From 6386160facd2bb2ec5d35b770f6d51396d37c816 Mon Sep 17 00:00:00 2001 From: drochner Date: Mon, 29 May 2006 16:58:18 +0000 Subject: add a patch from OpenBSD / Debian which fixes Lynx going into an infinite loop on certain invalid HTML (CVE-2004-1617) bump PKGREVISION --- www/lynx/Makefile | 3 +- www/lynx/distinfo | 8 ++- www/lynx/patches/patch-ba | 13 +++++ www/lynx/patches/patch-bb | 15 +++++ www/lynx/patches/patch-bc | 13 +++++ www/lynx/patches/patch-bd | 137 ++++++++++++++++++++++++++++++++++++++++++++++ www/lynx/patches/patch-be | 13 +++++ www/lynx/patches/patch-bf | 29 ++++++++++ 8 files changed, 229 insertions(+), 2 deletions(-) create mode 100644 www/lynx/patches/patch-ba create mode 100644 www/lynx/patches/patch-bb create mode 100644 www/lynx/patches/patch-bc create mode 100644 www/lynx/patches/patch-bd create mode 100644 www/lynx/patches/patch-be create mode 100644 www/lynx/patches/patch-bf (limited to 'www') diff --git a/www/lynx/Makefile b/www/lynx/Makefile index 9116b7c7c24..654e5fdad46 100644 --- a/www/lynx/Makefile +++ b/www/lynx/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.89 2006/04/23 14:06:08 schwarz Exp $ +# $NetBSD: Makefile,v 1.90 2006/05/29 16:58:18 drochner Exp $ # # NOTE: Please do not enable the lynxcgi feature unless it is lynx @@ -8,6 +8,7 @@ DISTNAME= lynx2.8.5 PKGNAME= lynx-2.8.5.5 +PKGREVISION= 1 CATEGORIES= www MASTER_SITES= http://lynx.isc.org/${DISTNAME}/ \ ftp://ftp.nl.uu.net/pub/unix/www/lynx/${DISTNAME}/ \ diff --git a/www/lynx/distinfo b/www/lynx/distinfo index 1b5720698d1..0cfaf446706 100644 --- a/www/lynx/distinfo +++ b/www/lynx/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.19 2006/04/22 15:08:03 joerg Exp $ +$NetBSD: distinfo,v 1.20 2006/05/29 16:58:18 drochner Exp $ SHA1 (lynx/lynx2.8.5.tar.bz2) = c70866f67c1365b55e0c9c0c569190f5919d28d4 RMD160 (lynx/lynx2.8.5.tar.bz2) = 80d20261ac6eaebe1d940fb5de485daaad7bb3b7 @@ -20,3 +20,9 @@ SHA1 (patch-ab) = 2cc647d06d97127546bf2511fbfac6a5eef67d07 SHA1 (patch-ae) = 5dff036d9fc35dca528acb530f779dce4a98cddd SHA1 (patch-af) = 819cdfae5e8181423f5be68cc202a6e074560e75 SHA1 (patch-ag) = 93d1ff507f8533e54a45f50d0310d2bb8017f1d2 +SHA1 (patch-ba) = 14aa7dd1026127753f6f8e5bf18bcf83a7a246fc +SHA1 (patch-bb) = 33ebf1ad1f7471ec5afba8b436b7fdc2214ac6d7 +SHA1 (patch-bc) = 6f293327a757ee96617d05ad9ab37d43da283f33 +SHA1 (patch-bd) = 11e1b29fe521b874e5e9b09c70572119b31b655a +SHA1 (patch-be) = 36be2a5f00fd8cd6d7fdc62b768bf960df480573 +SHA1 (patch-bf) = 8ba9b49824aaebe6010aba15e9ae74c800e521b7 diff --git a/www/lynx/patches/patch-ba b/www/lynx/patches/patch-ba new file mode 100644 index 00000000000..4f8ac0c46a5 --- /dev/null +++ b/www/lynx/patches/patch-ba @@ -0,0 +1,13 @@ +$NetBSD: patch-ba,v 1.3 2006/05/29 16:58:18 drochner Exp $ + +--- userdefs.h.orig 2006-05-29 14:15:01.000000000 +0200 ++++ userdefs.h +@@ -1379,6 +1379,8 @@ + #define MAXCHARSETS 60 /* max character sets supported */ + #define TRST_MAXROWSPAN 10000 /* max rowspan accepted by TRST code */ + #define TRST_MAXCOLSPAN 1000 /* max colspan and COL/COLGROUP span accepted */ ++#define MAX_TABLE_ROWS 200 /* max rows for tables */ ++#define MAX_TABLE_COLS 200 /* max cols for tables */ + #define SAVE_TIME_NOT_SPACE /* minimize number of some malloc calls */ + + /* Win32 may support more, but old win16 helper apps may not. */ diff --git a/www/lynx/patches/patch-bb b/www/lynx/patches/patch-bb new file mode 100644 index 00000000000..ee645431c89 --- /dev/null +++ b/www/lynx/patches/patch-bb @@ -0,0 +1,15 @@ +$NetBSD: patch-bb,v 1.1 2006/05/29 16:58:18 drochner Exp $ + +--- src/GridText.c.orig 2004-01-28 20:30:38.000000000 +0100 ++++ src/GridText.c +@@ -9589,8 +9589,8 @@ PUBLIC int HText_beginInput ARGS3( + /* + * Set SIZE. + */ +- if (I->size != NULL) { +- f->size = atoi(I->size); ++ if (I->size != 0) { ++ f->size = I->size; + /* + * Leave at zero for option lists. + */ diff --git a/www/lynx/patches/patch-bc b/www/lynx/patches/patch-bc new file mode 100644 index 00000000000..ea8d8d4eb35 --- /dev/null +++ b/www/lynx/patches/patch-bc @@ -0,0 +1,13 @@ +$NetBSD: patch-bc,v 1.1 2006/05/29 16:58:18 drochner Exp $ + +--- src/HTForms.h.orig 2003-06-02 03:16:28.000000000 +0200 ++++ src/HTForms.h +@@ -40,7 +40,7 @@ typedef struct _InputFieldData { + CONST char *md; + CONST char *min; + CONST char *name; +- CONST char *size; ++ int size; + CONST char *src; + CONST char *type; + char *value; diff --git a/www/lynx/patches/patch-bd b/www/lynx/patches/patch-bd new file mode 100644 index 00000000000..91f8b9a2e27 --- /dev/null +++ b/www/lynx/patches/patch-bd @@ -0,0 +1,137 @@ +$NetBSD: patch-bd,v 1.1 2006/05/29 16:58:18 drochner Exp $ + +--- src/HTML.c.orig 2004-01-19 13:16:02.000000000 +0100 ++++ src/HTML.c +@@ -80,6 +80,19 @@ + + #define STACKLEVEL(me) ((me->stack + MAX_NESTING - 1) - me->sp) + ++#define DFT_TEXTAREA_COLS 60 ++#define DFT_TEXTAREA_ROWS 4 ++ ++#define MAX_TEXTAREA_COLS LYcolLimit ++#define MAX_TEXTAREA_ROWS (3 * LYlines) ++ ++#define LimitValue(name, value) \ ++ if (name > value) { \ ++ CTRACE((tfp, "Limited " #name " to %d, was %d\n", \ ++ value, name)); \ ++ name = value; \ ++ } ++ + struct _HTStream { + CONST HTStreamClass * isa; + #ifdef USE_SOURCE_CACHE +@@ -4316,7 +4329,7 @@ PRIVATE int HTML_start_element ARGS6( + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = ATTR_CS_IN; +@@ -4502,7 +4515,7 @@ PRIVATE int HTML_start_element ARGS6( + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = ATTR_CS_IN; +@@ -4794,7 +4807,7 @@ PRIVATE int HTML_start_element ARGS6( + I.checked = YES; + if (present && present[HTML_INPUT_SIZE] && + value[HTML_INPUT_SIZE] && *value[HTML_INPUT_SIZE]) +- I.size = value[HTML_INPUT_SIZE]; ++ I.size = atoi(value[HTML_INPUT_SIZE]); + if (present && present[HTML_INPUT_MAXLENGTH] && + value[HTML_INPUT_MAXLENGTH] && *value[HTML_INPUT_MAXLENGTH]) + I.maxlength = value[HTML_INPUT_MAXLENGTH]; +@@ -5033,26 +5046,28 @@ PRIVATE int HTML_start_element ARGS6( + if (present && present[HTML_TEXTAREA_COLS] && + value[HTML_TEXTAREA_COLS] && + isdigit(UCH(*value[HTML_TEXTAREA_COLS]))) +- StrAllocCopy(me->textarea_cols, value[HTML_TEXTAREA_COLS]); ++ me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]); + else { + int width; + width = LYcols - 1 - + me->new_style->leftIndent - me->new_style->rightIndent; + if (dump_output_immediately) /* don't waste too much for this */ +- width = HTMIN(width, 60); ++ width = HTMIN(width, DFT_TEXTAREA_COLS); + if (width > 1 && (width-1)*6 < MAX_LINE - 3 - + me->new_style->leftIndent - me->new_style->rightIndent) +- HTSprintf0(&me->textarea_cols, "%d", width); ++ me->textarea_cols = width; + else +- StrAllocCopy(me->textarea_cols, "60"); ++ me->textarea_cols = DFT_TEXTAREA_COLS; + } ++ LimitValue(me->textarea_cols, MAX_TEXTAREA_COLS); + + if (present && present[HTML_TEXTAREA_ROWS] && + value[HTML_TEXTAREA_ROWS] && + isdigit(UCH(*value[HTML_TEXTAREA_ROWS]))) + me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]); + else +- me->textarea_rows = 4; ++ me->textarea_rows = DFT_TEXTAREA_ROWS; ++ LimitValue(me->textarea_rows, MAX_TEXTAREA_ROWS); + + if (present && present[HTML_TEXTAREA_DISABLED]) + me->textarea_disabled = YES; +@@ -5169,7 +5184,7 @@ PRIVATE int HTML_start_element ARGS6( + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = -1; +@@ -6818,7 +6833,7 @@ End_Object: + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.value_cs = current_char_set; + +@@ -6969,7 +6984,7 @@ End_Object: + } + I.value = temp; + chars = HText_beginInput(me->text, me->inUnderline, &I); +- for (chars = atoi(me->textarea_cols); chars > 0; chars--) ++ for (chars = me->textarea_cols; chars > 0; chars--) + HTML_put_character(me, '_'); + HText_appendCharacter(me->text, '\r'); + if (*data == '\n') { +@@ -6994,7 +7009,6 @@ End_Object: + HTChunkClear(&me->textarea); + FREE(me->textarea_name); + me->textarea_name_cs = -1; +- FREE(me->textarea_cols); + FREE(me->textarea_id); + break; + } +@@ -7541,7 +7555,6 @@ PRIVATE void HTML_abort ARGS2(HTStructur + FREE(me->map_address); + FREE(me->textarea_name); + FREE(me->textarea_accept_cs); +- FREE(me->textarea_cols); + FREE(me->textarea_id); + FREE(me->LastOptionValue); + FREE(me->xinclude); +@@ -7721,7 +7734,7 @@ PUBLIC HTStructured* HTML_new ARGS3( + me->textarea_name = NULL; + me->textarea_name_cs = -1; + me->textarea_accept_cs = NULL; +- me->textarea_cols = NULL; ++ me->textarea_cols = 0; + me->textarea_rows = 4; + me->textarea_disabled = NO; + me->textarea_id = NULL; diff --git a/www/lynx/patches/patch-be b/www/lynx/patches/patch-be new file mode 100644 index 00000000000..d44c6b7420e --- /dev/null +++ b/www/lynx/patches/patch-be @@ -0,0 +1,13 @@ +$NetBSD: patch-be,v 1.1 2006/05/29 16:58:18 drochner Exp $ + +--- src/HTML.h.orig 2004-01-08 03:03:09.000000000 +0100 ++++ src/HTML.h +@@ -104,7 +104,7 @@ struct _HTStructured { + char * textarea_name; + int textarea_name_cs; + char * textarea_accept_cs; +- char * textarea_cols; ++ int textarea_cols; + int textarea_rows; + int textarea_disabled; + char * textarea_id; diff --git a/www/lynx/patches/patch-bf b/www/lynx/patches/patch-bf new file mode 100644 index 00000000000..bebcdeeb190 --- /dev/null +++ b/www/lynx/patches/patch-bf @@ -0,0 +1,29 @@ +$NetBSD: patch-bf,v 1.1 2006/05/29 16:58:18 drochner Exp $ + +--- src/LYCurses.h.orig 2004-01-28 20:30:38.000000000 +0100 ++++ src/LYCurses.h +@@ -365,6 +365,24 @@ extern long LYgetattrs PARAMS((WINDOW *w + extern int LYlines; /* replaces LINES */ + extern int LYcols; /* replaces COLS */ + ++/* ++ * The scrollbar, if used, occupies the rightmost column. ++ */ ++#ifdef USE_SCROLLBAR ++#define LYbarWidth (LYShowScrollbar ? 1 : 0) ++#else ++#define LYbarWidth 0 ++#endif ++ ++/* ++ * Usable limits for display: ++ */ ++#if defined(FANCY_CURSES) || defined(USE_SLANG) ++#define LYcolLimit (LYcols - LYbarWidth) ++#else ++#define LYcolLimit (LYcols - 1) ++#endif ++ + #ifdef USE_CURSES_PADS + extern WINDOW *LYwin; + extern int LYshiftWin; -- cgit v1.2.3