The other day, I released GNU Enscript 1.6.6. You should all go and send me bug reports.
It's basically the same as the 18.104.22.168 release, but more official. (I'm bored of the long version numbers - maybe I ought to knock a decimal point off.)
Posted: 02 Oct 2012 20:28 |
I have been taking a closer look at the various security patches Debian applies to GNU Enscript this morning - I believe there may be similar problems lurking in other parts of the codebase, so my plan is to fix these myself this week. This avoids various inconvenient questions about copyright assignment. For the shorter patches this isn't a problem, of course - and there's generally more than one way to fix buffer overflows anyway. There's one longer patch where shell escapes are prevented - that might need more study.
Posted: 25 Jan 2009 00:00 |
Next I need to work on pulling any distro fixes I can find into upstream, and getting a new bugfix version released. This should hopefully obsolete most of the Debian patches.
Posted: 02 Dec 2007 00:00 |
Some news that's overdue to be blogged: a few weeks ago, I picked up the Debian package 'enscript', and fixed some of the easier bugs in it. This has been uploaded to unstable, thanks to Myon, who rocks.
Having looked at the package, I realised that further work on it was unfeasible without a new upstream release. GNU Enscript had been unmaintained for a while, so I wrote to the GNU project and asked whether I could set up a Savannah project for it. A few days later, rms dubbed me the official maintainer.
This week, I sent in my copyright assignment form. This is one of the things I wasn't expecting - from the copyright headers, it didn't look as if Enscript required copyright assignment to the FSF. Still, it makes sense in the long run. I have to examine the existing code, and work out whether there are any other contributors from whom to ask for assignments or disclaimers. One of these days I'll actually get around to writing some code for it, perhaps.
On the plus side, I now have an account on fencepost.gnu.org, which means I have a nice gnu.org email address to go with it. Also, the FSF sent some nice stickers for my laptop with the copyright form.
Posted: 17 Nov 2007 00:00 |