Automatic conversion of the NetBSD pkgsrc CVS module, use with care
c0582f127c
version) include:
============================================================================
2002/12/21 (2.5.14)
* Security patch release: This release fixes a cross-site scripting
(XSS) vulnerability in m2h_text_html::filter (the HTML filter).
A specially crafted HTML message can have scripting markup get
by the script filtering done by m2h_text_html::filter.
============================================================================
2002/10/21 (2.5.13)
* Bug Fixes: See
<http://savannah.gnu.org/bugs/index.php?group_id=1968
&set=custom&advsrch=0&msort=0&report_id=105&go_report=Go
&fix_release=2.5.13&chunksz=50>
* DBFILE resource can now be set to an absolute pathname. This
allows the database file to be located in a separate location than
in the archive directory. If not an absolute pathname, then
value is treated relative to OUTDIR.
* readmail.pl updated to handle MHTML messages better. mhtxthtml.pl
changed accordingly.
* readmail.pl handling of malformed multipart messages improved.
Cases were a the terminating boundary delimiter did not exist would
generate a warning message in the converted message body that data
could not be converted. This case should now be handled so that
end of entitiy implies a terminating boundary delimiter,
(Thanks goto Randy Blaustein for providing real-world test cases).
* Fixed problem where some message attachments were "lost". This
mainly occurs when using mha-decode with the -dcd-digest option,
or if you have registered the m2h_external::filter for message/*
data types.
(Thanks goto Steve Johnson for finding this problem.)
* m2h_external::filter will now include the subject of a message
in the attachment link if saving message/* data to a file.
* m2h_external::filter properly escapes the filename parameter
when displaying it in the attachment link. This is done to
avoid any possible XSS exploits. Note, no exploits have been
reported by using the filename parameter in messages, so this
change is more of a preemptive measure.
* m2h_external::filter will fall back to a "txt" extension for
unknown text types instead of a "bin" extension.
* m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII
data. This is so a user could define a converter if having to deal
with mislabeled character data.
(Thanks goto Mooffie for finally finding a real-world case to not
hardcode us-ascii).
============================================================================
2002/09/03 (2.5.12)
* Strip more tags and attributes that could potentially be used for
XSS exploits in the HTML filter. This is a more of a preemptive
change since no new exploits have been reported.
* DATEFIELDS resource now supports indexed field names. For example:
<DateFields>
received[1]:received[0]:date
</DateFields>
The example says that mhonarc should check the second received
field, then the first received field, and then the first date field
to determine the date of a message.
|
||
|---|---|---|
| archivers | ||
| audio | ||
| benchmarks | ||
| biology | ||
| cad | ||
| chat | ||
| comms | ||
| converters | ||
| cross | ||
| databases | ||
| devel | ||
| distfiles | ||
| doc | ||
| editors | ||
| emulators | ||
| finance | ||
| fonts | ||
| games | ||
| graphics | ||
| ham | ||
| inputmethod | ||
| lang | ||
| licenses | ||
| math | ||
| mbone | ||
| meta-pkgs | ||
| misc | ||
| mk | ||
| net | ||
| news | ||
| packages | ||
| parallel | ||
| pkgtools | ||
| security | ||
| shells | ||
| sysutils | ||
| templates | ||
| textproc | ||
| time | ||
| wm | ||
| www | ||
| x11 | ||
| Makefile | ||
| Packages.txt | ||
| pkglocate | ||
| README | ||
$NetBSD: README,v 1.13 2001/12/03 21:33:56 agc Exp $ Welcome to the NetBSD Packages Collection ========================================= In brief, the NetBSD Packages Collection is a set of software utilities and libraries which have been ported to NetBSD. The packages collection software can retrieve the software from its home site, assuming you are connected in some way to the Internet, verify its integrity, apply any patches, configure the software for NetBSD, and build it. Any prerequisite software will also be built and installed for you. Installation and de-installation of software is managed by the packaging utilities. The packages collection is made into a tar_file every week: ftp://ftp.netbsd.org/pub/NetBSD/NetBSD-current/tar_files/pkgsrc.tar.gz and you can sup the pkgsrc tree using the `pkgsrc' name for the collection. The pkgsrc tree is laid out in various categories, and, within that, the various packages themselves. You need to have root privileges to install packages. We are looking at ways to remove this restriction. + To install a package on your system, you need to change into the directory of the package, and type "make install". + If you've made a mistake, and decided that you don't want that package on your system, then type "pkg_delete <pkg-name>", or "make deinstall" while in the directory for the package. + To find out all the packages that you have installed on your system, type "pkg_info". + To remove the work directory, type "make clean", and "make clean-depends" will clean up any working directories for other packages that are built in the process of making your package. + Optionally, you can periodically run "make clean" from the top level pkgsrc directory. This will delete extracted and built files, but will not affect the retreived source sets in pkgsrc/distfiles. + You can set variables to customise the behaviour (where packages are installed, various options for individual packages etc), by setting variables in /etc/mk.conf. The pkgsrc/mk/bsd.pkg.defaults.mk gives the defaults which are used in pkgsrc. This file can be used as a guide to set values in /etc/mk.conf - it is only necessary to set values where they differ from the defaults. The best way to find out what packages are in the collection is to move to the top-level pkgsrc directory (this will usually be /usr/pkgsrc), and type "make readme". This will create a file called README.html in the top-level pkgsrc directory, and also in all category and package directories. You can then see what packages are available, along with a short (one-line) comment about the function of the package, and a pointer to a fuller description, by using a browser like lynx (see pkgsrc/www/lynx) or Mozilla (pkgsrc/www/mozilla), or Communicator. This is also available online as ftp://ftp.netbsd.org/pub/NetBSD/packages/pkgsrc/README.html. Another way to find out what packages are in the collection is to move to the top-level pkgsrc directory and type "make index". This will create pkgsrc/INDEX which can be viewed via "make print-index | more". You can also search for particular packages or keywords via "make search key=<somekeyword>". It is also possible to use the packaging software to install pre-compiled binary packages by typing "pkg_add <URL-of-binary-pkg>". To see what binary packages are available, see: ftp://ftp.netbsd.org/pub/NetBSD/packages/<release>/<arch>/All/ where <release> is the NetBSD release, and <arch> is the hardware architecture. One limitation of using binary packages provided from ftp.netbsd.org is that all mk.conf options were set to the defaults at compile time. LOCALBASE, in particular, defaults to /usr/pkg, so non-X binaries will be installed in /usr/pkg/bin, man pages will be installed in /usr/pkg/man... When a packaged tool has major compile time choices, such as support for multiple graphic toolkit libraries, the different options may be available as separate packages. For more information on the packages collection see the file Packages.txt file in the same place where you found this README, usually in the top-level pkgsrc dir. directory.