bogofilter-1.2.2 - new current release
David Relson
relson at osagesoftware.com
Fri Jul 9 03:34:12 CEST 2010
Bogofilter v1.2.2 is now available.
This release fixes a security fix and several minor bugs and cleanups.
A heap corruption caused by invalid base64 input has been fixed.
A better PRNG is now being used.
Support has been updated for Berkeley 4.8 and 5.0
Minimum supported version of SQLite3 has been bumped.
Miscellaneous clang and compiler warnings have been fixed.
########################################################################
Files are available at http://sourceforge.net/projects/bogofilter for
download.
Here are the md5sums for the release:
0d77f9bf9f73d0555cac751088de6d2e bogofilter-1.2.2-1.src.rpm
4bcabdf8c5e7efefcb508eda7e80eebc bogofilter-1.2.2.tar.bz2
39d27c13eae8a5064d68e20d585e60de bogofilter-1.2.2.tar.gz
91e1e120f7815c66735838f149d4020d bogofilter-db42-1.2.2-1.i586.rpm
2d8923111a5a2d08fb36c5827881d41c bogofilter-db42-static-1.2.2-1.i586.rpm
ef9a99b71e400b1ba5410222e5a9befb bogofilter-sqlite3-1.2.2-1.i586.rpm
79cb331dfa4e4400ef8fb22007a7626e bogofilter-sqlite3-static-1.2.2-1.i586.rpm
########################################################################
Here's the cumulative change log since 1.1.0:
=================
BOGOFILTER NEWS
=================
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
This file is in Unicode charset, with UTF-8 encoding.
Sections headed '[Incompat <version>]' and '[Major <version>]'
are particularly important. They describe changes that are
incompatible with earlier releases or are significantly
different.
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
-------------------------------------------------------------------------------
1.2.2 2010-10-08 (released)
2010-07-05
* Use a better PRNG for random sleeps. That is arc4random() where
available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs, too.
2010-07-03
* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz at cis.fu-berlin.de>.
Please see doc/bogofilter-SA-2010-01 for details.
2010-04-07
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.??????
(thanks to Jonathan Kamens)
2010-04-01
* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native interface,
and using that is more efficient than the added SQL shim layer.
2010-03-06
* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.
2010-02-15
* Fix several compiler warnings "array subscript has type 'char'", by
casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user running
bogofilter, or the input had already been pre-validated by the token
lexer.
2010-02-14
* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if there are at
least one ham message and one spam message registered.
2009-08-13
* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)
2009-08-05
* Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from
being discarded by bogoutil -m" (SourceForge Patch #1743984).
Thanks to Ted for debugging the issue and providing the patch (which
was for bogofilter v1.1.5).
2009-09-15
* Promoted to "stable"
1.2.1 2009-08-01 (released)
2009-08-01
* Update configure to use "host" rather than "target", to match the
newer autotools cross-build semantics. Untested.
Developers changing the build system and users who build from SVN
will now need automake 1.9 and autoconf 2.60.
2009-07-31
* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad Bug
#320829. As a side effect, also fixes misattribution of MIME bodies
as MIME headers with mime: tag. Original bug report:
https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
Before this fix, bogofilter did not properly MIME-decode the first
line in a body. This was especially bad with Christian's samples
where the whole body was only one long base64 line.
2009-05-28
* Removed two scripts that are auto-built.
* Added test case for Stephen Davies' Q-P EOL problem (see below).
2009-05-25
* Fixed EOL problem in quoted_printable text. Problem reported by
Stephen Davies and identified by Pavel Kankovsky.
2009-03-28
* Promoted to "stable"
1.2.0 2009-02-21 (released)
2009-02-20
* Flex-2.5.35 has fix for memory allocation problem in 2.5.4,
2.5.31, and 2.5.33, making bogofilter's flex patch obsolete.
2009-02-12
* Bogofilter now uses listsort in place of qsort.
2009-01-31
* Added token-count=n, token-count-min=n, and token-count-max=n options.
* Minor code cleanups.
2009-01-21
* spamitarium.pl updated to version 0.3.0
(thanks to Tom Anderson)
2009-01-11
* For compatibility with Sun's Sun Studio 12 compiler, provide
a name for the anonymous union in typedef word_t.
Patch provided by Jack Bailey.
2008-10-20
* update bf_compact documentation by removing explicit Berkeley DB
references, as it has been fixed to work with other database drivers
in March 2008.
2008-10-15
* bf_compact, bf_copy and bf_tar now support transformed program names
(fixes Debian Bug#501947).
* Update sqlite3 adaptor to take advantage of sqlite3_prepare_v2()
API function that appeared in SQLite 3.3.9. The new _v2 interface
allows for more specific error messages when executing SQL
statements. Also enable extended result codes for more precise error
reporting.
2008-07-21
* Update doc/integrating-with-postfix: the script now suggests sendmail
-G -i (where -G will be ignored by Postfix before 2.3) to tell
Postfix it's a gateway submission, not an original injection; the
filter pipe(8) magic for master.cf now suggests flags=Rq (was
flags=R), as per Postfix's FILTER_README.
2008-07-09
* Drop support for systems that reverse setvbuf arguments. The last
systems to do that are reported to be shipped in 1987 by the autoconf
manual, so ditch them.
2008-05-18
* Promoted to "stable"
1.1.7 2008-05-04 (released)
2008-04-30
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.45
(thanks to Jonathan Kamens)
2008-04-28
* Added maildir training info to English and French FAQs.
(thanks to Karl Schmidt and to Mouss)
2008-04-26
* Fix uninitialized variable in lexer.c when unicode is disabled.
Patch provided by Roman Trunov.
2008-04-20
* In process_arg functions use the val parameter rather than optarg.
Patch provided by Roman Trunov.
2008-04-18
* Function process_arg now has the same prototype for
bogofilter, bogolexer, bogoutil, and bogotune. The proper
version is called by function read_config_file for all
programs. Problem reported by Roman Trunov.
2008-04-17
* Update Doxyfile for doxygen v1.5.5
2008-04-16
* Fixed syntax errors in t.valgrind test
2008-03-21
* bf_compact now supports compacting databases that use QDBM, Tokyo
Cabinet or SQLite3 and is covered by the test suite.
2008-03-19
* bf_compact now verifies databases before dumping them, to avoid
getting into an unterminated loop and wasting all diskspace.
* Bogoupgrade now verifies databases before dumping them, to avoid
getting into an unterminated loop and burning all memory or disk
space when the database is corrupt.
This should fix Debian Bug#226643 and Debian Bug#226646.
* Bogoupgrade now uses Pod::Usage to print usage/help, prints error
messages that are a bit more concise and validates arguments a bit
stricter.
2008-02-08
* Bump required sqlite version to 3.5.4, earlier versions could
sometimes corrupt the database. Update install-staticdblibs.sh.
Bogofilter will complain when used with older versions.
2008-01-05
* bf_compact problem fixed. Reported by Thomas Novin.
1.1.6 2007-11-25 (released)
* Transaction support added for TokyoCabinet datastore.
(thanks to Pierre Habouzit)
* Bump required sqlite version to 3.4.2 and fix related compiler
warnings. Bogofilter will complain when used with older versions.
2007-11-22
* Support for TokyoCabinet datastore added.
(thanks to Pierre Habouzit)
2007-08-14
* doc/README.db was updated to BerkeleyDB 4.6
* doc/README.db: section 3.5 was added, with information on how to
resolve "Logging region out of memory; you may need to increase its
size", section 4.2 now documents set_lg_regionmax.
2007-07-23
* The upstream repository was migrated to SVN.
In order to check the code out, use this command (one line):
svn co https://bogofilter.svn.sourceforge.net/svnroot/bogofilter/trunk/bogofilter/ bogofilter
2007-07-22
* The install-staticdblibs.sh script was relicensed under GNU GPL v3,
adjusted to download Berkeley DB 4.2 from oracle.com, adds patch #5,
and updated to build SQLite 3.4.1. In order to for a rebuild of the
updated library, do: rm -rf /opt/db-4.2-lean /opt/sqlite-3-lean
and re-run the script.
* The recommended minimum sqlite3 version is now 3.4.0, bogofilter will
warn if used with older versions. Bugs that could cause database
corruption in rare circumstances have been fixed in sqlite3.
See doc/README.sqlite for details.
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.27
(thanks to Jonathan Kamens)
2007-02-25
* Add '--spam-header-place={header}' to specify header line
before which the X-Bogosity line is placed.
2007-02-14
* Support --db-verify for sqlite3.
* Fix defect where the database verification method would not be called
for traditional Berkeley DB databases. Reported by Eric Wood.
2007-01-28
* Fix test suite for situations where there are blanks in the test or
working directories' names.
* Repair passthrough defect on systems whose standard system library
makes a distinction between text and binary mode in stdio stuff.
1.1.5 2007-01-14 (released) 2007-01-25 (declared stable)
* Fixed Makefile dependency problem.
(reported by Andras Salamon)
This took several iterations to get right.
2007-01-11
* Fixed block-on-subnets problem.
(thanks to Jack Bailey)
2007-01-10
* Added block-on-subnets regression test.
1.1.4 2007-01-01 (released)
* Update copyright notices.
2006-12-08
* Add GSL dependency to bogofilter target to support parallel
makes.
(reported by Martin von Gagern)
2006-12-05
* Fixed problem in flex-2.5.4 patch.
(reported by Boris 'pi' Piwinger)
1.1.3 2006-12-03 (released) 2006-12-20 (declared stable)
* Fixed typo in configure.ac.
(reported by Boris 'pi' Piwinger and Torsten Veller)
1.1.2 2006-12-02 (released)
2006-12-01
* Revise install-staticlibs.sh's links for retrieving database
tarball and patches.
* Revise make rules for generating statically linked RPM.
2006-11-29
* Provide separate flex patches for 2.5.4 and 2.5.3x
2006-11-26
* Updated file comment for lexer_v3.l and removed unneeded
rules T1, T12, SHORT_TOKEN, and TOKEN_12.
* Miscellaneous minor cleanups of lexer_v3.l classes and rules.
* Patch flex skeleton code problem which can cause a seg-fault.
(reported by Michael Gerdau)
2006-11-21
* Fix processing of "--unicode=no" option.
2006-11-18
* Fix prefixes for ip address and url tokens. Restore colon
that was dropped in token.c edit for bogofilter-1.1.0.
2006-11-04
* Fixed problem parsing message ids, which can cause a
seg-fault on an x86_64.
(reported by Torsten Veller)
2006-10-03
* Added '--ham-true' option for bogofilter (to match docs)
2006-08-26
* FAQ's updated to point to current sylpheed-claws wiki
(thanks to Paul Mangan)
1.1.1 2006-08-23 (released) 2006-09-01 (declared stable)
2006-08-22
* Added bogofilter-faq-it.html, an Italian translation of the
FAQ (thanks to Marco Bozzolan).
2006-08-10
* Fixed minor header/body multi-word token defect.
1.1.0 2006-08-09 (released)
More information about the Bogofilter
mailing list