Things to do before 4.6.0


This is a list of things that I want to be done before the 4.6.0 release.  
Unfortunately, I'm very busy both with my job and my personal life, and I
feel that it's better to drop something from the plans (i.e. reschedule
for the next release) than to delay the release indefinitely.

I hope to get some help from the list members.  Three major problems from
my list have been fixed thanks to the contributors (trpm filesystem, color
on unknown terminals and mcedit creating empty files).

Please don't expect me to answer every e-mail, but I read all the messages
in both lists.  My prioprity for the next month (as far as MC is
concerned) will be coding, I have no time to discuss the color of "rem" in
DOS batch files.  There are other people who can do it.

1) Review the outstanding patches in this list and apply them, unless they
seem unstable or introduce new features.  Resubmitting of patches with
more detailed comments would help, but is not required.

2) Checking for ncurses is wrong.  It should be possible to detect ncurses 
if only curses.h can be included (no ncurses.h or ncurses/ncurses.h or 
ncurses/curses.h).  Needed for QNX Neutrino.

3) Implement syntax highlighting for ncurses.  Candidate to drop, because
nobody who asked even tried to submit a patch.

4) Compressed tarballs produced by "tar cz" with older versions of GNU tar
(i.e. those with padding at the end) cannot be opened by pressing Enter
("doesn't look like a tar archive")

5) When making local copies from remote VFS, preserve the original
extension to satisfy some programs used in extfs (old versions of RPM).
Candidate for drop.  Should be easy though.

6) Handle errors on FiSH.  Reading unreadable files causes a hang.  May be
hard to fix, candidate to drop.

7) When doing Ctrl-O in viewer or editor and typing "exit", the subshell
is not restarted.  Code for restarting subshell is present but it's
broken.  There are other symptoms of the problem.

8) Don't show non-printable characters in the filenames.  It messes the
screen and it's inconsistent with user settings for output.

9) Introduce a new variable for mc.ext that would expand to the filename 
with the full path.  It's a new feature, but Mozilla and 
need it, since they don't default to the current directory.  %d/%p doesn't 
create local copies, so it's not a solution.

10) Copying big files to FiSH causes file contents to be executed.  The 
remote side expects less data than it actually gets.

11) Super-long filenames in zip files (>8k) cause buffer overflow in VFS 

It's pretty obvious that VFS was written without security in mind and
cannot be fixed without rewriting.  This should be clearly stated in
several places.  There is no way we can fix all the problems with VFS.  
However, it's a matter of credibility of the project to fix known security

Pavel Roskin

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]