diff options
Diffstat (limited to 'www')
| -rw-r--r-- | www/w3m-img/Makefile | 5 | ||||
| -rw-r--r-- | www/w3m/Makefile | 5 | ||||
| -rw-r--r-- | www/w3m/distinfo | 4 | ||||
| -rw-r--r-- | www/w3m/patches/patch-ac | 26 | ||||
| -rw-r--r-- | www/w3m/patches/patch-ad | 58 |
5 files changed, 91 insertions, 7 deletions
diff --git a/www/w3m-img/Makefile b/www/w3m-img/Makefile index 3da0cf52a2a..ad6e2aa0a49 100644 --- a/www/w3m-img/Makefile +++ b/www/w3m-img/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.19 2010/01/24 13:26:12 wiz Exp $ -# +# $NetBSD: Makefile,v 1.20 2010/07/01 18:50:15 tron Exp $ PKGNAME= w3m-img-${W3M_VERS} -PKGREVISION= 4 +PKGREVISION= 5 COMMENT= Multilingualized version of a pager/text-based browser w3m with inline image support CONFLICTS+= w3m-[0-9]* diff --git a/www/w3m/Makefile b/www/w3m/Makefile index 5bf7d4c8381..9499696c602 100644 --- a/www/w3m/Makefile +++ b/www/w3m/Makefile @@ -1,8 +1,7 @@ -# $NetBSD: Makefile,v 1.57 2010/01/17 12:02:51 wiz Exp $ -# +# $NetBSD: Makefile,v 1.58 2010/07/01 18:50:14 tron Exp $ PKGNAME= w3m-${W3M_VERS} -PKGREVISION= 4 +PKGREVISION= 5 COMMENT= Multilingualized version of a pager/text-based browser w3m CONFLICTS+= w3m-img-[0-9]* diff --git a/www/w3m/distinfo b/www/w3m/distinfo index c1a91961186..f89d4bc45f0 100644 --- a/www/w3m/distinfo +++ b/www/w3m/distinfo @@ -1,8 +1,10 @@ -$NetBSD: distinfo,v 1.20 2008/12/13 08:52:13 obache Exp $ +$NetBSD: distinfo,v 1.21 2010/07/01 18:50:14 tron Exp $ SHA1 (w3m-0.5.2.tar.gz) = 484522547ae6dbb342d3858a2a53a65451e273f9 RMD160 (w3m-0.5.2.tar.gz) = 09ce72d8ef5e621a2e49496b63e22f2773edbe79 Size (w3m-0.5.2.tar.gz) = 1906812 bytes SHA1 (patch-aa) = 2de78a6db9bd483416895b393935ccadab879932 SHA1 (patch-ab) = 2d60d7a2946f13a185591c0b927cf0f8b5ea351b +SHA1 (patch-ac) = 800d4b8c2ed93ccaa000564366ad07fabcc5bdc2 +SHA1 (patch-ad) = 7a11f6f97fb5d01a420c95bcd03e577ffd3a241f SHA1 (patch-ak) = ac0ee99d5ab49c431cfa496d0d2d509efd6b06fa diff --git a/www/w3m/patches/patch-ac b/www/w3m/patches/patch-ac new file mode 100644 index 00000000000..72bd7607ffa --- /dev/null +++ b/www/w3m/patches/patch-ac @@ -0,0 +1,26 @@ +$NetBSD: patch-ac,v 1.14 2010/07/01 18:50:15 tron Exp $ + +Fix for CVE-2010-2074 taken from here: + +http://www.openwall.com/lists/oss-security/2010/06/14/4 + +--- fm.h.orig 2007-05-30 05:47:24.000000000 +0100 ++++ fm.h 2010-07-01 19:26:27.000000000 +0100 +@@ -1119,7 +1119,7 @@ + #endif + + #if defined(USE_SSL) && defined(USE_SSL_VERIFY) +-global int ssl_verify_server init(FALSE); ++global int ssl_verify_server init(TRUE); + global char *ssl_cert_file init(NULL); + global char *ssl_key_file init(NULL); + global char *ssl_ca_path init(NULL); +@@ -1128,7 +1128,7 @@ + #endif /* defined(USE_SSL) && + * defined(USE_SSL_VERIFY) */ + #ifdef USE_SSL +-global char *ssl_forbid_method init(NULL); ++global char *ssl_forbid_method init("2"); + #endif + + global int is_redisplay init(FALSE); diff --git a/www/w3m/patches/patch-ad b/www/w3m/patches/patch-ad new file mode 100644 index 00000000000..f07418010e9 --- /dev/null +++ b/www/w3m/patches/patch-ad @@ -0,0 +1,58 @@ +$NetBSD: patch-ad,v 1.8 2010/07/01 18:50:15 tron Exp $ + +Fix for CVE-2010-2074 taken from here: + +http://www.openwall.com/lists/oss-security/2010/06/14/4 + +--- istream.c.orig 2007-05-23 16:06:05.000000000 +0100 ++++ istream.c 2010-07-01 19:31:00.000000000 +0100 +@@ -447,8 +447,17 @@ + + if (!seen_dnsname) + seen_dnsname = Strnew(); ++ /* replace \0 to make full string visible to user */ ++ if (sl != strlen(sn)) { ++ int i; ++ for (i = 0; i < sl; ++i) { ++ if (!sn[i]) ++ sn[i] = '!'; ++ } ++ } + Strcat_m_charp(seen_dnsname, sn, " ", NULL); +- if (ssl_match_cert_ident(sn, sl, hostname)) ++ if (sl == strlen(sn) /* catch \0 in SAN */ ++ && ssl_match_cert_ident(sn, sl, hostname)) + break; + } + } +@@ -466,16 +475,27 @@ + if (match_ident == FALSE && ret == NULL) { + X509_NAME *xn; + char buf[2048]; ++ int slen; + + xn = X509_get_subject_name(x); + +- if (X509_NAME_get_text_by_NID(xn, NID_commonName, +- buf, sizeof(buf)) == -1) ++ slen = X509_NAME_get_text_by_NID(xn, NID_commonName, buf, sizeof(buf)); ++ if ( slen == -1) + /* FIXME: gettextize? */ + ret = Strnew_charp("Unable to get common name from peer cert"); +- else if (!ssl_match_cert_ident(buf, strlen(buf), hostname)) ++ else if (slen != strlen(buf) ++ || !ssl_match_cert_ident(buf, strlen(buf), hostname)) { ++ /* replace \0 to make full string visible to user */ ++ if (slen != strlen(buf)) { ++ int i; ++ for (i = 0; i < slen; ++i) { ++ if (!buf[i]) ++ buf[i] = '!'; ++ } ++ } + /* FIXME: gettextize? */ + ret = Sprintf("Bad cert ident %s from %s", buf, hostname); ++ } + else + match_ident = TRUE; + } |