Namazu-devel-ja(旧)
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: typo at announce
- From: knok@xxxxxxxxxxxxx (NOKUBI Takatsugu)
- Date: Thu, 29 Nov 2001 19:43:15 JST
- X-ml-name: namazu-devel-ja
- X-mail-count: 02176
<200111280201.LAA28709@xxxxxxxxxxxxx>の記事において
私は書きました。
>> 問題がなさそうなら、1.3.0.12 もリリースしましょう。
1.3.0.11 向けのパッチも新たに更新しました。私以外で動作確認できる方
を募集します。
--
NOKUBI Takatsugu
E-mail: knok@xxxxxxxxxxxxx
knok@xxxxxxxxxx / knok@xxxxxxxxxx
diff -cr namazu-1.3.0.11/ChangeLog namazu-1.3.0.12/ChangeLog
*** namazu-1.3.0.11/ChangeLog Wed Jan 26 22:38:50 2000
--- namazu-1.3.0.12/ChangeLog Thu Nov 29 18:58:47 2001
***************
*** 4,10 ****
--- 4,21 ----
This file describes Namazu's change history. If you want to know
about major changes from previous version, please see
"manual.html#VERSIONDIFF".
+ v1.3.0.12
+ [2001-11-29]
+ * Fix more cross-site scripting vulnerability.
+ - [NOKUBI Takatsugu <knok@xxxxxxxxxxxxx>] - patch
+
+ [2001-11-27]
+
+ * Fix a security hole in CGI mode which allows malicious person to
+ put any HTML tags or scripts in CGI form (cross-site scripting).
+ - [TAKAGI, Hiromitsu <takagi.hiromitsu@xxxxxxxxxx>] - report
+
v1.3.0.11
[2000-01-26]
diff -cr namazu-1.3.0.11/VERSION namazu-1.3.0.12/VERSION
*** namazu-1.3.0.11/VERSION Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/VERSION Tue Nov 27 17:02:41 2001
***************
*** 1 ****
! namazu-1.3.0.11
--- 1 ----
! namazu-1.3.0.12
diff -cr namazu-1.3.0.11/src/messages.c namazu-1.3.0.12/src/messages.c
*** namazu-1.3.0.11/src/messages.c Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/messages.c Tue Nov 27 17:04:10 2001
***************
*** 37,45 ****
#endif
/* information about Namazu */
! uchar *VERSION = "1.3.0.11";
uchar *COPYRIGHT =
! " Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.";
uchar *MSG_USAGE, *MSG_TOO_LONG_KEY, *MSG_TOO_MANY_KEYITEM,
*MSG_RESULT_HEADER, *MSG_NO_HIT, *MSG_HIT_1, *MSG_HIT_2,
--- 37,46 ----
#endif
/* information about Namazu */
! uchar *VERSION = "1.3.0.12";
uchar *COPYRIGHT =
! " Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.\n"
! " Copyright (C) 2001 Namazu Project All rights reserved.";
uchar *MSG_USAGE, *MSG_TOO_LONG_KEY, *MSG_TOO_MANY_KEYITEM,
*MSG_RESULT_HEADER, *MSG_NO_HIT, *MSG_HIT_1, *MSG_HIT_2,
diff -cr namazu-1.3.0.11/src/mknmz.pl namazu-1.3.0.12/src/mknmz.pl
*** namazu-1.3.0.11/src/mknmz.pl Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/mknmz.pl Tue Nov 27 17:03:22 2001
***************
*** 1,7 ****
#!%OPT_PATH_PERL%
#
# mknmz.pl - indexer of Namazu
! # Version 1.3.0.11 [01/26/2000]
#
# Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.
# This is free software with ABSOLUTELY NO WARRANTY.
--- 1,7 ----
#!%OPT_PATH_PERL%
#
# mknmz.pl - indexer of Namazu
! # Version 1.3.0.12 [11/27/2001]
#
# Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.
# This is free software with ABSOLUTELY NO WARRANTY.
diff -cr namazu-1.3.0.11/src/output.c namazu-1.3.0.12/src/output.c
*** namazu-1.3.0.11/src/output.c Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/output.c Tue Nov 27 17:36:26 2001
***************
*** 13,20 ****
if (!strncmp(qs, "whence=", 7)) {
printf("whence=%d", w);
for (qs += 7; isdigit(*qs); qs++);
! } else
! fputc(*(qs++), stdout);
}
}
--- 13,27 ----
if (!strncmp(qs, "whence=", 7)) {
printf("whence=%d", w);
for (qs += 7; isdigit(*qs); qs++);
! } else {
! /* '"' is converted to entities """ */
! if (*qs == '"') {
! fputs(""", stdout);
! } else {
! fputc(*qs, stdout);
! }
! qs++;
! }
}
}
diff -cr namazu-1.3.0.11/src/search.c namazu-1.3.0.12/src/search.c
*** namazu-1.3.0.11/src/search.c Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/search.c Thu Nov 29 18:57:32 2001
***************
*** 838,846 ****
{
if (!HitCountOnly && !MoreShortFormat && !NoReference) {
if (DbNumber > 1) {
! if (HtmlOutput)
! printf("<LI><STRONG>%s</STRONG>: ", get_dir_name(DbNames[n]));
! else
printf("(%s)", DbNames[n]);
}
}
--- 838,848 ----
{
if (!HitCountOnly && !MoreShortFormat && !NoReference) {
if (DbNumber > 1) {
! if (HtmlOutput) {
! printf("<LI><STRONG>");
! fputs_without_html_tag(get_dir_name(DbNames[n]), stdout);
! printf("</STRONG>: ");
! } else
printf("(%s)", DbNames[n]);
}
}