=================
BOGOFILTER NEWS
=================
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
This file is in Unicode charset, with UTF-8 encoding.
Sections headed '[Incompat <version>]' and '[Major <version>]'
are particularly important. They describe changes that are
incompatible with earlier releases or are significantly
different.
!!!!!!!! READ THE RELEASE.NOTES !!!!!!!!
-------------------------------------------------------------------------------
1.2.5 2019-10-11
* Release bogofilter 1.2.5.
1.2.5.RC1
2019-09-08
* Release candidate #1 for bogofilter 1.2.5.
* Add a file "OBITUARY" to inform the bogofilter community
that and how David M. Relson has passed away in 2013.
* Matthias Andree has been maintainer since.
2019-08-04
* Const-ness fix initiated for KyotoCabinet driver (fixing a const
qualifier warning there) also improves performance in some
"full-database" operations for LMDB and SQLite3, through reduced
memory allocation and copy operations.
2019-06-21
* Plugged more memory leaks (one-shot leaks in bogoutil/bogotune).
* RPMs or scripts for static library builds have been removed.
Bogofilter no longer supports systems that are too far out of date.
This removes .spec files from the package (for now, it is still
built during ./configure), disables "make rpm", and drops the
install-staticdblibs.sh script, and removes "--enable-static"
support from ./configure.
2019-05-19
* Bogofilter's source code repository has been converted to Git,
and is hosted on GitLab and mirrored onto SourceForge.net.
In contrast to Subversion (SVN), the prior system, Git is
a distributed open-source version control system and has
gained a lot of ground over the past years, and is solid and
scales well.
2018-07-19
* Support for using LMDB (Lightning Memory-Mapped Database Manager)
as the database back-end. Suggested, courteously implemented and
contributed by Steffen Nurpmeso, steffen .at. sdaoden.eu.
2018-07-17
* The Berkeley DB backend driver forgoes DB_NOSYNC in transactional
mode, so as to synchronize changes from the logs back into the .db
files to keep them up to date and make environments more robust
against a loss of log.* files, for instance, when moving databases.
2017-09-18
* The contrib/spamitarium.pl, originally written by Thomas 'Tom'
Anderson, was enhanced by Jonathan Kamens and grew a few features.
Run perldoc contrib/spamitarium.pl, or spamitarium.pl -h, to read
its manual.
2016-01-26
* Apply patch from Denny Lin, with one fix, to add support for the
KyotoCabinet embedded database library. To enable, install
KyotoCabinet including the development files, and run
configure --with-database=kyotocabinet when building bogofilter.
Thanks!
* Apply patch from Denny Lin to plug a few memory leaks in bogofilter's
TokyoCabinet implementation, contributed through the bogofilter-dev
mailing list. Thanks!
2015-10-10
* Fix build with C89 compilers.
* Fix several memory leaks.
* Fix an out-of-bounds memory read in maint.c's discard_token().
Found with clang 3.6's address sanitizer.
2015-02-28
* Fix the lexer to not try to delete parts from HTML tokens if it is
reading garbage (for instance, binary files misdeclared as HTML).
This was exposed on Fedora 20 and 21 but not Ubuntu 14.04 (x86_64),
and is possibly related to its newer flex 2.5.37 that may have
changed the way it uses yyinput() a bit. Reported by Matt Garretson.
2015-02-25
* Fix the lexer to handle MIME multipart messages properly when the
boundary ended in "--". The parser would previously never find the
MIME parts because it mistook all boundaries ending in two dashes to
be the final boundary of the multipart, rather than checking if the
two dashes were extra. Add a test case, t.lexer.boundary--.
Reported by Matt Garretson to the bogofilter mailing list today.
2014-07-10
* Take patch from Julius Plenz to fix a bug in the charset converter
that causes truncation of messages in pass-through mode in rare
circumstances, for instance, if binary data is misdeclared as
text/html. Also add his test case, t.passthrough-truncation.
2013-11-30
* Updated autoconf/automake stuff so that tests work properly with
automake versions that default to running parallel-tests.
2013-07-06
* Relicensed all security announcements under a dual-license, at the
user's option, to ease distribution without repackaging:
- Creative Commons Attribution-NoDerivs 3.0 Germany License
(CC BY-ND 3.0)
- GNU General Public License v3 or newer (GPL v3+).
1.2.4 2013-07-01 (released)
2013-06-28
* Fix three crashes in command line and environment variable parsers
that caused NULL pointer dereferences with long option variants
of bogofilter --syslog-tag, or bogoutil --timestamp-date, or when
bogotune -M<file> cannot derive the bogofilter directory.
Reported by Alexandre Rebert, found with Mayhem tool.
* Add getopt_long_chk(), a getopt_long variant that checks if the
overlapping short and long options agree on whether their argument
is not required, mandatory, or optional. If they disagree, the
program aborts.
* Fix a crash in command line parser that causes a NULL pointer
dereference when --db-cachesize is used without argument.
Found with getopt_long_chk().
2013-01-20
* Change lexer API/ABI a bit so as to work with flex 2.5.36 generated
lexers (for instance, on Fedora 18 "Spherical Cow") that flip the
type of yyleng from int to size_t. We use a signed long internally.
2012-12-30
* The bogofilter project was updated to the new SourceForge.net
platform. This has caused the URLs to change. Use one of these
commands for a read-only checkout:
svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
And developers would use, replacing joe by their sf.net login:
svn checkout --username=joe \
svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter
2012-12-03
* Add bogofilter-SA-2012-01 (CVE-2012-5468).
* Fix XML form of Bulgarian FAQ so that it validates;
and validate XHTML at build time.
* Mark Berkeley DB 5.2.42 and 5.3.21 supported.
1.2.3 2012-12-02 (released)
2012-10-24
* Update configure.ac to avoid autoconf 2.68 warnings, by
(a) quoting the first AC_RUN_IFELSE argument, an
AC_LANG_PROGRAM(), with [ ], and
(b) providing an explicit "true" assumption for Berkeley DB
capabilities to avoid cross-compilation warnings.
2012-10-22
* Security bugfix for CVE-2012-5468 (bogofilter-SA-2012-01):
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz@cis.fu-berlin.de>.
2011-01-02
* Added bogofilter-faq-bg.html, a Bulgarian translation of the FAQ.
(thanks to Albert Ward)
2010-10-29
* Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported.
1.2.2 2010-07-08 (released)
2010-07-05
* Use a better PRNG for random sleeps. That is arc4random() where
available, and drand48() elsewhere.
* Assorted fixes for issues found with clang analyzer:
+ Fix a potential NULL deference
+ Fix a potential division by zero
+ Remove dead assignments and increments
* Update Doxyfile and source contrib/bogogrep.c for docs, too.
2010-07-03
* Security bugfix, CVE-2010-2494:
Fix a heap corruption in base64 decoder on invalid input.
Analysis and patch by Julius Plenz <plenz@cis.fu-berlin.de>.
Please see doc/bogofilter-SA-2010-01 for details.
2010-04-07
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.??????
(thanks to Jonathan Kamens)
2010-04-01
* Bump supported/minimum SQLite3 versions and warning threshold.
See doc/README.sqlite for details.
* Mark BerkeleyDB 4.8.26 and 5.0.21 supported.
Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT
supported, it causes shifts in scores and write failures under
contention. Bogofilter can use Berkeley DB 5.0's native interface,
and using that is more efficient than the added SQL shim layer.
2010-03-06
* Make t.maint more robust; ignore .ENCODING token. To fix test
failures on, for instance, FreeBSD with unicode enabled.
2010-02-15
* Fix several compiler warnings "array subscript has type 'char'", by
casting the arguments to unsigned char.
A security audit was conducted and showed that all affected
functions either received the relevant input from the user running
bogofilter, or the input had already been pre-validated by the token
lexer.
2010-02-14
* Split error messages for ENOENT and EINVAL into new function.
* Avoid divison by zero in robx computation by checking if there are at
least one ham message and one spam message registered.
2009-08-13
* contrib/spamitarium.pl updated to version 0.4.0
(thanks to Tom Anderson)
2009-08-05
* Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from
being discarded by bogoutil -m" (SourceForge Patch #1743984).
Thanks to Ted for debugging the issue and providing the patch (which
was for bogofilter v1.1.5).
2009-09-15
* Promoted to "stable"
1.2.1 2009-08-01 (released)
2009-08-01
* Update configure to use "host" rather than "target", to match the
newer autotools cross-build semantics. Untested.
Developers changing the build system and users who build from SVN
will now need automake 1.9 and autoconf 2.60.
2009-07-31
* Fix Christian Frommeyer's MIME decoding bug, Ubuntu/Launchpad Bug
#320829. As a side effect, also fixes misattribution of MIME bodies
as MIME headers with mime: tag. Original bug report:
https://bugs.launchpad.net/ubuntu/+source/bogofilter/+bug/320829
Before this fix, bogofilter did not properly MIME-decode the first
line in a body. This was especially bad with Christian's samples
where the whole body was only one long base64 line.
2009-05-28
* Removed two scripts that are auto-built.
* Added test case for Stephen Davies' Q-P EOL problem (see below).
2009-05-25
* Fixed EOL problem in quoted_printable text. Problem reported by
Stephen Davies and identified by Pavel Kankovsky.
2009-03-28
* Promoted to "stable"
1.2.0 2009-02-21 (released) 2009-03-28 (declared stable)
2009-02-20
* Flex-2.5.35 has fix for memory allocation problem in 2.5.4,
2.5.31, and 2.5.33, making bogofilter's flex patch obsolete.
2009-02-12
* Bogofilter now uses listsort in place of qsort.
2009-01-31
* Added token-count=n, token-count-min=n, and token-count-max=n options.
* Minor code cleanups.
2009-01-21
* spamitarium.pl updated to version 0.3.0
(thanks to Tom Anderson)
2009-01-11
* For compatibility with Sun's Sun Studio 12 compiler, provide
a name for the anonymous union in typedef word_t.
Patch provided by Jack Bailey.
2008-10-20
* update bf_compact documentation by removing explicit Berkeley DB
references, as it has been fixed to work with other database drivers
in March 2008.
2008-10-15
* bf_compact, bf_copy and bf_tar now support transformed program names
(fixes Debian Bug#501947).
* Update sqlite3 adaptor to take advantage of sqlite3_prepare_v2()
API function that appeared in SQLite 3.3.9. The new _v2 interface
allows for more specific error messages when executing SQL
statements. Also enable extended result codes for more precise error
reporting.
2008-07-21
* Update doc/integrating-with-postfix: the script now suggests sendmail
-G -i (where -G will be ignored by Postfix before 2.3) to tell
Postfix it's a gateway submission, not an original injection; the
filter pipe(8) magic for master.cf now suggests flags=Rq (was
flags=R), as per Postfix's FILTER_README.
2008-07-09
* Drop support for systems that reverse setvbuf arguments. The last
systems to do that are reported to be shipped in 1987 by the autoconf
manual, so ditch them.
1.1.7 2008-05-04 (released) 2008-05-18 (declared stable)
2008-04-30
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.45
(thanks to Jonathan Kamens)
2008-04-28
* Added maildir training info to English and French FAQs.
(thanks to Karl Schmidt and to Mouss)
2008-04-26
* Fix uninitialized variable in lexer.c when unicode is disabled.
Patch provided by Roman Trunov.
2008-04-20
* In process_arg functions use the val parameter rather than optarg.
Patch provided by Roman Trunov.
2008-04-18
* Function process_arg now has the same prototype for
bogofilter, bogolexer, bogoutil, and bogotune. The proper
version is called by function read_config_file for all
programs. Problem reported by Roman Trunov.
2008-04-17
* Update Doxyfile for doxygen v1.5.5
2008-04-16
* Fixed syntax errors in t.valgrind test
2008-03-21
* bf_compact now supports compacting databases that use QDBM, Tokyo
Cabinet or SQLite3 and is covered by the test suite.
2008-03-19
* bf_compact now verifies databases before dumping them, to avoid
getting into an unterminated loop and wasting all diskspace.
* Bogoupgrade now verifies databases before dumping them, to avoid
getting into an unterminated loop and burning all memory or disk
space when the database is corrupt.
This should fix Debian Bug#226643 and Debian Bug#226646.
* Bogoupgrade now uses Pod::Usage to print usage/help, prints error
messages that are a bit more concise and validates arguments a bit
stricter.
2008-02-08
* Bump required sqlite version to 3.5.4, earlier versions could
sometimes corrupt the database. Update install-staticdblibs.sh.
Bogofilter will complain when used with older versions.
2008-01-05
* bf_compact problem fixed. Reported by Thomas Novin.
1.1.6 2007-11-25 (released)
* Transaction support added for TokyoCabinet datastore.
(thanks to Pierre Habouzit)
* Bump required sqlite version to 3.4.2 and fix related compiler
warnings. Bogofilter will complain when used with older versions.
2007-11-22
* Support for TokyoCabinet datastore added.
(thanks to Pierre Habouzit)
2007-08-14
* doc/README.db was updated to BerkeleyDB 4.6
* doc/README.db: section 3.5 was added, with information on how to
resolve "Logging region out of memory; you may need to increase its
size", section 4.2 now documents set_lg_regionmax.
2007-07-23
* The upstream repository was migrated to SVN.
In order to check the code out, use this command (one line):
(OBSOLETE) svn co https://bogofilter.svn.sourceforge.net/svnroot/bogofilter/trunk/bogofilter/ bogofilter
(see entry for 2012-12-30 for updated URL)
2007-07-22
* The install-staticdblibs.sh script was relicensed under GNU GPL v3,
adjusted to download Berkeley DB 4.2 from oracle.com, adds patch #5,
and updated to build SQLite 3.4.1. In order to for a rebuild of the
updated library, do: rm -rf /opt/db-4.2-lean /opt/sqlite-3-lean
and re-run the script.
* The recommended minimum sqlite3 version is now 3.4.0, bogofilter will
warn if used with older versions. Bugs that could cause database
corruption in rare circumstances have been fixed in sqlite3.
See doc/README.sqlite for details.
* Updated sendmail milter contrib/bogofilter-milter.pl to v1.27
(thanks to Jonathan Kamens)
2007-02-25
* Add '--spam-header-place={header}' to specify header line
before which the X-Bogosity line is placed.
2007-02-14
* Support --db-verify for sqlite3.
* Fix defect where the database verification method would not be called
for traditional Berkeley DB databases. Reported by Eric Wood.
2007-01-28
* Fix test suite for situations where there are blanks in the test or
working directories' names.
* Repair passthrough defect on systems whose standard system library
makes a distinction between text and binary mode in stdio stuff.
1.1.5 2007-01-14 (released) 2007-01-25 (declared stable)
* Fixed Makefile dependency problem.
(reported by Andras Salamon)
This took several iterations to get right.
2007-01-11
* Fixed block-on-subnets problem.
(thanks to Jack Bailey)
2007-01-10
* Added block-on-subnets regression test.
1.1.4 2007-01-01 (released)
* Update copyright notices.
2006-12-08
* Add GSL dependency to bogofilter target to support parallel
makes.
(reported by Martin von Gagern)
2006-12-05
* Fixed problem in flex-2.5.4 patch.
(reported by Boris 'pi' Piwinger)
1.1.3 2006-12-03 (released) 2006-12-20 (declared stable)
* Fixed typo in configure.ac.
(reported by Boris 'pi' Piwinger and Torsten Veller)
1.1.2 2006-12-02 (released)
2006-12-01
* Revise install-staticlibs.sh's links for retrieving database
tarball and patches.
* Revise make rules for generating statically linked RPM.
2006-11-29
* Provide separate flex patches for 2.5.4 and 2.5.3x
2006-11-26
* Updated file comment for lexer_v3.l and removed unneeded
rules T1, T12, SHORT_TOKEN, and TOKEN_12.
* Miscellaneous minor cleanups of lexer_v3.l classes and rules.
* Patch flex skeleton code problem which can cause a seg-fault.
(reported by Michael Gerdau)
2006-11-21
* Fix processing of "--unicode=no" option.
2006-11-18
* Fix prefixes for ip address and url tokens. Restore colon
that was dropped in token.c edit for bogofilter-1.1.0.
2006-11-04
* Fixed problem parsing message ids, which can cause a
seg-fault on an x86_64.
(reported by Torsten Veller)
2006-10-03
* Added '--ham-true' option for bogofilter (to match docs)
2006-08-26
* FAQ's updated to point to current sylpheed-claws wiki
(thanks to Paul Mangan)
1.1.1 2006-08-23 (released) 2006-09-01 (declared stable)
2006-08-22
* Added bogofilter-faq-it.html, an Italian translation of the
FAQ (thanks to Marco Bozzolan).
2006-08-10
* Fixed minor header/body multi-word token defect.
1.1.0 2006-08-09 (released)
* Revised FAQ's mailbox conversion example.
2006-07-26
* 1.0.3 Promoted to "Stable" status
2006-07-24
* Forward port GNU make compatibility fix for doc/Makefile* from
1.0 branch.
2006-07-08
* Add large file support for 32-bit systems.
(_FILE_OFFSET_BITS/_LARGE_FILE).
* Fix lexer_v3.l format string mismatch that broke debugging code on
64-bit systems.
2006-07-04
* Add multi-word token support to bogoutil & bogotune.
2006-07-03
* Clean up token prefixing.
* Clean up queue-id processing.
* Add max-multi-token-len checks.
* Revised function names. get_token() uses parse_new_token(),
add_token_to_array(), build_token_from_array(), and
build_prefixed_token().
2006-07-02
* Add min-token-len check (with exemption for 2 character
money amounts which bogofilter has long accepted).
* Add "short token" pattern to lexer
2006-07-01
* Refactor get_token. Function get_single_token is the original
get_token function. Function get_multi_token calls
get_single_token when another token must be parsed, else it
constructs multi-part tokens using w_token_array (an array
of word_t structs).
2006-06-20
* Add options for min/max token length, multi-token count, and
max multi-token length.
* Modify get_token() to return multi-word tokens.
1.0.3 2006-07-10 (released) 2006-07-26 (declared stable)
* Released 1.0.3 to provide the bogotune bugfixes to a wider
audience.
2006-07-09
* Work around GNU make 3.81 incompatibility in doc/Makefile*
(it does not work properly with "}\" at the line ends, but
wants "} \" instead).
2006-06-02
* "make rpm" changes:
- document use with gpg-agent (see Makefile.am)
- build static RPMs (these won't fail) before shared RPMs
2006-05-29
* #include cleanups in common.h, system.h and C files.
2006-04-28
* Updated copyright dates.
2006-04-13
* Included additional config file options in bogofilter's
--help message.
2006-03-27
* Corrected option parsing in bogotune to support -n ham1 ham2
-s spam1 spam2 as suggested by bogotune -h; broken since 0.93.2.
2006-03-26
* Corrected problem with bogotune's -D option (thanks to Jason Smith).
* Corrected man page description of bogotune's -n and -s options.
2006-03-17
* Fixed bf_compact's test for transactional environment.
2006-03-12
* 1.0.2 Promoted to "Stable" status
1.0.2 2006-03-03 (released)
2006-02-19
* Added vm-bogofilter.el for using bogofilter with VM, an
Emacs mail tool (thanks to Björn Knutsson).
* Added FAQ question "How do I use bogofilter with VM (an
Emacs mail tool)?" (thanks to Pimpon).
2006-02-14
* SleepyCat has been acquired by Oracle, who are now providing
Berkeley DB. Since most of the references are to actual
strings in the programs or addresses that remain unchanged,
this will only gradually show in the bogofilter sources and
documentation.
2006-02-06
* Flush output after writing spam header line and/or message body.
* When database is near to maximum allowed size, allow reading
it and disallow writing to it.
2006-01-30
* Fix formatting of Rtable output when in the message header,
this keeps verbose passthrough modes RFC-822/2822 compliant.
2006-01-29
* The configure script, when checking Berkeley DB capabilities,
now checks for logging and transactional subsystems rather
than the locking subsystem that was abandoned before 1.0.0.
This appears a suitable workaround for configure lockups on
OpenBSD 3.7 macppc with db 4.2 or 4.3.
2006-01-28
* Only print Berkeley DB file size message once per run.
2006-01-21
* 1.0.1 Promoted to "Stable" status
2006-01-02
* Fixed --input-file and --output-file command line options.
2006-01-01
* Added CVE-2005 identifiers for defects described in
doc/bogofilter-SA-2005-01
1.0.1 2006-01-01 (released)
* New names for binary rpms:
bogofilter-db42 - requires shared library for DB-4.2.52
bogofilter-db42-static - statically linked with DB-4.2.52
bogofilter-sqlite3 - requires shared library for SQLite3-3.2.8
bogofilter-sqlite3-static - statically linked with SQLite3-3.2.8
2005-12-30
* The configure help texts have been revised, the IEEE checks
for trio have been simplified (they are no longer nested) and
configure.ac has been updated to quiet autoconf -Wobsolete
warnings. The README file now reflects the new requirements.
2005-12-29
* For maintainers: Add install-staticdblibs.sh, a script to
fetch and build static & lean BerkeleyDB 4.2.52.4 and SQLite
3.2.8 libraries. Modify some parts of the RPM building so that
the binary RPMs are built without external dependencies beyond
glibc 2.2. This may render "make rpm" unusable on non-Linux
platforms, but you should still be able to "rpmbuild -tb" from
the source .tar.gz file.
2005-12-27
* Add '-O' option to direct bogoutil output to a file.
* Fix building of binary rpms with SQLite support.
* Include SQLite binary rpm as standard part of "make rpm"
2005-12-26
* Split NEWS file into files NEWS and NEWS.0 for new (version
1.0 and after) and old (version 0.x.y) info
2005-12-25
* Capitalize variables in bogofilter.spec.in to please RH9's
RPM 4.2 implementation.
2005-12-18
* Fix bad return code in db_loop() in datastore_sqlite.c
(reported by Sami Farin).
2005-12-17
* XML documentation cleanups (thanks to Nicholas Kaiser).
2005-12-06
* bogofilter.cf.example was updated to reflect the proper default of
db_log_autoremove=yes. It previously claimed the default were "off".
1.0.0 2005-11-30 (released)
Release history prior to 1.0.0 is in file NEWS.0
vim:tw=79 com=bf\:* ts=8 sts=8 sw=8 ai:
LocalWords: bogofilter bogolexer bogoutil Spamicity spamicity
LocalWords: procmail maildrop