MHonArc Users,
v2.4.8 is now available for download from <http://www.mhonarc.org/>
and <http://www.oac.uci.edu/indiv/ehood/mhonarc.html>.
This release contains bug fixes and a few enhancements requests.
A major fix is a work-around solution to perl crashing on HTML messages
that include large comment declarations. I modified the comment
declaration processing code in the HTML filter that should avoid perl
from crashing but still prevent messages from trying to exploit sites.
Since I have been busy with regular work, there is still a TODO list.
Instead of waiting to try to get most of the items done before making
releases, I am taking the approach of making minor releases as changes
are made so there is not a long wait before anything is seen.
Summary of changes in v2.4.8:
------------------------------------------------------------------------
04/13/2001 (2.4.8)
o Added the following resources:
KEEPONRMM Do not remove message files from disk
when messages are removed from the
archive.
o m2h_text_plain::filter now uses CHARSETCONVERTERS for
translating text data with a specified charset parameter.
The only exception is iso-2022-jp, which is handled directly
to properly support nourl flag.
o m2h_external::filter new arguments:
excludeexts=ext1,...
A comma separated list of message specified filename
extensions to exclude. I.e. If the filename
extension matches an extension in excludeexts, the
content will not be written. The return markup
will contain the name of the attachment, but no
link to the data. This option is best used with
application/octet-stream to exclude unwanted data
that is not tagged with the proper content-type.
The m2h_null::filter can be used to exclude content
by content-type.
o m2h_null::filter will now output a one line description
of the excluded content. This is so the reader knows that
there was message content not saved within the archive.
o m2h_text_plain::filter new arguments:
usename If extracting uuencoded data, the filename
specified should be used.
o m2h_text_html::filter new arguments:
allowcomments Preserve any comment declarations. Normally
Comment declarations are munged to prevent
SSI attacks or comments that can conflict
with MHonArc processing. Use this option
with care.
(NOTE: Comment declarations were completely stripped before,
but the regex used was known to crash perl on large comment
declarations, so a simplier expression is now used to
modify comment declarations to prevent possible attacks.)
Bug Fixes
------------------------------------------------------------------------
Version: 2.4.7, and earlier
Problem: Message with HTML content can cause perl to crash.
Other symptom would be that a stale .mhonarc.lck
directory would exist preventing further archive
updates.
Solution: There appears to be a bug in perl's regex engine.
The fix was to change mhtxthtml.pl comment declaration
removal expression into a simplier one that just
munges (removes parts) to avoid crashes.
Version Fixed: 2.4.8
------------------------------------------------------------------------
Version: 2.4.7, and earlier
Problem: Prefixing second argument to $PGLINKLIST()$ with
a 'T' cause no thread page links to be rendered after
current thread index page.
Solution: Fixed in mhrcvars.pl: Make sure to strip 'T' from
both arguments before evaluating numeric values.
Version Fixed: 2.4.8
------------------------------------------------------------------------
Version: 2.4.7, and earlier
Problem: Default CHARSETCONVERTERS values for latin[1-6] charsets
causing require error.
Solution: Fixed in mhinit.pl (typo in library filename).
Version Fixed: 2.4.8
------------------------------------------------------------------------
