diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..daa4204 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +SOURCES/lynx2.8.9rel.1.tar.bz2 diff --git a/.lynx.metadata b/.lynx.metadata new file mode 100644 index 0000000..4ab3b1b --- /dev/null +++ b/.lynx.metadata @@ -0,0 +1 @@ +3e00ac30d008e0aa879bfd037abcfd9c0dd2faec SOURCES/lynx2.8.9rel.1.tar.bz2 diff --git a/SOURCES/lynx-2.8.8-locale.patch b/SOURCES/lynx-2.8.8-locale.patch new file mode 100644 index 0000000..d049171 --- /dev/null +++ b/SOURCES/lynx-2.8.8-locale.patch @@ -0,0 +1,25 @@ +From d8a64ed1d63710ad764fbf3b1fb28d08204f9e72 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 13 Feb 2013 15:28:36 +0100 +Subject: [PATCH] avoid build failure caused by mistakenly excluded + +--- + src/LYMain.c | 2 +- + 1 files changed, 1 insertions(+), 1 deletions(-) + +diff --git a/src/LYMain.c b/src/LYMain.c +index 9528be2..aaddb7b 100644 +--- a/src/LYMain.c ++++ b/src/LYMain.c +@@ -58,7 +58,7 @@ + #include + #endif + +-#if defined(LOCALE) && (!defined(HAVE_LIBINTL_H) || !defined(LC_ALL)) ++#if defined(LOCALE) + #undef gettext /* Solaris locale.h prototypes gettext() */ + #include + #ifndef HAVE_GETTEXT +-- +1.7.1 + diff --git a/SOURCES/lynx-2.8.9-build.patch b/SOURCES/lynx-2.8.9-build.patch new file mode 100644 index 0000000..bff8088 --- /dev/null +++ b/SOURCES/lynx-2.8.9-build.patch @@ -0,0 +1,179 @@ +From e6f2bec676f7abb4962821475fbc7cf918503e00 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 13 Feb 2013 15:25:00 +0100 +Subject: [PATCH] prepare upstream sources for parallel make + +--- + makefile.in | 48 +++++++++++++++++++++++------------------------- + src/makefile.in | 10 ++++------ + 2 files changed, 27 insertions(+), 31 deletions(-) + +diff --git a/makefile.in b/makefile.in +index ad78441..0fd8b1e 100644 +--- a/makefile.in ++++ b/makefile.in +@@ -108,8 +108,6 @@ COMPRESS_EXT=@COMPRESS_EXT@ + # Path of scripts directory + scripts_dir=$(srcdir)/scripts + +-MAKE_RECUR = $(MAKE) @cf_cv_makeflags@ DESTDIR="$(DESTDIR)" CC="$(CC)" +- + @LYNXCFG_MAKE@CFG2HTML = alphatoc.html body.html cattoc.html + + # !!!!!!!!!!! SUN resolv LIBRARY !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! +@@ -200,20 +198,20 @@ binary_PROG = $(actual_PROG)$x + + all lynx$x: cfg_defs.h LYHelp.h + @MSG_DIR_MAKE@ $(SHELL) $(scripts_dir)/fixtext.sh $(srcdir)/LYMessages_en.h >LYMessages.c +-@MSG_DIR_MAKE@ cd $(PO_DIR) && $(MAKE_RECUR) +- cd $(WWW_DIR) && $(MAKE_RECUR) $(WWW_CFLAGS) +- cd $(CHR_DIR) && $(MAKE_RECUR) all $(CHR_CFLAGS) +- cd $(SRC_DIR) && $(MAKE_RECUR) all $(SRC_CFLAGS) ++@MSG_DIR_MAKE@ $(MAKE) -C $(PO_DIR) ++ $(MAKE) -C $(WWW_DIR) $(WWW_CFLAGS) ++ $(MAKE) -C $(CHR_DIR) all $(CHR_CFLAGS) ++ $(MAKE) -C $(SRC_DIR) all $(SRC_CFLAGS) + + lint: +- cd $(WWW_DIR) && $(MAKE_RECUR) LINT="$(LINT)" $(WWW_CFLAGS) $@ +- cd $(SRC_DIR) && $(MAKE_RECUR) LINT="$(LINT)" $(SRC_CFLAGS) $@ +- cd $(CHR_DIR) && $(MAKE_RECUR) LINT="$(LINT)" $@ ++ $(MAKE) -C $(WWW_DIR) LINT="$(LINT)" $(WWW_CFLAGS) $@ ++ $(MAKE) -C $(SRC_DIR) LINT="$(LINT)" $(SRC_CFLAGS) $@ ++ $(MAKE) -C $(CHR_DIR) LINT="$(LINT)" $@ + + tags: +- cd $(WWW_DIR) && $(MAKE_RECUR) $(WWW_CFLAGS) $@ +- cd $(SRC_DIR) && $(MAKE_RECUR) $(SRC_CFLAGS) $@ +- cd $(CHR_DIR) && $(MAKE_RECUR) $@ ++ $(MAKE) -C $(WWW_DIR) $(WWW_CFLAGS) $@ ++ $(MAKE) -C $(SRC_DIR) $(SRC_CFLAGS) $@ ++ $(MAKE) -C $(CHR_DIR) $@ + + etags: + $(ETAGS) *.[ch] */*.[ch] */*/*.[ch] */*/*/*.[ch] +@@ -231,27 +229,27 @@ help: + clean: + rm -f WWW/Library/*/*.[aoib] + rm -f WWW/Library/*/.created +- cd $(WWW_DIR) && $(MAKE_RECUR) $@ +- cd $(SRC_DIR) && $(MAKE_RECUR) $@ ++ $(MAKE) -C $(WWW_DIR) $@ ++ $(MAKE) -C $(SRC_DIR) $@ + @MSG_DIR_MAKE@ rm -f LYMessages.c +-@MSG_DIR_MAKE@ cd $(PO_DIR) && $(MAKE_RECUR) $@ ++@MSG_DIR_MAKE@ $(MAKE) -C $(PO_DIR) $@ + rm -f *.b $(SRC_DIR)/lynx$x *.leaks cfg_defs.h LYHelp.h lint.* + @LYNXCFG_MAKE@ -rm -f $(CFG2HTML) + rm -f help_files.sed + rm -f core *.core + + depend: cfg_defs.h LYHelp.h +- cd $(WWW_DIR) && $(MAKE_RECUR) $@ +- cd $(SRC_DIR) && $(MAKE_RECUR) $@ ++ $(MAKE) -C $(WWW_DIR) $@ ++ $(MAKE) -C $(SRC_DIR) $@ + + distclean: clean + -rm -f WWW/Library/*/*~ + -rm -f WWW/Library/*/*.bak + -rm -rf $(SRC_DIR)/obsolete +- -cd $(WWW_DIR) && $(MAKE_RECUR) $@ +- -cd $(SRC_DIR) && $(MAKE_RECUR) $@ +- -cd $(CHR_DIR) && $(MAKE_RECUR) $@ +-@MSG_DIR_MAKE@ cd $(PO_DIR) && $(MAKE_RECUR) $@ ++ -$(MAKE) -C $(WWW_DIR) $@ ++ -$(MAKE) -C $(SRC_DIR) $@ ++ -$(MAKE) -C $(CHR_DIR) $@ ++@MSG_DIR_MAKE@ $(MAKE) -C $(PO_DIR) $@ + @MSG_DIR_MAKE@ -rmdir $(PO_DIR) + -rm -f *~ *.bak *.sav tags TAGS + -rm -f $(WWW_DIR)/makefile $(SRC_DIR)/makefile $(CHR_DIR)/makefile +@@ -297,7 +295,7 @@ install-full: install install-help install-doc + @echo Full installation complete. + + install-bin: $(BINDIR) lynx$x +-@MSG_DIR_MAKE@ cd $(PO_DIR) && $(MAKE_RECUR) install ++@MSG_DIR_MAKE@ $(MAKE) -C $(PO_DIR) install + @ECHO_CC@$(SHELL) -c "P=$(binary_PROG); \ + if test -f $(BINDIR)/$$P ; then \ + mv -f $(BINDIR)/$$P $(BINDIR)/$$P.old; fi" +@@ -338,7 +336,7 @@ LYNXHELP_URL='$(LYNX_URL)/lynx_help/' + + @LYNXCFG_MAKE@$(CFG2HTML) : + @LYNXCFG_MAKE@ @echo 'Making htmlized lynx.cfg' +-@LYNXCFG_MAKE@ cd $(SRC_DIR) && $(MAKE_RECUR) LYReadCFG.i ++@LYNXCFG_MAKE@ $(MAKE) -C $(SRC_DIR) LYReadCFG.i + @LYNXCFG_MAKE@ @-rm -f $(CFG2HTML) + @LYNXCFG_MAKE@ sed -n -e '/Config_Type *Config_Table/,/{0, *0, *0}/ p' $(SRC_DIR)/LYReadCFG.i | \ + @LYNXCFG_MAKE@ sed -e 's/ *{ *"\([^"]*\)".*/\1/' | \ +@@ -436,7 +434,7 @@ install-lss : $(SYSCONFDIR) + @$(SHELL) $(scripts_dir)/install-lss.sh "$(INSTALL_DATA)" $(srcdir)/samples/lynx.lss $(SYSCONFDIR)/lynx.lss + + uninstall :: +-@MSG_DIR_MAKE@ cd $(PO_DIR) && $(MAKE_RECUR) uninstall ++@MSG_DIR_MAKE@ $(MAKE) -C $(PO_DIR) uninstall + -rm -f $(BINDIR)/$(binary_PROG) + -rm -f $(MANDIR)/$(actual_PROG).1 + -rm -f $(SYSCONFDIR)/lynx.cfg +@@ -469,7 +467,7 @@ uninstall-doc :: + + update-po: + rsync -Lrtvz translationproject.org::tp/latest/lynx/ $(PO_SRCDIR) +- test -f $(PO_SRCDIR)/makefile && cd $(PO_SRCDIR) && $(MAKE_RECUR) $@ ++ test -f $(PO_SRCDIR)/makefile && $(MAKE) -C $(PO_SRCDIR) $@ + + preinstall : + @ echo '' +diff --git a/src/makefile.in b/src/makefile.in +index 55611da..7cceaa8 100644 +--- a/src/makefile.in ++++ b/src/makefile.in +@@ -37,8 +37,6 @@ BUILD_EXEEXT = @BUILD_EXEEXT@ + BUILD_LDFLAGS = @BUILD_LDFLAGS@ + BUILD_LIBS = @BUILD_LIBS@ + +-MAKE_RECUR = $(MAKE) @cf_cv_makeflags@ DESTDIR="$(DESTDIR)" CC="$(CC)" +- + YACC = @YACC@ + WINDRES = @WINDRES@ + +@@ -118,7 +116,7 @@ message: + @echo "Compiling Lynx sources" + + do_chartrans_stuff: +- -cd chrtrans && $(MAKE_RECUR) \ ++ -$(MAKE) -C chrtrans \ + SITE_DEFS="$(SITE_DEFS)" \ + BUILD_CFLAGS="$(BUILD_CFLAGS)" \ + BUILD_CPPFLAGS="$(BUILD_CPPFLAGS)" \ +@@ -131,7 +129,7 @@ lint: + + clean: + rm -f lynx$x core *.core *.leaks *.i *$o *.bak tags TAGS test_* +- cd chrtrans && $(MAKE_RECUR) clean ++ $(MAKE) -C chrtrans clean + + tags: + $(CTAGS) *.[ch] +@@ -210,7 +208,7 @@ TABLES= \ + $(CHRTR)viscii_uni.h + + $(TABLES): +- -cd chrtrans && $(MAKE_RECUR) tables ++ -$(MAKE) -C chrtrans tables + + UCdomap$o : UCdomap.c \ + chrtrans/UCkd.h \ +@@ -219,7 +217,7 @@ UCdomap$o : UCdomap.c \ + UCdomap.h $(CMN)UCMap.h $(TABLES) $(top_srcdir)/userdefs.h + + chrtrans/makeuctb$(BUILD_EXEEXT): +- cd chrtrans && $(MAKE_RECUR) makeuctb$(BUILD_EXEEXT) ++ $(MAKE) -C chrtrans makeuctb$(BUILD_EXEEXT) + + UCAux$o : UCAux.c $(CMN)UCAux.h $(CMN)UCDefs.h + LYCookie$o : $(top_srcdir)/userdefs.h +-- +1.8.3.1 + diff --git a/SOURCES/lynx-2.8.9-redhat.patch b/SOURCES/lynx-2.8.9-redhat.patch new file mode 100644 index 0000000..047b0c9 --- /dev/null +++ b/SOURCES/lynx-2.8.9-redhat.patch @@ -0,0 +1,154 @@ +From bccfb8ac43da56cb1f53c4b421e09dcac1fd1af0 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 13 Feb 2013 15:17:08 +0100 +Subject: [PATCH] lynx-2.8.6-redhat.patch rebased for 2.8.9 + +--- + lynx.cfg | 18 ++++++++++++------ + userdefs.h | 18 +++++++++--------- + 2 files changed, 21 insertions(+), 15 deletions(-) + +diff --git a/lynx.cfg b/lynx.cfg +index f01782f..ccc0846 100644 +--- a/lynx.cfg ++++ b/lynx.cfg +@@ -1,7 +1,9 @@ + # $LynxId: lynx.cfg,v 1.302 2018/07/08 15:22:44 tom Exp $ + # lynx.cfg file. +-# The default placement for this file is /usr/local/lib/lynx.cfg (Unix) +-# or Lynx_Dir:lynx.cfg (VMS) ++# The default placement for this file is /etc/lynx.cfg ++# ++# Please don't edit this file directly (it is updated with every Red Hat ++# Linux update, overwriting your changes). Instead, edit /etc/lynx-site.cfg. + # + # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ + #PRCS LYNX_VERSION "2.8.9rel.1" +@@ -108,7 +110,7 @@ + # + # Normally we expect you will connect to a remote site, e.g., the Lynx starting + # site: +-STARTFILE:https://lynx.invisible-island.net/ ++STARTFILE:https://start.fedoraproject.org/ + # + # As an alternative, you may want to use a local URL. A good choice for this is + # the user's home directory: +@@ -142,7 +144,7 @@ HELPFILE:https://lynx.invisible-island.net/lynx_help/lynx_help_main.html + # An index to your CWIS can be placed here or a document containing + # pointers to lots of interesting places on the web. + # +-DEFAULT_INDEX_FILE:http://scout.wisc.edu/ ++DEFAULT_INDEX_FILE:http://www.google.com/ + + .h1 Interaction + +@@ -454,7 +456,7 @@ DEFAULT_INDEX_FILE:http://scout.wisc.edu/ + # Find RFC 1345 at + .url http://tools.ietf.org/html/rfc1345 + # +-#CHARACTER_SET:iso-8859-1 ++CHARACTER_SET:utf-8 + + .h2 LOCALE_CHARSET + # LOCALE_CHARSET overrides CHARACTER_SET if true, using the current locale to +@@ -467,7 +469,7 @@ DEFAULT_INDEX_FILE:http://scout.wisc.edu/ + # values and their relationship to the locale value is not. GNU libiconv + # happens to give useful values, but other implementations are not guaranteed + # to do this. +-#LOCALE_CHARSET:FALSE ++LOCALE_CHARSET:TRUE + + .h2 HTML5_CHARSETS + # HTML5_CHARSETS is an alternative to ASSUME_CHARSET and ASSUME_LOCAL_CHARSET. +@@ -1847,6 +1849,9 @@ DEFAULT_INDEX_FILE:http://scout.wisc.edu/ + .ex + #DOWNLOADER:Save OS/390 binary file: iconv -f IBM-1047 -t ISO8859-1 %s >%s:FALSE + ++# Added by Red Hat: ++DOWNLOADER:View with less:less %s:TRUE ++ + .h1 Interaction + + .h2 NO_DOT_FILES +@@ -3451,6 +3456,7 @@ COLOR:6:brightred:black + #ENABLE_LYNXRC:VI_KEYS:ON + #ENABLE_LYNXRC:VISITED_LINKS:ON + .fi ++INCLUDE:/etc/lynx-site.cfg + + .h1 External Programs + # Any of the compiled-in pathnames of external programs can be overridden +diff --git a/userdefs.h b/userdefs.h +index 40a954b..4afe835 100644 +--- a/userdefs.h ++++ b/userdefs.h +@@ -105,7 +105,7 @@ + * mailcap files (see the examples in the samples directory). + */ + #ifndef LYNX_CFG_FILE +-#define LYNX_CFG_FILE "Lynx_Dir:lynx.cfg" ++#define LYNX_CFG_FILE "/etc/lynx.cfg" + #endif /* LYNX_CFG_FILE */ + + #ifndef LYNX_CFG_PATH +@@ -119,8 +119,8 @@ + * Mappings in these global and personal files override any SUFFIX + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_EXTENSION_MAP "Lynx_Dir:mime.types" +-#define PERSONAL_EXTENSION_MAP "mime.types" ++#define GLOBAL_EXTENSION_MAP "/etc/mime.types" ++#define PERSONAL_EXTENSION_MAP ".mime.types" + + /************************** + * The MAILCAP file allows you to map file MIME types to +@@ -129,7 +129,7 @@ + * Mappings in these global and personal files override any VIEWER + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_MAILCAP "Lynx_Dir:mailcap" ++#define GLOBAL_MAILCAP "/etc/mailcap" + #define PERSONAL_MAILCAP ".mailcap" + + /************************** +@@ -300,8 +300,8 @@ + #define LYNX_CFG_PATH "." + #define LYNX_CFG_FILE "./lynx.cfg" + #else +-#define LYNX_CFG_PATH "/usr/local/lib" +-#define LYNX_CFG_FILE "/usr/local/lib/lynx.cfg" ++#define LYNX_CFG_PATH "/etc" ++#define LYNX_CFG_FILE "/etc/lynx.cfg" + #endif /* DOSPATH */ + #endif /* LYNX_CFG_FILE */ + #endif /* HAVE_CONFIG_H */ +@@ -345,7 +345,7 @@ + * use any default viewers for image types. Note that open is used as + * the default for NeXT, instead of the XLOADIMAGE_COMMAND definition. + */ +-#define XLOADIMAGE_COMMAND "xli %s &" ++#define XLOADIMAGE_COMMAND "display %s &" + + /************************** + * For UNIX systems, SYSTEM_MAIL and SYSTEM_MAIL_FLAGS are set by the +@@ -366,7 +366,7 @@ + * the "TMPDIR" (unix), or "TEMP" or "TMP" (Windows,DOS,OS/2) + * variable. + */ +-#define TEMP_SPACE "/tmp/" ++#define TEMP_SPACE "~" + + /******************************** + * Comment this line out to disable code that implements command logging +@@ -1175,7 +1175,7 @@ + * OSU server distribution. + */ + #ifndef HAVE_CONFIG_H +-/* #define LYNXCGI_LINKS */ ++#define LYNXCGI_LINKS + #endif + + /********************************* +-- +2.9.4 + diff --git a/SOURCES/lynx-2.8.9-static-analysis.patch b/SOURCES/lynx-2.8.9-static-analysis.patch new file mode 100644 index 0000000..fe16a5e --- /dev/null +++ b/SOURCES/lynx-2.8.9-static-analysis.patch @@ -0,0 +1,105 @@ +From 0bd3f2aa9bd75263901e1f57a6cd9c4015084408 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Tue, 6 Nov 2018 12:32:04 +0100 +Subject: [PATCH] lynx: fix bugs detected by static analysis + +--- + WWW/Library/Implementation/HTGopher.c | 1 + + samples/lynxdump | 1 + + src/LYBookmark.c | 2 ++ + src/LYDownload.c | 1 + + src/LYLeaks.c | 24 ++++-------------------- + 5 files changed, 9 insertions(+), 20 deletions(-) + +diff --git a/WWW/Library/Implementation/HTGopher.c b/WWW/Library/Implementation/HTGopher.c +index a9ad41e..36ff592 100644 +--- a/WWW/Library/Implementation/HTGopher.c ++++ b/WWW/Library/Implementation/HTGopher.c +@@ -1651,6 +1651,7 @@ static int HTLoadCSO(const char *arg, + (*Target->isa->put_block) (Target, buf, (int) strlen(buf)); + (*Target->isa->_free) (Target); + free_CSOfields(); ++ BStrFree(command); + return HT_LOADED; + } + /* +diff --git a/samples/lynxdump b/samples/lynxdump +index f79be2f..a0e9ae2 100755 +--- a/samples/lynxdump ++++ b/samples/lynxdump +@@ -12,4 +12,5 @@ if test $HOME/.lynxrc ; then + fi + echo 'keypad_mode=NUMBERS_AS_ARROWS' >> $MYTMP/.lynxrc + HOME=$MYTMP; export HOME ++umask $oldmask + lynx -justify -dump -force_html -with_backspaces -nolist $* +diff --git a/src/LYBookmark.c b/src/LYBookmark.c +index c3116ef..6464d96 100644 +--- a/src/LYBookmark.c ++++ b/src/LYBookmark.c +@@ -303,6 +303,7 @@ void save_bookmark_link(const char *address, + LYMBM_statusline(CANCELLED); + LYSleepMsg(); + FREE(bookmark_URL); ++ BStrFree(tmp_data); + return; + } + } while (!havevisible(string_data->str)); +@@ -347,6 +348,7 @@ void save_bookmark_link(const char *address, + LYSleepAlert(); + FREE(Title); + FREE(bookmark_URL); ++ BStrFree(tmp_data); + return; + } + +diff --git a/src/LYDownload.c b/src/LYDownload.c +index cf1ea98..9cf712d 100644 +--- a/src/LYDownload.c ++++ b/src/LYDownload.c +@@ -456,6 +456,7 @@ void LYDownload(char *line) + cleanup: + FREE(Line); + BStrFree(buffer); ++ BStrFree(command); + return; + } + +diff --git a/src/LYLeaks.c b/src/LYLeaks.c +index 2f2de28..8c236ff 100644 +--- a/src/LYLeaks.c ++++ b/src/LYLeaks.c +@@ -1090,26 +1090,10 @@ static char *LYLeakSAVsprintf(char **dest, + mark_realloced(ALp_old, *dest, strlen(*dest) + 1, cp_File, ssi_Line); + return (*dest); + } +- if (vp_realloced == vp_oldAlloced) { +- ALp_new->SL_memory.cp_FileName = old_cp_File; +- ALp_new->SL_memory.ssi_LineNumber = old_ssi_Line; +- ALp_new->SL_realloc.cp_FileName = cp_File; +- ALp_new->SL_realloc.ssi_LineNumber = ssi_Line; +- return (*dest); +- } +- /* Look up again, list may have changed! - kw */ +- ALp_old = FindInList(vp_oldAlloced); +- if (ALp_old == NULL) { +- ALp_new->SL_memory.cp_FileName = old_cp_File; +- ALp_new->SL_memory.ssi_LineNumber = old_ssi_Line; +- ALp_new->SL_realloc.cp_FileName = cp_File; +- ALp_new->SL_realloc.ssi_LineNumber = ssi_Line; +- } else { +- ALp_new->SL_memory.cp_FileName = old_cp_File; +- ALp_new->SL_memory.ssi_LineNumber = old_ssi_Line; +- ALp_new->SL_realloc.cp_FileName = cp_File; +- ALp_new->SL_realloc.ssi_LineNumber = ssi_Line; +- } ++ ALp_new->SL_memory.cp_FileName = old_cp_File; ++ ALp_new->SL_memory.ssi_LineNumber = old_ssi_Line; ++ ALp_new->SL_realloc.cp_FileName = cp_File; ++ ALp_new->SL_realloc.ssi_LineNumber = ssi_Line; + } + return (*dest); + } +-- +2.17.2 + diff --git a/SOURCES/lynx-CVE-2008-4690.patch b/SOURCES/lynx-CVE-2008-4690.patch new file mode 100644 index 0000000..914b42d --- /dev/null +++ b/SOURCES/lynx-CVE-2008-4690.patch @@ -0,0 +1,61 @@ +From c60c227ab9a36246730d7454e33d40d2c66c88b3 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Wed, 13 Feb 2013 15:26:22 +0100 +Subject: [PATCH] fix CVE-2008-4690 + +prompt user before executing command via a lynxcgi link even in advanced mode, +as the actual URL may not be shown but hidden behind an HTTP redirect and set +TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default +--- + CHANGES | 7 +++++++ + lynx.cfg | 2 +- + src/LYCgi.c | 2 +- + 3 files changed, 9 insertions(+), 2 deletions(-) + +diff --git a/CHANGES b/CHANGES +index 360be68..8eca013 100644 +--- a/CHANGES ++++ b/CHANGES +@@ -1355,6 +1355,13 @@ Changes since Lynx 2.8 release + * update win32 makefiles/build scripts to add LYmktime, parsdate modules -TD + * update config.guess (2008-04-14), config.sub (2008-06-16) + ++2008-10-26 ++* modify patch for CVE-2005-2929 to prompt user before executing command via ++ a lynxcgi link even in advanced mode, as the actual URL may not be shown but ++ hidden behind an HTTP redirect ++* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default ++ [CVE-2008-4690] ++ + 2008-09-21 (2.8.7dev.10) + * remove rw.po, since the translation project no longer supplies it -TD + * implement "readonly" attribute for TEXTAREA and TEXT fields -TD +diff --git a/lynx.cfg b/lynx.cfg +index ee2aad3..144050d 100644 +--- a/lynx.cfg ++++ b/lynx.cfg +@@ -1087,7 +1087,7 @@ LOCALE_CHARSET:TRUE + # + # The default TRUSTED_LYNXCGI rule is "none". + # +-#TRUSTED_LYNXCGI:none ++TRUSTED_LYNXCGI:none + + .h2 LYNXCGI_ENVIRONMENT + # Unix: +diff --git a/src/LYCgi.c b/src/LYCgi.c +index 832bb89..0ae8a7e 100644 +--- a/src/LYCgi.c ++++ b/src/LYCgi.c +@@ -167,7 +167,7 @@ static BOOL can_exec_cgi(const char *linktext, const char *linkargs) + if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) { + /* exec_ok gives out msg. */ + result = FALSE; +- } else { ++ } else if (user_mode < ADVANCED_MODE) { + StrAllocCopy(command, linktext); + if (non_empty(linkargs)) { + HTSprintf(&command, " %s", linkargs); +-- +1.7.1 + diff --git a/SPECS/lynx.spec b/SPECS/lynx.spec new file mode 100644 index 0000000..0b26d49 --- /dev/null +++ b/SPECS/lynx.spec @@ -0,0 +1,640 @@ +%global devrel 1 + +Summary: A text-based Web browser +Name: lynx +Version: 2.8.9 +Release: 14%{?dist}.1 +License: GPLv2 +Source: https://invisible-mirror.net/archives/lynx/tarballs/lynx%{version}rel.%{devrel}.tar.bz2 +URL: http://lynx.browser.org/ + +# RH specific tweaks - directory layout, utf-8 by default, misc. configuration +Patch0: lynx-2.8.9-redhat.patch + +# patch preparing upstream sources for rpmbuild, in particular for parallel make +Patch1: lynx-2.8.9-build.patch + +# prompt user before executing command via a lynxcgi link even in advanced mode, +# as the actual URL may not be shown but hidden behind an HTTP redirect and set +# TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default +# [CVE-2008-4690] +Patch2: lynx-CVE-2008-4690.patch + +# avoid build failure caused by mistakenly excluded +Patch3: lynx-2.8.8-locale.patch + +# fix bugs detected by static analysis +Patch4: lynx-2.8.9-static-analysis.patch + +Provides: webclient +Provides: text-www-browser +BuildRequires: dos2unix +BuildRequires: gcc +BuildRequires: gettext +BuildRequires: make +BuildRequires: ncurses-devel +BuildRequires: openssl-devel +BuildRequires: telnet +BuildRequires: unzip +BuildRequires: zip +BuildRequires: zlib-devel + +# provides /usr/share/doc/HTML/en-US/index.html used as STARTFILE on RHEL +%if 0%{?rhel} && !0%{?eln} +Requires: redhat-indexhtml +%endif + +%description +Lynx is a text-based Web browser. Lynx does not display any images, +but it does support frames, tables, and most other HTML tags. One +advantage Lynx has over graphical browsers is speed; Lynx starts and +exits quickly and swiftly displays web pages. + +%prep +%setup -q -n lynx2.8.9rel.%{devrel} + +%patch0 -p1 +%patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 + +%{!?_pkgdocdir: %global _pkgdocdir %{_docdir}/%{name}-%{version}} +sed -e "s,^HELPFILE:.*,HELPFILE:file://localhost%{_pkgdocdir}/lynx_help/lynx_help_main.html,g" -i lynx.cfg +%if 0%{?rhel} && !0%{?eln} +sed -e 's,^STARTFILE:.*,STARTFILE:file:/usr/share/doc/HTML/en-US/index.html,' -i lynx.cfg +%endif + +%build +%configure --libdir=/etc \ + --disable-font-switch \ + --disable-rpath-hack \ + --enable-addrlist-page \ + --enable-charset-choice \ + --enable-cgi-links \ + --enable-cjk \ + --enable-debug \ + --enable-default-colors \ + --enable-externs \ + --enable-file-upload \ + --enable-internal-links \ + --enable-ipv6 \ + --enable-japanese-utf8 \ + --enable-justify-elts \ + --enable-locale-charset \ + --enable-kbd-layout \ + --enable-libjs \ + --enable-nls \ + --enable-nsl-fork \ + --enable-persistent-cookies \ + --enable-prettysrc \ + --enable-read-eta \ + --enable-scrollbar \ + --enable-source-cache \ + --enable-warnings \ + --with-screen=ncursesw \ + --with-ssl=%{_libdir} \ + --with-zlib \ + ac_cv_path_RLOGIN=/usr/bin/rlogin + +make -C po +make %{?_smp_mflags} + +# remove zero-length tests files to silence rpmlint +rm -fv test/X test/nobody + +%install +chmod -x samples/mailto-form.pl +make install DESTDIR=$RPM_BUILD_ROOT + +# remove unneeded files with incompatible encoding +rm -f docs/{OS-390.announce,README.jp} +rm -f samples/*.bat + +# convert line endings +dos2unix samples/lynx-demo.cfg +dos2unix samples/midnight.lss + +# Install Lang dependent resources +mkdir -p $RPM_BUILD_ROOT/usr/share/locale/ja/LC_MESSAGES/ + +cat >$RPM_BUILD_ROOT%{_sysconfdir}/lynx-site.cfg < - 2.8.9-14.1 +- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags + Related: rhbz#1991688 + +* Wed Jun 16 2021 Mohan Boddu - 2.8.9-13.1 +- Rebuilt for RHEL 9 BETA for openssl 3.0 + Related: rhbz#1971065 + +* Fri Apr 16 2021 Mohan Boddu - 2.8.9-12.1 +- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937 + +* Tue Jan 26 2021 Fedora Release Engineering - 2.8.9-11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild + +* Wed Dec 30 2020 Kamil Dudka - 2.8.9-10 +- remove unused build-time dependency on slang-devel (#1910966) + +* Thu Aug 06 2020 Merlin Mathesius - 2.8.9-9 +- Skip RHEL-specific Requires and STARTFILE edit when building for ELN + +* Tue Jul 28 2020 Fedora Release Engineering - 2.8.9-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild + +* Wed Jan 29 2020 Fedora Release Engineering - 2.8.9-7 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild + +* Thu Jul 25 2019 Fedora Release Engineering - 2.8.9-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild + +* Mon Mar 11 2019 Kamil Dudka - 2.8.9-5 +- include license file in the package (#1686886) + +* Fri Feb 01 2019 Fedora Release Engineering - 2.8.9-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_30_Mass_Rebuild + +* Thu Nov 08 2018 Kamil Dudka - 2.8.9-3 +- fix bugs detected by static analysis + +* Fri Jul 13 2018 Fedora Release Engineering - 2.8.9-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild + +* Tue Jul 10 2018 Kamil Dudka - 2.8.9-1 +- update to the latest upstream release + +* Wed May 23 2018 Kamil Dudka - 2.8.9-0.23.dev19 +- do not require 'rsh' installed at build time (#1581747) +- update to the latest upstream pre-release + +* Mon Feb 19 2018 Kamil Dudka - 2.8.9-0.22.dev16 +- add explicit BR for the gcc compiler + +* Thu Feb 08 2018 Fedora Release Engineering - 2.8.9-0.21.dev16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_28_Mass_Rebuild + +* Thu Aug 03 2017 Fedora Release Engineering - 2.8.9-0.20.dev16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild + +* Mon Jul 31 2017 Florian Weimer - 2.8.9-0.19.dev16 +- Rebuild with binutils fix for ppc64le (#1475636) + +* Wed Jul 26 2017 Fedora Release Engineering - 2.8.9-0.18.dev16 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild + +* Tue Jul 25 2017 Kamil Dudka - 2.8.9-0.17.dev16 +- fix rpmlint warnings +- do not depend on perl +- update upstream project URL +- update to the latest upstream pre-release + +* Wed May 17 2017 Kamil Dudka - 2.8.9-0.16.dev14 +- update to the latest upstream pre-release + +* Fri Feb 10 2017 Fedora Release Engineering - 2.8.9-0.15.dev11 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild + +* Tue Jan 24 2017 Kamil Dudka - 2.8.9-0.14.dev11 +- update to the latest upstream pre-release (fixes CVE-2016-9179) + +* Thu Oct 20 2016 Kamil Dudka - 2.8.9-0.13.dev9 +- fix compatibility with OpenSSL 1.1 + +* Wed Oct 12 2016 Kamil Dudka - 2.8.9-0.12.dev9 +- update to the latest upstream pre-release + +* Sat Feb 06 2016 Kamil Dudka - 2.8.9-0.11.dev6 +- avoid using rpath for the lynx executable +- remove zero-length tests files to silence rpmlint + +* Thu Feb 04 2016 Fedora Release Engineering - 2.8.9-0.10.dev6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild + +* Mon Nov 09 2015 Kamil Dudka - 2.8.9-0.9.dev6 +- update to the latest upstream pre-release + +* Wed Jun 17 2015 Fedora Release Engineering - 2.8.9-0.8.dev5 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild + +* Tue Apr 28 2015 Kamil Dudka - 2.8.9-0.7.dev5 +- update to the latest upstream pre-release + +* Wed Feb 11 2015 Ville Skyttä - 2.8.9-0.6.dev4 +- do not remove -g from our CFLAGS (#1191706) + +* Wed Jan 28 2015 Kamil Dudka - 2.8.9-0.5.dev4 +- update to the latest upstream pre-release +- drop a compiler wrapper no longer needed +- do not override compiler/linker flags given by the build system + +* Mon Jan 05 2015 Kamil Dudka - 2.8.9-0.4.dev2 +- update to the latest upstream pre-release + +* Sun Aug 17 2014 Fedora Release Engineering - 2.8.9-0.3.dev1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Sat Jun 07 2014 Fedora Release Engineering - 2.8.9-0.2.dev1 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild + +* Mon Apr 28 2014 Kamil Dudka - 2.8.9-0.1.dev1 +- update to the latest upstream pre-release + +* Fri Aug 09 2013 Kamil Dudka - 2.8.8-0.3.dev16 +- update to the latest upstream pre-release +- make the help working with unversioned docdir (#993909) + +* Sat Aug 03 2013 Fedora Release Engineering - 2.8.8-0.2.dev15 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild + +* Wed Feb 13 2013 Kamil Dudka - 2.8.8-0.1.dev15 +- update to the latest upstream pre-release +- drop applied patches +- drop lynx-2.8.6-backgrcolor.patch (#908449) + +* Tue Sep 11 2012 Kamil Dudka - 2.8.7-12 +- set STARTFILE to a local file when building for RHEL + +* Fri Sep 07 2012 Kamil Dudka - 2.8.7-11 +- fix typo in the man page (#854574) + +* Tue Aug 28 2012 Kamil Dudka - 2.8.7-10 +- sync the upstream tarball with the current upstream version +- fix specfile issues reported by the fedora-review script + +* Thu Jul 19 2012 Fedora Release Engineering - 2.8.7-9 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild + +* Fri Jan 13 2012 Fedora Release Engineering - 2.8.7-8 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild + +* Fri May 27 2011 Kamil Dudka - 2.8.7-7 +- include read-only text fields on form submission (#679266) + +* Tue Feb 08 2011 Fedora Release Engineering - 2.8.7-6 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild + +* Wed Jul 07 2010 Kamil Dudka - 2.8.7-5 +- upstream patch that limits length of parsed URIs (#605286) + +* Thu Apr 08 2010 Kamil Dudka - 2.8.7-4 +- allow IPv6 addresses without http:// prefix (#425879) + +* Wed Apr 07 2010 Kamil Dudka - 2.8.7-3 +- avoid build failure caused by mistakenly excluded + +* Wed Jan 13 2010 Kamil Dudka - 2.8.7-2 +- make it possible to delete a bookmark when ~/lynx_bookmarks.html is writable + by group (#486070) + +* Tue Jan 05 2010 Kamil Dudka - 2.8.7-1 +- new upstream release +- dropped applied patches +- fixed regression from #533004 +- cleanup in BuildRequires + +* Fri Aug 21 2009 Tomas Mraz - 2.8.6-22 +- rebuilt with new openssl + +* Sat Jul 25 2009 Fedora Release Engineering - 2.8.6-21 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +* Wed Feb 25 2009 Fedora Release Engineering - 2.8.6-20 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +* Sat Jan 17 2009 Tomas Mraz - 2.8.6-19 +- rebuild with new openssl + +* Fri Nov 7 2008 Jiri Moskovcak - 2.8.6-18 +- Fixed CVE-2008-4690 lynx: remote arbitrary command execution. + via a crafted lynxcgi: URL (thoger) + +* Thu Aug 7 2008 Tom "spot" Callaway - 2.8.6-17 +- fix license tag + +* Thu May 29 2008 Jiri Moskovcak - 2.8.6-16 +- updated to latest stable version 2.8.6rel5 +- Resolves: #214205 +- added build patches from Dennis Gilmore +- skipped 2 releases to correct the NVR path + +* Tue Feb 19 2008 Fedora Release Engineering - 2.8.6-13 +- Autorebuild for GCC 4.3 + +* Wed Jan 30 2008 Jiri Moskovcak - 2.8.6-12 +- added telnet, rsh, zip and unzip to BuildRequires +- Resolves: #430508 + +* Tue Jan 8 2008 Jiri Moskovcak - 2.8.6-11 +- fixed crash when using formatting character '$' in translation +- Resolves: #426449 + +* Tue Dec 11 2007 Ivana Varekova - 2.8.6-10 +- add default-colors option, change default setting (#409211) + +* Wed Dec 05 2007 Release Engineering - 2.8.6-9 +- Rebuild for openssl bump + +* Wed Dec 5 2007 Ivana Varekova - 2.8.6-8 +- rebuild + +* Fri Oct 12 2007 Ivana Varekova - 2.8.6-7 +- add provides:text-www-browser flag + +* Tue Oct 2 2007 Ivana Varekova - 2.8.6-6 +- fix 311031 - fix argument parsing + +* Tue Aug 28 2007 Fedora Release Engineering - 2.8.6-5 +- Rebuild for selinux ppc32 issue. + +* Tue Jul 17 2007 Ivana Varekova - 2.8.6-4 +- remove default-colors option + +* Fri Feb 23 2007 Ivana Varekova - 2.8.6-3 +- incorporate package review feedback (#226113) + +* Wed Oct 25 2006 Ivana Varekova - 2.8.6-2 +- add japanese unicode support (#143787) + +* Tue Oct 24 2006 Ivana Varekova - 2.8.6-1 +- update to 2.8.6 + +* Wed Jul 12 2006 Jesse Keating - 2.8.5-28.1 +- rebuild + +* Tue May 30 2006 Ivana Varekova - 2.8.5-28 +- add buildreq gettext (#193515) + +* Fri Feb 10 2006 Jesse Keating - 2.8.5-27.2.1 +- bump again for double-long bug on ppc(64) + +* Tue Feb 07 2006 Jesse Keating - 2.8.5-27.2 +- rebuilt for new gcc4.1 snapshot and glibc changes + +* Fri Dec 09 2005 Jesse Keating +- rebuilt + +* Sun Nov 13 2005 Tim Waugh 2.8.5-27 +- Apply patch to fix CVE-2005-2929 (bug #172973). + +* Thu Nov 10 2005 Tomas Mraz 2.8.5-26 +- rebuilt against new openssl + +* Wed Nov 9 2005 Tim Waugh 2.8.5-25 +- Rebuild for new openssl. + +* Mon Oct 17 2005 Tim Waugh 2.8.5-24 +- Apply patch to fix CAN-2005-3120 (bug #170253). + +* Tue Mar 29 2005 Tim Waugh 2.8.5-23 +- Fixed fix for bug #90302 (bug #152146). + +* Wed Mar 2 2005 Tim Waugh 2.8.5-22 +- Rebuild for new GCC. + +* Thu Jan 6 2005 Tim Waugh 2.8.5-21 +- Fixed