ANNOUNCE: GNU Midnight Commander 4.6.0-pre1



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hello, everybody!

It has been almost a year since the release of version 4.5.55 of GNU
Midnight Commander.  It was the intention of the developers at that time
to focus on stability and release the next version shortly thereafter.

Unfortunately, the task of making GNU Midnight Commander do what it has
always been supposed to do turned out to be a hard and time consuming
task.  This program has a heavy baggage of hacks, badly conceived
features and unfinished code.  On the other hand, very few contributors
were interested in fixing the code - they were mostly suggesting new
features.

To make the things worse, serious security issues have been discovered
in the part on GNU Midnight Commander called VFS (Virtual Filesystem). 
In several instances, the data from remote servers was copied to the
local buffers without proper bounds checking.

The discovery and the subsequent fixing of those issues makes it
necessary to make another release without delay.  Considering the fact
that almost all changes since the 4.5.55 release have been bugfixes
(some of them possibly security related) or trivial changes, it has
been decided that the fixed version should be released from the main
branch.  Fixing only the most notorious bugs in 4.5.55 would be
insufficient.

Unfortunately, the current code has known problems that the development
team would prefer to fix before we can call the release version 4.6.0. 
Those problems are not regressions - they existed in 4.5.55 as well. 

That's why this document is an announcement of version 4.6.0-pre1 of GNU
Midnight Commander.  It's a prerelease that needs more testing to become
a release.


This is a terse list of the user-visible changes between 4.5.55 and
4.6.0-pre1:

- - Security.
        - Fixes for remotely exploitable buffer overflows in VFS.

- - Ports and editions.
        - GNOME edition has been removed.
        - OS/2 port has been removed.
        - MAD (Memory Allocation Debugger) has been removed.

- - Core functionality.
        - Large file support enabled by default.
        - Shift-F5 and Shift-F6 copy and rename like F5 and F6, but
          suggest the selected filename as the destination.
        - File search with contents doesn't use external egrep.
        - Directories with many files are now reloaded much faster.
        - Subshell works under Cygwin.

- - Screen libraries.
        - Improved support for ncurses.
        - Dropped support for the old Curses library.
        - Colors are enabled on all capable terminals when using S-Lang.
        - Syntax highlighting now works with ncurses.

- - Editor.
        - Editor files are now stored in ~/.mc/cedit instead of ~/.cedit
          to avoid collision with Cooledit.
        - New syntax rules - PHP, Tcl, SQL, DOS batch file.
        - Editor supports word completion.

- - VFS.
        - Local temporary file is used for uploading via ftpfs/fish only
          if file is uploaded to the same ftp/fish server.
        - mcfs support is disabled by default.
        - Samba configuration and codepage files locations can be
          configured.
        - .netrc support in ftpfs is enabled by default.

- - Documentation.
        - Added manuals in Spanish, Italian and Russian.
        - Help files are not distributed, but generated during the
          build from the manual pages.


Simple rules to decide whether you should upgrade:

- - If you are tired of bugs in the older versions, you should upgrade.
- - If you want to contribute code, you should upgrade.
- - If you are concerned about security, you should upgrade.
- - If you are really concerned about security, you should not be using
  GNU Midnight Commander, because it wasn't designed to be secure.
- - If it's hard for you to upgrade or you don't really care, then wait
  for 4.6.0 release - it will be more stable.


What needs to be done before the 4.6.0 release and how you can help:

- - Security audit.  GNU Midnight Commander can open files from untrusted
sources and connect to untrusted servers.  Being a popular program among
system administrators, it really needs a good audit.

- - Portability issues.  Make sure that GNU Midnight Commander works on
your operating system.

- - Bug fixes.  It's hardly possible to make it bug free, but tell us what
annoys you - it may be easy to fix before the next release, or it may be
added to the TODO list for the future versions.

- - Internationalization.  Update translations for your language.  Now
it's easy to add new translated manuals, and those manuals are converted
to the help files automatically.


How to contact developers of GNU Midnight Commander:

Website: http://www.ibiblio.org/mc/
Mailing list for developers: mc-devel gnome org
Mailing list for users: mc gnome org

Please always mention the version of GNU Midnight Commander you are
using when sending any e-mail to those mailing lists.


Regards,
Pavel Roskin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE9Y0Q45AxqmNHPNskRAs1IAKCwTFbtF+vJqtrUH4UlmNomUiIy9gCfZSlH
+zO4UFo4yol8eynYfk4u7Gg=
=MEUF
-----END PGP SIGNATURE-----




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]