Navigation:
Browse pkgsrc
(this page)| 2005-07-16 03:19:27 by Johnny C. Lam | Files touched by this commit (273) |
Log message: Get rid of USE_PERL5. The new way to express needing the Perl executable around at either build-time or at run-time is: USE_TOOLS+= perl # build-time USE_TOOLS+= perl:run # run-time Also remove some places where perl5/buildlink3.mk was being included by a package Makefile, but all that the package wanted was the Perl executable. |
| 2005-05-27 13:41:03 by Adrian Portelli | Files touched by this commit (2) |
Log message: - Update mhonarc for recent security issue (XSS) - From the changelog: > 9050 Regex abort error in mhmimetypes.pl under Win32 > 11187 incorrectly parsing UTF-8 encoded messages > 11207 usenameext option to m2h_external::filter has no effect > 11760 spammode false positives on some HTML mail > 11762 rel=nofollow attribute support in message body hyperlinks > 11977 TSLICETOPBEGCUR ignored > 12512 Consecutive spaces not displayed in some cases > 12802 SubjectStripCode not working on message file > 12930 Cross site scripting bug in m2h_text_html::filter |
| 2005-02-24 10:59:30 by Alistair G. Crooks | Files touched by this commit (177) |
Log message: Add RMD160 digests. |
| 2004-06-26 18:22:04 by Adrian Portelli | Files touched by this commit (1) |
Log message: Update MASTER_SITES |
| 2004-06-21 22:13:32 by Adrian Portelli | Files touched by this commit (3) |
Log message:
Update mhonarc from 2.6.8 to 2.6.10
Ok'ed jwise@/wiz@
============================================================================
2004/05/17 (2.6.10)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
8982 Can't use global $1 in "my" at base64.pl
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
============================================================================
2004/05/07 (2.6.9)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
5473 directory separator for attachments on W2K
5643 New ressource - newsserver
5758 MULTIPG and NOSAVERESOURCES cause archive to be rewritten
5905 Modification of non-creatable array value attempted
6208 Mhonarc creates slightly incorrect HTML-code
7571 <include> element doesn't look for resource files in
$OUTDIR$
7628 typo in mhrcfile.pl
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* New resources:
ATTACHMENTDIR Directory to save attachments.
ATTACHMENTURL Web URL to attachment directory.
NEWSURL URL template for linking to newsgroups.
* Attachment filenames have changed from the numeric-style
<ext><#####>.<ext> to \
<ext><XXXXXXXXXX>.<ext> where <XXXXXXXXXX>
is a random string. The change corresponds with a change to the
API to mhonarc::write_attachment() function in mhmimetypes.pl.
* m2h_text_plain::filter:
. Changed default quoting styles: Left rule changed from 0.1em
to 0.2em and the color changed from #0000FF to #5555EE.
. Minor changes to flowed formatting in order to provide
consistancy with how Mozilla's Gecko engine renders flowed text.
* base64.pl will use MIME::Base64 module if present. MIME::Base64
uses an underly C implementation for decoding, so it is noticably
faster than the pure-Perl approach.
============================================================================
|
2003-09-16 15:17:47 by Juan Romero Pardines | Files touched by this commit (3) |  |
Log message:
Updated to 2.6.8.
Patch provided by Adrian Portelli <adrianp@stindustries.net> via PR
pkg/22753.
Changes:
============================================================================
2003/08/12 (2.6.8)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4719 Spurious read_fmt_file call
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
============================================================================
2003/08/07 (2.6.7)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4569 Problem with unfolding can mess up boundary processing in
multipart messages.
4594 Initial space on lines removed when using fancyquote.
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* Added LANG resource to define locale. Affects resource filename
resolution and message subject and author sorting.
* readmail.pl updated to define the following special header field
keys passed to filter routines:
x-mha-content-type The media type of the entity extracted from
content-type entity header
x-mha-part-number The relative part number of the entity with
respect to parent entity. To get the
absolute part number, use
readmail::get_full_part_number($fields).
x-mha-parent-header Reference to parent header fields hash.
This, and other data structures, are now mentioned in the MIMEFILTERS
resource page.
* Text/richtext tag, <samepage>, is quietly dropped in mhtxtenrich.pl.
|
| 2003-07-31 16:50:44 by Jim Wise | Files touched by this commit (1) |
Log message: Remove outdated MESSAGE file. |
| 2003-07-31 16:50:13 by Jim Wise | Files touched by this commit (2) | |
Log message:
As pointed out by wiz@, a newer version of this pkg has become available in
the mean time. Update to MHonarc 2.6.6, based on patch from \
adrian.portelli@stindustries.net:
============================================================================
2003/07/21 (2.6.6)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4387 m2h_text_plain::filter maxwidth usage can lead to crash
with a certain kind of input
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.6&chunksz=50>
============================================================================
2003/07/19 (2.6.5)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4126 Typo in mhopt.pl causes error message for big5
character set
4315 allowcomments' directive to filter() is ignored
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.5&chunksz=50>
* An architecture independent RPM package is now provided for
installation. Because of this, the package name format has slightly
changed to be consistent RPM, and other, package managers:
Old format New Format
------------- -------------
MHonArcX.X.X MHonArc-X.X.X
Installation document has been updated to reflect this change.
If you create third-party distribution bundles for MHonArc, you may
need to update your bundling process to take account of this change,
mainly because the directory created when extracting the tar or
zip bundles now include the hyphen.
|
| 2003-07-31 16:38:42 by Jim Wise | Files touched by this commit (1) |
Log message: Remove out of date archive from MASTER_SITES. |
| 2003-07-31 16:30:30 by Jim Wise | Files touched by this commit (3) | |
Log message:
Update MHonarc to version 2.6.4. Changes since last pkgsrc version (2.5.14):
============================================================================
2003/06/20 (2.6.4)
* Bug Fixes:
+ Official:
Bug ID Summary
------ ------------------------------------------------------------
3478 Quoted-Printable decoding should also work with
lowercase hex numbers
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.4&chunksz=50>
+ Unoffical:
- It appears that the UTF8 mapping table for cp1252,
MHonArc::UTF8::CP1252, had bad data. This has been
fixed.
* Management of character mapping tables have been changed. The
various .pm module tables are now auto-generated by ucm, and
similiar, map files. For the end-user, the change should be
transparent. The change only affects how developers maintain
the tables, and the change should make it much easier to make
fixes to any mappings.
============================================================================
2003/04/05 (2.6.3)
* Bug Fixes:
Bug ID Summary
------ --------------------------------------------------------------
3020 Trailing \ in regex
3128 XSS Vulnerabilies
2971 spammode option interferes with iso-2022-jp
------ --------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.3&chunksz=50>
============================================================================
2003/03/11 (2.6.2)
* Bug Fixes:
Bug Resolution Fixed Summary
ID Release
2738 Fixed 2.6.2 An illegal From: address can cause MHonArc
to hang
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.2&chunksz=50>
============================================================================
2003/02/22 (2.6.1)
* Bug Fixes: See
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.1&chunksz=50>
* Corrected character mapping tables for VISCII based on a
message to the perl-unicode mailing list.
* Added FASTTEMPFILES resource which causes MHonArc to use
non-random temporary files. This is less secure, but provides
a little bit of speed improvement.
============================================================================
2003/02/10 (2.6.0)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.0&chunksz=50>
* New resources:
DEFCHARSET Default character set of message text data.
CHARSETALIASES Define aliases for base charset names.
DBFILEPERMS File permissions for DBFILE.
FIELDSTORE Message header fields to store in database.
FILEPERMS File permissions for archive files.
ICONURLPREFIX URL string to prepend to ICONS URLs.
MODIFYBODYADDRESSES Apply ADDRESSMODIFYCODE to text message bodies.
RECONVERT Reconvert existing messages.
TENDBUTTON Button to last message in thread.
TENDBUTTONIA Inactive button to last message in thread.
TENDLINKIA Inactive link to last message in thread.
TENDLINK Link to last message in thread.
TEXTENCODE Encode message text to given character encoding.
TTOPBUTTON Button to first message in thread.
TTOPBUTTONIA Inactive button to first message in thread.
TTOPLINKIA Inactive link to first message in thread.
TTOPLINK Link to first message in thread.
* New resource variables:
$ICONURLPREFIX$ Value of ICONURLPREFIX resource.
$MSGHFIELD$ Retrieve header field value stored via
FIELDSTORE.
* MHonArc::CharEnt:
+ Several charset mappings added to MHonArc::CharEnt with the
default value for CHARSETCONVERTERS updated to reflect the new
mappings. New charset supported include UTF-8, various Cyrillic
sets, VISCII, Chinese sets, Japanese (iso-2022-jp and euc-jp),
Korean, Apple-based charsets, etc. See the documentation for
the CHARSETCONVERTERS and CHARSETALIASES for complete list of
character sets supported.
Note: Sets that have bidirectional rendering (Hebrew, Arabic)
exist, but automatic directional re-ording for rendering is
currently not supported.
. Some existing mappings have been updated to use Unicode numeric
character entity references (&#xHHHH;) instead of standard SGML
character entity references (eg. &Aelig;). Most, if not all,
web browsers only support the set of SGML entity references
defined in the HTML 4.0 specification.
All existing tables should now generate entity references
recognized by all HTML 4.0 compliant browsers.
* MHonArc::UTF8:
. Module completely redone to support various versions of Perl.
utf8 support code added to all conversion to utf8 with perl
installations that do not have utf8 support, but to also
leverage perl installations with utf8-related modules.
* Default filter for iso-8859-1 and iso-2022-jp changed to
MHonArc::CharEnt::str2sgml. This helps keep MHonArc locale
neutral in its default configuration. Special note added
to release notes for Japanese users about the change.
* m2h_text_plain::filter (mhtxtplain.pl):
+ Added more robust handling of format=flowed data. By default,
all text is rendered in a monospaced font to provide visual
consistency between flowed and fixed text. Proportional spaced
font can be generated using the "nonfixed" option (where
"keepspace" option should also be used to help preserve the
formatting characteristics of the data).
+ Added "fancyquote" option to provide highlight of quoted text
similiar to text/plain;format=flowed data.
+ Added "disableflowed" option to disable the flowed data
conversion. Data will be converted as regular text/plain.
This option is useful for archives that cater to text-based
browsers.
+ Added "quoteclass=<classname>" option to specify a CSS classname
to assign to BLOCKQUOTE elements added when processing flowed
data or when "fancyquote" is active. This suppresses inline
style generation.
+ Added "subdir" option for use when "uudecode" is enabled.
- Reduced set of quote characters to just '>'. Other characters
are used by some people (eg. '}', '|', '+'), especially on the
USENET, but supporting them tends to produce undesirable
results, especially when using fancyquote.
(Maybe make it configurable?)
+ If uudecode and usename specified, check if file ends in
.s?html?, and if so, pass data to HTML filter.
. Make sure to return a non-empty string for an empty body
when in uudecode mode. Avoids bogus warning message that
data could not be converted.
* MIMEEXCS automatically handles unofficial version of a media type.
For example:
<MIMEEXCS>
text/html
</MIMEEXCS>
Will exclude text/html and text/x-html data.
* m2h_text_html::filter (mhtxthtml.pl):
+ CHARSETCONVERTERS is used for converting character data.
- Removed default=charset option. This option is no longer
needed with new character encoding processing features and
CHARSETALIASES resource.
+ Convert javascript:... URLs to "_javascript_:..." when scripting
is disabled (the default). This is an extra measure ontop of
element and attribute stripping.
* <a href>'s are now preserved when cid: only URLs enabled (the
default). This prevents regular hyperlinks in HTML messages from
getting stripped, which I think most people desire. Otherwise,
the allownoncidurls option must be used, and then this opens one
up to potential XSS attacks.
Due to the javascript: URL munging, preserving <a href>'s should
be safe from auto-XSS attacks. Readers should still be careful
about any links they activate.
+ Added "subdir" option to specify that MHTML referenced data
(e.g. images) are saved in a subdirectory.
+ Added "disablerelated" to disable cid: URL resolution.
. STYLE and CLASS attributes stripped if nofont argument specified.
* m2h_text_enriched::filter (mhtxtenrich.pl):
+ CHARSETCONVERTERS is used for converting character data.
+ <lang><param>lang</param> is now mapped to <dir \
lang="lang">.
+ Added handling of some text/richtext tags.
. Escape unrecognized tags.
* Archive file creation modified to minimize the local symlink exploits:
1. A temp file with a random name is first created and written to.
2. Temp file is compressed if GZIPFILES is active.
3. Temp file is renamed to final filename.
4. File permissions are set according to FILEPERMS/DBFILEPERMS.
Using a random temp filename makes it difficult for someone to
predict filenames to execute a symlink exploit. The rename operation
is immune to symlink exploits, hence trying to using well-known names
(e.g. maillist.html, threads.html) for exploitation will not work.
A similiar technique is used for directory creation for filters
that support the "subdir" option.
Generation of temp files is done via the File::Temp module, if
installed. If not installed, a homegrown implementation is used.
Although not as secure and robust as File::Temp, it's better than
nothing and should provide a decent deterrent.
* Setuid/setgid execution causes mhonarc to terminate with an error.
Mhonarc does not pass taint checks, so we abort with an error that
setuid/setgid execution is not supported. MHonArc is too insecure
for setuid operation and trying to make it setuid-safe would require
alot of work and potentially limit a large amount of functionality.
* More robust parsing used for determining $FROMNAME$ and $FROMADDR*$
resource variables.
* rfc822.pl library removed and replaced with MHonArc::RFC822 module.
* Warning message, "Unable to process data..." removed from message
page when unable to convert any part of a message (usually due to
user-defined MIMEFILTERS settings). Instead, a warning message
is generated to standard error (like other mhonarc warnings) and
the resulting message page will have a blank message body.
* m2h_msg_extbody::filter: (mhmsgextbody.pl)
+ Added support for http/x-http access type. This appears to
be an experimental access type since the general URI type can be
used instead.
. Properly sanitize parameter data.
. Some minor cosmetic changes in the HTML generated.
* m2h_text_tsv::filter (mhtxttsv.pl):
. Sanitize field data.
* m2h_text_setext::filter (mhtxtsetext.pl) has been removed. It
appears this media-type is part of document history.
|
New packages: