pkg/49740: change default text browser of textproc/rfc to lynx to avoid vulnerable www/links

To: pkg-manager%netbsd.org@localhost,gnats-admin%netbsd.org@localhost,pkgsrc-bugs%netbsd.org@localhost
Subject: pkg/49740: change default text browser of textproc/rfc to lynx to avoid vulnerable www/links
From: kjw%doglet.ca@localhost
Date: Mon, 9 Mar 2015 23:25:00 +0000 (UTC)

>Number:         49740
>Category:       pkg
>Synopsis:       change default text browser of textproc/rfc to lynx to avoid vulnerable www/links
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Mon Mar 09 23:25:00 +0000 2015
>Originator:     kj Woolley
>Release:        current
>Organization:
>Environment:
all
>Description:
www/links is listed as vulnerable in pkg-vulnerabilities and I have not been able to find any conclusive ChangeLog entries for that project that indicate the vulnerabilities have been address.

Meanwhile, textproc/rfc wants to use www/links by default. The attached patch changes this preference to www/lynx so it can be built without supplying package options to avoid a vulnerable package.
>How-To-Repeat:
cd pkgsrc/textproc/rfcutil && bmake package
>Fix:
Index: options.mk
===================================================================
RCS file: /cvsroot/pkgsrc/textproc/rfcutil/options.mk,v
retrieving revision 1.1
diff -r1.1 options.mk
6c6
< PKG_SUGGESTED_OPTIONS=                        links
---
> PKG_SUGGESTED_OPTIONS=                        lynx

Prev by Date: Re: pkg/47189 (Cacti configuration file is overwritten)
Next by Date: Re: pkg/49736 (Change 'the_silver_searcher' to adapt to new fetch for Github)
Previous by Thread: Re: pkg/47189 (Cacti configuration file is overwritten)
Next by Thread: Re: pkg/49736 (Change 'the_silver_searcher' to adapt to new fetch for Github)
Indexes:

Home | Main Index | Thread Index | Old Index