--
cronolog is a simple filter program that reads log file entries from
standard input and writes each entry to the output file specified by a
filename template and the current date and time. When the expanded
filename changes, the current file is closed and a new one opened.
cronolog is intended to be used in conjunction with a web server, such
as Apache, to split the access log into daily or monthly logs.
WWW: http://www.cronolog.org
--
This version includes much improved character encoding support,
including support for Japanese, Chinese, UTF-8, and other encodings.
The flowed text conversion was improved.
There are security enhancements, mail address rewriting in message
bodies, and other new features and bugfixes.
Changelog: http://www.mhonarc.org/MHonArc/CHANGES
--
Changes:
PID and logfiles are handled correcty now, and more error messages
are produced when problems occur.
TCP tunnel capabilities were removed.
Further details on: http://tinyproxy.sourceforge.net/ChangeLog
brad@ ok
This version is NOT compatable with the older 1.0 series but since the
one port that uses the 1.0 series will be updated shortly this isn't much
of an issue.
ok todd@
--
SECURITY fix:
A cross-site scripting (XSS) vulnerability has been discovered for
all versions of MHonArc upto, and including, v2.5.13. A specially
crafted HTML mail message can introduce foreign scripting content
in archives, by-passing MHonArc's HTML script filtering.
brad@ ok
"Hironori SAKAMOTO <hsaka@mth.biglobe.ne.jp> found another security
vulnerability in w3m 0.3.2.x that w3m will miss to escape html tag
in img alt attribute, so malicious frame html may deceive you to
access your local files, cookies and so on."
--
This version fixes an URL CRLF Injection Vulnerability:
A CRLF injection vulnerability has been reported for Links that
may allow an attacker to include extra HTTP headers when viewing
web pages.
If Links is called from the command line, carriage return and line
feed (CRLF) characters may be included in the specified URL.
These characters are not escaped when the input is used to construct
a HTTP request.
URL: http://online.securityfocus.com/bid/5499/discussion/
espie@ brad@ ok
