"The kantiword script in antiword allow local users to overwrite arbitrary
files via a symlink attack on temporary output and error files."
Replace the naive mktemp usage with something that actually works.
- Fix the subdir(), read(), and write() methods to handle
the case when the first element in an array-reference file
name is an absolute path name.
- Fix writable() so that it only records errors from chmod()
on files, not exit with no_result().
- Doc changes to make some of the variables in the SYNOPSIS
look like Perl variables.
- Add a Test::Cmd::Common module that sub-classes Test::Cmd to
provide common exception-handling, eliminating the need for
everyone to roll their own fail()/no_result() logic for common
errors.
- Update Test::Cmd documentation to add explicit examples of
using Test::Cmd in conjunction with Test::Harness, Test::Unit,
and Aegis. Mention that Test::Cmd::Common is available.
- Fix the subdir(), read(), and write() methods to handle
the case when the first element in an array-reference file
name is an absolute path name.
- Fix writable() so that it only records errors from chmod()
on files, not exit with no_result().
- Doc changes to make some of the variables in the SYNOPSIS
look like Perl variables.
- Add a Test::Cmd::Common module that sub-classes Test::Cmd to
provide common exception-handling, eliminating the need for
everyone to roll their own fail()/no_result() logic for common
errors.
- Update Test::Cmd documentation to add explicit examples of
using Test::Cmd in conjunction with Test::Harness, Test::Unit,
and Aegis. Mention that Test::Cmd::Common is available.
not part of the std. Python install to work again.
Secondly, add a patch from Christoph Ludwig (
http://sourceforge.net/tracker/?func=detail&aid=1324762&group_id=5470&atid=305470
)
which contains the following changes (from the SourceForge post):
1) The configure option --with-cxx is renamed
--with-cxx-main. This was done to avoid surprising the user
by the changed meaning. Furthermore, it is now possible
that CXX has a different value than provided by
--with-cxx-main, so the old name would have been
confusing.
2) The compiler used to translate python's main() function is
stored in the configure / Makefile variable MAINCC. By
default, MAINCC=$(CC). If --with-cxx-main is given (without
an appended compiler name), then MAINCC=$(CXX). If
--with-cxx-main=<compiler> is on the configure command
line, then MAINCC=<compiler>. Additionally, configure sets
CXX=<compiler> unless CXX was already set on the
configure command line.
3) The command used to link the python executable is (as
before) stored in LINKCC. By default, LINKCC='$(PURIFY)
$(MAINCC)', i.e. the linker front-end is the compiler used to
translate main(). If necessary, LINKCC can be set on the
configure command line in which case it won't be altered.
4) If CXX is not set by the user (on the command line or via
--with-cxx-main), then configure tries several likely C++
compiler names. CXX is assigned the first name that refers
to a callable program in the system. (CXX is set even if
python is built with a C compiler only, so distutils can build
C++ extensions.)
5) Modules/ccpython.cc is no longer used and can be
removed.
Patch submitted in PR 32598 by pancake <at> phreaker <dot> net
In other words:
- Add more checks and fixups on the engine.
- More keywords in wordlists database.
- Add new mode called 'silent mode'
- more charsets availables for gendict
- add some more examples
- add fine tuning for words in NEC=200
Changes in release 0.25.5:
* ne_ssl_clicert_decrypt(): catch and fail to load a client cert
with mismatched key/cert pair.
* Fix build issue on AIX 5.1.
* Fix warnings if built against OpenSSL >= 0.9.8.
* Win32: fix issues in SSPI implementation (Stefan Küng).
Numerous things have changed - a few highlights include usability changes
to the UI, better cscope query handling, user-changeable keyboard
shortcuts, automatic database rebuilding, calling graphs using the
graphviz library, as well as various bugfixes.
Also noteworthy is that the program changed license - while it used to
be licensed under the GPL, it is now covered by a BSD-style license
