pkgsrc-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/lynx add a patch from OpenBSD / Debian which fixes...



details:   https://anonhg.NetBSD.org/pkgsrc/rev/2507cf76be3b
branches:  trunk
changeset: 513483:2507cf76be3b
user:      drochner <drochner%pkgsrc.org@localhost>
date:      Mon May 29 16:58:18 2006 +0000

description:
add a patch from OpenBSD / Debian which fixes Lynx going into an
infinite loop on certain invalid HTML (CVE-2004-1617)
bump PKGREVISION

diffstat:

 www/lynx/Makefile         |    3 +-
 www/lynx/distinfo         |    8 ++-
 www/lynx/patches/patch-ba |   13 ++++
 www/lynx/patches/patch-bb |   15 +++++
 www/lynx/patches/patch-bc |   13 ++++
 www/lynx/patches/patch-bd |  137 ++++++++++++++++++++++++++++++++++++++++++++++
 www/lynx/patches/patch-be |   13 ++++
 www/lynx/patches/patch-bf |   29 +++++++++
 8 files changed, 229 insertions(+), 2 deletions(-)

diffs (280 lines):

diff -r da7d65904693 -r 2507cf76be3b www/lynx/Makefile
--- a/www/lynx/Makefile Mon May 29 16:32:04 2006 +0000
+++ b/www/lynx/Makefile Mon May 29 16:58:18 2006 +0000
@@ -1,4 +1,4 @@
-# $NetBSD: Makefile,v 1.89 2006/04/23 14:06:08 schwarz Exp $
+# $NetBSD: Makefile,v 1.90 2006/05/29 16:58:18 drochner Exp $
 
 #
 # NOTE: Please do not enable the lynxcgi feature unless it is lynx
@@ -8,6 +8,7 @@
 
 DISTNAME=      lynx2.8.5
 PKGNAME=       lynx-2.8.5.5
+PKGREVISION=   1
 CATEGORIES=    www
 MASTER_SITES=  http://lynx.isc.org/${DISTNAME}/ \
                ftp://ftp.nl.uu.net/pub/unix/www/lynx/${DISTNAME}/ \
diff -r da7d65904693 -r 2507cf76be3b www/lynx/distinfo
--- a/www/lynx/distinfo Mon May 29 16:32:04 2006 +0000
+++ b/www/lynx/distinfo Mon May 29 16:58:18 2006 +0000
@@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.19 2006/04/22 15:08:03 joerg Exp $
+$NetBSD: distinfo,v 1.20 2006/05/29 16:58:18 drochner Exp $
 
 SHA1 (lynx/lynx2.8.5.tar.bz2) = c70866f67c1365b55e0c9c0c569190f5919d28d4
 RMD160 (lynx/lynx2.8.5.tar.bz2) = 80d20261ac6eaebe1d940fb5de485daaad7bb3b7
@@ -20,3 +20,9 @@
 SHA1 (patch-ae) = 5dff036d9fc35dca528acb530f779dce4a98cddd
 SHA1 (patch-af) = 819cdfae5e8181423f5be68cc202a6e074560e75
 SHA1 (patch-ag) = 93d1ff507f8533e54a45f50d0310d2bb8017f1d2
+SHA1 (patch-ba) = 14aa7dd1026127753f6f8e5bf18bcf83a7a246fc
+SHA1 (patch-bb) = 33ebf1ad1f7471ec5afba8b436b7fdc2214ac6d7
+SHA1 (patch-bc) = 6f293327a757ee96617d05ad9ab37d43da283f33
+SHA1 (patch-bd) = 11e1b29fe521b874e5e9b09c70572119b31b655a
+SHA1 (patch-be) = 36be2a5f00fd8cd6d7fdc62b768bf960df480573
+SHA1 (patch-bf) = 8ba9b49824aaebe6010aba15e9ae74c800e521b7
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-ba
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-ba Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-ba,v 1.3 2006/05/29 16:58:18 drochner Exp $
+
+--- userdefs.h.orig    2006-05-29 14:15:01.000000000 +0200
++++ userdefs.h
+@@ -1379,6 +1379,8 @@
+ #define MAXCHARSETS 60                /* max character sets supported */
+ #define TRST_MAXROWSPAN 10000 /* max rowspan accepted by TRST code */
+ #define TRST_MAXCOLSPAN 1000  /* max colspan and COL/COLGROUP span accepted */
++#define MAX_TABLE_ROWS  200   /* max rows for tables */
++#define MAX_TABLE_COLS  200   /* max cols for tables */
+ #define SAVE_TIME_NOT_SPACE   /* minimize number of some malloc calls */
+ 
+ /* Win32 may support more, but old win16 helper apps may not. */
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-bb
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-bb Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,15 @@
+$NetBSD: patch-bb,v 1.1 2006/05/29 16:58:18 drochner Exp $
+
+--- src/GridText.c.orig        2004-01-28 20:30:38.000000000 +0100
++++ src/GridText.c
+@@ -9589,8 +9589,8 @@ PUBLIC int HText_beginInput ARGS3(
+     /*
+      *  Set SIZE.
+      */
+-    if (I->size != NULL) {
+-      f->size = atoi(I->size);
++    if (I->size != 0) {
++      f->size = I->size;
+       /*
+        *  Leave at zero for option lists.
+        */
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-bc
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-bc Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-bc,v 1.1 2006/05/29 16:58:18 drochner Exp $
+
+--- src/HTForms.h.orig 2003-06-02 03:16:28.000000000 +0200
++++ src/HTForms.h
+@@ -40,7 +40,7 @@ typedef struct _InputFieldData {
+       CONST char *md;
+       CONST char *min;
+       CONST char *name;
+-      CONST char *size;
++      int   size;
+       CONST char *src;
+       CONST char *type;
+       char *value;
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-bd
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-bd Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,137 @@
+$NetBSD: patch-bd,v 1.1 2006/05/29 16:58:18 drochner Exp $
+
+--- src/HTML.c.orig    2004-01-19 13:16:02.000000000 +0100
++++ src/HTML.c
+@@ -80,6 +80,19 @@
+ 
+ #define STACKLEVEL(me) ((me->stack + MAX_NESTING - 1) - me->sp)
+ 
++#define DFT_TEXTAREA_COLS 60
++#define DFT_TEXTAREA_ROWS 4
++
++#define MAX_TEXTAREA_COLS LYcolLimit
++#define MAX_TEXTAREA_ROWS (3 * LYlines)
++
++#define LimitValue(name, value) \
++      if (name > value) { \
++              CTRACE((tfp, "Limited " #name " to %d, was %d\n", \
++                      value, name)); \
++              name = value; \
++      }
++
+ struct _HTStream {
+     CONST HTStreamClass *     isa;
+ #ifdef USE_SOURCE_CACHE
+@@ -4316,7 +4329,7 @@ PRIVATE int HTML_start_element ARGS6(
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.accept_cs = NULL;
+           I.name_cs = ATTR_CS_IN;
+@@ -4502,7 +4515,7 @@ PRIVATE int HTML_start_element ARGS6(
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.accept_cs = NULL;
+           I.name_cs = ATTR_CS_IN;
+@@ -4794,7 +4807,7 @@ PRIVATE int HTML_start_element ARGS6(
+               I.checked = YES;
+           if (present && present[HTML_INPUT_SIZE] &&
+               value[HTML_INPUT_SIZE] && *value[HTML_INPUT_SIZE])
+-              I.size = value[HTML_INPUT_SIZE];
++              I.size = atoi(value[HTML_INPUT_SIZE]);
+           if (present && present[HTML_INPUT_MAXLENGTH] &&
+               value[HTML_INPUT_MAXLENGTH] && *value[HTML_INPUT_MAXLENGTH])
+               I.maxlength = value[HTML_INPUT_MAXLENGTH];
+@@ -5033,26 +5046,28 @@ PRIVATE int HTML_start_element ARGS6(
+       if (present && present[HTML_TEXTAREA_COLS] &&
+           value[HTML_TEXTAREA_COLS] &&
+           isdigit(UCH(*value[HTML_TEXTAREA_COLS])))
+-          StrAllocCopy(me->textarea_cols, value[HTML_TEXTAREA_COLS]);
++          me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]);
+       else {
+           int width;
+           width = LYcols - 1 -
+                   me->new_style->leftIndent - me->new_style->rightIndent;
+           if (dump_output_immediately) /* don't waste too much for this */
+-              width = HTMIN(width, 60);
++              width = HTMIN(width, DFT_TEXTAREA_COLS);
+           if (width > 1 && (width-1)*6 < MAX_LINE - 3 -
+               me->new_style->leftIndent - me->new_style->rightIndent)
+-              HTSprintf0(&me->textarea_cols, "%d", width);
++              me->textarea_cols = width;
+           else
+-              StrAllocCopy(me->textarea_cols, "60");
++              me->textarea_cols = DFT_TEXTAREA_COLS;
+       }
++      LimitValue(me->textarea_cols, MAX_TEXTAREA_COLS);
+ 
+       if (present && present[HTML_TEXTAREA_ROWS] &&
+           value[HTML_TEXTAREA_ROWS] &&
+           isdigit(UCH(*value[HTML_TEXTAREA_ROWS])))
+           me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]);
+       else
+-          me->textarea_rows = 4;
++          me->textarea_rows = DFT_TEXTAREA_ROWS;
++      LimitValue(me->textarea_rows, MAX_TEXTAREA_ROWS);
+ 
+       if (present && present[HTML_TEXTAREA_DISABLED])
+           me->textarea_disabled = YES;
+@@ -5169,7 +5184,7 @@ PRIVATE int HTML_start_element ARGS6(
+               I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+               I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+               I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-              I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++              I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+               I.type=NULL; I.value=NULL; I.width=NULL;
+               I.accept_cs = NULL;
+               I.name_cs = -1;
+@@ -6818,7 +6833,7 @@ End_Object:
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.value_cs = current_char_set;
+ 
+@@ -6969,7 +6984,7 @@ End_Object:
+               }
+               I.value = temp;
+               chars = HText_beginInput(me->text, me->inUnderline, &I);
+-              for (chars = atoi(me->textarea_cols); chars > 0; chars--)
++              for (chars = me->textarea_cols; chars > 0; chars--)
+                   HTML_put_character(me, '_');
+               HText_appendCharacter(me->text, '\r');
+               if (*data == '\n') {
+@@ -6994,7 +7009,6 @@ End_Object:
+           HTChunkClear(&me->textarea);
+           FREE(me->textarea_name);
+           me->textarea_name_cs = -1;
+-          FREE(me->textarea_cols);
+           FREE(me->textarea_id);
+           break;
+       }
+@@ -7541,7 +7555,6 @@ PRIVATE void HTML_abort ARGS2(HTStructur
+     FREE(me->map_address);
+     FREE(me->textarea_name);
+     FREE(me->textarea_accept_cs);
+-    FREE(me->textarea_cols);
+     FREE(me->textarea_id);
+     FREE(me->LastOptionValue);
+     FREE(me->xinclude);
+@@ -7721,7 +7734,7 @@ PUBLIC HTStructured* HTML_new ARGS3(
+     me->textarea_name = NULL;
+     me->textarea_name_cs = -1;
+     me->textarea_accept_cs = NULL;
+-    me->textarea_cols = NULL;
++    me->textarea_cols = 0;
+     me->textarea_rows = 4;
+     me->textarea_disabled = NO;
+     me->textarea_id = NULL;
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-be
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-be Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,13 @@
+$NetBSD: patch-be,v 1.1 2006/05/29 16:58:18 drochner Exp $
+
+--- src/HTML.h.orig    2004-01-08 03:03:09.000000000 +0100
++++ src/HTML.h
+@@ -104,7 +104,7 @@ struct _HTStructured {
+     char *                    textarea_name;
+     int                               textarea_name_cs;
+     char *                    textarea_accept_cs;
+-    char *                    textarea_cols;
++    int                               textarea_cols;
+     int                               textarea_rows;
+     int                               textarea_disabled;
+     char *                    textarea_id;
diff -r da7d65904693 -r 2507cf76be3b www/lynx/patches/patch-bf
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/www/lynx/patches/patch-bf Mon May 29 16:58:18 2006 +0000
@@ -0,0 +1,29 @@
+$NetBSD: patch-bf,v 1.1 2006/05/29 16:58:18 drochner Exp $
+
+--- src/LYCurses.h.orig        2004-01-28 20:30:38.000000000 +0100
++++ src/LYCurses.h
+@@ -365,6 +365,24 @@ extern long LYgetattrs PARAMS((WINDOW *w
+ extern int LYlines;   /* replaces LINES */
+ extern int LYcols;    /* replaces COLS */
+ 
++/*
++ * The scrollbar, if used, occupies the rightmost column.
++ */
++#ifdef USE_SCROLLBAR
++#define LYbarWidth (LYShowScrollbar ? 1 : 0)
++#else
++#define LYbarWidth 0
++#endif
++
++/*
++ * Usable limits for display:
++ */
++#if defined(FANCY_CURSES) || defined(USE_SLANG)
++#define LYcolLimit (LYcols - LYbarWidth)
++#else
++#define LYcolLimit (LYcols - 1)
++#endif
++
+ #ifdef USE_CURSES_PADS
+ extern WINDOW *LYwin;
+ extern int LYshiftWin;



Home | Main Index | Thread Index | Old Index