htdig-announce — Announcements relevant to ht://Dig (new releases, etc.)

[htdig-announce] ANNOUNCE: Xpdf 3.04 - a PDF viewer for X (fwd)

[Gilles D. <gr...@sc...>]

Forwarded message from Derek B. Noonburg:


Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* New text extractor.
* Added the pdftohtml tool.
* Added the pdftopng tool.
* New trapezoid-based rasterizer core (for performance).

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

[htdig-announce] ANNOUNCE: Xpdf 3.02pl5 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Forwarded message...
Date: 21 Oct 2010 23:19:03 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.02pl5 - a PDF viewer for X

A new release of Xpdf is available to fix security holes with the
following CVE identifiers:

    CVE-2010-3702
    CVE-2010-3704

The source code patch is available here:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl5.patch

This patch should be applied to 3.02pl4, i.e., you'll need to apply
all five patches (pl1, pl2, pl3, pl4, pl5) in order.

Updated binaries are available here:

    http://www.foolabs.com/xpdf/download.html

- Derek


-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.02pl4 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Forwarded message from Derek B. Noonburg <de...@fo...>, sent on 
14 Oct 2009 22:19:29...

A new release of Xpdf is available to fix security holes reported by
various parties, with the following CVE identifiers:

     CVE-2009-3603
     CVE-2009-3604
     CVE-2009-3605
     CVE-2009-3606
     CVE-2009-3608
     CVE-2009-3609

The source code patch is available here:

     ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl4.patch

This patch should be applied to 3.02pl3, i.e., you'll need to apply
all four patches (pl1, pl2, pl3, pl4) in order.

Updated binaries are available here:

     http://www.foolabs.com/xpdf/download.html

- Derek


-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.02pl3 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Forwarded message from Derek B. Noonburg:

Subject: ANNOUNCE: Xpdf 3.02pl3 - a PDF viewer for X
Date: 16 Apr 2009 21:21:16 -0000
From: Derek B. Noonburg <de...@fo...>

A new release of Xpdf is available to fix security holes reported by
various parties, with the following CVE identifiers:

     CVE-2009-0799
     CVE-2009-0800
     CVE-2009-1179
     CVE-2009-1180
     CVE-2009-1181
     CVE-2009-1182
     CVE-2009-1183

The source code patch is available here:

     ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch

This patch should be applied to 3.02pl2, i.e., start with the 3.02
source code, then apply the 3.02pl1, 3.02pl2, and 3.02pl3 patches, in
that order.

Updated binaries are available here:

     http://www.foolabs.com/xpdf/download.html

- Derek

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 0J9  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.02pl2 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

--- Begin Forwarded Message ---
Date: 7 Nov 2007 19:33:05 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.02pl2 - a PDF viewer for X

A new release of Xpdf is available to fix security holes reported by
Alin Rad Pop, Secunia Research, with the following CVE identifiers:

    CVE-2007-4352
    CVE-2007-5392
    CVE-2007-5393

The source code patch is available here:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl2.patch

This patch should be applied to 3.02pl1, i.e., start with the 3.02
source code, then apply the 3.02pl1 patch, then apply the 3.02pl2
patch.

Updated binaries are available here:

    http://www.foolabs.com/xpdf/download.html

- Derek

--- End Forwarded Message ---

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.02pl1 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

--- begin forwarded message ---

Date: 30 Jul 2007 21:44:17 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.02pl1 - a PDF viewer for X

A new release of Xpdf is available to fix a security hole reported by
iSEC.

The source code patch is available here:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl1.patch

Updated binaries are available here:

    http://www.foolabs.com/xpdf/download.html

- Derek

--- end forwarded message ---

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] Xpdf 3.02 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Those of you who use pdftotext to index PDF files (as described in
http://www.htdig.org/FAQ.html#q4.9) may be interested in this...

Date: 28 Feb 2007 00:19:28 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.02 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Anti-aliased vector graphics, including stroke adjustment.
* Support for PDF 1.6 and PDF 1.7, including AES decryption and
  OpenType fonts.
* User-configurable key/mouse bindings.
* Improved full-screen mode, with the ability to toggle on the fly.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/



-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.01pl1 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Forwarded message:
Date: 1 Dec 2005 19:55:27 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.01pl1 - a PDF viewer for X

A new release of Xpdf is available to fix several security holes
reported by iDEFENSE (CAN-2005-3193).

The source code patch is available here:

    ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.01pl1.patch

Updated binaries are available here:

    http://www.foolabs.com/xpdf/download.html

- Derek


-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 3.01 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

[Forwarded from Derek B. Noonburg]
Date: 17 Aug 2005 21:51:22 -0000
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 3.01 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Added the continuous view mode, including the '-cont' switch and the
  'continuousView' config file option.
* At high zoom levels, don't rasterize the entire page - this avoids
  problems running out of memory.
* Added "search backward" and "match case" options to the find dialog.
* Support explicitly masked images and soft masked images.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

[htdig-announce] Release of ht://Dig version 3.2.0b6

[Gabriele B. <g.b...@co...>]

The ht://Dig group is very happy to announce the release of ht://Dig
version 3.2.0b6.

It fixes several bugs from 3.2.0b5, and runs somewhat faster, although
still much slower than 3.1.6 (no significant speed improvements are
expected in the near future, although we are working on it).

Calling this release a "beta" simply means that exhaustive testing,
especially on non-Linux platforms, is not yet complete. However, we
consider it stable enough for most production use.

Reports of bugs and performance problems are quite welcome. Please try to 
provide as much information as possible regarding OS, configuration, 
hardware used, etc. Feedback should be sent to the htdig-dev mailing
list at htd...@li... .

To download 3.2.0b6, see 
<http://www.htdig.org/where.html>http://www.htdig.org/where.html
For the upgrade guide, see 
<http://www.htdig.org/dev/htdig-3.2/upgrade.html>http://www.htdig.org/dev/htdig-3.2/upgrade.html
For the Release notes, see 
<http://www.htdig.org/dev/htdig-3.2/RELEASE.html>http://www.htdig.org/dev/htdig-3.2/RELEASE.html
For the ChangeLog, see 
<http://www.htdig.org/dev/htdig-3.2/ChangeLog>http://www.htdig.org/dev/htdig-3.2/ChangeLog

Thanks to the many people who contributed to this release in the form of
code, feedback and bug reports!

-- the ht://Dig Group

Release notes for htdig-3.2.0b6 14 Jun 2004

Bug fixes:

    * Correctly handle empty disallow entries in robots.txt
    * No longer compile regular expressions for every URL (improve performances)
    * Allow compressed databases on Cygwin
    * Fixed bugs in phrase searching
    * Improved parsing of the configuration file
    * bin/rundig -a handles multiple database directories
    * Ellipsis displayed correctly by htsearch
    * Allow '-' argument to '-m' ('minimal') runtime option to htdig
    * Check validity of first URL from each server
    * No longer ignore empty configuration attributes
    * fixed bug in handling 'http_proxy', 'http_proxy_authorization', 'authorization attributes'
    * remove stale md5_db if '-i' specified
    * Make 'server_alias' case insensitive
    * fixed bugs with zlib
    * Allow &euro; HTML entity
    * fixed other minor bugs

New features:

    * added allow_space_in_url attribute: if set to true, htdig will handle URLs that contain embedded spaces
    * added store_phrases attribute: if it is false, htdig only stores the first occurrence of each word in a document
    * added an improved version of RTF2HTML into the contrib section
    * added OpenOffice.org support to doc2html in contrib section
    * improved date factor formula
    * improved tests
    * improved documentation
    * added man pages

[htdig-announce] ANNOUNCE: Xpdf 3.00 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

[ Forwarded message from Derek B. Noonburg, 23 Jan 2004 01:36:27 ]

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* New PDF rasterizer ("Splash").
* Added support for PDF 1.5.
* Replaced pdftopbm with pdftoppm (which can generate PBM, PGM, and PPM
  files).

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

[htdig-announce] Release of ht://Dig version 3.2.0b5

[Gabriele B. <bar...@in...>]

The ht://Dig group is very happy to announce the release of ht://Dig 
version 3.2.0b5. This fourth beta release of 3.2 (yes, 3.2.0b4 was 
cancelled) should fix all bugs in previous 3.2 releases and indtroduces a 
few new features. As a beta release, it has not received exhaustive 
testing. However, we believe it to be almost stable enough for production 
use, and hope that you consider giving it a try to provide feedback.

Reports of bugs and performance problems are quite welcome. Please try to 
provide as much information as possible regarding OS, configuration, 
hardware used, etc. Feedback should be sent to the htdig-dev mailing list 
at <mailto:htd...@li...>htd...@li...

To download 3.2.0b5, see 
<http://www.htdig.org/where.html>http://www.htdig.org/where.html
For the upgrade guide, see 
<http://www.htdig.org/dev/htdig-3.2/upgrade.html>http://www.htdig.org/dev/htdig-3.2/upgrade.html
For the Release notes, see 
<http://www.htdig.org/dev/htdig-3.2/RELEASE.html>http://www.htdig.org/dev/htdig-3.2/RELEASE.html
For the ChangeLog, see 
<http://www.htdig.org/dev/htdig-3.2/ChangeLog>http://www.htdig.org/dev/htdig-3.2/ChangeLog

Thanks to the many people who contributed to this release in the form of 
code, feedback and bug reports!
--

Release notes for htdig-3.2.0b5 10 Nov 2003

This version was slated to be 3.2.0rc1, but some final testing is
still required. It primarily fixes many bugs in 3.2.0b3, with some
limited new functionality. As with 3.2.0b1 and 3.2.0b2, if you are
upgrading from a previous version, you should read the upgrade
guide first.

     * Fixed database bugs. Introduced zlib compression to replace buggy 
internal compression.
     * Forward-ported functionality from 3.1.6 (description_meta_tag_names, 
use_doc_date, ignore_alt_text,
ignore_dead_servers, boolean_keywords, boolean_syntax_errors,
multimatch_factor, translate_latin1)
     * Fixed bugs in phrase searching
     * Fixed compile problems due to deprecated C++ includes
     * Fixed bugs handling double slashes in URLs
     * Suppress display of matches with weight zero
     * Fixed bugs in nesting of tags which turn off indexing

     * Added Native Win32 support
     * Added http_proxy_authorization attribute
     * Improved networking code, with improved cookie handling and 
accept_language support
     * Implemented field-restricted searches (e.g. title:word)
     * Handle noindex_start/noindex_end as string lists
     * Implemented external converters, text/html->text/html-internal
     * Improved support for MIME types
     * Changed licence to LGPL from GPL




--
Gabriele Bartolini: Web Programmer, ht://Dig & IWA/HWG Member, ht://Check 
maintainer
Current Location: Melbourne, Victoria, Australia
bar...@in... | http://www.prato.linux.it/~gbartolini | ICQ#129221447
 > "Leave every hope, ye who enter!", Dante Alighieri, Divine Comedy, The 
Inferno

[htdig-announce] ANNOUNCE: Xpdf 2.03 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

---- Begin forwarded message from Derek B. Noonburg ----
Date: 11 Oct 2003 23:18:45 -0000
Message-ID: <200...@fo...>
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 2.03 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Rewrote the text extractor to:
  - do a better job with rotated text;
  - handle right-to-left scripts;
  - be faster.
* Changed the zoom setting to use a percentage (relative to 72 dpi)
  instead of a zoom "factor".
* If the PDF file has an outline, open the outline pane initially.
* Added -f and -l options to pdfinfo; print multiple page sizes.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

---- End forwarded message from Derek B. Noonburg ----

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 2.02 - a PDF viewer for X (fwd)

[Gilles D. <gr...@sc...>]

For users of doc2html.pl & pdftotext...

--- begin forwarded message from Derek B. Noonburg ---
Date: 24 Mar 2003 19:58:01 -0000
Message-ID: <200...@fo...>
From: "Derek B. Noonburg" <de...@fo...>
Subject: ANNOUNCE: Xpdf 2.02 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Rewrote the text extractor code that assembles words into lines to
  better handle vertically overlapping lines.
* Add the "match" option for paper size (in PostScript output).
* Added support for external 16-bit TrueType fonts; added the
  displayCIDFontTT and displayNamedCIDFontTT commands to the xpdfrc
  file.
* Added an Arabic language support package.
* Added the Windows-1255 encoding to the Hebrew language package.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

--- end forwarded message from Derek B. Noonburg ---

[htdig-announce] ANNOUNCE: Xpdf 2.01 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

--- begin forwarded message from de...@fo... ---
From: de...@fo...
Date: 6 Dec 2002 18:43:01 -0000
Subject: ANNOUNCE: Xpdf 2.01 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Redesigned the text extraction process:
  - process the text into "reading order"
  - added a "-layout" flag to pdftotext to switch back to the old
    style, where physical layout is maintained
  - use of the "-raw" flag is no longer recommended
* Added the -reload option for xpdf (in remote mode).
* Added support for external CID fonts; added the displayCIDFontT1 and
  displayNamedCIDFontT1 commands to the xpdfrc file.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

--- end forwarded message from de...@fo... ---

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] ANNOUNCE: Xpdf 2.00 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

--- begin forwarded message from de...@fo... ---
From: de...@fo...
Date: 4 Nov 2002 08:31:27 -0000
To: gr...@sc...
Subject: ANNOUNCE: Xpdf 2.00 - a PDF viewer for X

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Major changes:
* Switched to the Motif toolkit.
* Support multiple open documents (in separate windows).
* Added document outlines to the viewer.
* Modified the text extraction (placement) algorithm.
* Implemented the JBIG2 decoder.

See the `CHANGES' file for a complete list of changes.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

--- end forwarded message from de...@fo... ---

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/
Dept. Physiology, U. of Manitoba  Winnipeg, MB  R3E 3J7  (Canada)

[htdig-announce] Re: Cross-Site Scripting and ht://Dig

[Geoff H. <ghu...@ws...>]

Some time ago, someone posted a supposed vulnerability in ht://Dig to the
BugTraq mailing list about Cross-Site Scripting attacks using the htsearch
CGI. To the best of our knowledge, this is not a problem in versions
3.1.5, 3.1.6, 3.2.0b2, 3.2.0b3 or 3.2.0b4 snapshots of ht://Dig. However,
we are sending out this security advisory to let you know the issue and
how to tell if your htsearch templates could allow a cross-site scripting
attack.

* The Problem: (About Cross-Site Scripting)

Cross-site scripting (also known as XSS) is an attack when a web
application gathers malicious data from a user. For example, a link in
another website, e-mail, instant message, etc. could call your CGI,
collect data and then present an output page in a manner to make it appear
as valid content from your website.

XSS is the most dangerous for sites where users have authenticated
accounts or logins and could allow access for remote users to obtain
access to data not available to outside users.

* How Does XSS Affect ht://Dig?

Since the htsearch CGI presents web templates containing data from the
original query, a query could be constructed which adds HTML code to the
template--potentially sending data to remote sites or users or otherwise
hijacking the client's browser. Remember that the HTML would appear to be
from _your_ site and would have a "trust rating" associated with your site
(e.g. an intranet).

In versions 3.1.5 and later, the htsearch templates were changed to allow
variable expansion using the syntax $&(VAR) to HTML-encode all
output. This was done to force more standards-compliant HTML as well as
providing proper encoding for special characters, including < > and &. The
default templates (headers, footers, no_match pages, etc.) were all
changed to use this syntax where appropriate.

This "HTML-encoded" output also prevents XSS attacks as all attempts at
inserting XSS queries would result in text, rather than HTML, e.g.
XSS malicious code <script ...>
htsearch output    &lt;script ...&gt;    
  (this would show up on a user's screen, rather than executed by the
   browser)

* Solutions

As stated, versions 3.1.5, 3.1.6, 3.2.0b2, 3.2.0b3 and snapshots of
3.2.0b4 are *NOT* vulnerable by default. The templates installed use the
$&(VAR) syntax for proper HTML expansion.

However, if you have upgraded from older versions and have not changed
your templates, or you have changed your templates and use other forms of
variable expansion, you may be allowing XSS attacks. Future versions of
htsearch will likely make the $&(VAR) HTML-expansion the default, unless
other forms (for URL encoded or URL decoded output) are specified
explicitly.

In particular, the following rules should be used (to "protect" user-input):
$&(WORDS) not $(WORDS)
$&(LOGICAL_WORDS) not $(LOGICAL_WORDS)
$&(URL) not $(URL)
$&(CONFIG) not $(CONFIG)
$&(RESTRICT) not $(RESTRICT)
$&(EXCLUDE) not $(EXCLUDE)


Once again, to the best of our knowledge, the default installation of
versions 3.1.5, 3.1.6, 3.2.0b2, 3.2.0b3 and snapshots of 3.2.0b4 are not
vulnerable to XSS. If a repeatable example or exploit can be demonstrated,
we would like to know of it, and will respond ASAP with appropriate fixes.


Original BugTraq Posting and my reply:
http://online.securityfocus.com/archive/1/279118
http://online.securityfocus.com/archive/1/281550

For more on htsearch templates or upgrading ht://Dig:
(Current recommended production version is 3.1.6)
(Current 3.2 beta is the latest possible 3.2.0b4 development snapshot)
http://www.htdig.org/hts_templates.html
http://www.htdig.org/RELEASE.html
http://www.htdig.org/where.html
http://www.htdig.org/files/snapshots/

For more about Cross-Site Scripting:
http://www.cert.org/advisories/CA-2000-02.html
http://httpd.apache.org/info/css-security/
http://www.cgisecurity.com/articles/xss-faq.shtml

--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

[htdig-announce] ANNOUNCE: xpdf 1.01 - a PDF viewer for X (fwd)

[Gilles D. <gr...@sc...>]

[ Forwarded from Derek Noonburg (de...@fo...) ]

Glyph & Cog, LLC is pleased to announce a new version of Xpdf, the
open source Portable Document Format (PDF) viewer for X.  The Xpdf
project also includes a PDF text extractor, PDF-to-PostScript
converter, and various other utilities.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components (pdftops, pdftotext, etc.) also run on Win32 systems and
should run on pretty much any system with a decent C++ compiler.

Noticeable changes:
* Glyph & Cog, LLC formed to handle all commercial licensing of Xpdf.
* Optimized the 1-bit image code and the incremental display update
  code.
* Implemented 16-bit font embedding for PostScript output.
* Implemented Type 3 fonts (viewer and PostScript conversion).
* Added a simple reverse video mode (-rv switch, xpdf.reverseVideo
  resource).
* Many minor enhancements and bug fixes.

See the `CHANGES' file for a complete list.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

For information on commercial licensing and consulting, please see the
Glyph & Cog web site:

    http://www.glyphandcog.com/

[htdig-announce] [Announce] ht://Dig 3.1.6 RPMs for Red Hat

[Gilles D. <gr...@sc...>]

I've just uploaded source and binary rpms for the ht://Dig
3.1.6 web site search engine to the htdig.org site, in
http://www.htdig.org/files/binaries/.  They can also be downloaded from
the SCRC web site, at http://www.scrc.umanitoba.ca/htdig/rpms/.

This is the latest stable release and is recommended for all production
servers.

This version in particular fixes a nasty security hole in htsearch 
that is present in all previous versions, including 3.1.5 and 
3.2.0b3. Because of this, it is *strongly* recommended that all users 
update to this version.

The following RPMs were built on Red Hat Linux 4.2, 6.2 and 7.2:

htdig-3.1.6-0rh42.i386.rpm       (for old libc5-based Red Hat 4.2)
htdig-3.1.6-0rh62.i386.rpm       (for glibc-2.1-based Red Hat 6.2)
htdig-3.1.6-0.src.rpm            (built on 4.2, but OK for 4.x, 5.x & 6.x)
htdig-3.1.6-0.rh72.i386.rpm      * (for glibc-2.2-based Red Hat 7.x, see note)
htdig-web-3.1.6-0.rh72.i386.rpm  * (ditto, see note below)
htdig-3.1.6-0.rh72.src.rpm       * (ditto)

Verify /etc/htdig/htdig.conf, then run /usr/sbin/rundig after installing,
to (re)build all your databases.

		----

* Note to Red Hat 7.1 & 7.2 users:

The KDE 2.1 package shipped with Red Hat 7.1 uses htdig and htsearch
to index and search its documentation.  For some reason, the version
Red Hat shipped is the buggy old 3.2.0b3 beta release, which was later
upgraded to a late-October 2001 snapshot of 3.2.0b4 in the errata update
release packages htdig-3.2.0-1.b4.0.71 and htdig-web-3.2.0-1.b4.0.71.
While less buggy than 3.2.0b3, this is still not exactly stable code.
The "rh72" packages above are meant to be drop-in replacements for the
3.2.0 betas, but because it's a smaller version number (even though being
a more recent release), you have to use the --oldpackage option on the
rpm command to update htdig to this release.  You should also find and
remove databases made by the 3.2.0 version and rebuild your indexes,
as 3.1.6 uses a different database version and format than 3.2.0 betas.
The binary packages are split in two because you only need the htdig-web
package for allowing searches from your web site, while the htdig package
is sufficient for KDE's khelpcenter search tool.  All this may be academic
because htsearch support was dropped from khelpcenter in KDE 2.2, which
shipped with Red Hat 7.2.

		----

Name        : htdig                       Distribution: (none)
Version     : 3.1.6                             Vendor: (none)
Release     : 0                             Build Date: Fri Feb 01 10:09:57 2002
Install date: Fri Feb 01 10:12:02 2002   Build Host: cliff.scrc.umanitoba.ca
Group       : Networking/Utilities          Source RPM: htdig-3.1.6-0.src.rpm
Size        : 3809910
Packager    : Gilles Detillieux <gr...@sc...>
URL         : http://www.htdig.org/
Summary     : A web indexing and searching system for a small domain or intranet
Description :
The ht://Dig system is a complete world wide web indexing and searching
system for a small domain or intranet. This system is not meant to replace
the need for powerful internet-wide search systems like Lycos, Infoseek,
Webcrawler and AltaVista. Instead it is meant to cover the search needs for
a single company, campus, or even a particular sub section of a web site.

As opposed to some WAIS-based or web-server based search engines, ht://Dig
can span several web servers at a site. The type of these different web
servers doesn't matter as long as they understand the HTTP 1.0 protocol.

		----

 Release notes for htdig-3.1.6 1 Feb 2002

As with previous releases, this version cleans up some remaining bugs and
adds a few heavily-requested features. As the latest stable release, it is
recommended for all production servers.

    * Fixed another nasty security hole in htsearch, which would allow a
denial of service attack or forcing htsearch to read in config files
outside of the configuration directory.
    * Fixed some problems with htmerge, including problems with words
beginning with special characters and merging multiple databases.
    * Fixed a bug in handling hopcounts.
    * Fixed problems in handling non-standard relative HTTP redirects.
    * Fixed bugs in external parsers support including being confused by
charset information in the Content-Type header and handling binary output
from external converters.
    * Fixed bugs in the default English endings database. (Under ispell,
it wasn't quite intended for the accuracy needed for our usage.)
    * Fixed additional bugs in the endings fuzzy algorithm.
    * Fixed bugs with compiling with gcc-3.0 and later.
    * Fixed bugs compiling and running on Mac OS X.
    * Fixed problems with servers not returning a Last-Modified date--now
assums indexing time as modification time.
    * Fixed a variety of bugs in the HTML parser to more flexibly handle
non-standard HTML.
    * Fixed problems in the TCP connection code and will more reliably
timeout when a connection hangs and will retry bad connections several
times before giving up.
    * Added the -m "minimal" flag to htdig for only indexing a set list of
URLs and made the -l (log) flag the default behavior so that htdig will
stop and restart automatically.
    * Added htdump and htload programs for dumping ASCII representations
of the databases and reloading the same.
    * Added support for htnotify to collect multiple URLs and allow easy
customization of notification messages, including the new attributes
htnotify_replyto, htnotify_webmaster, htnotify_prefix_file, and
htnotify_suffix_file.
    * Added a new "accents" fuzzy algorithm to morph accents, including
the new accents_db attribute.
    * Added a 'list all' feature to htsearch with a query of '*' or the
current prefix_match_character.
    * Added date restricted searching to htsearch including relative
dates.
    * Added documentation on running ht://Dig and the rundig script.
    * Added METADESCRIPTION and NSTARS variables to the htsearch templates
as well as support for $=(var) template variable references.
    * Added new config attributes to htsearch for restrict and exclude
which work like the normal htsearch form variables if the form variables
are not set.
    * Added many new attributes, including ignore_dead_servers
description_meta_tag_names, max_keywords, translate_latin1,
url_rewrite_rules, search_rewrite_rules, anchor_target, ignore_alt_text,
search_results_contenttype, boolean_keywords, boolean_syntax_errors,
multimatch_method, maximum_page_buttons, max_excerpts, plural_suffix,
any_keywords and use_doc_date.
    * Extended the build_select_lists attribute to support select
multiple, radio boxes and checkboxes.
    * Revised the documentation to make it clearer in parts, including the
url_part_aliases attribute.
    * Updated various contributed utilities including doc2html, xmlsearch,
rundig.sh, htparsedoc, acroconv.pl, multidig, etc.
    * A variety of other bug fixes, and many documentation updates. See
the ChangeLog for details.
    * Once again, thanks to everyone who reported bugs and bug fixes.

   The full ChangeLog for this release is available from:
   http://www.htdig.org/ChangeLog

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930

[htdig-announce] ANNOUNCE: xpdf 1.00 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

I haven't tried this new xpdf release out with htdig and doc2html yet, but
I thought that some htdig users might be interested in this announcement,
so I'm passing it on...

--- begin forwarded message ---
From: de...@fo...
Date: 2 Feb 2002 00:51:15 -0000
Subject: ANNOUNCE: xpdf 1.00 - a PDF viewer for X

I've just released a new version of Xpdf, my Portable Document Format
(PDF) viewer for X.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components of the package (pdftops, pdftotext, etc.) also run on Win32
systems.

WARNING: Xpdf 1.x uses a completely different config file setup than
Xpdf 0.9x.  Please see the "Upgrading from Xpdf 0.9x" section in the
README file.

Noticeable changes:
* Completely rewrote the code that handles font encodings:
  - everything is Unicode-based
  - 16-bit fonts are handled much more cleanly
  - text output encoding can be set more flexibly
* New .xpdfrc config files.
* Implemented the sh (shaded fill) operator for the axial shading
  type.
* Added a duplex option to PSOutputDev and a -duplex switch to
  pdftops.
* Added key bindings for forward ('v') and backward ('b').
* Added the pdffonts program which lists the fonts used in a PDF
  file.
* Fixed several problems in the TrueType font embedding code (for
  PostScript output).
* Accept named destination on command line.
* Added several new items to pdfinfo: file size, PDF version, tagged
  (yes or no), XML metadata (with the -meta option).

See the `CHANGES' file for a complete list.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

Source and Linux binaries are on sunsite.unc.edu, currently in
the incoming directory, but they will be moved to:

    ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X

--- end forwarded message ---

-- 
Gilles R. Detillieux              E-mail: <gr...@sc...>
Spinal Cord Research Centre       WWW:    http://www.scrc.umanitoba.ca/~grdetil
Dept. Physiology, U. of Manitoba  Phone:  (204)789-3766
Winnipeg, MB  R3E 3J7  (Canada)   Fax:    (204)789-3930

[htdig-announce] [Announce] Release of ht://Dig 3.1.6

[Geoff H. <ghu...@ws...>]

At long last, I am quite pleased to announce the release of ht://Dig
version 3.1.6. Thanks to the many people who contributed to this release
in the form of code, feedback and bug reports!

This version is the latest production version and fixes a large number of
bugs, including all known security problems in previous versions. It is
*highly* recommended that all users update to this version. In addition,
version 3.1.6 offers additional features and improved documentation.

To download 3.1.6 or patches to previous versions, see
<http://www.htdig.org/files/where.html>
For the Release notes, see <http://www.htdig.org/RELEASE.html>
For the ChangeLog, see <http://www.htdig.org/ChangeLog>

--
-Geoff Hutchison
Williams Students Online
http://wso.williams.edu/

 Release notes for htdig-3.1.6 1 Feb 2002

As with previous releases, this version cleans up some remaining bugs and
adds a few heavily-requested features. As the latest stable release, it is
recommended for all production servers.

    * Fixed another nasty security hole in htsearch, which would allow a
denial of service attack or forcing htsearch to read in config files
outside of the configuration directory.
    * Fixed some problems with htmerge, including problems with words
beginning with special characters and merging multiple databases.
    * Fixed a bug in handling hopcounts.
    * Fixed problems in handling non-standard relative HTTP redirects.
    * Fixed bugs in external parsers support including being confused by
charset information in the Content-Type header and handling binary output
from external converters.
    * Fixed bugs in the default English endings database. (Under ispell,
it wasn't quite intended for the accuracy needed for our usage.)
    * Fixed additional bugs in the endings fuzzy algorithm.
    * Fixed bugs with compiling with gcc-3.0 and later.
    * Fixed bugs compiling and running on Mac OS X.
    * Fixed problems with servers not returning a Last-Modified date--now
assums indexing time as modification time.
    * Fixed a variety of bugs in the HTML parser to more flexibly handle
non-standard HTML.
    * Fixed problems in the TCP connection code and will more reliably
timeout when a connection hangs and will retry bad connections several
times before giving up.
    * Added the -m "minimal" flag to htdig for only indexing a set list of
URLs and made the -l (log) flag the default behavior so that htdig will
stop and restart automatically.
    * Added htdump and htload programs for dumping ASCII representations
of the databases and reloading the same.
    * Added support for htnotify to collect multiple URLs and allow easy
customization of notification messages, including the new attributes
htnotify_replyto, htnotify_webmaster, htnotify_prefix_file, and
htnotify_suffix_file.
    * Added a new "accents" fuzzy algorithm to morph accents, including
the new accents_db attribute.
    * Added a 'list all' feature to htsearch with a query of '*' or the
current prefix_match_character.
    * Added date restricted searching to htsearch including relative
dates.
    * Added documentation on running ht://Dig and the rundig script.
    * Added METADESCRIPTION and NSTARS variables to the htsearch templates
as well as support for $=(var) template variable references.
    * Added new config attributes to htsearch for restrict and exclude
which work like the normal htsearch form variables if the form variables
are not set.
    * Added many new attributes, including ignore_dead_servers
description_meta_tag_names, max_keywords, translate_latin1,
url_rewrite_rules, search_rewrite_rules, anchor_target, ignore_alt_text,
search_results_contenttype, boolean_keywords, boolean_syntax_errors,
multimatch_method, maximum_page_buttons, max_excerpts, plural_suffix,
any_keywords and use_doc_date.
    * Extended the build_select_lists attribute to support select
multiple, radio boxes and checkboxes.
    * Revised the documentation to make it clearer in parts, including the
url_part_aliases attribute.
    * Updated various contributed utilities including doc2html, xmlsearch,
rundig.sh, htparsedoc, acroconv.pl, multidig, etc.
    * A variety of other bug fixes, and many documentation updates. See
the ChangeLog for details.
    * Once again, thanks to everyone who reported bugs and bug fixes.

[htdig-announce] ANNOUNCE: xpdf 0.93 - a PDF viewer for X

[Gilles D. <gr...@sc...>]

Forwarded message from de...@fo... (Derek Noonburg):

I've just released a new version of xpdf, my Portable Document Format
(PDF) viewer for X.

Xpdf runs under the X Window System on Unix, VMS, and OS/2.  The non-X
components of the package (pdftops, pdftotext, etc.) also run on Win32
systems.

Noticeable changes:

* Embed TrueType fonts in PostScript output.  (Added a "-noembtt" flag
  to pdftops.)
* Implement PDF 1.4 (128-bit) decryption.
* Bump supported PDF version number to 1.4.
* Text output for Simplified Chinese.  [Thanks to Cheung Siu Fai.]
* Read an app-defaults file for Xpdf.  Read a system-wide config file
  (<prefix>/etc/xpdfrc) if ~/.xpdfrc doesn't exist.
* Accept and verify owner password; if correct, allow all actions.
* Added a "-level2sep" option to pdftops to generate Level 2 separable
  PostScript.  The PostScript separation convention operators are used
  to handle custom (spot) colors.  [Thanks to Thomas Freitag for help
  on this.]
* Add support for FreeType 2 to the configure script.  Warning: this
  requires FT 2.0.5 or newer (see the INSTALL file for details).

See the `CHANGES' file for a complete list.

Source (C++ and C) is available, and it should be fairly easy to
compile for UNIX, VMS, OS/2, and Win32.

More information, source code, and precompiled binaries are on the
xpdf web page and ftp site:

    http://www.foolabs.com/xpdf/
    ftp://ftp.foolabs.com/pub/xpdf/

Source and Linux binaries are on sunsite.unc.edu, currently in
the incoming directory, but they will be moved to:

    ftp://ftp.ibiblio.org/pub/Linux/apps/graphics/viewers/X