lynx: update to 2.8.8.2nb9 Patch for CVE-2017-1000211 from: https://github.com/ThomasDickey/lynx-snapshots/commit/280a61b300a1614f6037efc0902ff7ecf17146e9?diff=unifieddiff -r1.130 -r1.131 pkgsrc/www/lynx/Makefile
(tez)
@@ -1,18 +1,18 @@ | @@ -1,18 +1,18 @@ | |||
1 | # $NetBSD: Makefile,v 1.130 2018/05/17 10:16:25 jperkin Exp $ | 1 | # $NetBSD: Makefile,v 1.131 2018/06/15 22:24:38 tez Exp $ | |
2 | 2 | |||
3 | DISTNAME= lynx2.8.8rel.2 | 3 | DISTNAME= lynx2.8.8rel.2 | |
4 | PKGNAME= ${DISTNAME:S/lynx/lynx-/:S/rel//} | 4 | PKGNAME= ${DISTNAME:S/lynx/lynx-/:S/rel//} | |
5 | PKGREVISION= 8 | 5 | PKGREVISION= 9 | |
6 | CATEGORIES= www | 6 | CATEGORIES= www | |
7 | MASTER_SITES= https://invisible-mirror.net/archives/lynx/tarballs/ | 7 | MASTER_SITES= https://invisible-mirror.net/archives/lynx/tarballs/ | |
8 | MASTER_SITES+= ftp://ftp.cyf-kr.edu.pl/pub/unix/lynx/${SUBDIR:Q}/ | 8 | MASTER_SITES+= ftp://ftp.cyf-kr.edu.pl/pub/unix/lynx/${SUBDIR:Q}/ | |
9 | EXTRACT_SUFX= .tar.bz2 | 9 | EXTRACT_SUFX= .tar.bz2 | |
10 | 10 | |||
11 | MAINTAINER= pkgsrc-users@NetBSD.org | 11 | MAINTAINER= pkgsrc-users@NetBSD.org | |
12 | HOMEPAGE= http://lynx.invisible-island.net/ | 12 | HOMEPAGE= http://lynx.invisible-island.net/ | |
13 | COMMENT= Alphanumeric display oriented World-Wide Web Client | 13 | COMMENT= Alphanumeric display oriented World-Wide Web Client | |
14 | LICENSE= gnu-gpl-v2 | 14 | LICENSE= gnu-gpl-v2 | |
15 | 15 | |||
16 | # problem with WWW/Library/Implementation | 16 | # problem with WWW/Library/Implementation | |
17 | MAKE_JOBS_SAFE= no | 17 | MAKE_JOBS_SAFE= no | |
18 | 18 |
@@ -1,16 +1,17 @@ | @@ -1,16 +1,17 @@ | |||
1 | $NetBSD: distinfo,v 1.37 2018/05/17 10:16:25 jperkin Exp $ | 1 | $NetBSD: distinfo,v 1.38 2018/06/15 22:24:38 tez Exp $ | |
2 | 2 | |||
3 | SHA1 (lynx2.8.8rel.2.tar.bz2) = 65bbf95627c88723bbb5880155e5fe01c2753d0c | 3 | SHA1 (lynx2.8.8rel.2.tar.bz2) = 65bbf95627c88723bbb5880155e5fe01c2753d0c | |
4 | RMD160 (lynx2.8.8rel.2.tar.bz2) = a683f9c163a6c343bde53ffde99dbecce4e41b02 | 4 | RMD160 (lynx2.8.8rel.2.tar.bz2) = a683f9c163a6c343bde53ffde99dbecce4e41b02 | |
5 | SHA512 (lynx2.8.8rel.2.tar.bz2) = a475fb7b79641ddd7c20861e16d3d71ccb1a5ae33247cce0b9e73690dd664ebf129964c026bc33b0f082a7585e5a6acae9afc9a65f308e19b49fa0a8bebc0362 | 5 | SHA512 (lynx2.8.8rel.2.tar.bz2) = a475fb7b79641ddd7c20861e16d3d71ccb1a5ae33247cce0b9e73690dd664ebf129964c026bc33b0f082a7585e5a6acae9afc9a65f308e19b49fa0a8bebc0362 | |
6 | Size (lynx2.8.8rel.2.tar.bz2) = 2587120 bytes | 6 | Size (lynx2.8.8rel.2.tar.bz2) = 2587120 bytes | |
7 | SHA1 (patch-WWW_Library_Implementation_HTTCP.c) = 7449ad250c5971483aba8bd3c233080deafe7837 | 7 | SHA1 (patch-WWW_Library_Implementation_HTTCP.c) = 7449ad250c5971483aba8bd3c233080deafe7837 | |
8 | SHA1 (patch-WWW_Library_Implementation_HTTP.c) = 0ae567e2c7622ba4ce43f48d717f4a5a6b4d01b1 | 8 | SHA1 (patch-WWW_Library_Implementation_HTTP.c) = 0ae567e2c7622ba4ce43f48d717f4a5a6b4d01b1 | |
9 | SHA1 (patch-WWW_Library_Implementation_HTTP.h) = 4ad3a9cf309c7ef32d0a53df6f5840ed57c25a31 | 9 | SHA1 (patch-WWW_Library_Implementation_HTTP.h) = 4ad3a9cf309c7ef32d0a53df6f5840ed57c25a31 | |
10 | SHA1 (patch-WWW_Library_Implementation_HTUTILS.h) = 654c4bd1be5e2d8c74efb44e2a5e996957bf7622 | 10 | SHA1 (patch-WWW_Library_Implementation_HTUTILS.h) = 654c4bd1be5e2d8c74efb44e2a5e996957bf7622 | |
11 | SHA1 (patch-aa) = 85e76c4b2708e01dd1abdc1af764a067bd83bcb9 | 11 | SHA1 (patch-aa) = 85e76c4b2708e01dd1abdc1af764a067bd83bcb9 | |
12 | SHA1 (patch-ab) = 26fab3bd426a76df530e6780eefe36464059bc6a | 12 | SHA1 (patch-ab) = 26fab3bd426a76df530e6780eefe36464059bc6a | |
13 | SHA1 (patch-af) = 31399c0c3394b90c0680708fff06f6f9e19674b3 | 13 | SHA1 (patch-af) = 31399c0c3394b90c0680708fff06f6f9e19674b3 | |
14 | SHA1 (patch-src_HTML.c) = 466ad0025bed3f3868e23867a83df405f20b9576 | |||
14 | SHA1 (patch-src_LYCurses.c) = 66f416fd17cdb7a00beb4b850be711faf0afb605 | 15 | SHA1 (patch-src_LYCurses.c) = 66f416fd17cdb7a00beb4b850be711faf0afb605 | |
15 | SHA1 (patch-src_LYStrings.c) = 7472abbb8dd864f9361b0371c5ceff9a1e257ed6 | 16 | SHA1 (patch-src_LYStrings.c) = 7472abbb8dd864f9361b0371c5ceff9a1e257ed6 | |
16 | SHA1 (patch-src_LYUtils.c) = fadef16c363b3e4327dd822f57b99274bcc6c6e3 | 17 | SHA1 (patch-src_LYUtils.c) = fadef16c363b3e4327dd822f57b99274bcc6c6e3 |
$NetBSD: patch-src_HTML.c,v 1.1 2018/06/15 22:24:39 tez Exp $
--- src/HTML.c.orig 2018-06-15 21:56:18.188943200 +0000
+++ src/HTML.c
@@ -505,6 +505,8 @@ void HTML_put_character(HTStructured * m
*/
void HTML_put_string(HTStructured * me, const char *s)
{
+ HTChunk *target = NULL;
+
#ifdef USE_PRETTYSRC
char *translated_string = NULL;
#endif
@@ -525,15 +527,15 @@ void HTML_put_string(HTStructured * me,
break; /* Do Nothing */
case HTML_TITLE:
- HTChunkPuts(&me->title, s);
+ target = &me->title;
break;
case HTML_STYLE:
- HTChunkPuts(&me->style_block, s);
+ target = &me->style_block;
break;
case HTML_SCRIPT:
- HTChunkPuts(&me->script, s);
+ target = &me->script;
break;
case HTML_PRE: /* Formatted text */
@@ -547,20 +549,20 @@ void HTML_put_string(HTStructured * me,
break;
case HTML_OBJECT:
- HTChunkPuts(&me->object, s);
+ target = &me->object;
break;
case HTML_TEXTAREA:
- HTChunkPuts(&me->textarea, s);
+ target = &me->textarea;
break;
case HTML_SELECT:
case HTML_OPTION:
- HTChunkPuts(&me->option, s);
+ target = &me->option;
break;
case HTML_MATH:
- HTChunkPuts(&me->math, s);
+ target = &me->math;
break;
default: /* Free format text? */
@@ -651,6 +653,15 @@ void HTML_put_string(HTStructured * me,
} /* for */
}
} /* end switch */
+
+ if (target != NULL) {
+ if (target->data == s) {
+ CTRACE((tfp, "BUG: appending chunk to itself: `%.*s'\n",
+ target->size, target->data));
+ } else {
+ HTChunkPuts(target, s);
+ }
+ }
#ifdef USE_PRETTYSRC
if (psrc_convert_string) {
psrc_convert_string = FALSE;