diff options
| author | wiz <wiz> | 2011-01-21 23:34:13 +0000 |
|---|---|---|
| committer | wiz <wiz> | 2011-01-21 23:34:13 +0000 |
| commit | 8778f49d2fe2ec5a8540f28e504f554c864d7891 (patch) | |
| tree | 554311bf532a6e47131c9fab51001c57f5f22e54 /www/w3m/patches | |
| parent | 455824701fccd2b12441c25ef0225ddc5132d06b (diff) | |
| download | pkgsrc-8778f49d2fe2ec5a8540f28e504f554c864d7891.tar.gz | |
Update w3m and w3m-img to 0.5.3. Some pkglint cleanup and DESCR
rewording while here.
XXX: I don't see what w3m-img does differently?
Changes:
w3m 0.5.3 - 2011-01-15
* security fix
- fix vulnerabilities indicated by bugs.debian.org.
- suppress sending Referer, if https:// -> http://
* new features
- adapt w3mimg to native windows on MS Windows.
- support xterm-incompatible terminals without gpm.
- add "xhtml" to default guess.
- introduce option pseudo_inlines.
- add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
- fix "important" bugs from bugs.debian.org
- preserve spaces in multibyte context.
- fix proxy authentication.
Diffstat (limited to 'www/w3m/patches')
| -rw-r--r-- | www/w3m/patches/patch-ac | 10 | ||||
| -rw-r--r-- | www/w3m/patches/patch-ad | 58 |
2 files changed, 5 insertions, 63 deletions
diff --git a/www/w3m/patches/patch-ac b/www/w3m/patches/patch-ac index 72bd7607ffa..d201243cc0c 100644 --- a/www/w3m/patches/patch-ac +++ b/www/w3m/patches/patch-ac @@ -1,12 +1,12 @@ -$NetBSD: patch-ac,v 1.14 2010/07/01 18:50:15 tron Exp $ +$NetBSD: patch-ac,v 1.15 2011/01/21 23:34:14 wiz Exp $ Fix for CVE-2010-2074 taken from here: http://www.openwall.com/lists/oss-security/2010/06/14/4 ---- fm.h.orig 2007-05-30 05:47:24.000000000 +0100 -+++ fm.h 2010-07-01 19:26:27.000000000 +0100 -@@ -1119,7 +1119,7 @@ +--- fm.h.orig 2011-01-04 09:22:21.000000000 +0000 ++++ fm.h +@@ -1135,7 +1135,7 @@ global int view_unseenobject init(TRUE); #endif #if defined(USE_SSL) && defined(USE_SSL_VERIFY) @@ -15,7 +15,7 @@ http://www.openwall.com/lists/oss-security/2010/06/14/4 global char *ssl_cert_file init(NULL); global char *ssl_key_file init(NULL); global char *ssl_ca_path init(NULL); -@@ -1128,7 +1128,7 @@ +@@ -1144,7 +1144,7 @@ global int ssl_path_modified init(FALSE) #endif /* defined(USE_SSL) && * defined(USE_SSL_VERIFY) */ #ifdef USE_SSL diff --git a/www/w3m/patches/patch-ad b/www/w3m/patches/patch-ad deleted file mode 100644 index f07418010e9..00000000000 --- a/www/w3m/patches/patch-ad +++ /dev/null @@ -1,58 +0,0 @@ -$NetBSD: patch-ad,v 1.8 2010/07/01 18:50:15 tron Exp $ - -Fix for CVE-2010-2074 taken from here: - -http://www.openwall.com/lists/oss-security/2010/06/14/4 - ---- istream.c.orig 2007-05-23 16:06:05.000000000 +0100 -+++ istream.c 2010-07-01 19:31:00.000000000 +0100 -@@ -447,8 +447,17 @@ - - if (!seen_dnsname) - seen_dnsname = Strnew(); -+ /* replace \0 to make full string visible to user */ -+ if (sl != strlen(sn)) { -+ int i; -+ for (i = 0; i < sl; ++i) { -+ if (!sn[i]) -+ sn[i] = '!'; -+ } -+ } - Strcat_m_charp(seen_dnsname, sn, " ", NULL); -- if (ssl_match_cert_ident(sn, sl, hostname)) -+ if (sl == strlen(sn) /* catch \0 in SAN */ -+ && ssl_match_cert_ident(sn, sl, hostname)) - break; - } - } -@@ -466,16 +475,27 @@ - if (match_ident == FALSE && ret == NULL) { - X509_NAME *xn; - char buf[2048]; -+ int slen; - - xn = X509_get_subject_name(x); - -- if (X509_NAME_get_text_by_NID(xn, NID_commonName, -- buf, sizeof(buf)) == -1) -+ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); -+ if ( slen == -1) - /* FIXME: gettextize? */ - ret = Strnew_charp("Unable to get common name from peer cert"); -- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname)) -+ else if (slen != strlen(buf) -+ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { -+ /* replace \0 to make full string visible to user */ -+ if (slen != strlen(buf)) { -+ int i; -+ for (i = 0; i < slen; ++i) { -+ if (!buf[i]) -+ buf[i] = '!'; -+ } -+ } - /* FIXME: gettextize? */ - ret = Sprintf("Bad cert ident %s from %s", buf, hostname); -+ } - else - match_ident = TRUE; - } |