bogofilter-1.2.3 - new current release
David Relson
relson at osagesoftware.com
Sun Dec 2 22:30:22 CET 2012
Bogofilter v1.2.3 is now available.
This release fixes a security issue and several minor code cleanups.
A heap corruption caused by invalid base64 input has been fixed.
########################################################################
Files are available at http://sourceforge.net/projects/bogofilter for
download.
Here are the md5sums for the release:
c3ed7f483b83abcbf6d8c797084bd06e bogofilter-1.2.3.tar.bz2
aec710e967a7378f57267db70fe3217b bogofilter-1.2.3.tar.gz
535a47618559f5882e860062b69c8564 NEWS-1.2.3
########################################################################
Here's the cumulative change log since 1.1.0:
=================
BOGOFILTER NEWS
=================
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
This file is in Unicode charset, with UTF-8 encoding.
Sections headed '[Incompat <version>]' and '[Major <version>]'
are particularly important. They describe changes that are
incompatible with earlier releases or are significantly
different.
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
-------------------------------------------------------------------------------
1.2.3 2012-12-02 (released)
2012-10-24
* Update configure.ac to avoid autoconf 2.68 warnings, by
(a) quoting the first AC_RUN_IFELSE argument, an
AC_LANG_PROGRAM(), with [ ], and
(b) providing an explicit "true" assumption for Berkeley DB
capabilities to avoid cross-compilation warnings.
2012-10-22
* Security bugfix,
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
2011-01-02
* Added bogofilter-faq-bg.html, a Bulgarian translation of the
FAQ. (thanks to Albert Ward)
2010-10-29
* Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
1.2.2 2010-10-08 (released)
2010-07-05
* Use a better PRNG for random sleeps. That is arc4random()
where available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs, too.
2010-07-03
* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
Please see doc/bogofilter-SA-2010-01 for details.
2010-04-07
* Updated sendmail milter contrib/bogofilter-milter.pl to
v1.?????? (thanks to Jonathan Kamens)
2010-04-01
* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native
interface, and using that is more efficient than the added
SQL shim layer.
2010-03-06
* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.
2010-02-15
* Fix several compiler warnings "array subscript has type
'char'", by casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user
running bogofilter, or the input had already been
pre-validated by the token lexer.
2010-02-14
* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if
there are at least one ham message and one spam message
registered.
2009-08-13
* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)
2009-08-05
* Updated and integrated Ted Phelps's "Patch to
prevent .ENCODING from being discarded by bogoutil
-m" (SourceForge Patch #1743984). Thanks to Ted for debugging
the issue and providing the patch (which was for bogofilter
v1.1.5).
2009-09-15
* Promoted to "stable"
1.2.1 2009-08-01 (released)
2009-08-01
* Update configure to use "host" rather than "target", to match
the newer autotools cross-build semantics. Untested.
Developers changing the build system and users who build from
SVN will now need automake 1.9 and autoconf 2.60.
2009-07-31
* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad
Bug #320829. As a side effect, also fixes misattribution of
MIME bodies as MIME headers with mime: tag. Original bug
report:
https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
Before this fix, bogofilter did not properly MIME-decode the
first line in a body. This was especially bad with
Christian's samples where the whole body was only one long
base64 line.
2009-05-28
* Removed two scripts that are auto-built.
* Added test case for Stephen Davies' Q-P EOL problem (see
below).
2009-05-25
* Fixed EOL problem in quoted_printable text. Problem reported
by Stephen Davies and identified by Pavel Kankovsky.
2009-03-28
* Promoted to "stable"
1.2.0 2009-02-21 (released)
2009-02-20
* Flex-2.5.35 has fix for memory allocation problem in 2.5.4,
2.5.31, and 2.5.33, making bogofilter's flex patch obsolete.
2009-02-12
* Bogofilter now uses listsort in place of qsort.
2009-01-31
* Added token-count=n, token-count-min=n, and token-count-max=n
options.
* Minor code cleanups.
2009-01-21
* spamitarium.pl updated to version 0.3.0
(thanks to Tom Anderson)
2009-01-11
* For compatibility with Sun's Sun Studio 12 compiler, provide
a name for the anonymous union in typedef word_t.
Patch provided by Jack Bailey.
2008-10-20
* update bf_compact documentation by removing explicit Berkeley
DB references, as it has been fixed to work with other
database drivers in March 2008.
2008-10-15
* bf_compact, bf_copy and bf_tar now support transformed
program names (fixes Debian Bug#501947).
* Update sqlite3 adaptor to take advantage of
sqlite3_prepare_v2() API function that appeared in SQLite
3.3.9. The new _v2 interface allows for more specific error
messages when executing SQL statements. Also enable extended
result codes for more precise error reporting.
2008-07-21
* Update doc/integrating-with-postfix: the script now suggests
sendmail -G -i (where -G will be ignored by Postfix before
2.3) to tell Postfix it's a gateway submission, not an
original injection; the filter pipe(8) magic for master.cf
now suggests flags=Rq (was flags=R), as per Postfix's
FILTER_README.
2008-07-09
* Drop support for systems that reverse setvbuf arguments. The
last systems to do that are reported to be shipped in 1987 by
the autoconf manual, so ditch them.
2008-05-18
* Promoted to "stable"
1.1.7 2008-05-04 (released)
2008-04-30
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.45
(thanks to Jonathan Kamens)
2008-04-28
* Added maildir training info to English and French FAQs.
(thanks to Karl Schmidt and to Mouss)
2008-04-26
* Fix uninitialized variable in lexer.c when unicode is
disabled. Patch provided by Roman Trunov.
2008-04-20
* In process_arg functions use the val parameter rather than
optarg. Patch provided by Roman Trunov.
2008-04-18
* Function process_arg now has the same prototype for
bogofilter, bogolexer, bogoutil, and bogotune. The proper
version is called by function read_config_file for all
programs. Problem reported by Roman Trunov.
2008-04-17
* Update Doxyfile for doxygen v1.5.5
2008-04-16
* Fixed syntax errors in t.valgrind test
2008-03-21
* bf_compact now supports compacting databases that use QDBM,
Tokyo Cabinet or SQLite3 and is covered by the test suite.
2008-03-19
* bf_compact now verifies databases before dumping them, to
avoid getting into an unterminated loop and wasting all
diskspace.
* Bogoupgrade now verifies databases before dumping them, to
avoid getting into an unterminated loop and burning all
memory or disk space when the database is corrupt.
This should fix Debian Bug#226643 and Debian Bug#226646.
* Bogoupgrade now uses Pod::Usage to print usage/help, prints
error messages that are a bit more concise and validates
arguments a bit stricter.
2008-02-08
* Bump required sqlite version to 3.5.4, earlier versions could
sometimes corrupt the database. Update
install-staticdblibs.sh. Bogofilter will complain when used
with older versions.
2008-01-05
* bf_compact problem fixed. Reported by Thomas Novin.
1.1.6 2007-11-25 (released)
* Transaction support added for TokyoCabinet datastore.
(thanks to Pierre Habouzit)
* Bump required sqlite version to 3.4.2 and fix related compiler
warnings. Bogofilter will complain when used with older
versions.
2007-11-22
* Support for TokyoCabinet datastore added.
(thanks to Pierre Habouzit)
2007-08-14
* doc/README.db was updated to BerkeleyDB 4.6
* doc/README.db: section 3.5 was added, with information on how
to resolve "Logging region out of memory; you may need to
increase its size", section 4.2 now documents
set_lg_regionmax.
2007-07-23
* The upstream repository was migrated to SVN.
In order to check the code out, use this command (one line):
svn co
https://bogofilter.svn.sourceforge.net/svnroot/bogofilter/trunk/bogofilter/
bogofilter
2007-07-22
* The install-staticdblibs.sh script was relicensed under GNU
GPL v3, adjusted to download Berkeley DB 4.2 from oracle.com,
adds patch #5, and updated to build SQLite 3.4.1. In order to
for a rebuild of the updated library, do: rm
-rf /opt/db-4.2-lean /opt/sqlite-3-lean and re-run the script.
* The recommended minimum sqlite3 version is now 3.4.0,
bogofilter will warn if used with older versions. Bugs that
could cause database corruption in rare circumstances have
been fixed in sqlite3. See doc/README.sqlite for details.
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.27
(thanks to Jonathan Kamens)
2007-02-25
* Add '--spam-header-place={header}' to specify header line
before which the X-Bogosity line is placed.
2007-02-14
* Support --db-verify for sqlite3.
* Fix defect where the database verification method would not
be called for traditional Berkeley DB databases. Reported by
Eric Wood.
2007-01-28
* Fix test suite for situations where there are blanks in the
test or working directories' names.
* Repair passthrough defect on systems whose standard system
library makes a distinction between text and binary mode in
stdio stuff.
1.1.5 2007-01-14 (released) 2007-01-25 (declared stable)
* Fixed Makefile dependency problem.
(reported by Andras Salamon)
This took several iterations to get right.
2007-01-11
* Fixed block-on-subnets problem.
(thanks to Jack Bailey)
2007-01-10
* Added block-on-subnets regression test.
1.1.4 2007-01-01 (released)
* Update copyright notices.
2006-12-08
* Add GSL dependency to bogofilter target to support parallel
makes.
(reported by Martin von Gagern)
2006-12-05
* Fixed problem in flex-2.5.4 patch.
(reported by Boris 'pi' Piwinger)
1.1.3 2006-12-03 (released) 2006-12-20 (declared stable)
* Fixed typo in configure.ac.
(reported by Boris 'pi' Piwinger and Torsten Veller)
1.1.2 2006-12-02 (released)
2006-12-01
* Revise install-staticlibs.sh's links for retrieving database
tarball and patches.
* Revise make rules for generating statically linked RPM.
2006-11-29
* Provide separate flex patches for 2.5.4 and 2.5.3x
2006-11-26
* Updated file comment for lexer_v3.l and removed unneeded
rules T1, T12, SHORT_TOKEN, and TOKEN_12.
* Miscellaneous minor cleanups of lexer_v3.l classes and rules.
* Patch flex skeleton code problem which can cause a seg-fault.
(reported by Michael Gerdau)
2006-11-21
* Fix processing of "--unicode=no" option.
2006-11-18
* Fix prefixes for ip address and url tokens. Restore colon
that was dropped in token.c edit for bogofilter-1.1.0.
2006-11-04
* Fixed problem parsing message ids, which can cause a
seg-fault on an x86_64.
(reported by Torsten Veller)
2006-10-03
* Added '--ham-true' option for bogofilter (to match docs)
2006-08-26
* FAQ's updated to point to current sylpheed-claws wiki
(thanks to Paul Mangan)
1.1.1 2006-08-23 (released) 2006-09-01 (declared stable)
2006-08-22
* Added bogofilter-faq-it.html, an Italian translation of the
FAQ (thanks to Marco Bozzolan).
2006-08-10
* Fixed minor header/body multi-word token defect.
1.1.0 2006-08-09 (released)
_______________________________________________
Bogofilter-announce mailing list
Bogofilter-announce at bogofilter.org
http://www.bogofilter.org/mailman/listinfo/bogofilter-announce
More information about the bogofilter-dev
mailing list