bogofilter-1.2.4 - new current release
David Relson
relson at osagesoftware.com
Tue Jul 2 05:39:57 CEST 2013
Bogofilter v1.2.4 is now available.
This release fixes a minor build issue with flex 2.5.36 and some
issues with command line options used without needed arguments.
########################################################################
Files are available at http://sourceforge.net/projects/bogofilter for
download.
Here are the md5sums for the release:
d0a5eebb3274b23ceabe766a6443a1c5 bogofilter-1.2.4.tar.bz2
94aee3ced558c2a354547083735f2ba7 bogofilter-1.2.4.tar.gz
########################################################################
Here's the cumulative change log since 1.2.0:
=================
BOGOFILTER NEWS
=================
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
This file is in Unicode charset, with UTF-8 encoding.
Sections headed '[Incompat <version>]' and '[Major <version>]'
are particularly important. They describe changes that are
incompatible with earlier releases or are significantly
different.
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
-------------------------------------------------------------------------------
1.2.4 2013-07-01 (released)
2013-06-28
* Fix three crashes in command line and environment variable
parsers that caused NULL pointer dereferences with long option
variants of bogofilter --syslog-tag, or bogoutil
--timestamp-date, or when bogotune -M<file> cannot derive the
bogofilter directory. Reported by Alexandre Rebert, found with
Mayhem tool.
* Add getopt_long_chk(), a getopt_long variant that checks if
the overlapping short and long options agree on whether their
argument is not required, mandatory, or optional. If they
disagree, the program aborts.
* Fix a crash in command line parser that causes a NULL pointer
dereference when --db-cachesize is used without argument.
Found with getopt_long_chk().
2013-01-20
* Change lexer API/ABI a bit so as to work with flex 2.5.36
generated lexers (for instance, on Fedora 18 "Spherical Cow")
that flip the type of yyleng from int to size_t. We use a
signed long internally.
2012-12-30
* The bogofilter project was updated to the new SourceForge.net
platform. This has caused the URLs to change. Use one of these
commands for a read-only checkout:
svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk
bogofilter svn checkout
http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
And developers would use, replacing joe by their sf.net login:
svn checkout --username=joe
svn+ssh://m-a@svn.code.sf.net/p/bogofilter/code/trunk
bogofilter
2012-12-03
* Add bogofilter-SA-2012-01 (CVE-2012-5468).
* Fix XML form of Bulgarian FAQ so that it validates;
and validate XHTML at build time.
* Mark Berkeley DB 5.2.42 and 5.3.21 supported.
1.2.3 2012-12-02 (released)
2012-10-24
* Update configure.ac to avoid autoconf 2.68 warnings, by
(a) quoting the first AC_RUN_IFELSE argument, an
AC_LANG_PROGRAM(), with [ ], and
(b) providing an explicit "true" assumption for Berkeley DB
capabilities to avoid cross-compilation warnings.
2012-10-22
* Security bugfix,
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
2011-01-02
* Added bogofilter-faq-bg.html, a Bulgarian translation of the
FAQ. (thanks to Albert Ward)
2010-10-29
* Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
1.2.2 2010-10-08 (released)
2010-07-05
* Use a better PRNG for random sleeps. That is arc4random()
where available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs, too.
2010-07-03
* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
Please see doc/bogofilter-SA-2010-01 for details.
2010-04-07
* Updated sendmail milter contrib/bogofilter-milter.pl to
v1.?????? (thanks to Jonathan Kamens)
2010-04-01
* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native
interface, and using that is more efficient than the added
SQL shim layer.
2010-03-06
* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.
2010-02-15
* Fix several compiler warnings "array subscript has type
'char'", by casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user
running bogofilter, or the input had already been
pre-validated by the token lexer.
2010-02-14
* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if
there are at least one ham message and one spam message
registered.
2009-08-13
* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)
2009-08-05
* Updated and integrated Ted Phelps's "Patch to
prevent .ENCODING from being discarded by bogoutil
-m" (SourceForge Patch #1743984). Thanks to Ted for debugging
the issue and providing the patch (which was for bogofilter
v1.1.5).
2009-09-15
* Promoted to "stable"
1.2.1 2009-08-01 (released)
2009-08-01
* Update configure to use "host" rather than "target", to match
the newer autotools cross-build semantics. Untested.
Developers changing the build system and users who build from
SVN will now need automake 1.9 and autoconf 2.60.
2009-07-31
* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad
Bug #320829. As a side effect, also fixes misattribution of
MIME bodies as MIME headers with mime: tag. Original bug
report:
https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
Before this fix, bogofilter did not properly MIME-decode the
first line in a body. This was especially bad with
Christian's samples where the whole body was only one long
base64 line.
2009-05-28
* Removed two scripts that are auto-built.
* Added test case for Stephen Davies' Q-P EOL problem (see
below).
2009-05-25
* Fixed EOL problem in quoted_printable text. Problem reported
by Stephen Davies and identified by Pavel Kankovsky.
2009-03-28
* Promoted to "stable"
1.2.0 2009-02-21 (released)
More information about the bogofilter-dev
mailing list