Commit graph

18 commits

Author SHA1 Message Date
spz
a976cce82c adjustments for perl 5.12 (no additional adjustments for perl 5.14 needed) 2011-10-30 22:03:42 +00:00
spz
6ad9338426 security update
Problems fixed:
#32080 	Specially crafted <base href> can lead to XSS exploit
#32032 	TextEncode related resource information not saved correctly in db file
#32014 	CVE-2010-1677: DoS when processing html messages with deep tag nesting
#32013 	CVE-2010-4524: Improper escaping of certain HTML sequences (XSS)
#26577 	Changed semantic for unpack breaks UTF-8
#25486 	Resource FieldStore causes .mhonarc.db to grow over bounds.
#25225 	dir_create() fails to make temporary directories (PATCH)
#24247 	iso2022jp.pl: unneeded ESC ( B remains in message body
#23198 	Incorrect Setting Installation Directory
#20142 	strip backslash in rfc822 From: field
#20074 	extra space in subject
#18908 	X-Subject data get split in separate lines
#18113 	inconsistant thread slices w/ poor man's windowing
#17904 	FieldOrder affects AddressModifyCode
#17860 	incorrect nested HTML Tags for references
#17660 	Threaded index resource ordering doesn't allow well formed XML output
#15433 	relative attachmentdir is relative to current working dir, not outdir
#14747 	major (10X) memory savings possible in some situations
#13853 	creation of archive with attachments writes over symlinks
2011-01-09 19:59:48 +00:00
spz
7db2bc8463 fixes for CVE-2010-4524 and CVE-2010-1677 taken from the MHonArc cvs 2011-01-05 09:45:21 +00:00
jwise
2f93072414 Update mhonarc to version 2.6.16.
Changes are fixes to following bugs only:

  * in urlize change %X to %02X
  * MIMEFILTERS settings not retained in database
  * qprint.pl should be able to handle a soft line break at the end of the string
  * HTML mail does not get its charset converted
2007-02-28 16:04:16 +00:00
jwise
1ec03bbaea Update to version 2.6.15. Changes from 2.6.11 (last pkgsrc version):
2005/07/27	(2.6.15)

* Removed debugging statement introduced during v2.6.14 development
  which caused the filename of each message to be printed to stderr
  when processing MH-style folders.

* Fixed META.yml for CPAN: YAML is picky about tab characters, and
  there was a couple of tab characters causing CPAN's YAML parser to
  abort with an error.

============================================================================
2005/07/23	(2.6.14)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     2641   Additional Callbacks
     3225   CHARSETCONVERTERS not reset across multi-archive process
    11759   email address exposed in subject line
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

* New resources:

    PRINTXCOMMENTS	Print <!--X-...--> comments in generated pages.

* Added "Performance Tips" document: Provides configuration tips
  to improve the execution performance of mhonarc.

============================================================================
2005/07/06	(2.6.13)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
    12314   linebreak not utf-8 aware
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

* mha-preview example script changes:

  - If preview data not available for message, the empty string
    is used.  Before, undef was returned to mhonarc, causing
    warning messages and $X-MSG-PREVIEW$ to show up on index pages.

  - Beefed up preview text extraction to skip past quoted text.

  Someday, mha-preview functionality will be intrinisic to mhonarc.

============================================================================
2005/06/08	(2.6.12)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
    11761   spammode causes broken mailto: links in message body
    13316   No warning generated when RCFILE set to non-existent file
    13317   POSIX::setlocale() not invoked with LANG resource setting
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

* New resources:

    MIMEINCS		Content-types to allow.

* Beefed up filtering of UTF-8 messages:  "Malformed UTF-8
  ..." warnings are now suppressed with such sequences being converted
  to U+FFFD (&#xFFFD;), which should normally cause an HTML viewer
  to render a question-mark-like glyph.

  Earlier version passed malformed utf-8 sequences through.
  No bug/security problems have been reported against this, but it
  was a bad practice that has now been corrected.

* The return value for $mhonarc::CBMessageBodyRead and
  $mhonarc::CBRawMessageBodyRead is no longer N/A.  If the return
  value evaluates to false, the current message will be excluded from
  the archive and further processing.  A true value must be returned
  if the message is to not be excluded.
2005-08-17 03:29:27 +00:00
adrianp
e95972e45e - Update mhonarc for recent security issue (XSS)
- From the changelog:
>      9050   Regex abort error in mhmimetypes.pl under Win32
>     11187   incorrectly parsing UTF-8 encoded messages
>     11207   usenameext option to m2h_external::filter has no effect
>     11760   spammode false positives on some HTML mail
>     11762   rel=nofollow attribute support in message body hyperlinks
>     11977   TSLICETOPBEGCUR ignored
>     12512   Consecutive spaces not displayed in some cases
>     12802   SubjectStripCode not working on message file
>     12930   Cross site scripting bug in m2h_text_html::filter
2005-05-27 11:41:03 +00:00
agc
8758983939 Add RMD160 digests. 2005-02-24 09:59:20 +00:00
adrianp
cf3db9b232 Update mhonarc from 2.6.8 to 2.6.10
Ok'ed jwise@/wiz@

============================================================================
2004/05/17      (2.6.10)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     8982   Can't use global $1 in "my" at base64.pl
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

============================================================================
2004/05/07      (2.6.9)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     5473   directory separator for attachments on W2K
     5643   New ressource - newsserver
     5758   MULTIPG and NOSAVERESOURCES cause archive to be rewritten
     5905   Modification of non-creatable array value attempted
     6208   Mhonarc creates slightly incorrect HTML-code
     7571   <include> element doesn't look for resource files in
            $OUTDIR$
     7628   typo in mhrcfile.pl
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

* New resources:

    ATTACHMENTDIR       Directory to save attachments.
    ATTACHMENTURL       Web URL to attachment directory.
    NEWSURL             URL template for linking to newsgroups.

* Attachment filenames have changed from the numeric-style
  <ext><#####>.<ext> to <ext><XXXXXXXXXX>.<ext> where <XXXXXXXXXX>
  is a random string.  The change corresponds with a change to the
  API to mhonarc::write_attachment() function in mhmimetypes.pl.

* m2h_text_plain::filter:
  . Changed default quoting styles: Left rule changed from 0.1em
    to 0.2em and the color changed from #0000FF to #5555EE.

  . Minor changes to flowed formatting in order to provide
    consistancy with how Mozilla's Gecko engine renders flowed text.

* base64.pl will use MIME::Base64 module if present.  MIME::Base64
  uses an underly C implementation for decoding, so it is noticably
  faster than the pure-Perl approach.

============================================================================
2004-06-21 20:13:32 +00:00
xtraeme
a615423a99 Updated to 2.6.8.
Patch provided by Adrian Portelli <adrianp@stindustries.net> via PR
pkg/22753.

Changes:
============================================================================
2003/08/12      (2.6.8)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     4719   Spurious read_fmt_file call
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

============================================================================
2003/08/07      (2.6.7)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     4569   Problem with unfolding can mess up boundary processing in
            multipart messages.
     4594   Initial space on lines removed when using fancyquote.
    ------  ------------------------------------------------------------
    <https://savannah.nongnu.org/bugs/?group=mhonarc>

* Added LANG resource to define locale.  Affects resource filename
  resolution and message subject and author sorting.

* readmail.pl updated to define the following special header field
  keys passed to filter routines:

    x-mha-content-type    The media type of the entity extracted from
                          content-type entity header
    x-mha-part-number     The relative part number of the entity with
                          respect to parent entity.  To get the
                          absolute part number, use
                          readmail::get_full_part_number($fields).
    x-mha-parent-header   Reference to parent header fields hash.

  This, and other data structures, are now mentioned in the MIMEFILTERS
  resource page.

* Text/richtext tag, <samepage>, is quietly dropped in mhtxtenrich.pl.
2003-09-16 13:17:45 +00:00
jwise
2abec90132 As pointed out by wiz@, a newer version of this pkg has become available in
the mean time.  Update to MHonarc 2.6.6, based on patch from adrian.portelli@stindustries.net:

============================================================================
2003/07/21	(2.6.6)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     4387   m2h_text_plain::filter maxwidth usage can lead to crash
	    with a certain kind of input
    ------  ------------------------------------------------------------
    <http://savannah.nongnu.org/bugs/index.php?group_id=1968
     &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
     &fix_release=2.6.6&chunksz=50>

============================================================================
2003/07/19	(2.6.5)

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
     4126   Typo in mhopt.pl causes error message for big5
	    character set
     4315   allowcomments' directive to filter() is ignored
    ------  ------------------------------------------------------------
    <http://savannah.nongnu.org/bugs/index.php?group_id=1968
     &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
     &fix_release=2.6.5&chunksz=50>

* An architecture independent RPM package is now provided for
  installation.  Because of this, the package name format has slightly
  changed to be consistent RPM, and other, package managers:

      Old format      New Format
      -------------   -------------
      MHonArcX.X.X    MHonArc-X.X.X

  Installation document has been updated to reflect this change.

  If you create third-party distribution bundles for MHonArc, you may
  need to update your bundling process to take account of this change,
  mainly because the directory created when extracting the tar or
  zip bundles now include the hyphen.
2003-07-31 14:50:11 +00:00
jwise
a18ff50921 Update MHonarc to version 2.6.4. Changes since last pkgsrc version (2.5.14):
============================================================================
2003/06/20	(2.6.4)

* Bug Fixes:

  + Official:

      Bug ID  Summary
      ------  ------------------------------------------------------------
      3478    Quoted-Printable decoding should also work with
	      lowercase hex numbers
      ------  ------------------------------------------------------------
      <http://savannah.nongnu.org/bugs/index.php?group_id=1968
       &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
       &fix_release=2.6.4&chunksz=50>

  + Unoffical:

      - It appears that the UTF8 mapping table for cp1252,
	MHonArc::UTF8::CP1252, had bad data.  This has been
	fixed.

* Management of character mapping tables have been changed.  The
  various .pm module tables are now auto-generated by ucm, and
  similiar, map files.  For the end-user, the change should be
  transparent.  The change only affects how developers maintain
  the tables, and the change should make it much easier to make
  fixes to any mappings.

============================================================================
2003/04/05	(2.6.3)

* Bug Fixes:

    Bug ID  Summary
    ------  --------------------------------------------------------------
    3020    Trailing \ in regex
    3128    XSS Vulnerabilies
    2971    spammode option interferes with iso-2022-jp
    ------  --------------------------------------------------------------
  <http://savannah.nongnu.org/bugs/index.php?group_id=1968
   &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
   &fix_release=2.6.3&chunksz=50>

============================================================================
2003/03/11	(2.6.2)

* Bug Fixes:

  Bug   Resolution Fixed       Summary
  ID               Release
  2738  Fixed      2.6.2       An illegal From: address can cause MHonArc
			       to hang

  <http://savannah.nongnu.org/bugs/index.php?group_id=1968
   &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
   &fix_release=2.6.2&chunksz=50>

============================================================================
2003/02/22	(2.6.1)

* Bug Fixes: See
    <http://savannah.nongnu.org/bugs/index.php?group_id=1968
     &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
     &fix_release=2.6.1&chunksz=50>

* Corrected character mapping tables for VISCII based on a
  message to the perl-unicode mailing list.

* Added FASTTEMPFILES resource which causes MHonArc to use
  non-random temporary files.  This is less secure, but provides
  a little bit of speed improvement.

============================================================================
2003/02/10	(2.6.0)

* Bug Fixes: See
    <http://savannah.gnu.org/bugs/index.php?group_id=1968
     &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
     &fix_release=2.6.0&chunksz=50>

* New resources:

    DEFCHARSET		Default character set of message text data.
    CHARSETALIASES	Define aliases for base charset names.
    DBFILEPERMS		File permissions for DBFILE.
    FIELDSTORE		Message header fields to store in database.
    FILEPERMS		File permissions for archive files.
    ICONURLPREFIX	URL string to prepend to ICONS URLs.
    MODIFYBODYADDRESSES	Apply ADDRESSMODIFYCODE to text message bodies.
    RECONVERT		Reconvert existing messages.
    TENDBUTTON		Button to last message in thread.
    TENDBUTTONIA	Inactive button to last message in thread.
    TENDLINKIA		Inactive link to last message in thread.
    TENDLINK		Link to last message in thread.
    TEXTENCODE		Encode message text to given character encoding.
    TTOPBUTTON		Button to first message in thread.
    TTOPBUTTONIA	Inactive button to first message in thread.
    TTOPLINKIA		Inactive link to first message in thread.
    TTOPLINK		Link to first message in thread.

* New resource variables:

    $ICONURLPREFIX$	Value of ICONURLPREFIX resource.
    $MSGHFIELD$		Retrieve header field value stored via
			FIELDSTORE.

* MHonArc::CharEnt:
  + Several charset mappings added to MHonArc::CharEnt with the
    default value for CHARSETCONVERTERS updated to reflect the new
    mappings.  New charset supported include UTF-8, various Cyrillic
    sets, VISCII, Chinese sets, Japanese (iso-2022-jp and euc-jp),
    Korean, Apple-based charsets, etc.  See the documentation for
    the CHARSETCONVERTERS and CHARSETALIASES for complete list of
    character sets supported.

    Note: Sets that have bidirectional rendering (Hebrew, Arabic)
    exist, but automatic directional re-ording for rendering is
    currently not supported.

  . Some existing mappings have been updated to use Unicode numeric
    character entity references (&#xHHHH;) instead of standard SGML
    character entity references (eg. &Aelig;).  Most, if not all,
    web browsers only support the set of SGML entity references
    defined in the HTML 4.0 specification.

    All existing tables should now generate entity references
    recognized by all HTML 4.0 compliant browsers.

* MHonArc::UTF8:
  . Module completely redone to support various versions of Perl.
    utf8 support code added to all conversion to utf8 with perl
    installations that do not have utf8 support, but to also
    leverage perl installations with utf8-related modules.

* Default filter for iso-8859-1 and iso-2022-jp changed to
  MHonArc::CharEnt::str2sgml.  This helps keep MHonArc locale
  neutral in its default configuration.  Special note added
  to release notes for Japanese users about the change.

* m2h_text_plain::filter (mhtxtplain.pl):
  + Added more robust handling of format=flowed data.  By default,
    all text is rendered in a monospaced font to provide visual
    consistency between flowed and fixed text.  Proportional spaced
    font can be generated using the "nonfixed" option (where
    "keepspace" option should also be used to help preserve the
    formatting characteristics of the data).

  + Added "fancyquote" option to provide highlight of quoted text
    similiar to text/plain;format=flowed data.

  + Added "disableflowed" option to disable the flowed data
    conversion.  Data will be converted as regular text/plain.
    This option is useful for archives that cater to text-based
    browsers.

  + Added "quoteclass=<classname>" option to specify a CSS classname
    to assign to BLOCKQUOTE elements added when processing flowed
    data or when "fancyquote" is active.  This suppresses inline
    style generation.

  + Added "subdir" option for use when "uudecode" is enabled.

  - Reduced set of quote characters to just '>'.  Other characters
    are used by some people (eg. '}', '|', '+'), especially on the
    USENET, but supporting them tends to produce undesirable
    results, especially when using fancyquote.
    (Maybe make it configurable?)

  + If uudecode and usename specified, check if file ends in
    .s?html?, and if so, pass data to HTML filter.

  . Make sure to return a non-empty string for an empty body
    when in uudecode mode.  Avoids bogus warning message that
    data could not be converted.

* MIMEEXCS automatically handles unofficial version of a media type.
  For example:

    <MIMEEXCS>
    text/html
    </MIMEEXCS>

  Will exclude text/html and text/x-html data.

* m2h_text_html::filter (mhtxthtml.pl):
  + CHARSETCONVERTERS is used for converting character data.

  - Removed default=charset option.  This option is no longer
    needed with new character encoding processing features and
    CHARSETALIASES resource.

  + Convert javascript:... URLs to "_javascript_:..." when scripting
    is disabled (the default).  This is an extra measure ontop of
    element and attribute stripping.

  * <a href>'s are now preserved when cid: only URLs enabled (the
    default).  This prevents regular hyperlinks in HTML messages from
    getting stripped, which I think most people desire.  Otherwise,
    the allownoncidurls option must be used, and then this opens one
    up to potential XSS attacks.

    Due to the javascript: URL munging, preserving <a href>'s should
    be safe from auto-XSS attacks.  Readers should still be careful
    about any links they activate.

  + Added "subdir" option to specify that MHTML referenced data
    (e.g. images) are saved in a subdirectory.

  + Added "disablerelated" to disable cid: URL resolution.

  . STYLE and CLASS attributes stripped if nofont argument specified.

* m2h_text_enriched::filter (mhtxtenrich.pl):
  + CHARSETCONVERTERS is used for converting character data.
  + <lang><param>lang</param> is now mapped to <dir lang="lang">.
  + Added handling of some text/richtext tags.
  . Escape unrecognized tags.

* Archive file creation modified to minimize the local symlink exploits:

  1.  A temp file with a random name is first created and written to.
  2.  Temp file is compressed if GZIPFILES is active.
  3.  Temp file is renamed to final filename.
  4.  File permissions are set according to FILEPERMS/DBFILEPERMS.

  Using a random temp filename makes it difficult for someone to
  predict filenames to execute a symlink exploit.  The rename operation
  is immune to symlink exploits, hence trying to using well-known names
  (e.g. maillist.html, threads.html) for exploitation will not work.

  A similiar technique is used for directory creation for filters
  that support the "subdir" option.

  Generation of temp files is done via the File::Temp module, if
  installed.  If not installed, a homegrown implementation is used.
  Although not as secure and robust as File::Temp, it's better than
  nothing and should provide a decent deterrent.

* Setuid/setgid execution causes mhonarc to terminate with an error.
  Mhonarc does not pass taint checks, so we abort with an error that
  setuid/setgid execution is not supported.  MHonArc is too insecure
  for setuid operation and trying to make it setuid-safe would require
  alot of work and potentially limit a large amount of functionality.

* More robust parsing used for determining $FROMNAME$ and $FROMADDR*$
  resource variables.

* rfc822.pl library removed and replaced with MHonArc::RFC822 module.

* Warning message, "Unable to process data..." removed from message
  page when unable to convert any part of a message (usually due to
  user-defined MIMEFILTERS settings).  Instead, a warning message
  is generated to standard error (like other mhonarc warnings) and
  the resulting message page will have a blank message body.

* m2h_msg_extbody::filter: (mhmsgextbody.pl)
  + Added support for http/x-http access type.  This appears to
    be an experimental access type since the general URI type can be
    used instead.
  . Properly sanitize parameter data.
  . Some minor cosmetic changes in the HTML generated.

* m2h_text_tsv::filter (mhtxttsv.pl):
  . Sanitize field data.

* m2h_text_setext::filter (mhtxtsetext.pl) has been removed.  It
  appears this media-type is part of document history.
2003-07-31 14:30:29 +00:00
jwise
c0582f127c Update mhonarc to version 2.5.14. Changes since 2.5.11 (the last pkgsrc
version) include:

============================================================================
2002/12/21	(2.5.14)

* Security patch release: This release fixes a cross-site scripting
  (XSS) vulnerability in m2h_text_html::filter (the HTML filter).
  A specially crafted HTML message can have scripting markup get
  by the script filtering done by m2h_text_html::filter.

============================================================================
2002/10/21	(2.5.13)

* Bug Fixes: See
    <http://savannah.gnu.org/bugs/index.php?group_id=1968
     &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
     &fix_release=2.5.13&chunksz=50>

* DBFILE resource can now be set to an absolute pathname.  This
  allows the database file to be located in a separate location than
  in the archive directory.  If not an absolute pathname, then
  value is treated relative to OUTDIR.

* readmail.pl updated to handle MHTML messages better.  mhtxthtml.pl
  changed accordingly.

* readmail.pl handling of malformed multipart messages improved.
  Cases were a the terminating boundary delimiter did not exist would
  generate a warning message in the converted message body that data
  could not be converted.  This case should now be handled so that
  end of entitiy implies a terminating boundary delimiter,
  (Thanks goto Randy Blaustein for providing real-world test cases).

* Fixed problem where some message attachments were "lost".  This
  mainly occurs when using mha-decode with the -dcd-digest option,
  or if you have registered the m2h_external::filter for message/*
  data types.
  (Thanks goto Steve Johnson for finding this problem.)

* m2h_external::filter will now include the subject of a message
  in the attachment link if saving message/* data to a file.

* m2h_external::filter properly escapes the filename parameter
  when displaying it in the attachment link.  This is done to
  avoid any possible XSS exploits.  Note, no exploits have been
  reported by using the filename parameter in messages, so this
  change is more of a preemptive measure.

* m2h_external::filter will fall back to a "txt" extension for
  unknown text types instead of a "bin" extension.

* m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII
  data.  This is so a user could define a converter if having to deal
  with mislabeled character data.
  (Thanks goto Mooffie for finally finding a real-world case to not
  hardcode us-ascii).

============================================================================
2002/09/03	(2.5.12)

* Strip more tags and attributes that could potentially be used for
  XSS exploits in the HTML filter.  This is a more of a preemptive
  change since no new exploits have been reported.

* DATEFIELDS resource now supports indexed field names.  For example:

    <DateFields>
    received[1]:received[0]:date
    </DateFields>

  The example says that mhonarc should check the second received
  field, then the first received field, and then the first date field
  to determine the date of a message.
2002-12-31 19:36:26 +00:00
grant
4dc1140815 Update to mhonarc-2.5.11.
The following is a summary of sigificant changes since 2.5.3. Please
see CHANGES in the distfile for the full list of changes.

* The following mail header fields added to list of fields that can
  contain mail addresses: mail-reply-to, original-bcc, original-cc,
  original-from, original-sender, original-to, resent-bcc, x-envelope.
  Applicable to MAILTO, MAILTOURL, and ADDRESSMODIFYCODE resources.

* Added MHonArc::UTF8 CHARSETCONVERTER module as recommended at
  <http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=131512&repeatmerged=yes>.
  However, module redone to use utf8 pragma in Perl where appropriate
  and to remove unnecessary code.  Use of module does require that
  the Unicode::MapUTF8 module is installed and the utf8 pragma is
  supported in the version of Perl you are using.

* Added MIMEALTPREFS resource: Content-type preferences for
  multipart/alternative data.  You can now tell MHonArc to use the
  text/plain part over a text/html part in multipart/alternative
  messages.

* Added the following resources:

    IDXPGSSMARKUP   Markup at the beginning of all index pages.
    MSGPGSSMARKUP   Markup at the beginning of all message pages.
    TIDXPGSSMARKUP  Markup at the beginning of all thread index pages.

  Each resource will default to the value of the SSMARKUP resource
  if not defined.

* Removed references to HEADER and FOOTER resources in the docs.
  Resources removed in v2.5.0.

* Updated default resource layout settings in docs to use lowercase
  tag names since MHonArc changed to use lowercase in defaults
  in v2.4.7.

* Added NOSUBJECTTXT resource: Defines raw subject text to use
  for messages that do not have a subject.

* Incorporated format=flowed support into mhtxtplain.pl contributed
  by Ken Hirsch, with some minor improvements.

* mha-decode now supports the following option: -dcd-digest.  This
  tells mha-decode to not recursively process attached message/rfc822
  and message/news entities.  This option is useful to extract
  out all the individual messages of a message digest.

* Added message/rfc822 and message/news to mhmimetypes.pl
  content-type => extension/description hash.  The extension used
  is ".822".
2002-08-23 01:48:25 +00:00
grant
251dc164d1 use .bz2 distfile. 2002-08-21 07:28:28 +00:00
jwise
3927fd21da Update to mhonarc-2.5.3.
Changes since 2.4.9 (the last pkgsrc version):

*   Added 'use locale' pragmas to be applied when sorting messages.
    This is considered experimental, but it appears to give better
    results when sorting text that contains 8-bit-non-English
    characters.  This is far from any real locale support, but
    hopefully it is better than nothing.

*   Beefed up HTML filtering in mhtxthtml.pl to eliminate some
    security exploits.

    CAUTION: If you are worried about security, it is recommended
	     that you disable support of text/html messages in
	     your mail archives.  There is no guarantee that
	     the mhtxthtml.pl library is robust enough to
	     eliminate all possible exploits that can occur with
	     HTML data.

    Thanks goto Jason Molenda and Hiromitsu Takagi for spotting
    more exploit cases.

*   mhtxtplain.pl checks MIMEXCS if text/html data is excluded
    when the htmlcheck option is specified.  Seems unnecessary
    because someone use excludes HTML data will probably not use
    the htmlcheck option to m2h_text_plain::filter.

*   Modified mail address extraction for $FROMADDR$ resource
    variable to help deal with malformed From: header fields.
    Thanks to Eugene Eric Kim for the recommendation.

*   Fixed uudecoding support in mhtxtplain.pl to handle spaces
    in filenames and \r\n EOLs.  Thanks to Jordan Russell for
    spotting this.

*   Added ISO-8859-15 mappings.  Thanks goto Jan Kraeber for the
    contribution.

*   Removed GIF images from distribution.  All GIF images
    have been converted to PNG format.  Transparency of PNG
    images may only be supported in the latest versions of various
    graphical web browsers.

    See <http://www.gnu.org/philosophy/gif.html> for reasons
    why GIF images should not be used.

*   Source code imported into CVS.  CVS respository is currently
    not available publicly.  Stilling wondering if a site like
    savannah.gnu.org should be used or if the respository should
    be hosted independently, like at www.mhonarc.org.

*   Fixed regex patterns in readmail.pl to avoid Perl warning
    messages.

*   Created a contrib/ directory to contain any contributed
    programs imported into the MHonArc distribution.  Moved
    prsfrom.pl from extras/ to contrib/.

*   Added Security section to FAQ.  Provided more information to
    question, "Why does a message get split into mulitple messages
    with no headers?", mainly information contributed by users.

============================================================================
2001/11/24	(2.5.2)

    (See BUGS for the list of bugs reported and fixed)

    o	mha-dbrecover new options:

	  -dbr-startnum #
	      The starting message number to recover data from. This
	      option is useful if you have many message files in a
	      directory, but you only want to recover a subset of the
	      files. If this option is not specified, the starting
	      number is 0.

	  -dbr-endnum #
	      The ending message number to recover data from. This
	      option is useful if you have many message files in a
	      directory, but you only want to recover a subset of the
	      files. If this option is not specified, all messages
	      starting from -dbr-startnum will be recovered.

    o	MSGPGBEGIN default value changed where $SUBJECTNA:72$ has
	been replaced with $SUBJECTNA$.  This is so default values
	do not have any possible conflicts with variable-width
	character sets.

============================================================================
2001/11/13	(2.5.1)

    (See BUGS for the list of bugs reported and fixed)

    o	Added special note within the release notes about
	downgrading.

    o	Some documentation corrections.

============================================================================
2001/10/14	(2.5.0)

    [This is non-beta release of 2.5.0.  See the change notes
     below and for the various beta release for a complete list of
     changes from the last v2.4 release.]

    (See BUGS for the list of bugs reported and fixed)

    o	The ICONS resource has been updated to support the association
	of icons at the base type level (e.g. text/*) and to specify
	width and height hints.  The example icon resource file
	listed in an appendix of the documentation updated to
	to use changes to ICONS resource.

    o	Formatting of attachment links within the m2hexternal.pl
	filter has been updated to provide more verbose information.
	Description of the format provided in the MIMEFILTERS
	documentation.	Also, a 'frame' filter argument is now
	supported to instruct the filter to draw a frame around
	the link.

    o   Default value for MIMEArgs has been changed to the following:

	  <MIMEArgs>
	  m2h_external::filter; inline
	  </MIMEArgs>

	This is more concise then previous default value.

	On a resource file maintenance standpoint, it is generally
	best to specify filter arguments at the filter level and
	not at the content-type level.

    o   Value of Perl's $^O variable printed with version information
	for -V, -v, -help command-line options.

    o	The count of new messages added to archive are now printed
	along with the total message count when QUIET is not active.

============================================================================
2001/09/05	(2.5.0b2)

    (See BUGS for the list of bugs fixed)

    o	Long overdue update of ACKNOWLG file.

    o	New resources:

	  TSLICELEVELS	-- Maximum depth for thread slices.

    o	New resource variables:

	  $TLEVEL$	-- Numeric level of message in thread.

    o	Added recognition of windows-1250 and windows-1252 charsets
	into MHonArc::CharEnt and to default value of CHARSETCONVERTERS
	resource.  To apply to existing archives, use mha-dbedit
	with examples/def-mime.mrc resource file.

    o	SUBJECTREPLYRXP now used to determine if "Re: " is added
	when $SUBJECT$ is used within MAILTOURL.

    o	Code cleanup to eliminate perl -w warnings.  Cleanup not
	required for running MHonArc, but convenient for those that
	use MHonArc with perl's -w option.

============================================================================
2001/08/26	(2.5.0b)

    (See BUGS for the list of bugs fixed)

    o	API for MIMEFILTERS has been changed.  Content filters are
	now called as follows:

	  ($html, @files) =
	      &filter($fields_hash_ref, $body_data_ref, $is_decoded,
		      $filter_args);

	Paramaters:
	  $fields_hash_ref
		      A reference to hash of message/part header
		      fields.  Keys are field names in lowercase
		      and values are array references containing the
		      field values.  For example, to obtain the
		      content-type, if defined, you would do:

			$fields_hash_ref->{'content-type'}[0]

		      Values for a fields are stored in arrays since
		      duplication of fields are possible.  For example,
		      the Received: header field is typically repeated
		      multiple times.  For fields that only occur once,
		      then array for the field will only contain one
		      item.

	  $body_data_ref
		      Reference to body data.  It is okay for the
		      filter to modify the text in-place.

	  $is_decoded
		      Boolean flag if body data has been decoded.
		      This is normally true unless some non-standard
		      content-transfer-encoding is used.

	  $filter_args
		      String containing filter args as defined by
		      MIMEARGS resource.

	Return:
	  The return value is still treated in the same manner as
	  previous releases.  The first item in the return list is
	  the text that should printed to the message page.  Any
	  other items in the return list are derived filenames created
	  by the filter.  If undef, or the empty string, is returned,
	  readmail.pl assumes the filter was unable to filter the
	  data.

	All the filters provided in the MHonArc distribution have
	been modified to use the new calling convention.

    o	The HEADER and FOOTER resources are no longer supported.

    o	The default value of DEFRCNAME is now ".mhonarc.mrc"
	("mhonarc.mrc" for Win/DOS).

    o	ISO8859 character set data processing now defaults to using
	the MHonArc::CharEnt module.  The old iso8859.pl library
	is still provided for compatibility with older archives.
	To update archives to use the new settings, you can run
	the following command,

	    mha-dbedit -rcfile examples/def-mime.mrc \
		       -outdir /path/to/archive

	where "examples/def-mime.mrc" represents the default MIME
	processing resources for MHonArc provided within the MHonArc
	distribution.

	The new module is more efficient in memory usage by only
	loading mappings for character sets actually processed.  The
	old iso8859.pl library preloads all mappings.  Also, the
	module is designed to be easily extensible for processing
	any 8-bit-based character sets.

    o	Reference, follow-up, and derived file information of a
	message is now stored in a different format in the database
	(and internally).  MHonArc will auto-update older archives
	to the new format.  The newer format should provide some
	performance improvement.

    o	Messages with no subjects are now stored with no subjects.
	In previous releases, the text "No Subject" was automatically
	added as a message was parsed, hence there was no real
	indicator that a message had no real subject.

	A related change is that messages without subject text
	are skipped in subject-based thread detection.  Therefore,
	a no-subject message will never be a possible follow-up,
	but it is still possible for it to be an explicit follow-up
	if it includes reference message-ids.

	NOTE: This functionality does not apply to messages
	processed by earlier versions where the text "No Subject"
	was auto-applied to messages when parsed.  A recreation
	of an archive from the original message data would
	have to be done to have new behavior applied to message
	processed by earlier releases.

	A messages with no subject will now have the string
	"[no subject]" displayed any time the $SUBJECT$ resource
	variable is used for the message.

    o	New resources:

	    FIRSTPGLINK 	Link markup for first page of main index.
	    LASTPGLINK 		Link markup for last page of main index.
	    TFIRSTPGLINK 	Link markup for first page of thread index.
	    TLASTPGLINK 	Link markup for last page of thread index.
	    TNEXTINBUTTON	Button markup for next message
				within a thread.
	    TNEXTINBUTTONIA	Inactive button markup for next
				message within a thread.
	    TNEXTINLINK 	Link markup for next message within
				a thread.
	    TNEXTINLINKIA	Inactive link markup for next
				message within a thread.
	    TNEXTTOPBUTTON	Button markup for first message in
				the next thread.
	    TNEXTTOPBUTTONIA	Inactive button markup for first
				message in the next thread.
	    TPREVINBUTTON	Button markup for previous message
				within a thread.
	    TPREVINBUTTONIA	Inactive button markup for previous
				message within a thread.
	    TPREVINLINK 	Link markup for previous message
				within a thread.
	    TPREVINLINKIA	Inactive link markup for previous
				message within a thread.
	    TPREVTOPBUTTON	Button markup for first message in the
				previous thread.
	    TPREVTOPBUTTONIA	Inactive button markup for first
				message in the previous thread.
	    TSLICECONTBEGIN	Thread slice markup before the
				continuation of a broken thread.
	    TSLICECONTEND	Thread slice markup after the
				continuation of a broken thread.
	    TSLICEINDENTBEGIN	Thread slice markup for opening a level
				when continuing a broken thread.
	    TSLICEINDENTEND	Thread slice markup for closing a level
				when continuing a broken thread.
	    TSLICELIEND 	Ending markup for a thread slice
				message listing.
	    TSLICELIENDCUR	Ending markup for a thread slice
				message listing.
	    TSLICELINONE	Thread slice markup for a missing
				message in thread slice.
	    TSLICELINONEEND	Ending markup for a missing message in
				thread slice.
	    TSLICELITXT 	Markup for a thread slice message
				listing.
	    TSLICELITXTCUR	Markup for a thread slice message
				listing if current message.
	    TSLICESINGLETXT	Markup for a thread slice listing with
				no follow-ups.
	    TSLICESINGLETXTCUR	Markup for a thread slice listing with
				no follow-ups if current message.
	    TSLICESUBJECTBEG	Markup before a subject based thread
				slice listing.
	    TSLICESUBJECTEND	Markup after a subject based thread
				slice listing.
	    TSLICESUBLISTBEG	Thread slice markup for starting a
				sub-thread.
	    TSLICESUBLISTEND	Thread slice markup for ending a
				sub-thread.
	    TSLICETOPBEGIN	Thread slice markup for the root/start
				of a thread.
	    TSLICETOPBEGINCUR	Thread slice markup for the root/start
				of a thread.
	    TSLICETOPEND	Thread slice markup for the end of a
				thread.
	    TSLICETOPENDCUR	Thread slice markup for the end of a
				thread if current message.

    o	$TSLICE$ resource variable can now take up to three arguments:

	    $TSLICE(<before>;<after>;<inclusive>)$

	where,

	    <before>	: Number indicated the maximum number of
			  message to print before the current message.
			  If empty, the before value specified in
			  TSLICE resource will be used.
	    <after>	: Number indicated the maximum number of
			  message to print after the current message.
			  If empty, the after value specified in
			  TSLICE resource will be used.
	    <inclusive> : If `1', only messages within the current
			  thread will be printed.  If `0', messages
			  from the previous and next threads can
			  be printed if the values for <before> and
			  <after> would go beyond the current thread.

    o	TSLICE resource updated to allow specification of default
	value of inclusive flag.

    o	The following new message specifications can be used for
	message data-related resource variables:

	    TNEXTIN		Next message within current thread.
	    TNEXTTOP		Start of next thread.
	    TPREVIN		Next message within current thread.
	    TPREVTOP		Start of previous thread.

	When used as arguments to the the $BUTTON$ and $LINK$ resource
	variables, the TNEXTINBUTTON(IA), TNEXTTOPBUTTON(IA),
	TPREVINBUTTON(IA), TPREVTOPBUTTON(IA), TNEXTINLINK(IA),
	TNEXTTOPLINK(IA), TPREVINLINK(IA), TPREVTOPLINK(IA) resources
	are respectively applied.

    o	The use of TNEXT, TPREV (and new TNEXTTOP and TPREVTOP)
	message specifications in resource variables behave more
	intuitively when TREVERSE is active.  If at the boundaries
	of a thread, TNEXT and TPREV will reference the first
	message of the next thread by date and the first message
	of the previous thread by date, respectively.

    o	Version of MHonArc and Perl are printed when MHonArc starts
	unless QUIET is active.

    o	mhtxtplain.pl (text/plain) filter changes:

	.   If the htmlcheck option is set and it is detected that
	    the data is HTML, an attempt is first made to use the
	    registered text/html filter via MIMEFILTERS.  If none
	    is defined, mhtxthtml.pl will be used.

	.   When uudecode option is set, an attempt is to use
	    the registered decoder for uuencode via MIMEDECODERS.
	    If not defined, then base64::uudecode is used from
	    base64.pl.

    o	mhtxthtml.pl (text/html) filter changes:

	.   Elements that have URL attributes that auto-load data --
	    IMG, BODY, IFRAME, FRAME, OBJECT, SCRIPT, INPUT -- have the
	    atributes converted to 'javascript:void(0);' URLs.	See new
	    'allownoncidurls' filter argument below for more details.

	.   The follow filter arguments have been added:

	    allownoncidurls Preserve URL-based attributes that are not
			    cid: URLs.	Normally, any URL-based
			    attribute -- href, src, background,
			    classid, data, longdesc -- will be
			    converted to 'javascript:void(0);'
			    if it is not a cid: URL.  This is to
			    prevent malicious URLs that verify mail
			    addresses for spam purposes, secretly set
			    cookies, or gather some statistical data
			    automatically with the use of elements
			    that cause browsers to automatically
			    fetch data: IMG, BODY, IFRAME, FRAME,
			    OBJECT, SCRIPT, INPUT.

	    notitle  	    Do not print title.

    o	Searching for OTHERINDEXES resource files has been modified.
	The following lists the search order for an OTHERINDEXES
	resource file:

	    1. Current working directory.
	    2. Same directory that the first resource file was read as
	       specified by the RCFILE resource.
	    3. User's home directory.
	    4. Archive directory.
	    5. Perl's @INC.

    o	FIRST, LAST, TFIRST, and TLAST idx_page_spec arguments to
	$PGLINK$ are now supported via the FIRSTPGLINK, LASTPGLINK,
	TFIRSTPGLINK, and TLASTPGLINK resources.

    o	$PGLINKLIST$ resource variable changed to print entire
	list of page links if no arguments are provided.  To get
	the entire list for thread indexes, use: $PGLINKLIST(T)$.

    o	Date parsing routine updated to recognize dates in the
	following format: Weekday, Month DD, YYYY HH:MM Zone.
	Apparently, this is useful if converting mail saved to
	a file in text format from MS Outlook.

    o	Support for defining Perl function callbacks when a
	new message header is read and just after a message body
	has been converted.  Documentation about the callbacks is
	provided in a new API appendix section in the documentation
	and is provided in comments in the example mhasiteinit.pl
	provided in the examples/ directory.

    o	Various internal changes have been made to try to eradicate
	Perl 4-based conventions.  For example, the use of typeglobs to
	pass by "reference" has been replaced by using real references.

	Assuming nothing was screwed up, this change should be
	transparent to most users (with the notable exception of the
	API changes to MIMEFILTERS registered routines).  However,
	if you have mucked with MHonArc internals, or created custom
	modifications, you may need to be aware that changes have
	been made.
2002-04-21 00:43:09 +00:00
taca
bc47e201d3 Update mhonarc to 2.4.9.
=======================================================================
06/10/2001	(2.4.9)

    o	Added the following resources:

	    MIMEEXCS		List of content-types to exclude
				from processing.  Exclusion occurs
				before data is passed to filters.

    o	mhtxtplain.pl: If decoding uuencoded data, the data will
	be excluded if application/octet-stream is listed the
	MIMEEXCS resource.

    o	mhtxthtml.pl: If a CID URL is not available, the CID URL
	is no longer preserved in the converted output.  The CID
	URL is stripped.

    o	Added the following to mhmimetypes.pl content-type table:

	  application/ms-excel		=> xls:MS-Excel spreadsheet
	  application/ms-powerpoint	=> ppt:MS-Powerpoint presentation
	  application/ms-project	=> mpp:MS-Project file

	The "vnd." official versions are already present, but
	some application use the above.

    o	TODO list added to distribution.

    Bug Fixes
    ---------
    See BUGS.

=======================================================================
04/13/2001	(2.4.8)

    o	Added the following resources:

	    KEEPONRMM   	Do not remove message files from disk
				when messages are removed from the
				archive.

    o	m2h_text_plain::filter now uses CHARSETCONVERTERS for
	translating text data with a specified charset parameter.
	The only exception is iso-2022-jp, which is handled directly
	to properly support nourl flag.

    o	m2h_external::filter new arguments:

	excludeexts=ext1,...
		  A comma separated list of message specified filename
		  extensions to exclude.  I.e.	If the filename
		  extension matches an extension in excludeexts, the
		  content will not be written.	The return markup
		  will contain the name of the attachment, but no
		  link to the data.  This option is best used with
		  application/octet-stream to exclude unwanted data
		  that is not tagged with the proper content-type.
		  The m2h_null::filter can be used to exclude content
		  by content-type.

    o	m2h_null::filter will now output a one line description
	of the excluded content.  This is so the reader knows that
	there was message content not saved within the archive.

    o	m2h_text_plain::filter new arguments:

	usename		If extracting uuencoded data, the filename
			specified should be used.

    o	m2h_text_html::filter new arguments:

 	allowcomments	Preserve any comment declarations.  Normally
 			Comment declarations are munged to prevent
 			SSI attacks or comments that can conflict
 			with MHonArc processing.  Use this option
 			with care.

	(NOTE: Comment declarations were completely stripped before,
	 but the regex used was known to crash perl on large comment
	 declarations, so a simplier expression is now used to
	 modify comment declarations to prevent possible attacks.)


    Bug Fixes
    ---------
    See BUGS.
2001-07-16 13:44:30 +00:00
agc
b26a4eb88b Move to sha1 digests, and add distfile sizes. 2001-04-20 13:09:54 +00:00
agc
9e8d6c8b8d + move the distfile digest/checksum value from files/md5 to distinfo
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-04-17 11:33:31 +00:00
Renamed from mail/mhonarc/files/md5 (Browse further)