18 commits
Author | SHA1 | Message | Date | |
---|---|---|---|---|
spz
|
a976cce82c | adjustments for perl 5.12 (no additional adjustments for perl 5.14 needed) | ||
spz
|
6ad9338426 |
security update
Problems fixed: #32080 Specially crafted <base href> can lead to XSS exploit #32032 TextEncode related resource information not saved correctly in db file #32014 CVE-2010-1677: DoS when processing html messages with deep tag nesting #32013 CVE-2010-4524: Improper escaping of certain HTML sequences (XSS) #26577 Changed semantic for unpack breaks UTF-8 #25486 Resource FieldStore causes .mhonarc.db to grow over bounds. #25225 dir_create() fails to make temporary directories (PATCH) #24247 iso2022jp.pl: unneeded ESC ( B remains in message body #23198 Incorrect Setting Installation Directory #20142 strip backslash in rfc822 From: field #20074 extra space in subject #18908 X-Subject data get split in separate lines #18113 inconsistant thread slices w/ poor man's windowing #17904 FieldOrder affects AddressModifyCode #17860 incorrect nested HTML Tags for references #17660 Threaded index resource ordering doesn't allow well formed XML output #15433 relative attachmentdir is relative to current working dir, not outdir #14747 major (10X) memory savings possible in some situations #13853 creation of archive with attachments writes over symlinks |
||
spz
|
7db2bc8463 | fixes for CVE-2010-4524 and CVE-2010-1677 taken from the MHonArc cvs | ||
jwise
|
2f93072414 |
Update mhonarc to version 2.6.16.
Changes are fixes to following bugs only: * in urlize change %X to %02X * MIMEFILTERS settings not retained in database * qprint.pl should be able to handle a soft line break at the end of the string * HTML mail does not get its charset converted |
||
jwise
|
1ec03bbaea |
Update to version 2.6.15. Changes from 2.6.11 (last pkgsrc version):
2005/07/27 (2.6.15) * Removed debugging statement introduced during v2.6.14 development which caused the filename of each message to be printed to stderr when processing MH-style folders. * Fixed META.yml for CPAN: YAML is picky about tab characters, and there was a couple of tab characters causing CPAN's YAML parser to abort with an error. ============================================================================ 2005/07/23 (2.6.14) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 2641 Additional Callbacks 3225 CHARSETCONVERTERS not reset across multi-archive process 11759 email address exposed in subject line ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> * New resources: PRINTXCOMMENTS Print <!--X-...--> comments in generated pages. * Added "Performance Tips" document: Provides configuration tips to improve the execution performance of mhonarc. ============================================================================ 2005/07/06 (2.6.13) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 12314 linebreak not utf-8 aware ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> * mha-preview example script changes: - If preview data not available for message, the empty string is used. Before, undef was returned to mhonarc, causing warning messages and $X-MSG-PREVIEW$ to show up on index pages. - Beefed up preview text extraction to skip past quoted text. Someday, mha-preview functionality will be intrinisic to mhonarc. ============================================================================ 2005/06/08 (2.6.12) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 11761 spammode causes broken mailto: links in message body 13316 No warning generated when RCFILE set to non-existent file 13317 POSIX::setlocale() not invoked with LANG resource setting ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> * New resources: MIMEINCS Content-types to allow. * Beefed up filtering of UTF-8 messages: "Malformed UTF-8 ..." warnings are now suppressed with such sequences being converted to U+FFFD (�), which should normally cause an HTML viewer to render a question-mark-like glyph. Earlier version passed malformed utf-8 sequences through. No bug/security problems have been reported against this, but it was a bad practice that has now been corrected. * The return value for $mhonarc::CBMessageBodyRead and $mhonarc::CBRawMessageBodyRead is no longer N/A. If the return value evaluates to false, the current message will be excluded from the archive and further processing. A true value must be returned if the message is to not be excluded. |
||
adrianp
|
e95972e45e |
- Update mhonarc for recent security issue (XSS)
- From the changelog: > 9050 Regex abort error in mhmimetypes.pl under Win32 > 11187 incorrectly parsing UTF-8 encoded messages > 11207 usenameext option to m2h_external::filter has no effect > 11760 spammode false positives on some HTML mail > 11762 rel=nofollow attribute support in message body hyperlinks > 11977 TSLICETOPBEGCUR ignored > 12512 Consecutive spaces not displayed in some cases > 12802 SubjectStripCode not working on message file > 12930 Cross site scripting bug in m2h_text_html::filter |
||
agc
|
8758983939 | Add RMD160 digests. | ||
adrianp
|
cf3db9b232 |
Update mhonarc from 2.6.8 to 2.6.10
Ok'ed jwise@/wiz@ ============================================================================ 2004/05/17 (2.6.10) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 8982 Can't use global $1 in "my" at base64.pl ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> ============================================================================ 2004/05/07 (2.6.9) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 5473 directory separator for attachments on W2K 5643 New ressource - newsserver 5758 MULTIPG and NOSAVERESOURCES cause archive to be rewritten 5905 Modification of non-creatable array value attempted 6208 Mhonarc creates slightly incorrect HTML-code 7571 <include> element doesn't look for resource files in $OUTDIR$ 7628 typo in mhrcfile.pl ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> * New resources: ATTACHMENTDIR Directory to save attachments. ATTACHMENTURL Web URL to attachment directory. NEWSURL URL template for linking to newsgroups. * Attachment filenames have changed from the numeric-style <ext><#####>.<ext> to <ext><XXXXXXXXXX>.<ext> where <XXXXXXXXXX> is a random string. The change corresponds with a change to the API to mhonarc::write_attachment() function in mhmimetypes.pl. * m2h_text_plain::filter: . Changed default quoting styles: Left rule changed from 0.1em to 0.2em and the color changed from #0000FF to #5555EE. . Minor changes to flowed formatting in order to provide consistancy with how Mozilla's Gecko engine renders flowed text. * base64.pl will use MIME::Base64 module if present. MIME::Base64 uses an underly C implementation for decoding, so it is noticably faster than the pure-Perl approach. ============================================================================ |
||
xtraeme
|
a615423a99 |
Updated to 2.6.8.
Patch provided by Adrian Portelli <adrianp@stindustries.net> via PR pkg/22753. Changes: ============================================================================ 2003/08/12 (2.6.8) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 4719 Spurious read_fmt_file call ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> ============================================================================ 2003/08/07 (2.6.7) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 4569 Problem with unfolding can mess up boundary processing in multipart messages. 4594 Initial space on lines removed when using fancyquote. ------ ------------------------------------------------------------ <https://savannah.nongnu.org/bugs/?group=mhonarc> * Added LANG resource to define locale. Affects resource filename resolution and message subject and author sorting. * readmail.pl updated to define the following special header field keys passed to filter routines: x-mha-content-type The media type of the entity extracted from content-type entity header x-mha-part-number The relative part number of the entity with respect to parent entity. To get the absolute part number, use readmail::get_full_part_number($fields). x-mha-parent-header Reference to parent header fields hash. This, and other data structures, are now mentioned in the MIMEFILTERS resource page. * Text/richtext tag, <samepage>, is quietly dropped in mhtxtenrich.pl. |
||
jwise
|
2abec90132 |
As pointed out by wiz@, a newer version of this pkg has become available in
the mean time. Update to MHonarc 2.6.6, based on patch from adrian.portelli@stindustries.net: ============================================================================ 2003/07/21 (2.6.6) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 4387 m2h_text_plain::filter maxwidth usage can lead to crash with a certain kind of input ------ ------------------------------------------------------------ <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.6&chunksz=50> ============================================================================ 2003/07/19 (2.6.5) * Bug Fixes: Bug ID Summary ------ ------------------------------------------------------------ 4126 Typo in mhopt.pl causes error message for big5 character set 4315 allowcomments' directive to filter() is ignored ------ ------------------------------------------------------------ <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.5&chunksz=50> * An architecture independent RPM package is now provided for installation. Because of this, the package name format has slightly changed to be consistent RPM, and other, package managers: Old format New Format ------------- ------------- MHonArcX.X.X MHonArc-X.X.X Installation document has been updated to reflect this change. If you create third-party distribution bundles for MHonArc, you may need to update your bundling process to take account of this change, mainly because the directory created when extracting the tar or zip bundles now include the hyphen. |
||
jwise
|
a18ff50921 |
Update MHonarc to version 2.6.4. Changes since last pkgsrc version (2.5.14):
============================================================================ 2003/06/20 (2.6.4) * Bug Fixes: + Official: Bug ID Summary ------ ------------------------------------------------------------ 3478 Quoted-Printable decoding should also work with lowercase hex numbers ------ ------------------------------------------------------------ <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.4&chunksz=50> + Unoffical: - It appears that the UTF8 mapping table for cp1252, MHonArc::UTF8::CP1252, had bad data. This has been fixed. * Management of character mapping tables have been changed. The various .pm module tables are now auto-generated by ucm, and similiar, map files. For the end-user, the change should be transparent. The change only affects how developers maintain the tables, and the change should make it much easier to make fixes to any mappings. ============================================================================ 2003/04/05 (2.6.3) * Bug Fixes: Bug ID Summary ------ -------------------------------------------------------------- 3020 Trailing \ in regex 3128 XSS Vulnerabilies 2971 spammode option interferes with iso-2022-jp ------ -------------------------------------------------------------- <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.3&chunksz=50> ============================================================================ 2003/03/11 (2.6.2) * Bug Fixes: Bug Resolution Fixed Summary ID Release 2738 Fixed 2.6.2 An illegal From: address can cause MHonArc to hang <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.2&chunksz=50> ============================================================================ 2003/02/22 (2.6.1) * Bug Fixes: See <http://savannah.nongnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.1&chunksz=50> * Corrected character mapping tables for VISCII based on a message to the perl-unicode mailing list. * Added FASTTEMPFILES resource which causes MHonArc to use non-random temporary files. This is less secure, but provides a little bit of speed improvement. ============================================================================ 2003/02/10 (2.6.0) * Bug Fixes: See <http://savannah.gnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.6.0&chunksz=50> * New resources: DEFCHARSET Default character set of message text data. CHARSETALIASES Define aliases for base charset names. DBFILEPERMS File permissions for DBFILE. FIELDSTORE Message header fields to store in database. FILEPERMS File permissions for archive files. ICONURLPREFIX URL string to prepend to ICONS URLs. MODIFYBODYADDRESSES Apply ADDRESSMODIFYCODE to text message bodies. RECONVERT Reconvert existing messages. TENDBUTTON Button to last message in thread. TENDBUTTONIA Inactive button to last message in thread. TENDLINKIA Inactive link to last message in thread. TENDLINK Link to last message in thread. TEXTENCODE Encode message text to given character encoding. TTOPBUTTON Button to first message in thread. TTOPBUTTONIA Inactive button to first message in thread. TTOPLINKIA Inactive link to first message in thread. TTOPLINK Link to first message in thread. * New resource variables: $ICONURLPREFIX$ Value of ICONURLPREFIX resource. $MSGHFIELD$ Retrieve header field value stored via FIELDSTORE. * MHonArc::CharEnt: + Several charset mappings added to MHonArc::CharEnt with the default value for CHARSETCONVERTERS updated to reflect the new mappings. New charset supported include UTF-8, various Cyrillic sets, VISCII, Chinese sets, Japanese (iso-2022-jp and euc-jp), Korean, Apple-based charsets, etc. See the documentation for the CHARSETCONVERTERS and CHARSETALIASES for complete list of character sets supported. Note: Sets that have bidirectional rendering (Hebrew, Arabic) exist, but automatic directional re-ording for rendering is currently not supported. . Some existing mappings have been updated to use Unicode numeric character entity references (&#xHHHH;) instead of standard SGML character entity references (eg. &Aelig;). Most, if not all, web browsers only support the set of SGML entity references defined in the HTML 4.0 specification. All existing tables should now generate entity references recognized by all HTML 4.0 compliant browsers. * MHonArc::UTF8: . Module completely redone to support various versions of Perl. utf8 support code added to all conversion to utf8 with perl installations that do not have utf8 support, but to also leverage perl installations with utf8-related modules. * Default filter for iso-8859-1 and iso-2022-jp changed to MHonArc::CharEnt::str2sgml. This helps keep MHonArc locale neutral in its default configuration. Special note added to release notes for Japanese users about the change. * m2h_text_plain::filter (mhtxtplain.pl): + Added more robust handling of format=flowed data. By default, all text is rendered in a monospaced font to provide visual consistency between flowed and fixed text. Proportional spaced font can be generated using the "nonfixed" option (where "keepspace" option should also be used to help preserve the formatting characteristics of the data). + Added "fancyquote" option to provide highlight of quoted text similiar to text/plain;format=flowed data. + Added "disableflowed" option to disable the flowed data conversion. Data will be converted as regular text/plain. This option is useful for archives that cater to text-based browsers. + Added "quoteclass=<classname>" option to specify a CSS classname to assign to BLOCKQUOTE elements added when processing flowed data or when "fancyquote" is active. This suppresses inline style generation. + Added "subdir" option for use when "uudecode" is enabled. - Reduced set of quote characters to just '>'. Other characters are used by some people (eg. '}', '|', '+'), especially on the USENET, but supporting them tends to produce undesirable results, especially when using fancyquote. (Maybe make it configurable?) + If uudecode and usename specified, check if file ends in .s?html?, and if so, pass data to HTML filter. . Make sure to return a non-empty string for an empty body when in uudecode mode. Avoids bogus warning message that data could not be converted. * MIMEEXCS automatically handles unofficial version of a media type. For example: <MIMEEXCS> text/html </MIMEEXCS> Will exclude text/html and text/x-html data. * m2h_text_html::filter (mhtxthtml.pl): + CHARSETCONVERTERS is used for converting character data. - Removed default=charset option. This option is no longer needed with new character encoding processing features and CHARSETALIASES resource. + Convert javascript:... URLs to "_javascript_:..." when scripting is disabled (the default). This is an extra measure ontop of element and attribute stripping. * <a href>'s are now preserved when cid: only URLs enabled (the default). This prevents regular hyperlinks in HTML messages from getting stripped, which I think most people desire. Otherwise, the allownoncidurls option must be used, and then this opens one up to potential XSS attacks. Due to the javascript: URL munging, preserving <a href>'s should be safe from auto-XSS attacks. Readers should still be careful about any links they activate. + Added "subdir" option to specify that MHTML referenced data (e.g. images) are saved in a subdirectory. + Added "disablerelated" to disable cid: URL resolution. . STYLE and CLASS attributes stripped if nofont argument specified. * m2h_text_enriched::filter (mhtxtenrich.pl): + CHARSETCONVERTERS is used for converting character data. + <lang><param>lang</param> is now mapped to <dir lang="lang">. + Added handling of some text/richtext tags. . Escape unrecognized tags. * Archive file creation modified to minimize the local symlink exploits: 1. A temp file with a random name is first created and written to. 2. Temp file is compressed if GZIPFILES is active. 3. Temp file is renamed to final filename. 4. File permissions are set according to FILEPERMS/DBFILEPERMS. Using a random temp filename makes it difficult for someone to predict filenames to execute a symlink exploit. The rename operation is immune to symlink exploits, hence trying to using well-known names (e.g. maillist.html, threads.html) for exploitation will not work. A similiar technique is used for directory creation for filters that support the "subdir" option. Generation of temp files is done via the File::Temp module, if installed. If not installed, a homegrown implementation is used. Although not as secure and robust as File::Temp, it's better than nothing and should provide a decent deterrent. * Setuid/setgid execution causes mhonarc to terminate with an error. Mhonarc does not pass taint checks, so we abort with an error that setuid/setgid execution is not supported. MHonArc is too insecure for setuid operation and trying to make it setuid-safe would require alot of work and potentially limit a large amount of functionality. * More robust parsing used for determining $FROMNAME$ and $FROMADDR*$ resource variables. * rfc822.pl library removed and replaced with MHonArc::RFC822 module. * Warning message, "Unable to process data..." removed from message page when unable to convert any part of a message (usually due to user-defined MIMEFILTERS settings). Instead, a warning message is generated to standard error (like other mhonarc warnings) and the resulting message page will have a blank message body. * m2h_msg_extbody::filter: (mhmsgextbody.pl) + Added support for http/x-http access type. This appears to be an experimental access type since the general URI type can be used instead. . Properly sanitize parameter data. . Some minor cosmetic changes in the HTML generated. * m2h_text_tsv::filter (mhtxttsv.pl): . Sanitize field data. * m2h_text_setext::filter (mhtxtsetext.pl) has been removed. It appears this media-type is part of document history. |
||
jwise
|
c0582f127c |
Update mhonarc to version 2.5.14. Changes since 2.5.11 (the last pkgsrc
version) include: ============================================================================ 2002/12/21 (2.5.14) * Security patch release: This release fixes a cross-site scripting (XSS) vulnerability in m2h_text_html::filter (the HTML filter). A specially crafted HTML message can have scripting markup get by the script filtering done by m2h_text_html::filter. ============================================================================ 2002/10/21 (2.5.13) * Bug Fixes: See <http://savannah.gnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.5.13&chunksz=50> * DBFILE resource can now be set to an absolute pathname. This allows the database file to be located in a separate location than in the archive directory. If not an absolute pathname, then value is treated relative to OUTDIR. * readmail.pl updated to handle MHTML messages better. mhtxthtml.pl changed accordingly. * readmail.pl handling of malformed multipart messages improved. Cases were a the terminating boundary delimiter did not exist would generate a warning message in the converted message body that data could not be converted. This case should now be handled so that end of entitiy implies a terminating boundary delimiter, (Thanks goto Randy Blaustein for providing real-world test cases). * Fixed problem where some message attachments were "lost". This mainly occurs when using mha-decode with the -dcd-digest option, or if you have registered the m2h_external::filter for message/* data types. (Thanks goto Steve Johnson for finding this problem.) * m2h_external::filter will now include the subject of a message in the attachment link if saving message/* data to a file. * m2h_external::filter properly escapes the filename parameter when displaying it in the attachment link. This is done to avoid any possible XSS exploits. Note, no exploits have been reported by using the filename parameter in messages, so this change is more of a preemptive measure. * m2h_external::filter will fall back to a "txt" extension for unknown text types instead of a "bin" extension. * m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII data. This is so a user could define a converter if having to deal with mislabeled character data. (Thanks goto Mooffie for finally finding a real-world case to not hardcode us-ascii). ============================================================================ 2002/09/03 (2.5.12) * Strip more tags and attributes that could potentially be used for XSS exploits in the HTML filter. This is a more of a preemptive change since no new exploits have been reported. * DATEFIELDS resource now supports indexed field names. For example: <DateFields> received[1]:received[0]:date </DateFields> The example says that mhonarc should check the second received field, then the first received field, and then the first date field to determine the date of a message. |
||
grant
|
4dc1140815 |
Update to mhonarc-2.5.11.
The following is a summary of sigificant changes since 2.5.3. Please see CHANGES in the distfile for the full list of changes. * The following mail header fields added to list of fields that can contain mail addresses: mail-reply-to, original-bcc, original-cc, original-from, original-sender, original-to, resent-bcc, x-envelope. Applicable to MAILTO, MAILTOURL, and ADDRESSMODIFYCODE resources. * Added MHonArc::UTF8 CHARSETCONVERTER module as recommended at <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=131512&repeatmerged=yes>. However, module redone to use utf8 pragma in Perl where appropriate and to remove unnecessary code. Use of module does require that the Unicode::MapUTF8 module is installed and the utf8 pragma is supported in the version of Perl you are using. * Added MIMEALTPREFS resource: Content-type preferences for multipart/alternative data. You can now tell MHonArc to use the text/plain part over a text/html part in multipart/alternative messages. * Added the following resources: IDXPGSSMARKUP Markup at the beginning of all index pages. MSGPGSSMARKUP Markup at the beginning of all message pages. TIDXPGSSMARKUP Markup at the beginning of all thread index pages. Each resource will default to the value of the SSMARKUP resource if not defined. * Removed references to HEADER and FOOTER resources in the docs. Resources removed in v2.5.0. * Updated default resource layout settings in docs to use lowercase tag names since MHonArc changed to use lowercase in defaults in v2.4.7. * Added NOSUBJECTTXT resource: Defines raw subject text to use for messages that do not have a subject. * Incorporated format=flowed support into mhtxtplain.pl contributed by Ken Hirsch, with some minor improvements. * mha-decode now supports the following option: -dcd-digest. This tells mha-decode to not recursively process attached message/rfc822 and message/news entities. This option is useful to extract out all the individual messages of a message digest. * Added message/rfc822 and message/news to mhmimetypes.pl content-type => extension/description hash. The extension used is ".822". |
||
grant
|
251dc164d1 | use .bz2 distfile. | ||
jwise
|
3927fd21da |
Update to mhonarc-2.5.3.
Changes since 2.4.9 (the last pkgsrc version): * Added 'use locale' pragmas to be applied when sorting messages. This is considered experimental, but it appears to give better results when sorting text that contains 8-bit-non-English characters. This is far from any real locale support, but hopefully it is better than nothing. * Beefed up HTML filtering in mhtxthtml.pl to eliminate some security exploits. CAUTION: If you are worried about security, it is recommended that you disable support of text/html messages in your mail archives. There is no guarantee that the mhtxthtml.pl library is robust enough to eliminate all possible exploits that can occur with HTML data. Thanks goto Jason Molenda and Hiromitsu Takagi for spotting more exploit cases. * mhtxtplain.pl checks MIMEXCS if text/html data is excluded when the htmlcheck option is specified. Seems unnecessary because someone use excludes HTML data will probably not use the htmlcheck option to m2h_text_plain::filter. * Modified mail address extraction for $FROMADDR$ resource variable to help deal with malformed From: header fields. Thanks to Eugene Eric Kim for the recommendation. * Fixed uudecoding support in mhtxtplain.pl to handle spaces in filenames and \r\n EOLs. Thanks to Jordan Russell for spotting this. * Added ISO-8859-15 mappings. Thanks goto Jan Kraeber for the contribution. * Removed GIF images from distribution. All GIF images have been converted to PNG format. Transparency of PNG images may only be supported in the latest versions of various graphical web browsers. See <http://www.gnu.org/philosophy/gif.html> for reasons why GIF images should not be used. * Source code imported into CVS. CVS respository is currently not available publicly. Stilling wondering if a site like savannah.gnu.org should be used or if the respository should be hosted independently, like at www.mhonarc.org. * Fixed regex patterns in readmail.pl to avoid Perl warning messages. * Created a contrib/ directory to contain any contributed programs imported into the MHonArc distribution. Moved prsfrom.pl from extras/ to contrib/. * Added Security section to FAQ. Provided more information to question, "Why does a message get split into mulitple messages with no headers?", mainly information contributed by users. ============================================================================ 2001/11/24 (2.5.2) (See BUGS for the list of bugs reported and fixed) o mha-dbrecover new options: -dbr-startnum # The starting message number to recover data from. This option is useful if you have many message files in a directory, but you only want to recover a subset of the files. If this option is not specified, the starting number is 0. -dbr-endnum # The ending message number to recover data from. This option is useful if you have many message files in a directory, but you only want to recover a subset of the files. If this option is not specified, all messages starting from -dbr-startnum will be recovered. o MSGPGBEGIN default value changed where $SUBJECTNA:72$ has been replaced with $SUBJECTNA$. This is so default values do not have any possible conflicts with variable-width character sets. ============================================================================ 2001/11/13 (2.5.1) (See BUGS for the list of bugs reported and fixed) o Added special note within the release notes about downgrading. o Some documentation corrections. ============================================================================ 2001/10/14 (2.5.0) [This is non-beta release of 2.5.0. See the change notes below and for the various beta release for a complete list of changes from the last v2.4 release.] (See BUGS for the list of bugs reported and fixed) o The ICONS resource has been updated to support the association of icons at the base type level (e.g. text/*) and to specify width and height hints. The example icon resource file listed in an appendix of the documentation updated to to use changes to ICONS resource. o Formatting of attachment links within the m2hexternal.pl filter has been updated to provide more verbose information. Description of the format provided in the MIMEFILTERS documentation. Also, a 'frame' filter argument is now supported to instruct the filter to draw a frame around the link. o Default value for MIMEArgs has been changed to the following: <MIMEArgs> m2h_external::filter; inline </MIMEArgs> This is more concise then previous default value. On a resource file maintenance standpoint, it is generally best to specify filter arguments at the filter level and not at the content-type level. o Value of Perl's $^O variable printed with version information for -V, -v, -help command-line options. o The count of new messages added to archive are now printed along with the total message count when QUIET is not active. ============================================================================ 2001/09/05 (2.5.0b2) (See BUGS for the list of bugs fixed) o Long overdue update of ACKNOWLG file. o New resources: TSLICELEVELS -- Maximum depth for thread slices. o New resource variables: $TLEVEL$ -- Numeric level of message in thread. o Added recognition of windows-1250 and windows-1252 charsets into MHonArc::CharEnt and to default value of CHARSETCONVERTERS resource. To apply to existing archives, use mha-dbedit with examples/def-mime.mrc resource file. o SUBJECTREPLYRXP now used to determine if "Re: " is added when $SUBJECT$ is used within MAILTOURL. o Code cleanup to eliminate perl -w warnings. Cleanup not required for running MHonArc, but convenient for those that use MHonArc with perl's -w option. ============================================================================ 2001/08/26 (2.5.0b) (See BUGS for the list of bugs fixed) o API for MIMEFILTERS has been changed. Content filters are now called as follows: ($html, @files) = &filter($fields_hash_ref, $body_data_ref, $is_decoded, $filter_args); Paramaters: $fields_hash_ref A reference to hash of message/part header fields. Keys are field names in lowercase and values are array references containing the field values. For example, to obtain the content-type, if defined, you would do: $fields_hash_ref->{'content-type'}[0] Values for a fields are stored in arrays since duplication of fields are possible. For example, the Received: header field is typically repeated multiple times. For fields that only occur once, then array for the field will only contain one item. $body_data_ref Reference to body data. It is okay for the filter to modify the text in-place. $is_decoded Boolean flag if body data has been decoded. This is normally true unless some non-standard content-transfer-encoding is used. $filter_args String containing filter args as defined by MIMEARGS resource. Return: The return value is still treated in the same manner as previous releases. The first item in the return list is the text that should printed to the message page. Any other items in the return list are derived filenames created by the filter. If undef, or the empty string, is returned, readmail.pl assumes the filter was unable to filter the data. All the filters provided in the MHonArc distribution have been modified to use the new calling convention. o The HEADER and FOOTER resources are no longer supported. o The default value of DEFRCNAME is now ".mhonarc.mrc" ("mhonarc.mrc" for Win/DOS). o ISO8859 character set data processing now defaults to using the MHonArc::CharEnt module. The old iso8859.pl library is still provided for compatibility with older archives. To update archives to use the new settings, you can run the following command, mha-dbedit -rcfile examples/def-mime.mrc \ -outdir /path/to/archive where "examples/def-mime.mrc" represents the default MIME processing resources for MHonArc provided within the MHonArc distribution. The new module is more efficient in memory usage by only loading mappings for character sets actually processed. The old iso8859.pl library preloads all mappings. Also, the module is designed to be easily extensible for processing any 8-bit-based character sets. o Reference, follow-up, and derived file information of a message is now stored in a different format in the database (and internally). MHonArc will auto-update older archives to the new format. The newer format should provide some performance improvement. o Messages with no subjects are now stored with no subjects. In previous releases, the text "No Subject" was automatically added as a message was parsed, hence there was no real indicator that a message had no real subject. A related change is that messages without subject text are skipped in subject-based thread detection. Therefore, a no-subject message will never be a possible follow-up, but it is still possible for it to be an explicit follow-up if it includes reference message-ids. NOTE: This functionality does not apply to messages processed by earlier versions where the text "No Subject" was auto-applied to messages when parsed. A recreation of an archive from the original message data would have to be done to have new behavior applied to message processed by earlier releases. A messages with no subject will now have the string "[no subject]" displayed any time the $SUBJECT$ resource variable is used for the message. o New resources: FIRSTPGLINK Link markup for first page of main index. LASTPGLINK Link markup for last page of main index. TFIRSTPGLINK Link markup for first page of thread index. TLASTPGLINK Link markup for last page of thread index. TNEXTINBUTTON Button markup for next message within a thread. TNEXTINBUTTONIA Inactive button markup for next message within a thread. TNEXTINLINK Link markup for next message within a thread. TNEXTINLINKIA Inactive link markup for next message within a thread. TNEXTTOPBUTTON Button markup for first message in the next thread. TNEXTTOPBUTTONIA Inactive button markup for first message in the next thread. TPREVINBUTTON Button markup for previous message within a thread. TPREVINBUTTONIA Inactive button markup for previous message within a thread. TPREVINLINK Link markup for previous message within a thread. TPREVINLINKIA Inactive link markup for previous message within a thread. TPREVTOPBUTTON Button markup for first message in the previous thread. TPREVTOPBUTTONIA Inactive button markup for first message in the previous thread. TSLICECONTBEGIN Thread slice markup before the continuation of a broken thread. TSLICECONTEND Thread slice markup after the continuation of a broken thread. TSLICEINDENTBEGIN Thread slice markup for opening a level when continuing a broken thread. TSLICEINDENTEND Thread slice markup for closing a level when continuing a broken thread. TSLICELIEND Ending markup for a thread slice message listing. TSLICELIENDCUR Ending markup for a thread slice message listing. TSLICELINONE Thread slice markup for a missing message in thread slice. TSLICELINONEEND Ending markup for a missing message in thread slice. TSLICELITXT Markup for a thread slice message listing. TSLICELITXTCUR Markup for a thread slice message listing if current message. TSLICESINGLETXT Markup for a thread slice listing with no follow-ups. TSLICESINGLETXTCUR Markup for a thread slice listing with no follow-ups if current message. TSLICESUBJECTBEG Markup before a subject based thread slice listing. TSLICESUBJECTEND Markup after a subject based thread slice listing. TSLICESUBLISTBEG Thread slice markup for starting a sub-thread. TSLICESUBLISTEND Thread slice markup for ending a sub-thread. TSLICETOPBEGIN Thread slice markup for the root/start of a thread. TSLICETOPBEGINCUR Thread slice markup for the root/start of a thread. TSLICETOPEND Thread slice markup for the end of a thread. TSLICETOPENDCUR Thread slice markup for the end of a thread if current message. o $TSLICE$ resource variable can now take up to three arguments: $TSLICE(<before>;<after>;<inclusive>)$ where, <before> : Number indicated the maximum number of message to print before the current message. If empty, the before value specified in TSLICE resource will be used. <after> : Number indicated the maximum number of message to print after the current message. If empty, the after value specified in TSLICE resource will be used. <inclusive> : If `1', only messages within the current thread will be printed. If `0', messages from the previous and next threads can be printed if the values for <before> and <after> would go beyond the current thread. o TSLICE resource updated to allow specification of default value of inclusive flag. o The following new message specifications can be used for message data-related resource variables: TNEXTIN Next message within current thread. TNEXTTOP Start of next thread. TPREVIN Next message within current thread. TPREVTOP Start of previous thread. When used as arguments to the the $BUTTON$ and $LINK$ resource variables, the TNEXTINBUTTON(IA), TNEXTTOPBUTTON(IA), TPREVINBUTTON(IA), TPREVTOPBUTTON(IA), TNEXTINLINK(IA), TNEXTTOPLINK(IA), TPREVINLINK(IA), TPREVTOPLINK(IA) resources are respectively applied. o The use of TNEXT, TPREV (and new TNEXTTOP and TPREVTOP) message specifications in resource variables behave more intuitively when TREVERSE is active. If at the boundaries of a thread, TNEXT and TPREV will reference the first message of the next thread by date and the first message of the previous thread by date, respectively. o Version of MHonArc and Perl are printed when MHonArc starts unless QUIET is active. o mhtxtplain.pl (text/plain) filter changes: . If the htmlcheck option is set and it is detected that the data is HTML, an attempt is first made to use the registered text/html filter via MIMEFILTERS. If none is defined, mhtxthtml.pl will be used. . When uudecode option is set, an attempt is to use the registered decoder for uuencode via MIMEDECODERS. If not defined, then base64::uudecode is used from base64.pl. o mhtxthtml.pl (text/html) filter changes: . Elements that have URL attributes that auto-load data -- IMG, BODY, IFRAME, FRAME, OBJECT, SCRIPT, INPUT -- have the atributes converted to 'javascript:void(0);' URLs. See new 'allownoncidurls' filter argument below for more details. . The follow filter arguments have been added: allownoncidurls Preserve URL-based attributes that are not cid: URLs. Normally, any URL-based attribute -- href, src, background, classid, data, longdesc -- will be converted to 'javascript:void(0);' if it is not a cid: URL. This is to prevent malicious URLs that verify mail addresses for spam purposes, secretly set cookies, or gather some statistical data automatically with the use of elements that cause browsers to automatically fetch data: IMG, BODY, IFRAME, FRAME, OBJECT, SCRIPT, INPUT. notitle Do not print title. o Searching for OTHERINDEXES resource files has been modified. The following lists the search order for an OTHERINDEXES resource file: 1. Current working directory. 2. Same directory that the first resource file was read as specified by the RCFILE resource. 3. User's home directory. 4. Archive directory. 5. Perl's @INC. o FIRST, LAST, TFIRST, and TLAST idx_page_spec arguments to $PGLINK$ are now supported via the FIRSTPGLINK, LASTPGLINK, TFIRSTPGLINK, and TLASTPGLINK resources. o $PGLINKLIST$ resource variable changed to print entire list of page links if no arguments are provided. To get the entire list for thread indexes, use: $PGLINKLIST(T)$. o Date parsing routine updated to recognize dates in the following format: Weekday, Month DD, YYYY HH:MM Zone. Apparently, this is useful if converting mail saved to a file in text format from MS Outlook. o Support for defining Perl function callbacks when a new message header is read and just after a message body has been converted. Documentation about the callbacks is provided in a new API appendix section in the documentation and is provided in comments in the example mhasiteinit.pl provided in the examples/ directory. o Various internal changes have been made to try to eradicate Perl 4-based conventions. For example, the use of typeglobs to pass by "reference" has been replaced by using real references. Assuming nothing was screwed up, this change should be transparent to most users (with the notable exception of the API changes to MIMEFILTERS registered routines). However, if you have mucked with MHonArc internals, or created custom modifications, you may need to be aware that changes have been made. |
||
taca
|
bc47e201d3 |
Update mhonarc to 2.4.9.
======================================================================= 06/10/2001 (2.4.9) o Added the following resources: MIMEEXCS List of content-types to exclude from processing. Exclusion occurs before data is passed to filters. o mhtxtplain.pl: If decoding uuencoded data, the data will be excluded if application/octet-stream is listed the MIMEEXCS resource. o mhtxthtml.pl: If a CID URL is not available, the CID URL is no longer preserved in the converted output. The CID URL is stripped. o Added the following to mhmimetypes.pl content-type table: application/ms-excel => xls:MS-Excel spreadsheet application/ms-powerpoint => ppt:MS-Powerpoint presentation application/ms-project => mpp:MS-Project file The "vnd." official versions are already present, but some application use the above. o TODO list added to distribution. Bug Fixes --------- See BUGS. ======================================================================= 04/13/2001 (2.4.8) o Added the following resources: KEEPONRMM Do not remove message files from disk when messages are removed from the archive. o m2h_text_plain::filter now uses CHARSETCONVERTERS for translating text data with a specified charset parameter. The only exception is iso-2022-jp, which is handled directly to properly support nourl flag. o m2h_external::filter new arguments: excludeexts=ext1,... A comma separated list of message specified filename extensions to exclude. I.e. If the filename extension matches an extension in excludeexts, the content will not be written. The return markup will contain the name of the attachment, but no link to the data. This option is best used with application/octet-stream to exclude unwanted data that is not tagged with the proper content-type. The m2h_null::filter can be used to exclude content by content-type. o m2h_null::filter will now output a one line description of the excluded content. This is so the reader knows that there was message content not saved within the archive. o m2h_text_plain::filter new arguments: usename If extracting uuencoded data, the filename specified should be used. o m2h_text_html::filter new arguments: allowcomments Preserve any comment declarations. Normally Comment declarations are munged to prevent SSI attacks or comments that can conflict with MHonArc processing. Use this option with care. (NOTE: Comment declarations were completely stripped before, but the regex used was known to crash perl on large comment declarations, so a simplier expression is now used to modify comment declarations to prevent possible attacks.) Bug Fixes --------- See BUGS. |
||
agc
|
b26a4eb88b | Move to sha1 digests, and add distfile sizes. | ||
agc
|
9e8d6c8b8d |
+ move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo |
Renamed from mail/mhonarc/files/md5 (Browse further)