summaryrefslogtreecommitdiff
path: root/mail
diff options
context:
space:
mode:
authorjwise <jwise>2002-12-31 19:36:26 +0000
committerjwise <jwise>2002-12-31 19:36:26 +0000
commitae2ea396ad7eb5f7d7b7483670f5d1d75d66ceb5 (patch)
tree5d109a737c810686eb4f2dbbe96e6e284cb7f07b /mail
parente200caeb259ae659bad84da4b4ea4f129b59b1d6 (diff)
downloadpkgsrc-ae2ea396ad7eb5f7d7b7483670f5d1d75d66ceb5.tar.gz
Update mhonarc to version 2.5.14. Changes since 2.5.11 (the last pkgsrc
version) include: ============================================================================ 2002/12/21 (2.5.14) * Security patch release: This release fixes a cross-site scripting (XSS) vulnerability in m2h_text_html::filter (the HTML filter). A specially crafted HTML message can have scripting markup get by the script filtering done by m2h_text_html::filter. ============================================================================ 2002/10/21 (2.5.13) * Bug Fixes: See <http://savannah.gnu.org/bugs/index.php?group_id=1968 &set=custom&advsrch=0&msort=0&report_id=105&go_report=Go &fix_release=2.5.13&chunksz=50> * DBFILE resource can now be set to an absolute pathname. This allows the database file to be located in a separate location than in the archive directory. If not an absolute pathname, then value is treated relative to OUTDIR. * readmail.pl updated to handle MHTML messages better. mhtxthtml.pl changed accordingly. * readmail.pl handling of malformed multipart messages improved. Cases were a the terminating boundary delimiter did not exist would generate a warning message in the converted message body that data could not be converted. This case should now be handled so that end of entitiy implies a terminating boundary delimiter, (Thanks goto Randy Blaustein for providing real-world test cases). * Fixed problem where some message attachments were "lost". This mainly occurs when using mha-decode with the -dcd-digest option, or if you have registered the m2h_external::filter for message/* data types. (Thanks goto Steve Johnson for finding this problem.) * m2h_external::filter will now include the subject of a message in the attachment link if saving message/* data to a file. * m2h_external::filter properly escapes the filename parameter when displaying it in the attachment link. This is done to avoid any possible XSS exploits. Note, no exploits have been reported by using the filename parameter in messages, so this change is more of a preemptive measure. * m2h_external::filter will fall back to a "txt" extension for unknown text types instead of a "bin" extension. * m2h_text_plain::filter: Removed hardcoded 'as-is' for US-ASCII data. This is so a user could define a converter if having to deal with mislabeled character data. (Thanks goto Mooffie for finally finding a real-world case to not hardcode us-ascii). ============================================================================ 2002/09/03 (2.5.12) * Strip more tags and attributes that could potentially be used for XSS exploits in the HTML filter. This is a more of a preemptive change since no new exploits have been reported. * DATEFIELDS resource now supports indexed field names. For example: <DateFields> received[1]:received[0]:date </DateFields> The example says that mhonarc should check the second received field, then the first received field, and then the first date field to determine the date of a message.
Diffstat (limited to 'mail')
-rw-r--r--mail/mhonarc/Makefile6
-rw-r--r--mail/mhonarc/distinfo6
2 files changed, 6 insertions, 6 deletions
diff --git a/mail/mhonarc/Makefile b/mail/mhonarc/Makefile
index ad8aac6d5f7..a9525fde28c 100644
--- a/mail/mhonarc/Makefile
+++ b/mail/mhonarc/Makefile
@@ -1,8 +1,8 @@
-# $NetBSD: Makefile,v 1.10 2002/08/23 01:48:26 grant Exp $
+# $NetBSD: Makefile,v 1.11 2002/12/31 19:36:26 jwise Exp $
#
-DISTNAME= MHonArc2.5.11
-PKGNAME= mhonarc-2.5.11
+DISTNAME= MHonArc2.5.14
+PKGNAME= mhonarc-2.5.14
CATEGORIES= mail
MASTER_SITES= http://www.oac.uci.edu/indiv/ehood/tar/ \
ftp://hhobel.phl.univie.ac.at/MHonArc/
diff --git a/mail/mhonarc/distinfo b/mail/mhonarc/distinfo
index 1aa6db87e4e..5b29413cad4 100644
--- a/mail/mhonarc/distinfo
+++ b/mail/mhonarc/distinfo
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.6 2002/08/23 01:48:25 grant Exp $
+$NetBSD: distinfo,v 1.7 2002/12/31 19:36:27 jwise Exp $
-SHA1 (MHonArc2.5.11.tar.bz2) = 65960e6cfe8056efacbd90936eb00d88ec9ddad5
-Size (MHonArc2.5.11.tar.bz2) = 467400 bytes
+SHA1 (MHonArc2.5.14.tar.bz2) = 88f2d8140b60eafd64fe27783cda11c676ffada4
+Size (MHonArc2.5.14.tar.bz2) = 476212 bytes