-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello, everybody!
It has been almost a year since the release of version 4.5.55 of GNU Midnight Commander. It was the intention of the developers at that time to focus on stability and release the next version shortly thereafter. Unfortunately, the task of making GNU Midnight Commander do what it has always been supposed to do turned out to be a hard and time consuming task. This program has a heavy baggage of hacks, badly conceived features and unfinished code. On the other hand, very few contributors were interested in fixing the code - they were mostly suggesting new features. To make the things worse, serious security issues have been discovered in the part on GNU Midnight Commander called VFS (Virtual Filesystem). In several instances, the data from remote servers was copied to the local buffers without proper bounds checking. The discovery and the subsequent fixing of those issues makes it necessary to make another release without delay. Considering the fact that almost all changes since the 4.5.55 release have been bugfixes (some of them possibly security related) or trivial changes, it has been decided that the fixed version should be released from the main branch. Fixing only the most notorious bugs in 4.5.55 would be insufficient. Unfortunately, the current code has known problems that the development team would prefer to fix before we can call the release version 4.6.0. Those problems are not regressions - they existed in 4.5.55 as well. That's why this document is an announcement of version 4.6.0-pre1 of GNU Midnight Commander. It's a prerelease that needs more testing to become a release. This is a terse list of the user-visible changes between 4.5.55 and 4.6.0-pre1: - - Security. - Fixes for remotely exploitable buffer overflows in VFS. - - Ports and editions. - GNOME edition has been removed. - OS/2 port has been removed. - MAD (Memory Allocation Debugger) has been removed. - - Core functionality. - Large file support enabled by default. - Shift-F5 and Shift-F6 copy and rename like F5 and F6, but suggest the selected filename as the destination. - File search with contents doesn't use external egrep. - Directories with many files are now reloaded much faster. - Subshell works under Cygwin. - - Screen libraries. - Improved support for ncurses. - Dropped support for the old Curses library. - Colors are enabled on all capable terminals when using S-Lang. - Syntax highlighting now works with ncurses. - - Editor. - Editor files are now stored in ~/.mc/cedit instead of ~/.cedit to avoid collision with Cooledit. - New syntax rules - PHP, Tcl, SQL, DOS batch file. - Editor supports word completion. - - VFS. - Local temporary file is used for uploading via ftpfs/fish only if file is uploaded to the same ftp/fish server. - mcfs support is disabled by default. - Samba configuration and codepage files locations can be configured. - .netrc support in ftpfs is enabled by default. - - Documentation. - Added manuals in Spanish, Italian and Russian. - Help files are not distributed, but generated during the build from the manual pages. Simple rules to decide whether you should upgrade: - - If you are tired of bugs in the older versions, you should upgrade. - - If you want to contribute code, you should upgrade. - - If you are concerned about security, you should upgrade. - - If you are really concerned about security, you should not be using GNU Midnight Commander, because it wasn't designed to be secure. - - If it's hard for you to upgrade or you don't really care, then wait for 4.6.0 release - it will be more stable. What needs to be done before the 4.6.0 release and how you can help: - - Security audit. GNU Midnight Commander can open files from untrusted sources and connect to untrusted servers. Being a popular program among system administrators, it really needs a good audit. - - Portability issues. Make sure that GNU Midnight Commander works on your operating system. - - Bug fixes. It's hardly possible to make it bug free, but tell us what annoys you - it may be easy to fix before the next release, or it may be added to the TODO list for the future versions. - - Internationalization. Update translations for your language. Now it's easy to add new translated manuals, and those manuals are converted to the help files automatically. How to contact developers of GNU Midnight Commander: Website: http://www.ibiblio.org/mc/ Mailing list for developers: [EMAIL PROTECTED] Mailing list for users: [EMAIL PROTECTED] Please always mention the version of GNU Midnight Commander you are using when sending any e-mail to those mailing lists. Regards, Pavel Roskin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE9Y0Q45AxqmNHPNskRAs1IAKCwTFbtF+vJqtrUH4UlmNomUiIy9gCfZSlH +zO4UFo4yol8eynYfk4u7Gg= =MEUF -----END PGP SIGNATURE----- _______________________________________________ Mc-devel mailing list [EMAIL PROTECTED] http://mail.gnome.org/mailman/listinfo/mc-devel