diff options
| author | Alex Kozlov <ak@FreeBSD.org> | 2018-08-25 21:38:00 +0000 |
|---|---|---|
| committer | Alex Kozlov <ak@FreeBSD.org> | 2018-08-25 21:38:00 +0000 |
| commit | 6a6206f048cdf378befbda828f378a5f8d77f93c (patch) | |
| tree | c66a30e9fcd28484548b0248e458a8e2249fe6aa | |
| parent | 72b205b85b363b4c75889b051fa20b1aafdd1b57 (diff) | |
| download | ports-6a6206f048cdf378befbda828f378a5f8d77f93c.tar.gz ports-6a6206f048cdf378befbda828f378a5f8d77f93c.zip | |
Notes
| -rw-r--r-- | www/lynx/Makefile | 4 | ||||
| -rw-r--r-- | www/lynx/distinfo | 5 | ||||
| -rw-r--r-- | www/lynx/files/patch-CVE-2014-3566 | 24 | ||||
| -rw-r--r-- | www/lynx/files/patch-CVE-2016-9179 | 85 | ||||
| -rw-r--r-- | www/lynx/files/patch-WWW_Library_Implementation_HTTP.c | 11 |
5 files changed, 16 insertions, 113 deletions
diff --git a/www/lynx/Makefile b/www/lynx/Makefile index e9f5a8f1bf0b..321214bedcfa 100644 --- a/www/lynx/Makefile +++ b/www/lynx/Makefile @@ -2,8 +2,7 @@ # $FreeBSD$ PORTNAME= lynx -PORTVERSION= 2.8.8.2 -PORTREVISION= 6 +PORTVERSION= 2.8.9.1 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= http://invisible-mirror.net/archives/lynx/tarballs/ \ @@ -21,7 +20,6 @@ CONFLICTS= lynx-2.8.[8-9]d* USES= cpe ncurses shebangfix tar:bzip2 SHEBANG_FILES= samples/mailto-form.pl -WRKSRC= ${WRKDIR}/${PORTNAME}2-8-8 GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-zlib --libdir="${PREFIX}/etc" \ --enable-nsl-fork --enable-persistent-cookies \ diff --git a/www/lynx/distinfo b/www/lynx/distinfo index 3cc02e4c774b..1fb39fd95684 100644 --- a/www/lynx/distinfo +++ b/www/lynx/distinfo @@ -1,2 +1,3 @@ -SHA256 (lynx2.8.8rel.2.tar.bz2) = 6980e75cf0d677fd52c116e2e0dfd3884e360970c88c8356a114338500d5bee7 -SIZE (lynx2.8.8rel.2.tar.bz2) = 2587120 +TIMESTAMP = 1534076790 +SHA256 (lynx2.8.9rel.1.tar.bz2) = 387f193d7792f9cfada14c60b0e5c0bff18f227d9257a39483e14fa1aaf79595 +SIZE (lynx2.8.9rel.1.tar.bz2) = 2689171 diff --git a/www/lynx/files/patch-CVE-2014-3566 b/www/lynx/files/patch-CVE-2014-3566 index f6956346cdbc..d0413210f33c 100644 --- a/www/lynx/files/patch-CVE-2014-3566 +++ b/www/lynx/files/patch-CVE-2014-3566 @@ -1,16 +1,16 @@ -Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". - -This change has been passed upstream. - ---- WWW/Library/Implementation/HTTP.c.orig 2015-02-16 12:48:34.014809453 -0800 -+++ WWW/Library/Implementation/HTTP.c 2015-02-16 12:49:09.627395954 -0800 -@@ -119,7 +119,8 @@ +--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC ++++ WWW/Library/Implementation/HTTP.c +@@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void) #else SSLeay_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); -- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); -+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ -+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) { +-#ifdef SSL_OP_NO_SSLv2 +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +-#else +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); +-#endif ++ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); #endif diff --git a/www/lynx/files/patch-CVE-2016-9179 b/www/lynx/files/patch-CVE-2016-9179 deleted file mode 100644 index 81ed8e9c0014..000000000000 --- a/www/lynx/files/patch-CVE-2016-9179 +++ /dev/null @@ -1,85 +0,0 @@ -Fix for CVE-2016-9179 -See: -http://lists.nongnu.org/archive/html/lynx-dev/2016-11/msg00018.html - -Re-engineered the upstream patch, which was only released -for the unstable lynx2.8.9. Removed the at_sign, and made sure that -the user id is correctly stripped of all non valid inputs. - ---- WWW/Library/Implementation/HTTCP.c_orig 2016-12-01 15:07:39.487753520 +0000 -+++ WWW/Library/Implementation/HTTCP.c 2016-12-01 15:10:20.291328282 +0000 -@@ -1792,7 +1792,6 @@ - int status = 0; - char *line = NULL; - char *p1 = NULL; -- char *at_sign = NULL; - char *host = NULL; - - #ifdef INET6 -@@ -1814,14 +1813,8 @@ - * Get node name and optional port number. - */ - p1 = HTParse(url, "", PARSE_HOST); -- if ((at_sign = StrChr(p1, '@')) != NULL) { -- /* -- * If there's an @ then use the stuff after it as a hostname. -- */ -- StrAllocCopy(host, (at_sign + 1)); -- } else { - StrAllocCopy(host, p1); -- } -+ strip_userid(host, FALSE); - FREE(p1); - - HTSprintf0(&line, "%s%s", WWW_FIND_MESSAGE, host); ---- WWW/Library/Implementation/HTTP.c_orig 2016-12-01 15:13:24.171404704 +0000 -+++ WWW/Library/Implementation/HTTP.c 2016-12-01 15:19:59.699276204 +0000 -@@ -426,7 +426,7 @@ - /* - * Strip any username from the given string so we retain only the host. - */ --static void strip_userid(char *host) -+void strip_userid(char *host, int parse_only) - { - char *p1 = host; - char *p2 = StrChr(host, '@'); -@@ -439,7 +439,8 @@ - - CTRACE((tfp, "parsed:%s\n", fake)); - HTSprintf0(&msg, gettext("Address contains a username: %s"), host); -- HTAlert(msg); -+ if (msg !=0 && !parse_only) -+ HTAlert(msg); - FREE(msg); - } - while ((*p1++ = *p2++) != '\0') { -@@ -1081,7 +1082,7 @@ - char *host = NULL; - - if ((host = HTParse(anAnchor->address, "", PARSE_HOST)) != NULL) { -- strip_userid(host); -+ strip_userid(host, TRUE); - HTBprintf(&command, "Host: %s%c%c", host, CR, LF); - FREE(host); - } ---- WWW/Library/Implementation/HTUtils.h_orig 2016-12-01 15:21:38.919699987 +0000 -+++ WWW/Library/Implementation/HTUtils.h 2016-12-01 15:22:57.870511104 +0000 -@@ -801,6 +801,8 @@ - - extern FILE *TraceFP(void); - -+ extern void strip_userid(char *host, int warn); -+ - #ifdef USE_SSL - extern SSL *HTGetSSLHandle(void); - extern void HTSSLInitPRNG(void); ---- src/LYUtils.c_orig 2016-12-01 15:25:21.769447171 +0000 -+++ src/LYUtils.c 2016-12-01 15:28:31.901411555 +0000 -@@ -4693,6 +4693,7 @@ - * Do a DNS test on the potential host field as presently trimmed. - FM - */ - StrAllocCopy(host, Str); -+ strip_userid(host, FALSE); - HTUnEscape(host); - if (LYCursesON) { - StrAllocCopy(MsgStr, WWW_FIND_MESSAGE); diff --git a/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c b/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c deleted file mode 100644 index 477bc8a43f10..000000000000 --- a/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c +++ /dev/null @@ -1,11 +0,0 @@ ---- WWW/Library/Implementation/HTTP.c.orig 2017-02-09 21:20:27 UTC -+++ WWW/Library/Implementation/HTTP.c -@@ -721,7 +722,7 @@ static int HTLoadHTTP(const char *arg, - #elif SSLEAY_VERSION_NUMBER >= 0x0900 - #ifndef USE_NSS_COMPAT_INCL - if (!try_tls) { -- handle->options |= SSL_OP_NO_TLSv1; -+ SSL_set_options(handle, SSL_OP_NO_TLSv1); - #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - } else { - int ret = (int) SSL_set_tlsext_host_name(handle, ssl_host); |