84bb8a032a
Add PKG_DESTDIR_SUPPORT; Add LICENSE `$Cambridge: hermes/src/prayer/docs/DONE,v 1.66 2011/06/27 13:39:56 dpc22 Exp $ 27/06/2010 ========== Release: Prayer 1.3.4 22/06/2011 ========== draft.c fixes: Fold long lines of addresses before the entry which reaches 78 characters when possible, rather than after the first entry which crosses that boundary. Long standing bug bear of mine but several support functions needed to be rewritten to use scratch string in place of output buffer. Long subject lines which are not RFC1522 encoded need to be folded. separately. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>. RFC1522 is not allowed to fold lines in the middle of a UTF-8 multibyte character. Reported by Andrey N. Oktyabrski <ano@bestmx.ru>. Tidy library: Add support for tidyp fork of (apparently abandoned) tidy library. Fix cross site scripting problem: MSIE and Chrome think that <!---> is a complete comment. Allows people to hide scripts inside <!---><script>...<!--->. Strip all comments (which is something that the old sanitiser had been doing already) Sieve blocks should check "From: " address in body as well as envelope sender address. Check "Sender: " as well for completeness. Linux needs IPPROTO_IPV6 to bind to '0.0.0.0' and '::' 01/11/2010 ========== Mike Brudenell <mike.brudenell@york.ac.uk> reported problem with RFC 2183/RFC 2231 quoting with vey long filenames, or filenames with strange characters from ASCII range. 20/07/2010 ========== Release: Prayer 1.3.3 08/07/2010 ========== Better handling of complex multipart messages: Rather than just displaying the first text/plain or text/html that we can find in the top, (leaving people to access sections for the other parts), display the entire tree: multipart/alternative are handled as before, but with other multipart messages, recurse into the subtrees and repeat. Given: 1 (Nested multipart) 1.1 text/html 1.2 text/plain 2 text/plain we display sections 1.1 and 2. Previously we would display section 2, which is a bit of a disaster if section (1) was the original message and a listserver has helpfully tagged on a message footer as a separate bodypart Combine os_*.c back into a single file (which is where I started off many years back). Eliminates lots of repeated code. 07/07/2010 ========== Bugs ==== os_bind_inet_socket(unsigned long port, char *interface) If interface resolves to multiple IP addresses then only binds to the first. Should really walk along ai->ai_next and bind to each IP address in turn. Unfortuanetly this means that os_bind_inet_socket() needs to return an array of sockfds rather than a single int. Parent routines probably aren't going to play ball either. Most likely cause will be a hostname which generates both IPv4 and IPv6 addresses. Unfortanately it is a probably that we are going to have to solve eventually. 05/07/2010 ========== Fix XSS problems reported by: Jacob H. Hilton <jhh40@cam.ac.uk> Dr Andrew C Aitchison <A.C.Aitchison@dpmms.cam.ac.uk> Rather than trying to spot dangerous tags by simple substring matching in C, I now feed the html through Tidy library (http://tidy.sourceforge.net/), and then prune unwanted nodes from the parse tree before setting it to the pretty printer. The only problem is that the Tidy library doesn't provide any public API for manipulating the parse tree (although it does provide a public API for walking the tree!?), so I had to dig around to find the private functions required to remove and manipulate nodes. Javascript embedded into CSS is also a problem: I need to strip off CSS character entities before looking for dangerous expressions. The final part is still a simple string match: I hope that I don't end up having to generate parse trees for CSS as well as the HTML. Now passes full test suite at: https://secure.grepular.com/email_privacy_tester/ Better vacation screen Subject line Phrasing Coping with multiple logins as single user from single browser: SessionID stored in HTTP Cookie: second login blats first Can store SessionID in URL (Prayer does this if no cookies available) Not secure: leaks in HTTP "Referrer" header with links from HTML email. Solution: Use HTTP Cookie keyed by PID of login session. Smaller cleanups: Improve gap between words in spell check (Cambridge house style) Remove extra blank lines after postpone, restore cycle.
34 lines
1 KiB
Bash
34 lines
1 KiB
Bash
$NetBSD: patch-files_install.sh,v 1.1 2011/06/30 01:17:38 schnoebe Exp $
|
|
|
|
--- files/install.sh.orig 2008-09-16 09:59:56.000000000 +0000
|
|
+++ files/install.sh
|
|
@@ -67,14 +67,18 @@ if [ ! -d ${PREFIX}/etc ]; then
|
|
${INSTALL} -d -o ${RO_USER} -g ${RO_GROUP} -m ${PUBLIC_DIR} ${PREFIX}/etc
|
|
fi
|
|
|
|
-if [ ! -d ${PREFIX}/certs ]; then
|
|
- ${INSTALL} -d -o ${RO_USER} -g ${RO_GROUP} -m ${PRIVATE_DIR} ${PREFIX}/certs
|
|
+if [ ! -d ${SSLCERTS} ]; then
|
|
+ ${BSD_INSTALL_DATA_DIR} ${SSLCERTS}
|
|
fi
|
|
|
|
if [ ! -d ${BIN_DIR} ]; then
|
|
${INSTALL} -d -o ${RO_USER} -g ${RO_GROUP} -m ${PUBLIC_DIR} ${BIN_DIR}
|
|
fi
|
|
|
|
+if [ ! -d "${PREFIX}/share/prayer" ]; then
|
|
+ mkdir "${PREFIX}/share/prayer"
|
|
+fi
|
|
+
|
|
for i in icons static
|
|
do
|
|
if [ -d "${PREFIX}/${i}" ]; then
|
|
@@ -82,6 +86,6 @@ do
|
|
rm -rf ${PREFIX}/${i}
|
|
fi
|
|
echo Copying ${i}
|
|
- (tar cf - ${i}) | (cd ${PREFIX} ; tar xf -)
|
|
- (cd ${PREFIX}; chown -R ${RO_USER}:${RO_GROUP} ${i})
|
|
+ (tar cf - ${i}) | (cd ${PREFIX}/share/prayer ; tar xf -)
|
|
+ # (cd ${PREFIX}; chown -R ${RO_USER}:${RO_GROUP} ${i})
|
|
done
|