Do it for all packages that
* mention perl, or
* have a directory name starting with p5-*, or
* depend on a package starting with p5-
like last time, for 5.18, where this didn't lead to complaints.
Let me know if you have any this time.
a) refer 'perl' in their Makefile, or
b) have a directory name of p5-*, or
c) have any dependency on any p5-* package
Like last time, where this caused no complaints.
Problems fixed:
#32080 Specially crafted <base href> can lead to XSS exploit
#32032 TextEncode related resource information not saved correctly in db file
#32014 CVE-2010-1677: DoS when processing html messages with deep tag nesting
#32013 CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)
#26577 Changed semantic for unpack breaks UTF-8
#25486 Resource FieldStore causes .mhonarc.db to grow over bounds.
#25225 dir_create() fails to make temporary directories (PATCH)
#24247 iso2022jp.pl: unneeded ESC ( B remains in message body
#23198 Incorrect Setting Installation Directory
#20142 strip backslash in rfc822 From: field
#20074 extra space in subject
#18908 X-Subject data get split in separate lines
#18113 inconsistant thread slices w/ poor man's windowing
#17904 FieldOrder affects AddressModifyCode
#17860 incorrect nested HTML Tags for references
#17660 Threaded index resource ordering doesn't allow well formed XML output
#15433 relative attachmentdir is relative to current working dir, not outdir
#14747 major (10X) memory savings possible in some situations
#13853 creation of archive with attachments writes over symlinks
Changes are fixes to following bugs only:
* in urlize change %X to %02X
* MIMEFILTERS settings not retained in database
* qprint.pl should be able to handle a soft line break at the end of the string
* HTML mail does not get its charset converted
2005/07/27 (2.6.15)
* Removed debugging statement introduced during v2.6.14 development
which caused the filename of each message to be printed to stderr
when processing MH-style folders.
* Fixed META.yml for CPAN: YAML is picky about tab characters, and
there was a couple of tab characters causing CPAN's YAML parser to
abort with an error.
============================================================================
2005/07/23 (2.6.14)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
2641 Additional Callbacks
3225 CHARSETCONVERTERS not reset across multi-archive process
11759 email address exposed in subject line
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* New resources:
PRINTXCOMMENTS Print <!--X-...--> comments in generated pages.
* Added "Performance Tips" document: Provides configuration tips
to improve the execution performance of mhonarc.
============================================================================
2005/07/06 (2.6.13)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
12314 linebreak not utf-8 aware
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* mha-preview example script changes:
- If preview data not available for message, the empty string
is used. Before, undef was returned to mhonarc, causing
warning messages and $X-MSG-PREVIEW$ to show up on index pages.
- Beefed up preview text extraction to skip past quoted text.
Someday, mha-preview functionality will be intrinisic to mhonarc.
============================================================================
2005/06/08 (2.6.12)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
11761 spammode causes broken mailto: links in message body
13316 No warning generated when RCFILE set to non-existent file
13317 POSIX::setlocale() not invoked with LANG resource setting
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* New resources:
MIMEINCS Content-types to allow.
* Beefed up filtering of UTF-8 messages: "Malformed UTF-8
..." warnings are now suppressed with such sequences being converted
to U+FFFD (�), which should normally cause an HTML viewer
to render a question-mark-like glyph.
Earlier version passed malformed utf-8 sequences through.
No bug/security problems have been reported against this, but it
was a bad practice that has now been corrected.
* The return value for $mhonarc::CBMessageBodyRead and
$mhonarc::CBRawMessageBodyRead is no longer N/A. If the return
value evaluates to false, the current message will be excluded from
the archive and further processing. A true value must be returned
if the message is to not be excluded.
be found without any special configuration for man. While here, hard
code all of the paths for the install script to insulate ourselves
against future changes in perl. Bump the PKGREVISION to 2.
around at either build-time or at run-time is:
USE_TOOLS+= perl # build-time
USE_TOOLS+= perl:run # run-time
Also remove some places where perl5/buildlink3.mk was being included
by a package Makefile, but all that the package wanted was the Perl
executable.
- From the changelog:
> 9050 Regex abort error in mhmimetypes.pl under Win32
> 11187 incorrectly parsing UTF-8 encoded messages
> 11207 usenameext option to m2h_external::filter has no effect
> 11760 spammode false positives on some HTML mail
> 11762 rel=nofollow attribute support in message body hyperlinks
> 11977 TSLICETOPBEGCUR ignored
> 12512 Consecutive spaces not displayed in some cases
> 12802 SubjectStripCode not working on message file
> 12930 Cross site scripting bug in m2h_text_html::filter
Ok'ed jwise@/wiz@
============================================================================
2004/05/17 (2.6.10)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
8982 Can't use global $1 in "my" at base64.pl
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
============================================================================
2004/05/07 (2.6.9)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
5473 directory separator for attachments on W2K
5643 New ressource - newsserver
5758 MULTIPG and NOSAVERESOURCES cause archive to be rewritten
5905 Modification of non-creatable array value attempted
6208 Mhonarc creates slightly incorrect HTML-code
7571 <include> element doesn't look for resource files in
$OUTDIR$
7628 typo in mhrcfile.pl
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* New resources:
ATTACHMENTDIR Directory to save attachments.
ATTACHMENTURL Web URL to attachment directory.
NEWSURL URL template for linking to newsgroups.
* Attachment filenames have changed from the numeric-style
<ext><#####>.<ext> to <ext><XXXXXXXXXX>.<ext> where <XXXXXXXXXX>
is a random string. The change corresponds with a change to the
API to mhonarc::write_attachment() function in mhmimetypes.pl.
* m2h_text_plain::filter:
. Changed default quoting styles: Left rule changed from 0.1em
to 0.2em and the color changed from #0000FF to #5555EE.
. Minor changes to flowed formatting in order to provide
consistancy with how Mozilla's Gecko engine renders flowed text.
* base64.pl will use MIME::Base64 module if present. MIME::Base64
uses an underly C implementation for decoding, so it is noticably
faster than the pure-Perl approach.
============================================================================
Patch provided by Adrian Portelli <adrianp@stindustries.net> via PR
pkg/22753.
Changes:
============================================================================
2003/08/12 (2.6.8)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4719 Spurious read_fmt_file call
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
============================================================================
2003/08/07 (2.6.7)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4569 Problem with unfolding can mess up boundary processing in
multipart messages.
4594 Initial space on lines removed when using fancyquote.
------ ------------------------------------------------------------
<https://savannah.nongnu.org/bugs/?group=mhonarc>
* Added LANG resource to define locale. Affects resource filename
resolution and message subject and author sorting.
* readmail.pl updated to define the following special header field
keys passed to filter routines:
x-mha-content-type The media type of the entity extracted from
content-type entity header
x-mha-part-number The relative part number of the entity with
respect to parent entity. To get the
absolute part number, use
readmail::get_full_part_number($fields).
x-mha-parent-header Reference to parent header fields hash.
This, and other data structures, are now mentioned in the MIMEFILTERS
resource page.
* Text/richtext tag, <samepage>, is quietly dropped in mhtxtenrich.pl.
the mean time. Update to MHonarc 2.6.6, based on patch from adrian.portelli@stindustries.net:
============================================================================
2003/07/21 (2.6.6)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4387 m2h_text_plain::filter maxwidth usage can lead to crash
with a certain kind of input
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.6&chunksz=50>
============================================================================
2003/07/19 (2.6.5)
* Bug Fixes:
Bug ID Summary
------ ------------------------------------------------------------
4126 Typo in mhopt.pl causes error message for big5
character set
4315 allowcomments' directive to filter() is ignored
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.5&chunksz=50>
* An architecture independent RPM package is now provided for
installation. Because of this, the package name format has slightly
changed to be consistent RPM, and other, package managers:
Old format New Format
------------- -------------
MHonArcX.X.X MHonArc-X.X.X
Installation document has been updated to reflect this change.
If you create third-party distribution bundles for MHonArc, you may
need to update your bundling process to take account of this change,
mainly because the directory created when extracting the tar or
zip bundles now include the hyphen.
============================================================================
2003/06/20 (2.6.4)
* Bug Fixes:
+ Official:
Bug ID Summary
------ ------------------------------------------------------------
3478 Quoted-Printable decoding should also work with
lowercase hex numbers
------ ------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.4&chunksz=50>
+ Unoffical:
- It appears that the UTF8 mapping table for cp1252,
MHonArc::UTF8::CP1252, had bad data. This has been
fixed.
* Management of character mapping tables have been changed. The
various .pm module tables are now auto-generated by ucm, and
similiar, map files. For the end-user, the change should be
transparent. The change only affects how developers maintain
the tables, and the change should make it much easier to make
fixes to any mappings.
============================================================================
2003/04/05 (2.6.3)
* Bug Fixes:
Bug ID Summary
------ --------------------------------------------------------------
3020 Trailing \ in regex
3128 XSS Vulnerabilies
2971 spammode option interferes with iso-2022-jp
------ --------------------------------------------------------------
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.3&chunksz=50>
============================================================================
2003/03/11 (2.6.2)
* Bug Fixes:
Bug Resolution Fixed Summary
ID Release
2738 Fixed 2.6.2 An illegal From: address can cause MHonArc
to hang
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.2&chunksz=50>
============================================================================
2003/02/22 (2.6.1)
* Bug Fixes: See
<http://savannah.nongnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.1&chunksz=50>
* Corrected character mapping tables for VISCII based on a
message to the perl-unicode mailing list.
* Added FASTTEMPFILES resource which causes MHonArc to use
non-random temporary files. This is less secure, but provides
a little bit of speed improvement.
============================================================================
2003/02/10 (2.6.0)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.6.0&chunksz=50>
* New resources:
DEFCHARSET Default character set of message text data.
CHARSETALIASES Define aliases for base charset names.
DBFILEPERMS File permissions for DBFILE.
FIELDSTORE Message header fields to store in database.
FILEPERMS File permissions for archive files.
ICONURLPREFIX URL string to prepend to ICONS URLs.
MODIFYBODYADDRESSES Apply ADDRESSMODIFYCODE to text message bodies.
RECONVERT Reconvert existing messages.
TENDBUTTON Button to last message in thread.
TENDBUTTONIA Inactive button to last message in thread.
TENDLINKIA Inactive link to last message in thread.
TENDLINK Link to last message in thread.
TEXTENCODE Encode message text to given character encoding.
TTOPBUTTON Button to first message in thread.
TTOPBUTTONIA Inactive button to first message in thread.
TTOPLINKIA Inactive link to first message in thread.
TTOPLINK Link to first message in thread.
* New resource variables:
$ICONURLPREFIX$ Value of ICONURLPREFIX resource.
$MSGHFIELD$ Retrieve header field value stored via
FIELDSTORE.
* MHonArc::CharEnt:
+ Several charset mappings added to MHonArc::CharEnt with the
default value for CHARSETCONVERTERS updated to reflect the new
mappings. New charset supported include UTF-8, various Cyrillic
sets, VISCII, Chinese sets, Japanese (iso-2022-jp and euc-jp),
Korean, Apple-based charsets, etc. See the documentation for
the CHARSETCONVERTERS and CHARSETALIASES for complete list of
character sets supported.
Note: Sets that have bidirectional rendering (Hebrew, Arabic)
exist, but automatic directional re-ording for rendering is
currently not supported.
. Some existing mappings have been updated to use Unicode numeric
character entity references (&#xHHHH;) instead of standard SGML
character entity references (eg. &Aelig;). Most, if not all,
web browsers only support the set of SGML entity references
defined in the HTML 4.0 specification.
All existing tables should now generate entity references
recognized by all HTML 4.0 compliant browsers.
* MHonArc::UTF8:
. Module completely redone to support various versions of Perl.
utf8 support code added to all conversion to utf8 with perl
installations that do not have utf8 support, but to also
leverage perl installations with utf8-related modules.
* Default filter for iso-8859-1 and iso-2022-jp changed to
MHonArc::CharEnt::str2sgml. This helps keep MHonArc locale
neutral in its default configuration. Special note added
to release notes for Japanese users about the change.
* m2h_text_plain::filter (mhtxtplain.pl):
+ Added more robust handling of format=flowed data. By default,
all text is rendered in a monospaced font to provide visual
consistency between flowed and fixed text. Proportional spaced
font can be generated using the "nonfixed" option (where
"keepspace" option should also be used to help preserve the
formatting characteristics of the data).
+ Added "fancyquote" option to provide highlight of quoted text
similiar to text/plain;format=flowed data.
+ Added "disableflowed" option to disable the flowed data
conversion. Data will be converted as regular text/plain.
This option is useful for archives that cater to text-based
browsers.
+ Added "quoteclass=<classname>" option to specify a CSS classname
to assign to BLOCKQUOTE elements added when processing flowed
data or when "fancyquote" is active. This suppresses inline
style generation.
+ Added "subdir" option for use when "uudecode" is enabled.
- Reduced set of quote characters to just '>'. Other characters
are used by some people (eg. '}', '|', '+'), especially on the
USENET, but supporting them tends to produce undesirable
results, especially when using fancyquote.
(Maybe make it configurable?)
+ If uudecode and usename specified, check if file ends in
.s?html?, and if so, pass data to HTML filter.
. Make sure to return a non-empty string for an empty body
when in uudecode mode. Avoids bogus warning message that
data could not be converted.
* MIMEEXCS automatically handles unofficial version of a media type.
For example:
<MIMEEXCS>
text/html
</MIMEEXCS>
Will exclude text/html and text/x-html data.
* m2h_text_html::filter (mhtxthtml.pl):
+ CHARSETCONVERTERS is used for converting character data.
- Removed default=charset option. This option is no longer
needed with new character encoding processing features and
CHARSETALIASES resource.
+ Convert javascript:... URLs to "_javascript_:..." when scripting
is disabled (the default). This is an extra measure ontop of
element and attribute stripping.
* <a href>'s are now preserved when cid: only URLs enabled (the
default). This prevents regular hyperlinks in HTML messages from
getting stripped, which I think most people desire. Otherwise,
the allownoncidurls option must be used, and then this opens one
up to potential XSS attacks.
Due to the javascript: URL munging, preserving <a href>'s should
be safe from auto-XSS attacks. Readers should still be careful
about any links they activate.
+ Added "subdir" option to specify that MHTML referenced data
(e.g. images) are saved in a subdirectory.
+ Added "disablerelated" to disable cid: URL resolution.
. STYLE and CLASS attributes stripped if nofont argument specified.
* m2h_text_enriched::filter (mhtxtenrich.pl):
+ CHARSETCONVERTERS is used for converting character data.
+ <lang><param>lang</param> is now mapped to <dir lang="lang">.
+ Added handling of some text/richtext tags.
. Escape unrecognized tags.
* Archive file creation modified to minimize the local symlink exploits:
1. A temp file with a random name is first created and written to.
2. Temp file is compressed if GZIPFILES is active.
3. Temp file is renamed to final filename.
4. File permissions are set according to FILEPERMS/DBFILEPERMS.
Using a random temp filename makes it difficult for someone to
predict filenames to execute a symlink exploit. The rename operation
is immune to symlink exploits, hence trying to using well-known names
(e.g. maillist.html, threads.html) for exploitation will not work.
A similiar technique is used for directory creation for filters
that support the "subdir" option.
Generation of temp files is done via the File::Temp module, if
installed. If not installed, a homegrown implementation is used.
Although not as secure and robust as File::Temp, it's better than
nothing and should provide a decent deterrent.
* Setuid/setgid execution causes mhonarc to terminate with an error.
Mhonarc does not pass taint checks, so we abort with an error that
setuid/setgid execution is not supported. MHonArc is too insecure
for setuid operation and trying to make it setuid-safe would require
alot of work and potentially limit a large amount of functionality.
* More robust parsing used for determining $FROMNAME$ and $FROMADDR*$
resource variables.
* rfc822.pl library removed and replaced with MHonArc::RFC822 module.
* Warning message, "Unable to process data..." removed from message
page when unable to convert any part of a message (usually due to
user-defined MIMEFILTERS settings). Instead, a warning message
is generated to standard error (like other mhonarc warnings) and
the resulting message page will have a blank message body.
* m2h_msg_extbody::filter: (mhmsgextbody.pl)
+ Added support for http/x-http access type. This appears to
be an experimental access type since the general URI type can be
used instead.
. Properly sanitize parameter data.
. Some minor cosmetic changes in the HTML generated.
* m2h_text_tsv::filter (mhtxttsv.pl):
. Sanitize field data.
* m2h_text_setext::filter (mhtxtsetext.pl) has been removed. It
appears this media-type is part of document history.
version) include:
============================================================================
2002/12/21 (2.5.14)
* Security patch release: This release fixes a cross-site scripting
(XSS) vulnerability in m2h_text_html::filter (the HTML filter).
A specially crafted HTML message can have scripting markup get
by the script filtering done by m2h_text_html::filter.
============================================================================
2002/10/21 (2.5.13)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.5.13&chunksz=50>
* DBFILE resource can now be set to an absolute pathname. This
allows the database file to be located in a separate location than
in the archive directory. If not an absolute pathname, then
value is treated relative to OUTDIR.
* readmail.pl updated to handle MHTML messages better. mhtxthtml.pl
changed accordingly.
* readmail.pl handling of malformed multipart messages improved.
Cases were a the terminating boundary delimiter did not exist would
generate a warning message in the converted message body that data
could not be converted. This case should now be handled so that
end of entitiy implies a terminating boundary delimiter,
(Thanks goto Randy Blaustein for providing real-world test cases).
* Fixed problem where some message attachments were "lost". This
mainly occurs when using mha-decode with the -dcd-digest option,
or if you have registered the m2h_external::filter for message/*
data types.
(Thanks goto Steve Johnson for finding this problem.)
* m2h_external::filter will now include the subject of a message
in the attachment link if saving message/* data to a file.
* m2h_external::filter properly escapes the filename parameter
when displaying it in the attachment link. This is done to
avoid any possible XSS exploits. Note, no exploits have been
reported by using the filename parameter in messages, so this
change is more of a preemptive measure.
* m2h_external::filter will fall back to a "txt" extension for
unknown text types instead of a "bin" extension.
* m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII
data. This is so a user could define a converter if having to deal
with mislabeled character data.
(Thanks goto Mooffie for finally finding a real-world case to not
hardcode us-ascii).
============================================================================
2002/09/03 (2.5.12)
* Strip more tags and attributes that could potentially be used for
XSS exploits in the HTML filter. This is a more of a preemptive
change since no new exploits have been reported.
* DATEFIELDS resource now supports indexed field names. For example:
<DateFields>
received[1]:received[0]:date
</DateFields>
The example says that mhonarc should check the second received
field, then the first received field, and then the first date field
to determine the date of a message.
The following is a summary of sigificant changes since 2.5.3. Please
see CHANGES in the distfile for the full list of changes.
* The following mail header fields added to list of fields that can
contain mail addresses: mail-reply-to, original-bcc, original-cc,
original-from, original-sender, original-to, resent-bcc, x-envelope.
Applicable to MAILTO, MAILTOURL, and ADDRESSMODIFYCODE resources.
* Added MHonArc::UTF8 CHARSETCONVERTER module as recommended at
<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=131512&repeatmerged=yes>.
However, module redone to use utf8 pragma in Perl where appropriate
and to remove unnecessary code. Use of module does require that
the Unicode::MapUTF8 module is installed and the utf8 pragma is
supported in the version of Perl you are using.
* Added MIMEALTPREFS resource: Content-type preferences for
multipart/alternative data. You can now tell MHonArc to use the
text/plain part over a text/html part in multipart/alternative
messages.
* Added the following resources:
IDXPGSSMARKUP Markup at the beginning of all index pages.
MSGPGSSMARKUP Markup at the beginning of all message pages.
TIDXPGSSMARKUP Markup at the beginning of all thread index pages.
Each resource will default to the value of the SSMARKUP resource
if not defined.
* Removed references to HEADER and FOOTER resources in the docs.
Resources removed in v2.5.0.
* Updated default resource layout settings in docs to use lowercase
tag names since MHonArc changed to use lowercase in defaults
in v2.4.7.
* Added NOSUBJECTTXT resource: Defines raw subject text to use
for messages that do not have a subject.
* Incorporated format=flowed support into mhtxtplain.pl contributed
by Ken Hirsch, with some minor improvements.
* mha-decode now supports the following option: -dcd-digest. This
tells mha-decode to not recursively process attached message/rfc822
and message/news entities. This option is useful to extract
out all the individual messages of a message digest.
* Added message/rfc822 and message/news to mhmimetypes.pl
content-type => extension/description hash. The extension used
is ".822".
Changes since 2.4.9 (the last pkgsrc version):
* Added 'use locale' pragmas to be applied when sorting messages.
This is considered experimental, but it appears to give better
results when sorting text that contains 8-bit-non-English
characters. This is far from any real locale support, but
hopefully it is better than nothing.
* Beefed up HTML filtering in mhtxthtml.pl to eliminate some
security exploits.
CAUTION: If you are worried about security, it is recommended
that you disable support of text/html messages in
your mail archives. There is no guarantee that
the mhtxthtml.pl library is robust enough to
eliminate all possible exploits that can occur with
HTML data.
Thanks goto Jason Molenda and Hiromitsu Takagi for spotting
more exploit cases.
* mhtxtplain.pl checks MIMEXCS if text/html data is excluded
when the htmlcheck option is specified. Seems unnecessary
because someone use excludes HTML data will probably not use
the htmlcheck option to m2h_text_plain::filter.
* Modified mail address extraction for $FROMADDR$ resource
variable to help deal with malformed From: header fields.
Thanks to Eugene Eric Kim for the recommendation.
* Fixed uudecoding support in mhtxtplain.pl to handle spaces
in filenames and \r\n EOLs. Thanks to Jordan Russell for
spotting this.
* Added ISO-8859-15 mappings. Thanks goto Jan Kraeber for the
contribution.
* Removed GIF images from distribution. All GIF images
have been converted to PNG format. Transparency of PNG
images may only be supported in the latest versions of various
graphical web browsers.
See <http://www.gnu.org/philosophy/gif.html> for reasons
why GIF images should not be used.
* Source code imported into CVS. CVS respository is currently
not available publicly. Stilling wondering if a site like
savannah.gnu.org should be used or if the respository should
be hosted independently, like at www.mhonarc.org.
* Fixed regex patterns in readmail.pl to avoid Perl warning
messages.
* Created a contrib/ directory to contain any contributed
programs imported into the MHonArc distribution. Moved
prsfrom.pl from extras/ to contrib/.
* Added Security section to FAQ. Provided more information to
question, "Why does a message get split into mulitple messages
with no headers?", mainly information contributed by users.
============================================================================
2001/11/24 (2.5.2)
(See BUGS for the list of bugs reported and fixed)
o mha-dbrecover new options:
-dbr-startnum #
The starting message number to recover data from. This
option is useful if you have many message files in a
directory, but you only want to recover a subset of the
files. If this option is not specified, the starting
number is 0.
-dbr-endnum #
The ending message number to recover data from. This
option is useful if you have many message files in a
directory, but you only want to recover a subset of the
files. If this option is not specified, all messages
starting from -dbr-startnum will be recovered.
o MSGPGBEGIN default value changed where $SUBJECTNA:72$ has
been replaced with $SUBJECTNA$. This is so default values
do not have any possible conflicts with variable-width
character sets.
============================================================================
2001/11/13 (2.5.1)
(See BUGS for the list of bugs reported and fixed)
o Added special note within the release notes about
downgrading.
o Some documentation corrections.
============================================================================
2001/10/14 (2.5.0)
[This is non-beta release of 2.5.0. See the change notes
below and for the various beta release for a complete list of
changes from the last v2.4 release.]
(See BUGS for the list of bugs reported and fixed)
o The ICONS resource has been updated to support the association
of icons at the base type level (e.g. text/*) and to specify
width and height hints. The example icon resource file
listed in an appendix of the documentation updated to
to use changes to ICONS resource.
o Formatting of attachment links within the m2hexternal.pl
filter has been updated to provide more verbose information.
Description of the format provided in the MIMEFILTERS
documentation. Also, a 'frame' filter argument is now
supported to instruct the filter to draw a frame around
the link.
o Default value for MIMEArgs has been changed to the following:
<MIMEArgs>
m2h_external::filter; inline
</MIMEArgs>
This is more concise then previous default value.
On a resource file maintenance standpoint, it is generally
best to specify filter arguments at the filter level and
not at the content-type level.
o Value of Perl's $^O variable printed with version information
for -V, -v, -help command-line options.
o The count of new messages added to archive are now printed
along with the total message count when QUIET is not active.
============================================================================
2001/09/05 (2.5.0b2)
(See BUGS for the list of bugs fixed)
o Long overdue update of ACKNOWLG file.
o New resources:
TSLICELEVELS -- Maximum depth for thread slices.
o New resource variables:
$TLEVEL$ -- Numeric level of message in thread.
o Added recognition of windows-1250 and windows-1252 charsets
into MHonArc::CharEnt and to default value of CHARSETCONVERTERS
resource. To apply to existing archives, use mha-dbedit
with examples/def-mime.mrc resource file.
o SUBJECTREPLYRXP now used to determine if "Re: " is added
when $SUBJECT$ is used within MAILTOURL.
o Code cleanup to eliminate perl -w warnings. Cleanup not
required for running MHonArc, but convenient for those that
use MHonArc with perl's -w option.
============================================================================
2001/08/26 (2.5.0b)
(See BUGS for the list of bugs fixed)
o API for MIMEFILTERS has been changed. Content filters are
now called as follows:
($html, @files) =
&filter($fields_hash_ref, $body_data_ref, $is_decoded,
$filter_args);
Paramaters:
$fields_hash_ref
A reference to hash of message/part header
fields. Keys are field names in lowercase
and values are array references containing the
field values. For example, to obtain the
content-type, if defined, you would do:
$fields_hash_ref->{'content-type'}[0]
Values for a fields are stored in arrays since
duplication of fields are possible. For example,
the Received: header field is typically repeated
multiple times. For fields that only occur once,
then array for the field will only contain one
item.
$body_data_ref
Reference to body data. It is okay for the
filter to modify the text in-place.
$is_decoded
Boolean flag if body data has been decoded.
This is normally true unless some non-standard
content-transfer-encoding is used.
$filter_args
String containing filter args as defined by
MIMEARGS resource.
Return:
The return value is still treated in the same manner as
previous releases. The first item in the return list is
the text that should printed to the message page. Any
other items in the return list are derived filenames created
by the filter. If undef, or the empty string, is returned,
readmail.pl assumes the filter was unable to filter the
data.
All the filters provided in the MHonArc distribution have
been modified to use the new calling convention.
o The HEADER and FOOTER resources are no longer supported.
o The default value of DEFRCNAME is now ".mhonarc.mrc"
("mhonarc.mrc" for Win/DOS).
o ISO8859 character set data processing now defaults to using
the MHonArc::CharEnt module. The old iso8859.pl library
is still provided for compatibility with older archives.
To update archives to use the new settings, you can run
the following command,
mha-dbedit -rcfile examples/def-mime.mrc \
-outdir /path/to/archive
where "examples/def-mime.mrc" represents the default MIME
processing resources for MHonArc provided within the MHonArc
distribution.
The new module is more efficient in memory usage by only
loading mappings for character sets actually processed. The
old iso8859.pl library preloads all mappings. Also, the
module is designed to be easily extensible for processing
any 8-bit-based character sets.
o Reference, follow-up, and derived file information of a
message is now stored in a different format in the database
(and internally). MHonArc will auto-update older archives
to the new format. The newer format should provide some
performance improvement.
o Messages with no subjects are now stored with no subjects.
In previous releases, the text "No Subject" was automatically
added as a message was parsed, hence there was no real
indicator that a message had no real subject.
A related change is that messages without subject text
are skipped in subject-based thread detection. Therefore,
a no-subject message will never be a possible follow-up,
but it is still possible for it to be an explicit follow-up
if it includes reference message-ids.
NOTE: This functionality does not apply to messages
processed by earlier versions where the text "No Subject"
was auto-applied to messages when parsed. A recreation
of an archive from the original message data would
have to be done to have new behavior applied to message
processed by earlier releases.
A messages with no subject will now have the string
"[no subject]" displayed any time the $SUBJECT$ resource
variable is used for the message.
o New resources:
FIRSTPGLINK Link markup for first page of main index.
LASTPGLINK Link markup for last page of main index.
TFIRSTPGLINK Link markup for first page of thread index.
TLASTPGLINK Link markup for last page of thread index.
TNEXTINBUTTON Button markup for next message
within a thread.
TNEXTINBUTTONIA Inactive button markup for next
message within a thread.
TNEXTINLINK Link markup for next message within
a thread.
TNEXTINLINKIA Inactive link markup for next
message within a thread.
TNEXTTOPBUTTON Button markup for first message in
the next thread.
TNEXTTOPBUTTONIA Inactive button markup for first
message in the next thread.
TPREVINBUTTON Button markup for previous message
within a thread.
TPREVINBUTTONIA Inactive button markup for previous
message within a thread.
TPREVINLINK Link markup for previous message
within a thread.
TPREVINLINKIA Inactive link markup for previous
message within a thread.
TPREVTOPBUTTON Button markup for first message in the
previous thread.
TPREVTOPBUTTONIA Inactive button markup for first
message in the previous thread.
TSLICECONTBEGIN Thread slice markup before the
continuation of a broken thread.
TSLICECONTEND Thread slice markup after the
continuation of a broken thread.
TSLICEINDENTBEGIN Thread slice markup for opening a level
when continuing a broken thread.
TSLICEINDENTEND Thread slice markup for closing a level
when continuing a broken thread.
TSLICELIEND Ending markup for a thread slice
message listing.
TSLICELIENDCUR Ending markup for a thread slice
message listing.
TSLICELINONE Thread slice markup for a missing
message in thread slice.
TSLICELINONEEND Ending markup for a missing message in
thread slice.
TSLICELITXT Markup for a thread slice message
listing.
TSLICELITXTCUR Markup for a thread slice message
listing if current message.
TSLICESINGLETXT Markup for a thread slice listing with
no follow-ups.
TSLICESINGLETXTCUR Markup for a thread slice listing with
no follow-ups if current message.
TSLICESUBJECTBEG Markup before a subject based thread
slice listing.
TSLICESUBJECTEND Markup after a subject based thread
slice listing.
TSLICESUBLISTBEG Thread slice markup for starting a
sub-thread.
TSLICESUBLISTEND Thread slice markup for ending a
sub-thread.
TSLICETOPBEGIN Thread slice markup for the root/start
of a thread.
TSLICETOPBEGINCUR Thread slice markup for the root/start
of a thread.
TSLICETOPEND Thread slice markup for the end of a
thread.
TSLICETOPENDCUR Thread slice markup for the end of a
thread if current message.
o $TSLICE$ resource variable can now take up to three arguments:
$TSLICE(<before>;<after>;<inclusive>)$
where,
<before> : Number indicated the maximum number of
message to print before the current message.
If empty, the before value specified in
TSLICE resource will be used.
<after> : Number indicated the maximum number of
message to print after the current message.
If empty, the after value specified in
TSLICE resource will be used.
<inclusive> : If `1', only messages within the current
thread will be printed. If `0', messages
from the previous and next threads can
be printed if the values for <before> and
<after> would go beyond the current thread.
o TSLICE resource updated to allow specification of default
value of inclusive flag.
o The following new message specifications can be used for
message data-related resource variables:
TNEXTIN Next message within current thread.
TNEXTTOP Start of next thread.
TPREVIN Next message within current thread.
TPREVTOP Start of previous thread.
When used as arguments to the the $BUTTON$ and $LINK$ resource
variables, the TNEXTINBUTTON(IA), TNEXTTOPBUTTON(IA),
TPREVINBUTTON(IA), TPREVTOPBUTTON(IA), TNEXTINLINK(IA),
TNEXTTOPLINK(IA), TPREVINLINK(IA), TPREVTOPLINK(IA) resources
are respectively applied.
o The use of TNEXT, TPREV (and new TNEXTTOP and TPREVTOP)
message specifications in resource variables behave more
intuitively when TREVERSE is active. If at the boundaries
of a thread, TNEXT and TPREV will reference the first
message of the next thread by date and the first message
of the previous thread by date, respectively.
o Version of MHonArc and Perl are printed when MHonArc starts
unless QUIET is active.
o mhtxtplain.pl (text/plain) filter changes:
. If the htmlcheck option is set and it is detected that
the data is HTML, an attempt is first made to use the
registered text/html filter via MIMEFILTERS. If none
is defined, mhtxthtml.pl will be used.
. When uudecode option is set, an attempt is to use
the registered decoder for uuencode via MIMEDECODERS.
If not defined, then base64::uudecode is used from
base64.pl.
o mhtxthtml.pl (text/html) filter changes:
. Elements that have URL attributes that auto-load data --
IMG, BODY, IFRAME, FRAME, OBJECT, SCRIPT, INPUT -- have the
atributes converted to 'javascript:void(0);' URLs. See new
'allownoncidurls' filter argument below for more details.
. The follow filter arguments have been added:
allownoncidurls Preserve URL-based attributes that are not
cid: URLs. Normally, any URL-based
attribute -- href, src, background,
classid, data, longdesc -- will be
converted to 'javascript:void(0);'
if it is not a cid: URL. This is to
prevent malicious URLs that verify mail
addresses for spam purposes, secretly set
cookies, or gather some statistical data
automatically with the use of elements
that cause browsers to automatically
fetch data: IMG, BODY, IFRAME, FRAME,
OBJECT, SCRIPT, INPUT.
notitle Do not print title.
o Searching for OTHERINDEXES resource files has been modified.
The following lists the search order for an OTHERINDEXES
resource file:
1. Current working directory.
2. Same directory that the first resource file was read as
specified by the RCFILE resource.
3. User's home directory.
4. Archive directory.
5. Perl's @INC.
o FIRST, LAST, TFIRST, and TLAST idx_page_spec arguments to
$PGLINK$ are now supported via the FIRSTPGLINK, LASTPGLINK,
TFIRSTPGLINK, and TLASTPGLINK resources.
o $PGLINKLIST$ resource variable changed to print entire
list of page links if no arguments are provided. To get
the entire list for thread indexes, use: $PGLINKLIST(T)$.
o Date parsing routine updated to recognize dates in the
following format: Weekday, Month DD, YYYY HH:MM Zone.
Apparently, this is useful if converting mail saved to
a file in text format from MS Outlook.
o Support for defining Perl function callbacks when a
new message header is read and just after a message body
has been converted. Documentation about the callbacks is
provided in a new API appendix section in the documentation
and is provided in comments in the example mhasiteinit.pl
provided in the examples/ directory.
o Various internal changes have been made to try to eradicate
Perl 4-based conventions. For example, the use of typeglobs to
pass by "reference" has been replaced by using real references.
Assuming nothing was screwed up, this change should be
transparent to most users (with the notable exception of the
API changes to MIMEFILTERS registered routines). However,
if you have mucked with MHonArc internals, or created custom
modifications, you may need to be aware that changes have
been made.
=======================================================================
06/10/2001 (2.4.9)
o Added the following resources:
MIMEEXCS List of content-types to exclude
from processing. Exclusion occurs
before data is passed to filters.
o mhtxtplain.pl: If decoding uuencoded data, the data will
be excluded if application/octet-stream is listed the
MIMEEXCS resource.
o mhtxthtml.pl: If a CID URL is not available, the CID URL
is no longer preserved in the converted output. The CID
URL is stripped.
o Added the following to mhmimetypes.pl content-type table:
application/ms-excel => xls:MS-Excel spreadsheet
application/ms-powerpoint => ppt:MS-Powerpoint presentation
application/ms-project => mpp:MS-Project file
The "vnd." official versions are already present, but
some application use the above.
o TODO list added to distribution.
Bug Fixes
---------
See BUGS.
=======================================================================
04/13/2001 (2.4.8)
o Added the following resources:
KEEPONRMM Do not remove message files from disk
when messages are removed from the
archive.
o m2h_text_plain::filter now uses CHARSETCONVERTERS for
translating text data with a specified charset parameter.
The only exception is iso-2022-jp, which is handled directly
to properly support nourl flag.
o m2h_external::filter new arguments:
excludeexts=ext1,...
A comma separated list of message specified filename
extensions to exclude. I.e. If the filename
extension matches an extension in excludeexts, the
content will not be written. The return markup
will contain the name of the attachment, but no
link to the data. This option is best used with
application/octet-stream to exclude unwanted data
that is not tagged with the proper content-type.
The m2h_null::filter can be used to exclude content
by content-type.
o m2h_null::filter will now output a one line description
of the excluded content. This is so the reader knows that
there was message content not saved within the archive.
o m2h_text_plain::filter new arguments:
usename If extracting uuencoded data, the filename
specified should be used.
o m2h_text_html::filter new arguments:
allowcomments Preserve any comment declarations. Normally
Comment declarations are munged to prevent
SSI attacks or comments that can conflict
with MHonArc processing. Use this option
with care.
(NOTE: Comment declarations were completely stripped before,
but the regex used was known to crash perl on large comment
declarations, so a simplier expression is now used to
modify comment declarations to prevent possible attacks.)
Bug Fixes
---------
See BUGS.
