diff options
author | Adrian Reber <adrian@lisas.de> | 2016-11-02 13:45:33 +0100 |
---|---|---|
committer | Adrian Reber <adrian@lisas.de> | 2016-11-02 13:47:51 +0100 |
commit | 80a818b6fde463ebfd868dd203a60b9cc3529527 (patch) | |
tree | b458df5daeb71ffa03c911fb9becc0ef602aa256 | |
parent | 8a52d26ddfdb1e6d3a69773688f4afb0437aa529 (diff) | |
download | bogofilter_EL6-80a818b6fde463ebfd868dd203a60b9cc3529527.tar.gz |
Added multiple upstream patches to fix various memory bugs
- Fixes "[abrt] bogofilter: yyrealloc(): bogofilter killed by SIGABRT" (#1246282)
- Fixes "why libdb4" (#1367329) by switching BR to libdb-devel (from db4-devel)
-rw-r--r-- | bogofilter.spec | 35 | ||||
-rw-r--r-- | patch.r6995 | 14 | ||||
-rw-r--r-- | patch.r7009 | 16 | ||||
-rw-r--r-- | patch.r7016 | 127 | ||||
-rw-r--r-- | patch.r7023 | 83 | ||||
-rw-r--r-- | patch.r7030 | 48 | ||||
-rw-r--r-- | patch.r7032 | 19 | ||||
-rw-r--r-- | patch.r7034 | 16 | ||||
-rw-r--r-- | patch.r7035 | 40 |
9 files changed, 393 insertions, 5 deletions
diff --git a/bogofilter.spec b/bogofilter.spec index 8c9a573..f53f933 100644 --- a/bogofilter.spec +++ b/bogofilter.spec @@ -1,7 +1,7 @@ Summary: Fast anti-spam filtering by Bayesian statistical analysis Name: bogofilter Version: 1.2.4 -Release: 6%{?dist} +Release: 7%{?dist} License: GPLv2 Group: Applications/Internet URL: http://bogofilter.sourceforge.net/ @@ -10,11 +10,24 @@ URL: http://bogofilter.sourceforge.net/ # but due to bug 912694 which identified three files with license # problems the following steps are necessary to repack bogofilter # wget http://downloads.sourceforge.net/bogofilter/bogofilter-1.2.4.tar.gz -# tar xf bogofilter-1.2.4.tar.gz +# tar xf bogofilter-1.2.4.tar.gz # rm bogofilter-1.2.4/doc/bogofilter-SA-20[0-1][0,5]-0[1,2] # tar cf bogofilter-1.2.4.repack.tar.gz bogofilter-1.2.4 Source: bogofilter-%{version}.repack.tar.gz -BuildRequires: flex db4-devel gsl-devel +# Patches are taken from upstreams SVN: +# svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter-code +# cd bogofilter-code +# svndiff -c 6995 > patch.r6995 +Patch1: patch.r6995 +# patch.r7009 is adapted to apply without a previous patch +Patch2: patch.r7009 +Patch3: patch.r7016 +Patch4: patch.r7023 +Patch5: patch.r7030 +Patch6: patch.r7032 +Patch7: patch.r7034 +Patch8: patch.r7035 +BuildRequires: flex libdb-devel gsl-devel BuildRequires: /usr/bin/iconv BuildRequires: perl-generators @@ -30,7 +43,6 @@ by sites that process a lot of mail. %package bogoupgrade Summary: Upgrades bogofilter database to current version Group: Applications/Internet -Provides: bogoupgrade Requires: %{name} = %{version}-%{release} %description bogoupgrade @@ -43,13 +55,21 @@ main bogofilter package. %prep %setup -q +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 -p1 +%patch7 -p1 +%patch8 -p1 iconv -f iso-8859-1 -t utf-8 \ doc/bogofilter-faq-fr.html > doc/bogofilter-faq-fr.html.utf8 %{__mv} -f doc/bogofilter-faq-fr.html.utf8 \ doc/bogofilter-faq-fr.html %build -CFLAGS="%{optflags} -I%{_includedir}/libdb4" LDFLAGS="-L%{_libdir}/libdb4" %configure --disable-rpath +%configure --disable-rpath %{__make} %{?_smp_mflags} %install @@ -83,6 +103,11 @@ CFLAGS="%{optflags} -I%{_includedir}/libdb4" LDFLAGS="-L%{_libdir}/libdb4" %conf %exclude %{_mandir}/man1/bogoupgrade* %changelog +* Thu Sep 22 2016 Adrian Reber <adrian@lisas.de> - 1.2.4-7 +- Added multiple upstream patches to fix various memory bugs +- Fixes "[abrt] bogofilter: yyrealloc(): bogofilter killed by SIGABRT" (#1246282) +- Fixes "why libdb4" (#1367329) by switching BR to libdb-devel (from db4-devel) + * Mon Feb 22 2016 Orion Poplawski <orion@cora.nwra.com> - 1.2.4-6 - Rebuild for gsl 2.1 diff --git a/patch.r6995 b/patch.r6995 new file mode 100644 index 0000000..a451a13 --- /dev/null +++ b/patch.r6995 @@ -0,0 +1,14 @@ +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 6994) ++++ bogofilter/NEWS (revision 6995) +@@ -46,7 +46,8 @@ + svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter + + And developers would use, replacing joe by their sf.net login: +- svn checkout --username=joe svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk bogofilter ++ svn checkout --username=joe \ ++ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter + + 2012-12-03 + * Add bogofilter-SA-2012-01 (CVE-2012-5468). diff --git a/patch.r7009 b/patch.r7009 new file mode 100644 index 0000000..f5c16a7 --- /dev/null +++ b/patch.r7009 @@ -0,0 +1,16 @@ +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7008) ++++ bogofilter/NEWS (revision 7009) +@@ -15,6 +15,11 @@ + + ------------------------------------------------------------------------------- + ++ 2013-11-30 ++ ++ * Updated autoconf/automake stuff so that tests work properly with ++ automake versions that default to running parallel-tests. ++ + 1.2.4 2013-07-01 (released) + + 2013-06-28 diff --git a/patch.r7016 b/patch.r7016 new file mode 100644 index 0000000..9560d45 --- /dev/null +++ b/patch.r7016 @@ -0,0 +1,127 @@ +Index: bogofilter/AUTHORS +=================================================================== +--- bogofilter/AUTHORS (revision 7015) ++++ bogofilter/AUTHORS (revision 7016) +@@ -55,3 +55,4 @@ + Marco Bozzolan + Paul Mangan + Roman Trunov ++Julius Plenz +Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz +=================================================================== +Cannot display: file marked as a binary type. +svn:mime-type = application/octet-stream +Index: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz +=================================================================== +--- bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (nonexistent) ++++ bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz (revision 7016) + +Property changes on: bogofilter/src/tests/inputs/t.passthrough-truncation-in.gz +___________________________________________________________________ +Added: svn:mime-type +## -0,0 +1 ## ++application/octet-stream +\ No newline at end of property +Index: bogofilter/src/tests/t.passthrough-truncation +=================================================================== +--- bogofilter/src/tests/t.passthrough-truncation (nonexistent) ++++ bogofilter/src/tests/t.passthrough-truncation (revision 7016) +@@ -0,0 +1,19 @@ ++#! /bin/sh ++ ++. ${srcdir:=.}/t.frame ++ ++# t.passthrough-hb ++# ++# test for correct passthrough of misdeclared MIME parts ++# test case provided by Julius Plenz, July 2014. ++ ++gzip -c -d <"$srcdir/inputs/t.passthrough-truncation-in.gz" >"$TMPDIR/input" ++$BOGOFILTER -e -p -C < "$TMPDIR/input" \ ++| $GREP -v "^X-Bogosity: Unsure," > "$TMPDIR/output" ++ ++if [ $verbose -eq 0 ]; then ++ cmp "$TMPDIR/input" "$TMPDIR/output" ++else ++ set +e ++ diff $DIFF_BRIEF "$TMPDIR/input" "$TMPDIR/output" ++fi + +Property changes on: bogofilter/src/tests/t.passthrough-truncation +___________________________________________________________________ +Added: svn:executable +## -0,0 +1 ## ++* +\ No newline at end of property +Index: bogofilter/src/tests/Makefile.am +=================================================================== +--- bogofilter/src/tests/Makefile.am (revision 7015) ++++ bogofilter/src/tests/Makefile.am (revision 7016) +@@ -35,7 +35,7 @@ + t.ignore_spam_header \ + t.nullstatsprefix \ + t.integrity t.integrity2 t.integrity3 \ +- t.passthrough-hb \ ++ t.passthrough-hb t.passthrough-truncation \ + t.escaped.html t.escaped.url \ + t.base64 t.split t.parsing \ + t.lexer t.lexer.mbx t.lexer.qpcr t.lexer.eoh \ +@@ -97,6 +97,7 @@ + inputs/msg.split.dr.0118.base64 \ + inputs/msg.split.gs.0119.text \ + inputs/spam.mbx \ ++ inputs/t.passthrough-truncation-in.gz \ + outputs/MH.out \ + outputs/bogolex.out \ + outputs/bulkmode.out \ +Index: bogofilter/src/lexer.c +=================================================================== +--- bogofilter/src/lexer.c (revision 7015) ++++ bogofilter/src/lexer.c (revision 7016) +@@ -220,15 +220,25 @@ + + #ifndef DISABLE_UNICODE + if (encoding == E_UNICODE && +- !msg_state->mime_dont_decode) ++ !msg_state->mime_dont_decode && ++ count > 0) + { + iconvert(linebuff, buff); ++ ++ /* If we return count = 0 here, the caller will think we have ++ * no more bytes left to read, even though before the iconvert ++ * call we had a positive number of bytes. This *will* lead to ++ * a message truncation which we try to avoid by simply ++ * returning the original input buffer (which has positive ++ * length) instead. */ ++ if(buff->t.leng == 0) ++ memcpy(buff, linebuff, sizeof(*buff)); ++ + /* + * iconvert, treating multi-byte sequences, can shrink or enlarge + * the output compared to its input. Correct count. + */ +- if (count > 0) +- count = buff->t.leng; ++ count = buff->t.leng; + } + #endif + +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7015) ++++ bogofilter/NEWS (revision 7016) +@@ -15,6 +15,13 @@ + + ------------------------------------------------------------------------------- + ++ 2014-07-10 ++ ++ * Take patch from Julius Plenz to fix a bug in the charset converter ++ that causes truncation of messages in pass-through mode in rare ++ circumstances, for instance, if binary data is misdeclared as ++ text/html. Also add his test case, t.passthrough-truncation. ++ + 2013-11-30 + + * Updated autoconf/automake stuff so that tests work properly with diff --git a/patch.r7023 b/patch.r7023 new file mode 100644 index 0000000..b02f5e8 --- /dev/null +++ b/patch.r7023 @@ -0,0 +1,83 @@ +Index: bogofilter/src/mime.c +=================================================================== +--- bogofilter/src/mime.c (revision 7022) ++++ bogofilter/src/mime.c (revision 7023) +@@ -279,6 +279,25 @@ + mime_push(parent); + } + ++static bool is_final_boundary( ++ const byte *ins, ++ size_t inlen, ++ size_t blen ++) ++{ ++ if (inlen >= 5 ++ && inlen >= blen + 2 ++ && ins[0] == '-' ++ && ins[1] == '-' ++ && ins[blen+2] == '-' ++ && ins[blen+3] == '-') ++ { ++ return true; ++ } ++ return false; ++} ++ ++ + /** + * Check if the line given in \a boundary is a boundary of one of the + * outer MIME containers and store the results in \a b. +@@ -301,28 +320,18 @@ + (buf[blen - 1] == '\r' || buf[blen - 1] == '\n')) + blen--; + +- /* skip initial -- */ +- buf += 2; +- blen -= 2; +- +- /* skip and note ending --, if any */ +- if (blen > 2 && buf[blen - 1] == '-' && buf[blen - 2] == '-') { +- b->is_final = true; +- blen -= 2; +- } else { +- b->is_final = false; +- } +- + /* search stack for matching boundary, in reverse order */ + for (ptr = mime_stack_bot; ptr != NULL; ptr = ptr->parent) + { + if (is_mime_container(ptr) + && ptr->boundary != NULL +- && ptr->boundary_len == blen +- && (memcmp(ptr->boundary, buf, blen) == 0)) ++ && (ptr->boundary_len + 2 == blen ++ || ptr->boundary_len + 4 == blen) ++ && (memcmp(ptr->boundary, buf + 2, ptr->boundary_len) == 0)) + { + b->depth = ptr->depth; + b->is_valid = true; ++ b->is_final = is_final_boundary(buf, blen, ptr->boundary_len); + break; + } + } +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7022) ++++ bogofilter/NEWS (revision 7023) +@@ -15,6 +15,15 @@ + + ------------------------------------------------------------------------------- + ++ 2015-02-25 ++ ++ * Fix the lexer to handle MIME multipart messages properly when the ++ boundary ended in "--". The parser would previously never find the ++ MIME parts because it mistook all boundaries ending in two dashes to ++ be the final boundary of the multipart, rather than checking if the ++ two dashes were extra. ++ Reported by Matt Garretson to the bogofilter mailing list today. ++ + 2014-07-10 + + * Take patch from Julius Plenz to fix a bug in the charset converter diff --git a/patch.r7030 b/patch.r7030 new file mode 100644 index 0000000..1465e8a --- /dev/null +++ b/patch.r7030 @@ -0,0 +1,48 @@ +Index: bogofilter/src/lexer.c +=================================================================== +--- bogofilter/src/lexer.c (revision 7029) ++++ bogofilter/src/lexer.c (revision 7030) +@@ -329,7 +329,7 @@ + count += cnt; + + /* Note: some malformed messages can cause xfgetsl() to report +- ** "Invalid buffer size, exiting." ** and then abort. This ++ ** "Invalid buffer size, exiting." and then abort. This + ** can happen when the parser is in html mode and there's a + ** leading '<' but no closing '>'. + ** +@@ -343,9 +343,12 @@ + + if (count >= MAX_TOKEN_LEN * 2 && + long_token(buff.t.u.text, (uint) count)) { +- uint start = buff.t.leng - count; +- uint length = count - max_token_len; +- buff_shift(&buff, start, length); ++ /* Make sure not to shift bytes outside the buffer */ ++ if (buff.t.leng >= (uint) count) { ++ uint start = buff.t.leng - count; ++ uint length = count - max_token_len; ++ buff_shift(&buff, start, length); ++ } + count = buff.t.leng; + } + else +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7029) ++++ bogofilter/NEWS (revision 7030) +@@ -15,6 +15,14 @@ + + ------------------------------------------------------------------------------- + ++ 2015-02-28 ++ ++ * Fix the lexer to not try to delete parts from HTML tokens if it is ++ reading garbage (for instance, binary files misdeclared as HTML). ++ This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64), ++ and is possibly related to its newer flex 2.5.37 that may have ++ changed the way it uses yyinput() a bit. Reported by Matt Garretson. ++ + 2015-02-25 + + * Fix the lexer to handle MIME multipart messages properly when the diff --git a/patch.r7032 b/patch.r7032 new file mode 100644 index 0000000..eaba3ad --- /dev/null +++ b/patch.r7032 @@ -0,0 +1,19 @@ +Index: bogofilter/src/maint.c +=================================================================== +--- bogofilter/src/maint.c (revision 7031) ++++ bogofilter/src/maint.c (revision 7032) +@@ -118,11 +118,11 @@ + bool discard; + + if (token->u.text[0] == '.') { /* keep .ENCODING, .MSG_COUNT, and .ROBX */ +- if (strcmp((const char *)token->u.text, MSG_COUNT) == 0) ++ if (0 == word_cmps(token, MSG_COUNT)) + return false; +- if (strcmp((const char *)token->u.text, ROBX_W) == 0) ++ if (0 == word_cmps(token, ROBX_W)) + return false; +- if (strcmp((const char *)token->u.text, WORDLIST_ENCODING) == 0) ++ if (0 == word_cmps(token, WORDLIST_ENCODING)) + return false; + } + diff --git a/patch.r7034 b/patch.r7034 new file mode 100644 index 0000000..790b901 --- /dev/null +++ b/patch.r7034 @@ -0,0 +1,16 @@ +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7033) ++++ bogofilter/NEWS (revision 7034) +@@ -15,6 +15,11 @@ + + ------------------------------------------------------------------------------- + ++ 2015-10-10 ++ ++ * Fix an out-of-bounds memory read in maint.c's discard_token(). ++ Found with clang 3.6's address sanitizer. ++ + 2015-02-28 + + * Fix the lexer to not try to delete parts from HTML tokens if it is diff --git a/patch.r7035 b/patch.r7035 new file mode 100644 index 0000000..6ef6f81 --- /dev/null +++ b/patch.r7035 @@ -0,0 +1,40 @@ +Index: bogofilter/src/wordlists.c +=================================================================== +--- bogofilter/src/wordlists.c (revision 7034) ++++ bogofilter/src/wordlists.c (revision 7035) +@@ -265,9 +265,6 @@ + xfree(i); + } + +- if (commit) +- word_lists = NULL; +- + return err; + } + +Index: bogofilter/src/wordlists_base.c +=================================================================== +--- bogofilter/src/wordlists_base.c (revision 7034) ++++ bogofilter/src/wordlists_base.c (revision 7035) +@@ -134,6 +134,8 @@ + list = free_wordlistnode(list); + } + ++ word_lists = NULL; ++ + bogohome_cleanup(); + } + +Index: bogofilter/NEWS +=================================================================== +--- bogofilter/NEWS (revision 7034) ++++ bogofilter/NEWS (revision 7035) +@@ -17,6 +17,8 @@ + + 2015-10-10 + ++ * Fix a memory leak in close_wordlists(). ++ + * Fix an out-of-bounds memory read in maint.c's discard_token(). + Found with clang 3.6's address sanitizer. + |