Andrew M. Bishop
Sun, 9 May 1999 22:02:30 -0700
----------------------- WWWOFFLE Announcement ------------------------ A new bug fix version of WWWOFFLE is now available (version 2.4c). The following bugs are fixed: Make the refresh-force option work correctly on the first level pages. Update the upgrade-config script with more MIME types. Fixes to the URL-SPECIFICATION parsing. Security fix for local web server and paths with '..'. Make recursive fetching of URLs with passwords work. Deleting a URL now deletes it from the lasttime/prevtime indexes also. Allow strange characters in web-page passwords. Fix a file handle leak with the builtin web server. Fix the call of the htsearch script. (Win32) Open spool files in binary mode. (Win32) The following features are added: Added in the first translated web-pages (German) and an installation option. Allow links that have been requested but are not cached to be modified. Allow the lasttime/prevtime indexes to be disabled. Made the disk usage more accurate with block sizes and directory entries. Add the option to purge to leave a specified amount of the disk free. Allow indexing of the lasttime index (requires htdig version 3.1.0 or later). Important News -------------- There is a security related bug that has been fixed in this version, full information is available on the WWWOFFLE users page. http://www.gedanken.demon.co.uk/wwwoffle/version-2.4/user.html The security related bug allows legitimate WWWOFFLE users to access arbitrary files on the system that are outside of the WWWOFFLE spool directory, have world read access and whose locations are known to the user. The problem *only* lowers the security of the system when the above conditions are met *and* the user does not have any other access to files on the server via unrestricted ftp or shell login. If you use the 'max-size' option in the Purge section of the configuration file then you should note that it has changed meaning. It now includes the size of hosts that are never purged but will not purge them. The accuracy of the size of the cache is also improved, it should now match the result of running 'du'. A 'min-free' option has also been added to allow a minimum amount of free space to be left after purging. Downloading ----------- As always the full selection of source versions are available from the wwwoffle download page: http://www.gedanken.demon.co.uk/wwwoffle/version-2.4/download.html The latest patch itself (97 kB) is available from: http://www.gedanken.demon.co.uk/download-wwwoffle/wwwoffle-2.4b-2.4c.diff.gz The latest complete version (357 kB) is available from: http://www.gedanken.demon.co.uk/download-wwwoffle/wwwoffle-2.4c.tgz ----------------------- WWWOFFLE Announcement ------------------------ Send all replies to [EMAIL PROTECTED] To unsubscribe send the command 'unsubscribe wwwoffle-announce' in the body of a message to [EMAIL PROTECTED]