mhonarc-dev

Preparing for a new release

2010-12-31 16:03:56
A couple of recent security reports has spurred some work on mhonarc,
which includes looking at existing open bugs to see which ones can be
fixed quickly.  It's been a very long time since the last release.

I believe I have all changes I want done at this time for the next release
(which will be 2.6.17) is committed.  Some changes were done some time
ago, and only available via snapshot builds.  However, I've applied some
changes recently also.

I've updated today's snapshot build to reflect changes done today.

If anyone can, in the next few days, test out the snapshot build,
please do.  Due to the security items reported, I would like to do formal
release by next week.

Here is the current change summary:

============================================================================

* Security Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
    32013   CVE-2010-4524: Improper escaping of certain HTML
            sequences (XSS) 
    32014   CVE-2010-1677: DoS when processing html messages with deep
            tag nesting
    ------  ------------------------------------------------------------

* Bug Fixes:

    Bug ID  Summary
    ------  ------------------------------------------------------------
    13853   Creation of archive with attachments writes over symlinks
    14747   major (10X) memory savings possible in some situations
    17904   FieldOrder affects AddressModifyCode
    18113   Inconsistant thread slices w/ poor man's windowing
    24247   iso2022jp.pl: unneeded ESC ( B remains in message body
    25225   dir_create() fails to make temporary directories (PATCH)
    25486   Resource FieldStore causes .mhonarc.db to grow over bounds
    26577   Changed semantic for unpack breaks UTF-8
    ------  ------------------------------------------------------------

* Added FOLLOWSYMLINKS resource (Bug #13853).

* When KEEPONRMM is enabled, messages that are removed from
  the archive do not cause linked messages to be updated.
  This allows for pages that use $TSLICE$ to maintain thread
  links for messages that "fall off" of the maintained list
  of archived messages.

* Added pre-extraction of From name and From address.  This
  provides a performance improvement for archives that make use
  of the $FROMADDR$ and $FROMADDRNAME$ resource variables along
  with author sorting.

* Added mapping of message index keys to time stamp.  This should
  provide some performance gain since parsing out of time stamp from
  index is no longer required.

* Cache last message number in db to avoid directory scan of archive
  each time an add operation is performed.  This provides a performance
  improvement for large archives and on file systems where directory
  reading with many files may not be optimal.  Thanks go to Christopher
  Lindsey for patch.

* Added References and In-Reply-To to as-is fields list to avoid
  automatic modification of message IDs if address-rewriting is
  in effect.

---------------------------------------------------------------------
To sign-off this list, send email to majordomo(_at_)mhonarc(_dot_)org with the
message text UNSUBSCRIBE MHONARC-DEV

<Prev in Thread] Current Thread [Next in Thread>
  • Preparing for a new release, Earl Hood <=