I am sorry to report that the mailing lists and web site hosted at addresses ending in bogofilter.org are currently down.
We are working to restore these services.
In urgent matters, feel free to contact me through https://sourceforge.net/u/m-a/profile/send_message - but keep in mind that bogofilter is a volunteer-driven project, so support resources are limited.
In the meanwhile, the website and downloads remains online on sourceforge as http://bogofilter.sourceforge.net/ and 1.2.4 continues to be the current release. It features these changes since 1.2.0 (the previously announced version):
1.2.4 2013-07-01 (released) 2013-06-28 * Fix three crashes in command line and environment variable parsers that caused NULL pointer dereferences with long option variants of bogofilter --syslog-tag, or bogoutil --timestamp-date, or when bogotune -M<file> cannot derive the bogofilter directory. Reported by Alexandre Rebert, found with Mayhem tool. * Add getopt_long_chk(), a getopt_long variant that checks if the overlapping short and long options agree on whether their argument is not required, mandatory, or optional. If they disagree, the program aborts. * Fix a crash in command line parser that causes a NULL pointer dereference when --db-cachesize is used without argument. Found with getopt_long_chk(). 2013-01-20 * Change lexer API/ABI a bit so as to work with flex 2.5.36 generated lexers (for instance, on Fedora 18 "Spherical Cow") that flip the type of yyleng from int to size_t. We use a signed long internally. 2012-12-30 * The bogofilter project was updated to the new SourceForge.net platform. This has caused the URLs to change. Use one of these commands for a read-only checkout: svn checkout svn://svn.code.sf.net/p/bogofilter/code/trunk bogofilter svn checkout http://svn.code.sf.net/p/bogofilter/code/trunk bogofilter And developers would use, replacing joe by their sf.net login: svn checkout --username=joe \ svn+ssh://svn.code.sf.net/p/bogofilter/code/trunk bogofilter 2012-12-03 * Add bogofilter-SA-2012-01 (CVE-2012-5468). * Fix XML form of Bulgarian FAQ so that it validates; and validate XHTML at build time. * Mark Berkeley DB 5.2.42 and 5.3.21 supported. 1.2.3 2012-12-02 (released) 2012-10-24 * Update configure.ac to avoid autoconf 2.68 warnings, by (a) quoting the first AC_RUN_IFELSE argument, an AC_LANG_PROGRAM(), with [ ], and (b) providing an explicit "true" assumption for Berkeley DB capabilities to avoid cross-compilation warnings. 2012-10-22 * Security bugfix for CVE-2012-5468 (bogofilter-SA-2012-01): Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz <firstname.lastname@example.org>. 2011-01-02 * Added bogofilter-faq-bg.html, a Bulgarian translation of the FAQ. (thanks to Albert Ward) 2010-10-29 * Mark "Berkeley DB 5.1.19: (August 27, 2010)" supported. 1.2.2 2010-07-08 (released) 2010-07-05 * Use a better PRNG for random sleeps. That is arc4random() where available, and drand48() elsewhere. * Assorted fixes for issues found with clang analyzer: + Fix a potential NULL deference + Fix a potential division by zero + Remove dead assignments and increments * Update Doxyfile and source contrib/bogogrep.c for docs, too. 2010-07-03 * Security bugfix, CVE-2010-2494: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz <email@example.com>. Please see doc/bogofilter-SA-2010-01 for details. 2010-04-07 * Updated sendmail milter contrib/bogofilter-milter.pl to v1.?????? (thanks to Jonathan Kamens) 2010-04-01 * Bump supported/minimum SQLite3 versions and warning threshold. See doc/README.sqlite for details. * Mark BerkeleyDB 4.8.26 and 5.0.21 supported. Note that Berkeley DB 5.0's SQLite3 compatibility API is NOT supported, it causes shifts in scores and write failures under contention. Bogofilter can use Berkeley DB 5.0's native interface, and using that is more efficient than the added SQL shim layer. 2010-03-06 * Make t.maint more robust; ignore .ENCODING token. To fix test failures on, for instance, FreeBSD with unicode enabled. 2010-02-15 * Fix several compiler warnings "array subscript has type 'char'", by casting the arguments to unsigned char. A security audit was conducted and showed that all affected functions either received the relevant input from the user running bogofilter, or the input had already been pre-validated by the token lexer. 2010-02-14 * Split error messages for ENOENT and EINVAL into new function. * Avoid divison by zero in robx computation by checking if there are at least one ham message and one spam message registered. 2009-08-13 * contrib/spamitarium.pl updated to version 0.4.0 (thanks to Tom Anderson) 2009-08-05 * Updated and integrated Ted Phelps's "Patch to prevent .ENCODING from being discarded by bogoutil -m" (SourceForge Patch #1743984). Thanks to Ted for debugging the issue and providing the patch (which was for bogofilter v1.1.5).
Log in to post a comment.