Sat May 19 08:57:22 2018 UTC ()
Pullup ticket #5756 - requested by bsiegert
www/w3m: security update

Revisions pulled up:
- www/w3m/Makefile.common                                       1.66
- www/w3m/distinfo                                              1.31

-------------------------------------------------------------------
   Module Name:    pkgsrc
   Committed By:   leot
   Date:           Mon May 14 14:40:17 UTC 2018

   Modified Files:
            pkgsrc/www/w3m: Makefile.common distinfo

   Log Message:
   w3m{,-img}: Update www/w3m{,-img} to 0.5.3.20180125

   Changes:
   Debian's w3m 0.5.3+git20180125
   * bug fixes
     - fix stack overflow with malformed text [CVE-2018-6196]
     - fix null deref with malformed text [CVE-2018-6197]
     - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
     - do not remove w3mdict.cgi when "make distclean"
     - do not turn a form's GET into POST
     - correct <base ...> parsing
     - accept TERM�term
   * new feature
     - extend ssl_forbid_method to disable TLSv1.1

   To generate a diff of this commit:
   cvs rdiff -u -r1.65 -r1.66 pkgsrc/www/w3m/Makefile.common
   cvs rdiff -u -r1.30 -r1.31 pkgsrc/www/w3m/distinfo


(spz)
diff -r1.65 -r1.65.8.1 pkgsrc/www/w3m/Makefile.common
diff -r1.30 -r1.30.12.1 pkgsrc/www/w3m/distinfo
cvs diff -r1.65 -r1.65.8.1 pkgsrc/www/w3m/Makefile.common (switch to unified diff)

--- pkgsrc/www/w3m/Makefile.common 2017/07/10 12:26:53 1.65
+++ pkgsrc/www/w3m/Makefile.common 2018/05/19 08:57:22 1.65.8.1
@@ -1,85 +1,85 @@ @@ -1,85 +1,85 @@
1# $NetBSD: Makefile.common,v 1.65 2017/07/10 12:26:53 joerg Exp $ 1# $NetBSD: Makefile.common,v 1.65.8.1 2018/05/19 08:57:22 spz Exp $
2# 2#
3# used by www/w3m/Makefile 3# used by www/w3m/Makefile
4# used by www/w3m-img/Makefile 4# used by www/w3m-img/Makefile
5 5
6DISTNAME= w3m-${W3M_VERS} 6DISTNAME= w3m-${W3M_VERS}
7CATEGORIES= www 7CATEGORIES= www
8MASTER_SITES= ${MASTER_SITE_GITHUB:=tats/} 8MASTER_SITES= ${MASTER_SITE_GITHUB:=tats/}
9GITHUB_TAG= v${W3M_VERS} 9GITHUB_TAG= v${W3M_VERS}
10 10
11MAINTAINER= uebayasi@NetBSD.org 11MAINTAINER= uebayasi@NetBSD.org
12HOMEPAGE= http://w3m.sourceforge.net/ 12HOMEPAGE= http://w3m.sourceforge.net/
13# or https://github.com/tats/w3m 13# or https://github.com/tats/w3m
14# or https://packages.qa.debian.org/w/w3m.html 14# or https://packages.qa.debian.org/w/w3m.html
15 15
16WRKSRC= ${WRKDIR}/w3m-${W3M_VERS:S/+/-/} 16WRKSRC= ${WRKDIR}/w3m-${W3M_VERS:S/+/-/}
17 17
18GNU_CONFIGURE= yes 18GNU_CONFIGURE= yes
19USE_LANGUAGES= c c++ 19USE_LANGUAGES= c c++
20USE_TOOLS+= gmake # Needed for some combinations of options... 20USE_TOOLS+= gmake # Needed for some combinations of options...
21USE_TOOLS+= msgfmt 21USE_TOOLS+= msgfmt
22USE_PKGLOCALEDIR= yes 22USE_PKGLOCALEDIR= yes
23 23
24W3M_VERS= 0.5.3+git20170102 24W3M_VERS= 0.5.3+git20180125
25W3M_PKGVERS= ${W3M_VERS:S/+git/.0./} 25W3M_PKGVERS= ${W3M_VERS:S/+git/.0./}
26 26
27# For w3mman, xface2xpm, cgi scripts. 27# For w3mman, xface2xpm, cgi scripts.
28USE_TOOLS+= perl:run pax 28USE_TOOLS+= perl:run pax
29 29
30DOCDIR= share/doc/w3m 30DOCDIR= share/doc/w3m
31 31
32_W3M_USE_IMAGE?= NO 32_W3M_USE_IMAGE?= NO
33 33
34.include "options.mk" 34.include "options.mk"
35 35
36.include "../../mk/bsd.prefs.mk" 36.include "../../mk/bsd.prefs.mk"
37 37
38# Configurable by environment variables at run-time. 38# Configurable by environment variables at run-time.
39CONFIGURE_ARGS+= --with-charset=US-ASCII 39CONFIGURE_ARGS+= --with-charset=US-ASCII
40 40
41# This *should* be set at run-time. 41# This *should* be set at run-time.
42CONFIGURE_ARGS+= --disable-messagel10n 42CONFIGURE_ARGS+= --disable-messagel10n
43 43
44CONFIGURE_ARGS+= --disable-help_cgi 44CONFIGURE_ARGS+= --disable-help_cgi
45CONFIGURE_ARGS+= --enable-color 45CONFIGURE_ARGS+= --enable-color
46CONFIGURE_ARGS+= --enable-cookie 46CONFIGURE_ARGS+= --enable-cookie
47CONFIGURE_ARGS+= --enable-m17n 47CONFIGURE_ARGS+= --enable-m17n
48CONFIGURE_ARGS+= --enable-mouse 48CONFIGURE_ARGS+= --enable-mouse
49CONFIGURE_ARGS+= --enable-unicode 49CONFIGURE_ARGS+= --enable-unicode
50CONFIGURE_ARGS+= --with-browser= 50CONFIGURE_ARGS+= --with-browser=
51CONFIGURE_ARGS+= --with-termlib 51CONFIGURE_ARGS+= --with-termlib
52CONFIGURE_ARGS+= --with-editor=vi 52CONFIGURE_ARGS+= --with-editor=vi
53CONFIGURE_ARGS+= --with-gc=${BUILDLINK_PREFIX.boehm-gc} 53CONFIGURE_ARGS+= --with-gc=${BUILDLINK_PREFIX.boehm-gc}
54CONFIGURE_ARGS+= --with-mailer=${MAIL_CMD:Q} 54CONFIGURE_ARGS+= --with-mailer=${MAIL_CMD:Q}
55CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q} 55CONFIGURE_ARGS+= --with-ssl=${SSLBASE:Q}
56CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR} 56CONFIGURE_ARGS+= --sysconfdir=${PKG_SYSCONFDIR}
57 57
58SUBST_CLASSES+= man-ja 58SUBST_CLASSES+= man-ja
59SUBST_MESSAGE.man-ja= Fixing the path to Japanese manual pages. 59SUBST_MESSAGE.man-ja= Fixing the path to Japanese manual pages.
60SUBST_STAGE.man-ja= post-patch 60SUBST_STAGE.man-ja= post-patch
61SUBST_FILES.man-ja= Makefile.in config.h.dist 61SUBST_FILES.man-ja= Makefile.in config.h.dist
62SUBST_SED.man-ja= -e 's|/ja/|/ja_JP.eucJP/|g' 62SUBST_SED.man-ja= -e 's|/ja/|/ja_JP.eucJP/|g'
63 63
64SUBST_CLASSES+= fh 64SUBST_CLASSES+= fh
65SUBST_MESSAGE.fh= Rename file_handle. 65SUBST_MESSAGE.fh= Rename file_handle.
66SUBST_STAGE.fh= post-patch 66SUBST_STAGE.fh= post-patch
67SUBST_FILES.fh= istream.* 67SUBST_FILES.fh= istream.*
68SUBST_SED.fh= -e 's/file_handle/file_handle_rofl/g' 68SUBST_SED.fh= -e 's/file_handle/file_handle_rofl/g'
69 69
70INSTALLATION_DIRS+= ${DOCDIR} 70INSTALLATION_DIRS+= ${DOCDIR}
71 71
72INSTALL_TARGET= install install-helpfile 72INSTALL_TARGET= install install-helpfile
73 73
74post-install: 74post-install:
75 # Use pax to discard uid/gid. Exclude manuals (*.1). 75 # Use pax to discard uid/gid. Exclude manuals (*.1).
76 set -e; cd ${WRKSRC}; pax -r -w -s ',.*\.1$$,,' doc doc-jp \ 76 set -e; cd ${WRKSRC}; pax -r -w -s ',.*\.1$$,,' doc doc-jp \
77 ${DESTDIR}${PREFIX}/${DOCDIR} 77 ${DESTDIR}${PREFIX}/${DOCDIR}
78 78
79BUILDLINK_API_DEPENDS.boehm-gc+= boehm-gc>=7.2 79BUILDLINK_API_DEPENDS.boehm-gc+= boehm-gc>=7.2
80.include "../../devel/boehm-gc/buildlink3.mk" 80.include "../../devel/boehm-gc/buildlink3.mk"
81.include "../../devel/gettext-lib/buildlink3.mk" 81.include "../../devel/gettext-lib/buildlink3.mk"
82.include "../../devel/zlib/buildlink3.mk" 82.include "../../devel/zlib/buildlink3.mk"
83.include "../../security/openssl/buildlink3.mk" 83.include "../../security/openssl/buildlink3.mk"
84.include "../../mk/termcap.buildlink3.mk" 84.include "../../mk/termcap.buildlink3.mk"
85.include "../../mk/bsd.pkg.mk" 85.include "../../mk/bsd.pkg.mk"
cvs diff -r1.30 -r1.30.12.1 pkgsrc/www/w3m/distinfo (switch to unified diff)

--- pkgsrc/www/w3m/distinfo 2017/02/19 18:35:13 1.30
+++ pkgsrc/www/w3m/distinfo 2018/05/19 08:57:22 1.30.12.1
@@ -1,6 +1,6 @@ @@ -1,6 +1,6 @@
1$NetBSD: distinfo,v 1.30 2017/02/19 18:35:13 snj Exp $ 1$NetBSD: distinfo,v 1.30.12.1 2018/05/19 08:57:22 spz Exp $
2 2
3SHA1 (w3m-0.5.3+git20170102.tar.gz) = 5279c2cb577635e709fb5979acadd6b4371e5b99 3SHA1 (w3m-0.5.3+git20180125.tar.gz) = 49df4a9c35f94c211ba2d904f7c72b8aa82e269d
4RMD160 (w3m-0.5.3+git20170102.tar.gz) = 1301f33b16f4532220b69faed7cd182074fa901f 4RMD160 (w3m-0.5.3+git20180125.tar.gz) = d899c863062f09d49aeea2ec1533c772729c50bc
5SHA512 (w3m-0.5.3+git20170102.tar.gz) = c077a003512a53856d2353d97ac2cbfdaebdeff8c914102475b6bbf095f218652235cc1098ce7173c9095216520d9e233e7dd23ea551ccf7263929e219ac04e5 5SHA512 (w3m-0.5.3+git20180125.tar.gz) = 61b8498b927569937c509460e291eeba6eb302d34ccd6e1bf4d1eb07ac73a3ac5a477161727d310324625be04b907f8c3e970382d08c9fa0846b371699f04e14
6Size (w3m-0.5.3+git20170102.tar.gz) = 2180292 bytes 6Size (w3m-0.5.3+git20180125.tar.gz) = 2181743 bytes