Fixed buffer overflow.
>SECURITY ADVISORY 13th February 2001
>----------------------------------------------------------------------
>Program: analog
>Versions: all versions except 4.16 and 4.90beta3
>Operating systems: all
>----------------------------------------------------------------------
>There is a buffer overflow bug in all versions of analog released
>prior to today. A malicious user could use an ALIAS command to
>construct very long strings which were not checked for length.
>
>This bug is particularly dangerous if the form interface (which allows
>unknown users to run the program via a CGI script) has been installed.
>
>This bug was discovered by the program author, and there is no known
>exploit. However, users are advised to upgrade to one of the two safe
>versions immediately, especially if they have installed the form
>interface. The URL is http://www.analog.cx/
>
>I apologise for the inconvenience.
> Stephen Turner
This port had no real name associated with the listed address. When
trying to reach this person, the mail bounces. It also appears from
the logs that this person hasn't been maintaining this.
* pull every dependency under the same rule, using specialized fragments.
* re-check after the dependency is expanded, unless earlyexit is true.
* explicitly recognize /nonexistent as a specific way to have always
triggered dependencies, use it to handle DEPENDS in a uniform way.
* parse dependencies fully. Note that we know have a pkg variable that will
be used.
Thanks to naddy@ for useful tweaks.
This is probably not quite perfect yet, stuff may break. Other stuff that
remain to be done:
- handle library dependencies better, so that lib.10 will match only
lib.10.x and not lib.100.
- handle default FLAVORS correctly. This involves not
passing FLAVOR='', but rearranging ${MAKE} ${_DEPEND_THRU} to remove
FLAVOR from the environment and from MAKEFLAGS (yucky).
Sirc is an Internet Relay Chat programmable client written in
perl and C. It has a main perl script that can be run in 'dumb'
mode, standalone, and a separate split-screen front end in C,
called ssfe.
--
This release fixes a bug in pid creation. If a user specified -P /dirname
instead of -P /dirname/ stunnel would assume that it's a file, delete it and
create a new one. Now stunnel makes sure if it's really a file.
Mailcrypt allows seamless integration of cryptography and internet
usage. It can be used to sign and encrypt mail, to sign usenet
articles, and to verify/decrypt mail and articles.
Submitted by: Shell Hung <i@shellhung.org>