Namazu-devel-ja(旧)


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: typo at announce



<200111280201.LAA28709@xxxxxxxxxxxxx>の記事において
私は書きました。

>>   問題がなさそうなら、1.3.0.12 もリリースしましょう。

  1.3.0.11 向けのパッチも新たに更新しました。私以外で動作確認できる方
を募集します。

-- 
NOKUBI Takatsugu
E-mail: knok@xxxxxxxxxxxxx
	knok@xxxxxxxxxx / knok@xxxxxxxxxx

diff -cr namazu-1.3.0.11/ChangeLog namazu-1.3.0.12/ChangeLog
*** namazu-1.3.0.11/ChangeLog	Wed Jan 26 22:38:50 2000
--- namazu-1.3.0.12/ChangeLog	Thu Nov 29 18:58:47 2001
***************
*** 4,10 ****
--- 4,21 ----
  	This file describes Namazu's change history. If you want to know
  	about major changes from previous version, please see 
  	"manual.html#VERSIONDIFF".
+ v1.3.0.12
+ 	[2001-11-29]
  
+ 	* Fix more cross-site scripting vulnerability.
+ 	- [NOKUBI Takatsugu <knok@xxxxxxxxxxxxx>] - patch
+ 
+ 	[2001-11-27]
+ 
+ 	* Fix a security hole in CGI mode which allows malicious person to
+ 	put any HTML tags or scripts in CGI form (cross-site scripting).
+ 	- [TAKAGI, Hiromitsu <takagi.hiromitsu@xxxxxxxxxx>] - report
+ 	
  v1.3.0.11
  	[2000-01-26]
  
diff -cr namazu-1.3.0.11/VERSION namazu-1.3.0.12/VERSION
*** namazu-1.3.0.11/VERSION	Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/VERSION	Tue Nov 27 17:02:41 2001
***************
*** 1 ****
! namazu-1.3.0.11
--- 1 ----
! namazu-1.3.0.12
diff -cr namazu-1.3.0.11/src/messages.c namazu-1.3.0.12/src/messages.c
*** namazu-1.3.0.11/src/messages.c	Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/messages.c	Tue Nov 27 17:04:10 2001
***************
*** 37,45 ****
  #endif
  
  /* information about Namazu */
! uchar *VERSION = "1.3.0.11";
  uchar *COPYRIGHT =
! "  Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.";
  
  uchar *MSG_USAGE, *MSG_TOO_LONG_KEY, *MSG_TOO_MANY_KEYITEM,
  *MSG_RESULT_HEADER, *MSG_NO_HIT, *MSG_HIT_1, *MSG_HIT_2,
--- 37,46 ----
  #endif
  
  /* information about Namazu */
! uchar *VERSION = "1.3.0.12";
  uchar *COPYRIGHT =
! "  Copyright (C) 1997-1999 Satoru Takabayashi All rights reserved.\n"
! "  Copyright (C) 2001 Namazu Project All rights reserved.";
  
  uchar *MSG_USAGE, *MSG_TOO_LONG_KEY, *MSG_TOO_MANY_KEYITEM,
  *MSG_RESULT_HEADER, *MSG_NO_HIT, *MSG_HIT_1, *MSG_HIT_2,
diff -cr namazu-1.3.0.11/src/mknmz.pl namazu-1.3.0.12/src/mknmz.pl
*** namazu-1.3.0.11/src/mknmz.pl	Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/mknmz.pl	Tue Nov 27 17:03:22 2001
***************
*** 1,7 ****
  #!%OPT_PATH_PERL%
  #
  # mknmz.pl - indexer of Namazu
! # Version   1.3.0.11 [01/26/2000]
  #
  # Copyright (C) 1997-1999 Satoru Takabayashi  All rights reserved.
  #     This is free software with ABSOLUTELY NO WARRANTY.
--- 1,7 ----
  #!%OPT_PATH_PERL%
  #
  # mknmz.pl - indexer of Namazu
! # Version   1.3.0.12 [11/27/2001]
  #
  # Copyright (C) 1997-1999 Satoru Takabayashi  All rights reserved.
  #     This is free software with ABSOLUTELY NO WARRANTY.
diff -cr namazu-1.3.0.11/src/output.c namazu-1.3.0.12/src/output.c
*** namazu-1.3.0.11/src/output.c	Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/output.c	Tue Nov 27 17:36:26 2001
***************
*** 13,20 ****
  	if (!strncmp(qs, "whence=", 7)) {
  	    printf("whence=%d", w);
  	    for (qs += 7; isdigit(*qs); qs++);
! 	} else
! 	    fputc(*(qs++), stdout);
      }
  }
  
--- 13,27 ----
  	if (!strncmp(qs, "whence=", 7)) {
  	    printf("whence=%d", w);
  	    for (qs += 7; isdigit(*qs); qs++);
! 	} else {
!             /* '"' is converted to entities "&quot;" */
! 	    if (*qs == '"') {
! 		fputs("&quot;", stdout);
! 	    } else {
! 	        fputc(*qs, stdout);
! 	    }
! 	    qs++;
!         }
      }
  }
  
diff -cr namazu-1.3.0.11/src/search.c namazu-1.3.0.12/src/search.c
*** namazu-1.3.0.11/src/search.c	Wed Jan 26 22:38:51 2000
--- namazu-1.3.0.12/src/search.c	Thu Nov 29 18:57:32 2001
***************
*** 838,846 ****
  {
      if (!HitCountOnly && !MoreShortFormat && !NoReference) {
          if (DbNumber > 1) {
!             if (HtmlOutput)
!                 printf("<LI><STRONG>%s</STRONG>: ", get_dir_name(DbNames[n]));
!             else
                  printf("(%s)", DbNames[n]);
          }
      }
--- 838,848 ----
  {
      if (!HitCountOnly && !MoreShortFormat && !NoReference) {
          if (DbNumber > 1) {
!             if (HtmlOutput) {
!                 printf("<LI><STRONG>");
!                 fputs_without_html_tag(get_dir_name(DbNames[n]), stdout);
!                 printf("</STRONG>: ");
!             } else
                  printf("(%s)", DbNames[n]);
          }
      }