bogofilter-1.2.4 - new current release

David Relson relson at osagesoftware.com
Tue Jul 2 05:39:57 CEST 2013 

Bogofilter v1.2.4 is now available.

This release fixes a minor build issue with flex 2.5.36 and some
issues with command line options used without needed arguments.

########################################################################

Files are available at http://sourceforge.net/projects/bogofilter for
download.

Here are the md5sums for the release:

d0a5eebb3274b23ceabe766a6443a1c5  bogofilter-1.2.4.tar.bz2
94aee3ced558c2a354547083735f2ba7  bogofilter-1.2.4.tar.gz

########################################################################

Here's the cumulative change log since 1.2.0:

			       =================
				BOGOFILTER NEWS
			       =================

	!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!

	This file is in Unicode charset, with UTF-8 encoding.

	Sections headed '[Incompat <version>]' and '[Major <version>]'
	are particularly important.  They describe changes that are
	incompatible with earlier releases or are significantly
	different.

	!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!

-------------------------------------------------------------------------------

1.2.4	2013-07-01 (released)

	2013-06-28
	* Fix three crashes in command line and environment variable
	parsers that caused NULL pointer dereferences with long option
	variants of bogofilter --syslog-tag, or bogoutil
	--timestamp-date, or when bogotune -M<file> cannot derive the
	bogofilter directory. Reported by Alexandre Rebert, found with
	Mayhem tool.

	* Add getopt_long_chk(), a getopt_long variant that checks if
	  the overlapping short and long options agree on whether their
	  argument is not required, mandatory, or optional.  If they
	  disagree, the program aborts.

	* Fix a crash in command line parser that causes a NULL pointer
	  dereference when --db-cachesize is used without argument.
	  Found with getopt_long_chk().

	2013-01-20
	* Change lexer API/ABI a bit so as to work with flex 2.5.36
	generated lexers (for instance, on Fedora 18 "Spherical Cow")
	that flip the type of yyleng from int to size_t. We use a
	signed long internally.

	2012-12-30
	* The bogofilter project was updated to the new SourceForge.net
	  platform. This has caused the URLs to change. Use one of these
	  commands for a read-only checkout:
	  svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk
	bogofilter svn checkout
	http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter

	  And developers would use, replacing joe by their sf.net login:
	  svn checkout --username=joe
	  svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk
	  bogofilter

	2012-12-03
	* Add bogofilter-SA-2012-01 (CVE-2012-5468).
	* Fix XML form of Bulgarian FAQ so that it validates;
	  and validate XHTML at build time.
	* Mark Berkeley DB 5.2.42 and 5.3.21 supported.

1.2.3	2012-12-02 (released)

	2012-10-24
	* Update configure.ac to avoid autoconf 2.68 warnings, by 
	  (a) quoting the first AC_RUN_IFELSE argument, an
	      AC_LANG_PROGRAM(), with [ ], and
	  (b) providing an explicit "true" assumption for Berkeley DB
	      capabilities to avoid cross-compilation warnings.

	2012-10-22
	* Security bugfix,
	  Fix a heap corruption in base64 decoder on invalid input.
	  Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.

	2011-01-02
	* Added bogofilter-faq-bg.html, a Bulgarian translation of the
	FAQ. (thanks to Albert Ward)

	2010-10-29
	* Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.

1.2.2	2010-10-08 (released)

	2010-07-05
	* Use a better PRNG for random sleeps. That is arc4random()
	where available, and drand48() elsewhere.

	* Assorted fixes for issues found with clang analyzer:
	  + Fix a potential NULL deference
	  + Fix a potential division by zero
	  + Remove dead assignments and increments

	* Update Doxyfile and source contrib/bogogrep.c for docs, too.

	2010-07-03

	* Security bugfix, CVE-2010-2494:
	  Fix a heap corruption in base64 decoder on invalid input.
	  Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
	  Please see doc/bogofilter-SA-2010-01 for details.

	2010-04-07

	* Updated sendmail milter contrib/bogofilter-milter.pl to
	  v1.?????? (thanks to Jonathan Kamens)

	2010-04-01

	* Bump supported/minimum SQLite3 versions and warning threshold.
	  See doc/README.sqlite for details.

	* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.

	  Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
	  supported, it causes shifts in scores and write failures under
	  contention.  Bogofilter can use Berkeley DB 5.0's native
	  interface, and using that is more efficient than the added
	  SQL shim layer.

	2010-03-06

	* Make t.maint more robust; ignore .ENCODING token. To fix test
	  failures on, for instance, FreeBSD with unicode enabled.

	2010-02-15

	* Fix several compiler warnings "array subscript has type
	  'char'", by casting the arguments to unsigned char.
	     A security audit was conducted and showed that all affected
	  functions either received the relevant input from the user
	  running bogofilter, or the input had already been
	  pre-validated by the token lexer.

	2010-02-14

	* Split error messages for ENOENT and EINVAL into new function.
	* Avoid divison by zero in robx computation by checking if
	  there are at least one ham message and one spam message
	  registered.

	2009-08-13

	* contrib/spamitarium.pl updated to version 0.4.0
	  (thanks to Tom Anderson)

	2009-08-05

	* Updated and integrated Ted Phelps's "Patch to
	  prevent .ENCODING from being discarded by bogoutil
	  -m" (SourceForge Patch #1743984). Thanks to Ted for debugging
	  the issue and providing the patch (which was for bogofilter
	  v1.1.5).

	2009-09-15
	* Promoted to "stable"

1.2.1	2009-08-01 (released)

	2009-08-01
	* Update configure to use "host" rather than "target", to match
	the newer autotools cross-build semantics. Untested.
	  Developers changing the build system and users who build from
	SVN will now need automake 1.9 and autoconf 2.60.

	2009-07-31
	* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad
	Bug #320829. As a side effect, also fixes misattribution of
	MIME bodies as MIME headers with mime: tag.  Original bug
	report:
	https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829

	  Before this fix, bogofilter did not properly MIME-decode the
	  first line in a body. This was especially bad with
	  Christian's samples where the whole body was only one long
	  base64 line.

	2009-05-28
	* Removed two scripts that are auto-built.
	* Added test case for Stephen Davies' Q-P EOL problem (see
	below).

	2009-05-25
	* Fixed EOL problem in quoted_printable text. Problem reported
	by Stephen Davies and identified by Pavel Kankovsky.

	2009-03-28
	* Promoted to "stable"

1.2.0	2009-02-21 (released)

More information about the Bogofilter-announce mailing list