + +diff --git a/src/lexer.c b/src/lexer.c +index b7b4b3b..77a88d4 100644 +--- a/src/lexer.c ++++ b/src/lexer.c +@@ -260,6 +260,7 @@ static int get_decoded_line(buff_t *buff) + byte *buf = buff->t.u.text; + if (memcmp(buf + count - 2, CRLF, 2) == 0) { + count --; ++ --buff->t.leng; + *(buf + count - 1) = (byte) '\n'; + } + } +@@ -334,7 +335,7 @@ int yyinput(byte *buf, size_t used, size_t size) + + while ((cnt = get_decoded_line(&buff)) != 0) { + if (cnt > 0) +- count += cnt; ++ count = buff.t.leng; + + /* Note: some malformed messages can cause xfgetsl() to report + ** "Invalid buffer size, exiting." and then abort. This +-- +2.20.1 + diff --git a/bogofilter.spec b/bogofilter.spec index 92e4b97..678abe0 100644 --- a/bogofilter.spec +++ b/bogofilter.spec @@ -1,7 +1,7 @@ Summary: Fast anti-spam filtering by Bayesian statistical analysis Name: bogofilter Version: 1.2.4 -Release: 15%{?dist} +Release: 16%{?dist} License: GPLv2 URL: http://bogofilter.sourceforge.net/ # Source: http://downloads.sourceforge.net/bogofilter/bogofilter-%{version}.tar.gz @@ -26,6 +26,27 @@ Patch5: patch.r7030 Patch6: patch.r7032 Patch7: patch.r7034 Patch8: patch.r7035 +# The following patches are from https://bugzilla.redhat.com/show_bug.cgi?id=1676460 +# https://sourceforge.net/p/bogofilter/bugs/125/ +Patch9: 0001-Fix-memory-leak-when-creating-a-new-bdb-file-125.patch +# https://sourceforge.net/p/bogofilter/bugs/126/ +Patch10: 0002-Fix-out-of-bounds-read-in-spanword-126.patch +Patch11: 0003-Fix-memory-leak-already-fixed-in-trunk.patch +# https://sourceforge.net/p/bogofilter/bugs/118/ +Patch12: 0004-Fix-msg-id-out-of-bounds-read-118.patch +# https://sourceforge.net/p/bogofilter/bugs/119/ +Patch13: 0005-Fix-mime-cleanup-memory-leak-119.patch +# https://sourceforge.net/p/bogofilter/bugs/120/ +Patch14: 0006-Fix-fgetsl-abort-120.patch +# https://sourceforge.net/p/bogofilter/bugs/121/ +Patch15: 0007-Fix-gconv-assert-overlap-buffers-121.patch +Patch16: 0008-Fix-out-of-bounds-read-already-fixed-upstream.patch +# https://sourceforge.net/p/bogofilter/bugs/122/ +Patch17: 0009-Fix-buffer-overflow-in-add_buff-122.patch +# https://sourceforge.net/p/bogofilter/bugs/123/ +Patch18: 0010-Fix-fill_buf-heap-buffer-overflow-123.patch +# https://sourceforge.net/p/bogofilter/bugs/124/ +Patch19: 0011-Fix-buffer-overflow-after-long-tokens-124.patch BuildRequires: gcc BuildRequires: flex libdb-devel gsl-devel BuildRequires: /usr/bin/iconv @@ -62,6 +83,17 @@ main bogofilter package. %patch6 -p1 %patch7 -p1 %patch8 -p1 +%patch9 -p1 +%patch10 -p1 +%patch11 -p1 +%patch12 -p1 +%patch13 -p1 +%patch14 -p1 +%patch15 -p1 +%patch16 -p1 +%patch17 -p1 +%patch18 -p1 +%patch19 -p1 iconv -f iso-8859-1 -t utf-8 \ doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8 %{__mv} -f doc/bogofilter-faq-fr.html.utf8 \ @@ -103,6 +135,9 @@ iconv -f iso-8859-1 -t utf-8 \ %exclude %{_mandir}/man1/bogoupgrade* %changelog +* Wed Feb 13 2019 Adrian Reber <adrian@lisas.de> - 1.2.4-16 +- Applied 11 patches from Georg Sauthoff (#1676460) + * Thu Jan 31 2019 Fedora Release Engineering <releng@fedoraproject.org> - 1.2.4-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild |