version) include:
============================================================================
2002/12/21 (2.5.14)
* Security patch release: This release fixes a cross-site scripting
(XSS) vulnerability in m2h_text_html::filter (the HTML filter).
A specially crafted HTML message can have scripting markup get
by the script filtering done by m2h_text_html::filter.
============================================================================
2002/10/21 (2.5.13)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.5.13&chunksz=50>
* DBFILE resource can now be set to an absolute pathname. This
allows the database file to be located in a separate location than
in the archive directory. If not an absolute pathname, then
value is treated relative to OUTDIR.
* readmail.pl updated to handle MHTML messages better. mhtxthtml.pl
changed accordingly.
* readmail.pl handling of malformed multipart messages improved.
Cases were a the terminating boundary delimiter did not exist would
generate a warning message in the converted message body that data
could not be converted. This case should now be handled so that
end of entitiy implies a terminating boundary delimiter,
(Thanks goto Randy Blaustein for providing real-world test cases).
* Fixed problem where some message attachments were "lost". This
mainly occurs when using mha-decode with the -dcd-digest option,
or if you have registered the m2h_external::filter for message/*
data types.
(Thanks goto Steve Johnson for finding this problem.)
* m2h_external::filter will now include the subject of a message
in the attachment link if saving message/* data to a file.
* m2h_external::filter properly escapes the filename parameter
when displaying it in the attachment link. This is done to
avoid any possible XSS exploits. Note, no exploits have been
reported by using the filename parameter in messages, so this
change is more of a preemptive measure.
* m2h_external::filter will fall back to a "txt" extension for
unknown text types instead of a "bin" extension.
* m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII
data. This is so a user could define a converter if having to deal
with mislabeled character data.
(Thanks goto Mooffie for finally finding a real-world case to not
hardcode us-ascii).
============================================================================
2002/09/03 (2.5.12)
* Strip more tags and attributes that could potentially be used for
XSS exploits in the HTML filter. This is a more of a preemptive
change since no new exploits have been reported.
* DATEFIELDS resource now supports indexed field names. For example:
<DateFields>
received[1]:received[0]:date
</DateFields>
The example says that mhonarc should check the second received
field, then the first received field, and then the first date field
to determine the date of a message.
as emulators/hatari.
Hatari is an Atari ST emulator for systems supported by the SDL library.
You need a copy of an Atari ST TOS ROM to use this program. Then run
the program as follows: hatari --tos tos.image
as emulators/hatari.
Hatari is an Atari ST emulator for systems supported by the SDL library.
You need a copy of an Atari ST TOS ROM to use this program. Then run
the program as follows: hatari --tos tos.image
*) Use "close-on-exec" semantic on internal file descriptors if
underlying platform supports this feature. This makes sure the file
descriptors are closed by the kernel upon execution of exec(3) by
the application.
Provided that I copy a working gcc and the binaries from the bootstrap kit
into the sandbox manually, this gets me as far as having a pkgsrc
sandbox that can build pkg_tools/pkg_install.
Changes provided, but not clear, I guess should be a
functional improvement and some bugs fixed.
- Patch by Mike McCauley mikem@open.com_.au
- applied patch from Tim Engler <tim@burntcouch_.com>
- perl-5.8/gcc-3.2 patch on Makefile.PL from
Joern_Hoos@@notes.uni-paderborn._de, lucho@@galix._com,
bellis@@saberlogic._com, and simonclewer@@superquote._com
Changes:
- Don't require IO::String for perl-5.8 as
it has that feature built in. Based on patch
by Slaven Rezic <slaven.rezic@berlin.de>.
- Support for Exif 2.2 tags contributed by
Stephane Bailliez <sbailliez@apache.org>.
- Support Olympus C4000Z MakerNote also from
Stephane Bailliez.
- More robust TIFF parser that keeps on going if some of the
fields appears to be garbage.
- Workaround for "Samsung Digimax 200"'s brain-dead resolution
values.
Happy new year ..
This just tightens up on security a bit more.
Note anyone using plugins may have to check if all their plugins will work
with register_globals off.
(I've been using this on a local squirrelmail box with 1.2.9 for over a
month with no issues)
- selecting a word by double clicking now sets the X clipboard (like
when dragging the mouse)
- it is now possible to specify the arguments for viewers; in
particular, this means that it is possible to use browsers which
require a file: URL as HTML viewers (mozilla is used as default if
found)
- when a new LyX version is launched, the Edit>Reconfigure tool is
automatically invoked; this should avoid many problems with users
who are not aware that it is needed
- when changing the current layout with the toolbar, the corresponding
keyboard binding is shown in the minibuffer
- in hebrew language, the key " now inserts a typewriter quote (since
other quotes do not make sense in hebrew)
- Insert>Lists & TOC>Bibtex Reference uses style 'plain' by default
- new class ijmpd; update cl2emult, llncs and foils textclasses
- update sciword bindings
- small cleanup of UserGuide and FAQ; update to German, French and
Russian documentation; new Hebrew tutorial
- update french, german, russian, finnish and danish localization of
the interface
Packages Collection.
Pcf2bdf is a font de-compiler. It converts X font from
Portable Compiled Format (PCF) to Bitmap Distribution For-
mat (BDF). It can also accept a compressed/gzipped PCF
file as input, but gzip must be found in your PATH.
FONTBOUNDINGBOX in a BDF file is not used by bdftopcf , so
pcf2bdf generate irresponsible values.
- Added %k format specifier to allow printing of the file size
in formatted text output (-p option)
- Rearranged some items in the man page and quick help (-h)
to make them more readable.
- Fixed minor logic bug in mp3tech
- Now compiles under CYGWIN32
- Manual page typos fixed
- Now correctly recognizes and reports MPEG version 2.5 files
- Clearing individual ID3 fields can now be accomplished
by passing a blank argument ("") to any tag setting
switch (-t, -a, etc.)
- Fixed a bug in GTK version that showed garbage or nothing
where track information should have been displayed.
- Fixed a bug that prevented the interactive curses version from
changing from one genre to another if the second genre contained
fewer characters than the first.
- Added a FILE | OPEN menu to the GTK version
- Added a technical information view to the GTK version
- Added an 'About' box to GTK version
