diff --git a/README.md b/README.md index a513b08..bfa2224 100644 --- a/README.md +++ b/README.md @@ -1,2 +1,6 @@ # lynx +This a terminal based WWW browser. +While it does not make any attempt at displaying graphics, it has good support +for HTML text formatting, forms, and tables. + diff --git a/lynx-1-2.8.6-tmp_dir.patch b/lynx-1-2.8.6-tmp_dir.patch new file mode 100644 index 0000000..fd60eea --- /dev/null +++ b/lynx-1-2.8.6-tmp_dir.patch @@ -0,0 +1,34 @@ +--- lynx2-8-6/src/LYMain.c 2008-07-07 03:01:11.000000000 +0200 ++++ lynx2-8-6/src/LYMain.c.pix 2008-07-07 03:01:51.000000000 +0200 +@@ -969,7 +969,7 @@ + struct stat dir_info; + char filename[LY_MAXPATH]; + BOOL LYGetStdinArgs = FALSE; +- ++ struct stat st; + #ifdef _WINDOWS + WSADATA WSAData; + #endif /* _WINDOWS */ +@@ -1206,7 +1206,22 @@ + if (access(lynx_temp_space, 0) != 0) + #endif + tildeExpand(&lynx_temp_space, TRUE); ++ ++ ++ if (stat(lynx_temp_space, &st) < 0) { ++ if (errno = ENOENT) { ++ printf("Creating dir %s\n", lynx_temp_space); ++ mkdir(lynx_temp_space, 0700); ++ } ++ } + ++ if (stat(lynx_temp_space, &st) < 0) { ++ if (errno = ENOENT) { ++ printf("Can't create %s, let's try /tmp/\n", lynx_temp_space); ++ lynx_temp_space = "/tmp/"; ++ } ++ } ++ + if ((cp = strstr(lynx_temp_space, "$USER")) != NULL) { + char *cp1; + diff --git a/lynx-2.8.5-can_2005_2929.patch b/lynx-2.8.5-can_2005_2929.patch new file mode 100644 index 0000000..02e6098 --- /dev/null +++ b/lynx-2.8.5-can_2005_2929.patch @@ -0,0 +1,90 @@ +--- lynx2-8-5/src/LYCgi.c.cve-2005-2929 2004-02-02 13:02:28.000000000 -0700 ++++ lynx2-8-5/src/LYCgi.c 2005-11-12 09:57:35.832520625 -0700 +@@ -140,6 +140,40 @@ + } + } + ++#ifdef LYNXCGI_LINKS ++/* ++ * Wrapper for exec_ok(), confirming with user if the link text is not visible ++ * in the status line. ++ */ ++static BOOL can_exec_cgi(const char *linktext, const char *linkargs) ++{ ++ const char *format = gettext("Do you want to execute \"%s\"?"); ++ char *message = NULL; ++ char *command = NULL; ++ char *p; ++ BOOL result = TRUE; ++ ++ if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) { ++ /* exec_ok gives out msg. */ ++ result = FALSE; ++ } else if (user_mode < ADVANCED_MODE) { ++ StrAllocCopy(command, linktext); ++ if (non_empty(linkargs)) { ++ HTSprintf(&command, " %s", linkargs); ++ } ++ HTUnEscape(command); ++ for (p = command; *p; ++p) ++ if (*p == '+') ++ *p = ' '; ++ HTSprintf0(&message, format, command); ++ result = HTConfirm(message); ++ FREE(message); ++ FREE(command); ++ } ++ return result; ++} ++#endif /* LYNXCGI_LINKS */ ++ + #ifdef __MINGW32__ + PRIVATE int LYLoadCGI ARGS4( + CONST char *, arg, +@@ -281,8 +315,7 @@ + strcmp(arg, HTLoadedDocumentURL()) && + HText_AreDifferent(anAnchor, arg) && + HTUnEscape(orig_pgm) && +- !exec_ok(HTLoadedDocumentURL(), orig_pgm, +- CGI_PATH)) { /* exec_ok gives out msg. */ ++ !can_exec_cgi(orig_pgm, "")) { + /* + * If we have extra path info and are not just reloading + * the current, check the full file path (after unescaping) +@@ -313,8 +346,7 @@ + !(reloading && anAnchor->document) && + strcmp(arg, HTLoadedDocumentURL()) && + HText_AreDifferent(anAnchor, arg) && +- !exec_ok(HTLoadedDocumentURL(), pgm, +- CGI_PATH)) { /* exec_ok gives out msg. */ ++ !can_exec_cgi(pgm, pgm_args)) { + /* + * If we are reloading a lynxcgi document that had already been + * loaded, the various checks above should allow it even if +--- lynx2-8-5/src/LYGetFile.c.CVE-2005-2929 2003-06-02 02:16:28.000000000 +0100 ++++ lynx2-8-5/src/LYGetFile.c 2005-11-11 18:03:27.000000000 +0000 +@@ -1478,6 +1478,8 @@ + if (strstr(command,"//") == linktext) { + command += 2; + } ++ CTRACE((tfp, "comparing source\n\t'%s'\n\t'%s'\n", source, tp->src)); ++ CTRACE((tfp, "comparing command\n\t'%s'\n\t'%s'\n", command, tp->path)); + if (STRNADDRCOMP(source, tp->src, strlen(tp->src)) == 0 && + STRNADDRCOMP(command, tp->path, strlen(tp->path)) == 0) + return TRUE; +--- lynx2-8-5/CHANGES.CVE-2005-2929 2005-11-11 18:02:29.000000000 +0000 ++++ lynx2-8-5/CHANGES 2005-11-11 18:08:10.000000000 +0000 +@@ -3,6 +3,13 @@ + * eliminate fixed-size buffers in HTrjis() and related functions to avoid + potential buffer overflow in nntp pages (report by Ulf Harnhammar) -TD + ++2005-10-30 (2.8.6dev.15) ++* modify LYLoadCGI() to prompt user, displaying the command that would be ++ executed, to confirm that it should be. This makes it easier to notice when ++ a local program would be run by activating a lynxcgi link. This is not done ++ in advanced mode, since the URL is already visible in the status line (report ++ by vade79, comments by Greg MacManus) -TD ++ + 2003-06-01 (2.8.5dev.16) + + add zh_CN.po from + http://www.iro.umontreal.ca/contrib/po/maint/lynx/ diff --git a/lynx-2.8.5-can_2005_3120.patch b/lynx-2.8.5-can_2005_3120.patch new file mode 100644 index 0000000..01db5fa --- /dev/null +++ b/lynx-2.8.5-can_2005_3120.patch @@ -0,0 +1,393 @@ +--- lynx2-8-5/WWW/Library/Implementation/HTMIME.c.orig 2004-01-07 19:03:09.000000000 -0700 ++++ lynx2-8-5/WWW/Library/Implementation/HTMIME.c 2005-10-10 13:23:32.000000000 -0700 +@@ -2062,27 +2062,23 @@ + ** + ** Written by S. Ichikawa, + ** partially inspired by encdec.c of . +-** Assume caller's buffer is LINE_LENGTH bytes, these decode to +-** no longer than the input strings. + */ +-#define LINE_LENGTH 512 /* Maximum length of line of ARTICLE etc */ +-#ifdef ESC +-#undef ESC +-#endif /* ESC */ + #include /* S/390 -- gil -- 0163 */ +-#define ESC CH_ESC + + PRIVATE char HTmm64[] = + "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=" ; + PRIVATE char HTmmquote[] = "0123456789ABCDEF"; + PRIVATE int HTmmcont = 0; + +-PUBLIC void HTmmdec_base64 ARGS2( +- char *, t, ++PRIVATE void HTmmdec_base64 ARGS2( ++ char **, t, + char *, s) + { + int d, count, j, val; +- char buf[LINE_LENGTH], *bp, nw[4], *p; ++ char *buf, *bp, nw[4], *p; ++ ++ if ((buf = malloc(strlen(s) * 3 + 1)) == 0) ++ outofmem(__FILE__, "HTmmdec_base64"); + + for (bp = buf; *s; s += 4) { + val = 0; +@@ -2113,14 +2109,18 @@ + *bp++ = nw[2]; + } + *bp = '\0'; +- strcpy(t, buf); ++ StrAllocCopy(*t, buf); ++ FREE(buf); + } + +-PUBLIC void HTmmdec_quote ARGS2( +- char *, t, ++PRIVATE void HTmmdec_quote ARGS2( ++ char **, t, + char *, s) + { +- char buf[LINE_LENGTH], cval, *bp, *p; ++ char *buf, cval, *bp, *p; ++ ++ if ((buf = malloc(strlen(s) + 1)) == 0) ++ outofmem(__FILE__, "HTmmdec_quote"); + + for (bp = buf; *s; ) { + if (*s == '=') { +@@ -2147,23 +2147,27 @@ + } + } + *bp = '\0'; +- strcpy(t, buf); ++ StrAllocCopy(*t, buf); ++ FREE(buf); + } + + /* + ** HTmmdecode for ISO-2022-JP - FM + */ + PUBLIC void HTmmdecode ARGS2( +- char *, trg, ++ char **, trg, + char *, str) + { +- char buf[LINE_LENGTH], mmbuf[LINE_LENGTH]; ++ char *buf; ++ char *mmbuf = NULL; ++ char *m2buf = NULL; + char *s, *t, *u; + int base64, quote; + +- buf[0] = '\0'; +- +- for (s = str, u = buf; *s; ) { ++ if ((buf = malloc(strlen(str) + 1)) == 0) ++ outofmem(__FILE__, "HTmmdecode"); ++ ++ for (s = str, u = buf; *s;) { + if (!strncasecomp(s, "=?ISO-2022-JP?B?", 16)) { + base64 = 1; + } else { +@@ -2181,11 +2185,14 @@ + u--; + } + } ++ if (mmbuf == 0) /* allocate buffer big enough for source */ ++ StrAllocCopy(mmbuf, str); + for (s += 16, t = mmbuf; *s; ) { + if (s[0] == '?' && s[1] == '=') { + break; + } else { + *t++ = *s++; ++ *t = '\0'; + } + } + if (s[0] != '?' || s[1] != '=') { +@@ -2195,14 +2202,12 @@ + *t = '\0'; + } + if (base64) +- HTmmdec_base64(mmbuf, mmbuf); ++ HTmmdec_base64(&m2buf, mmbuf); + if (quote) +- HTmmdec_quote(mmbuf, mmbuf); +- for (t = mmbuf; *t; ) ++ HTmmdec_quote(&m2buf, mmbuf); ++ for (t = m2buf; *t; ) + *u++ = *t++; + HTmmcont = 1; +- /* if (*s == ' ' || *s == '\t') *u++ = *s; */ +- /* for ( ; *s == ' ' || *s == '\t'; s++) ; */ + } else { + if (*s != ' ' && *s != '\t') + HTmmcont = 0; +@@ -2211,7 +2216,10 @@ + } + *u = '\0'; + end: +- strcpy(trg, buf); ++ StrAllocCopy(*t, buf); ++ FREE(m2buf); ++ FREE(mmbuf); ++ FREE(buf); + } + + /* +@@ -2219,22 +2227,27 @@ + ** (The author of this function "rjis" is S. Ichikawa.) + */ + PUBLIC int HTrjis ARGS2( +- char *, t, ++ char **, t, + char *, s) + { +- char *p, buf[LINE_LENGTH]; ++ char *p; ++ char *buf = NULL; + int kanji = 0; + +- if (strchr(s, ESC) || !strchr(s, '$')) { +- if (s != t) +- strcpy(t, s); ++ if (strchr(s, CH_ESC) || !strchr(s, '$')) { ++ if (s != *t) ++ StrAllocCopy(*t, s); + return 1; + } ++ ++ if ((buf = malloc(strlen(s) * 2 + 1)) == 0) ++ outofmem(__FILE__, "HTrjis"); ++ + for (p = buf; *s; ) { + if (!kanji && s[0] == '$' && (s[1] == '@' || s[1] == 'B')) { + if (HTmaybekanji((int)s[2], (int)s[3])) { + kanji = 1; +- *p++ = ESC; ++ *p++ = CH_ESC; + *p++ = *s++; + *p++ = *s++; + *p++ = *s++; +@@ -2246,7 +2259,7 @@ + } + if (kanji && s[0] == '(' && (s[1] == 'J' || s[1] == 'B')) { + kanji = 0; +- *p++ = ESC; ++ *p++ = CH_ESC; + *p++ = *s++; + *p++ = *s++; + continue; +@@ -2255,7 +2268,8 @@ + } + *p = *s; /* terminate string */ + +- strcpy(t, buf); ++ StrAllocCopy(*t, buf); ++ FREE(buf); + return 0; + } + +--- lynx2-8-5/WWW/Library/Implementation/HTMIME.h.orig 2003-01-22 02:43:13.000000000 -0700 ++++ lynx2-8-5/WWW/Library/Implementation/HTMIME.h 2005-10-10 13:23:32.000000000 -0700 +@@ -67,20 +67,12 @@ + For handling Japanese headers. + + */ +-extern void HTmmdec_base64 PARAMS(( +- char * t, +- char * s)); +- +-extern void HTmmdec_quote PARAMS(( +- char * t, +- char * s)); +- + extern void HTmmdecode PARAMS(( +- char * trg, ++ char ** trg, + char * str)); + + extern int HTrjis PARAMS(( +- char * t, ++ char ** t, + char * s)); + + extern int HTmaybekanji PARAMS(( +--- lynx2-8-5/WWW/Library/Implementation/HTNews.c.orig 2004-01-07 19:03:09.000000000 -0700 ++++ lynx2-8-5/WWW/Library/Implementation/HTNews.c 2005-10-10 13:24:48.000000000 -0700 +@@ -940,7 +940,6 @@ + } + } + +-#ifdef SH_EX /* for MIME */ + #ifdef NEWS_DEBUG + /* for DEBUG 1997/11/07 (Fri) 17:20:16 */ + void debug_print(unsigned char *p) +@@ -962,45 +961,15 @@ + } + #endif + +-static char *decode_mime(char *str) ++static char *decode_mime(char **str) + { +- char temp[LINE_LENGTH]; /* FIXME: what determines the actual size? */ +- char *p, *q; +- +- if (str == NULL) +- return ""; +- ++#ifdef SH_EX + if (HTCJK != JAPANESE) +- return str; +- +- LYstrncpy(temp, str, sizeof(temp) - 1); +- q = temp; +- while ((p = strchr(q, '=')) != 0) { +- if (p[1] == '?') { +- HTmmdecode(p, p); +- q = p + 2; +- } else { +- q = p + 1; +- } +- } +-#ifdef NEWS_DEBUG +- printf("new=["); +- debug_print(temp); ++ return *str; + #endif +- HTrjis(temp, temp); +- strcpy(str, temp); +- +- return str; ++ HTmmdecode(str, *str); ++ return HTrjis(str, *str) ? *str : ""; + } +-#else /* !SH_EX */ +-static char *decode_mime ARGS1(char *, str) +-{ +- HTmmdecode(str, str); +- HTrjis(str, str); +- return str; +-} +-#endif +- + + /* Read in an Article read_article + ** ------------------ +@@ -1087,22 +1056,22 @@ + + } else if (match(full_line, "SUBJECT:")) { + StrAllocCopy(subject, HTStrip(strchr(full_line,':')+1)); +- decode_mime(subject); ++ decode_mime(&subject); + } else if (match(full_line, "DATE:")) { + StrAllocCopy(date, HTStrip(strchr(full_line,':')+1)); + + } else if (match(full_line, "ORGANIZATION:")) { + StrAllocCopy(organization, + HTStrip(strchr(full_line,':')+1)); +- decode_mime(organization); ++ decode_mime(&organization); + + } else if (match(full_line, "FROM:")) { + StrAllocCopy(from, HTStrip(strchr(full_line,':')+1)); +- decode_mime(from); ++ decode_mime(&from); + + } else if (match(full_line, "REPLY-TO:")) { + StrAllocCopy(replyto, HTStrip(strchr(full_line,':')+1)); +- decode_mime(replyto); ++ decode_mime(&replyto); + + } else if (match(full_line, "NEWSGROUPS:")) { + StrAllocCopy(newsgroups, HTStrip(strchr(full_line,':')+1)); +@@ -1711,8 +1680,8 @@ + int, last_required) + { + char line[LINE_LENGTH+1]; +- char author[LINE_LENGTH+1]; +- char subject[LINE_LENGTH+1]; ++ char *author = NULL; ++ char *subject = NULL; + char *date = NULL; + int i; + char *p; +@@ -1725,7 +1694,6 @@ + int status, count, first, last; /* Response fields */ + /* count is only an upper limit */ + +- author[0] = '\0'; + START(HTML_HEAD); + PUTC('\n'); + START(HTML_TITLE); +@@ -1946,8 +1914,8 @@ + case 'S': + case 's': + if (match(line, "SUBJECT:")) { +- LYstrncpy(subject, line+9, sizeof(subject)-1);/* Save subject */ +- decode_mime(subject); ++ StrAllocCopy(subject, line + 9); ++ decode_mime(&subject); + } + break; + +@@ -1964,10 +1932,8 @@ + case 'F': + if (match(line, "FROM:")) { + char * p2; +- LYstrncpy(author, +- author_name(strchr(line,':')+1), +- sizeof(author)-1); +- decode_mime(author); ++ StrAllocCopy(author, strchr(line, ':') + 1); ++ decode_mime(&author); + p2 = author + strlen(author) - 1; + if (*p2==LF) + *p2 = '\0'; /* Chop off newline */ +@@ -1988,11 +1954,8 @@ + + PUTC('\n'); + START(HTML_LI); +-#ifdef SH_EX /* for MIME */ +- HTSprintf0(&temp, "\"%s\"", decode_mime(subject)); +-#else +- HTSprintf0(&temp, "\"%s\"", subject); +-#endif ++ p = decode_mime(&subject); ++ HTSprintf0(&temp, "\"%s\"", NonNull(p)); + if (reference) { + write_anchor(temp, reference); + FREE(reference); +@@ -2001,18 +1964,14 @@ + } + FREE(temp); + +- if (author[0] != '\0') { ++ if (author != NULL) { + PUTS(" - "); + if (LYListNewsDates) + START(HTML_I); +-#ifdef SH_EX /* for MIME */ +- PUTS(decode_mime(author)); +-#else +- PUTS(author); +-#endif ++ PUTS(decode_mime(&author)); + if (LYListNewsDates) + END(HTML_I); +- author[0] = '\0'; ++ FREE(author); + } + if (date) { + if (!diagnostic) { +@@ -2055,6 +2014,8 @@ + MAYBE_END(HTML_LI); + } /* Handle response to HEAD request */ + } /* Loop over article */ ++ FREE(author); ++ FREE(subject); + } /* If read headers */ + PUTC('\n'); + if (LYListNewsNumbers) + diff --git a/lynx-2.8.5-cve_2004_1617.patch b/lynx-2.8.5-cve_2004_1617.patch new file mode 100644 index 0000000..6ca7bde --- /dev/null +++ b/lynx-2.8.5-cve_2004_1617.patch @@ -0,0 +1,224 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 04_CVE-2004-1617.dpatch from the OpenBSD project. +## +## All lines beginning with `## DP:' are a description of the patch. +## DP: CVE-2004-1617: Lynx allows remote attackers to cause a denial of service +## DP: (infinite loop) via a web page or HTML email that contains invalid HTML +## DP: including (1) a TEXTAREA tag with a large COLS value and (2) a large tag +## DP: name in an element that is not terminated. + +@DPATCH@ +diff -urNad lynx-2.8.5~/src/GridText.c lynx-2.8.5/src/GridText.c +--- lynx-2.8.5~/src/GridText.c 2004-01-28 19:30:38.000000000 +0000 ++++ lynx-2.8.5/src/GridText.c 2006-05-12 15:12:32.000000000 +0100 +@@ -9589,8 +9589,8 @@ + /* + * Set SIZE. + */ +- if (I->size != NULL) { +- f->size = atoi(I->size); ++ if (I->size != 0) { ++ f->size = I->size; + /* + * Leave at zero for option lists. + */ +diff -urNad lynx-2.8.5~/src/HTForms.h lynx-2.8.5/src/HTForms.h +--- lynx-2.8.5~/src/HTForms.h 2003-06-02 02:16:28.000000000 +0100 ++++ lynx-2.8.5/src/HTForms.h 2006-05-12 15:12:32.000000000 +0100 +@@ -40,7 +40,7 @@ + CONST char *md; + CONST char *min; + CONST char *name; +- CONST char *size; ++ int size; + CONST char *src; + CONST char *type; + char *value; +diff -urNad lynx-2.8.5~/src/HTML.c lynx-2.8.5/src/HTML.c +--- lynx-2.8.5~/src/HTML.c 2004-01-19 12:16:02.000000000 +0000 ++++ lynx-2.8.5/src/HTML.c 2006-05-12 15:12:32.000000000 +0100 +@@ -80,6 +80,19 @@ + + #define STACKLEVEL(me) ((me->stack + MAX_NESTING - 1) - me->sp) + ++#define DFT_TEXTAREA_COLS 60 ++#define DFT_TEXTAREA_ROWS 4 ++ ++#define MAX_TEXTAREA_COLS LYcolLimit ++#define MAX_TEXTAREA_ROWS (3 * LYlines) ++ ++#define LimitValue(name, value) \ ++ if (name > value) { \ ++ CTRACE((tfp, "Limited " #name " to %d, was %d\n", \ ++ value, name)); \ ++ name = value; \ ++ } ++ + struct _HTStream { + CONST HTStreamClass * isa; + #ifdef USE_SOURCE_CACHE +@@ -4316,7 +4329,7 @@ + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = ATTR_CS_IN; +@@ -4502,7 +4515,7 @@ + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = ATTR_CS_IN; +@@ -4794,7 +4807,7 @@ + I.checked = YES; + if (present && present[HTML_INPUT_SIZE] && + value[HTML_INPUT_SIZE] && *value[HTML_INPUT_SIZE]) +- I.size = value[HTML_INPUT_SIZE]; ++ I.size = atoi(value[HTML_INPUT_SIZE]); + if (present && present[HTML_INPUT_MAXLENGTH] && + value[HTML_INPUT_MAXLENGTH] && *value[HTML_INPUT_MAXLENGTH]) + I.maxlength = value[HTML_INPUT_MAXLENGTH]; +@@ -5033,26 +5046,28 @@ + if (present && present[HTML_TEXTAREA_COLS] && + value[HTML_TEXTAREA_COLS] && + isdigit(UCH(*value[HTML_TEXTAREA_COLS]))) +- StrAllocCopy(me->textarea_cols, value[HTML_TEXTAREA_COLS]); ++ me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]); + else { + int width; + width = LYcols - 1 - + me->new_style->leftIndent - me->new_style->rightIndent; + if (dump_output_immediately) /* don't waste too much for this */ +- width = HTMIN(width, 60); ++ width = HTMIN(width, DFT_TEXTAREA_COLS); + if (width > 1 && (width-1)*6 < MAX_LINE - 3 - + me->new_style->leftIndent - me->new_style->rightIndent) +- HTSprintf0(&me->textarea_cols, "%d", width); ++ me->textarea_cols = width; + else +- StrAllocCopy(me->textarea_cols, "60"); ++ me->textarea_cols = DFT_TEXTAREA_COLS; + } ++ LimitValue(me->textarea_cols, MAX_TEXTAREA_COLS); + + if (present && present[HTML_TEXTAREA_ROWS] && + value[HTML_TEXTAREA_ROWS] && + isdigit(UCH(*value[HTML_TEXTAREA_ROWS]))) + me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]); + else +- me->textarea_rows = 4; ++ me->textarea_rows = DFT_TEXTAREA_ROWS; ++ LimitValue(me->textarea_rows, MAX_TEXTAREA_ROWS); + + if (present && present[HTML_TEXTAREA_DISABLED]) + me->textarea_disabled = YES; +@@ -5169,7 +5184,7 @@ + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.accept_cs = NULL; + I.name_cs = -1; +@@ -6818,7 +6833,7 @@ + I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL; + I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL; + I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL; +- I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL; ++ I.min=NULL; I.name=NULL; I.size=0; I.src=NULL; + I.type=NULL; I.value=NULL; I.width=NULL; + I.value_cs = current_char_set; + +@@ -6969,7 +6984,7 @@ + } + I.value = temp; + chars = HText_beginInput(me->text, me->inUnderline, &I); +- for (chars = atoi(me->textarea_cols); chars > 0; chars--) ++ for (chars = me->textarea_cols; chars > 0; chars--) + HTML_put_character(me, '_'); + HText_appendCharacter(me->text, '\r'); + if (*data == '\n') { +@@ -6994,7 +7009,6 @@ + HTChunkClear(&me->textarea); + FREE(me->textarea_name); + me->textarea_name_cs = -1; +- FREE(me->textarea_cols); + FREE(me->textarea_id); + break; + } +@@ -7541,7 +7555,6 @@ + FREE(me->map_address); + FREE(me->textarea_name); + FREE(me->textarea_accept_cs); +- FREE(me->textarea_cols); + FREE(me->textarea_id); + FREE(me->LastOptionValue); + FREE(me->xinclude); +@@ -7721,7 +7734,7 @@ + me->textarea_name = NULL; + me->textarea_name_cs = -1; + me->textarea_accept_cs = NULL; +- me->textarea_cols = NULL; ++ me->textarea_cols = 0; + me->textarea_rows = 4; + me->textarea_disabled = NO; + me->textarea_id = NULL; +diff -urNad lynx-2.8.5~/src/HTML.h lynx-2.8.5/src/HTML.h +--- lynx-2.8.5~/src/HTML.h 2004-01-08 02:03:09.000000000 +0000 ++++ lynx-2.8.5/src/HTML.h 2006-05-12 15:12:32.000000000 +0100 +@@ -104,7 +104,7 @@ + char * textarea_name; + int textarea_name_cs; + char * textarea_accept_cs; +- char * textarea_cols; ++ int textarea_cols; + int textarea_rows; + int textarea_disabled; + char * textarea_id; +diff -urNad lynx-2.8.5~/src/LYCurses.h lynx-2.8.5/src/LYCurses.h +--- lynx-2.8.5~/src/LYCurses.h 2004-01-28 19:30:38.000000000 +0000 ++++ lynx-2.8.5/src/LYCurses.h 2006-05-12 15:12:32.000000000 +0100 +@@ -365,6 +365,24 @@ + extern int LYlines; /* replaces LINES */ + extern int LYcols; /* replaces COLS */ + ++/* ++ * The scrollbar, if used, occupies the rightmost column. ++ */ ++#ifdef USE_SCROLLBAR ++#define LYbarWidth (LYShowScrollbar ? 1 : 0) ++#else ++#define LYbarWidth 0 ++#endif ++ ++/* ++ * Usable limits for display: ++ */ ++#if defined(FANCY_CURSES) || defined(USE_SLANG) ++#define LYcolLimit (LYcols - LYbarWidth) ++#else ++#define LYcolLimit (LYcols - 1) ++#endif ++ + #ifdef USE_CURSES_PADS + extern WINDOW *LYwin; + extern int LYshiftWin; +diff -urNad lynx-2.8.5~/userdefs.h lynx-2.8.5/userdefs.h +--- lynx-2.8.5~/userdefs.h 2006-05-12 15:11:12.000000000 +0100 ++++ lynx-2.8.5/userdefs.h 2006-05-12 15:12:32.000000000 +0100 +@@ -1379,6 +1379,8 @@ + #define MAXCHARSETS 60 /* max character sets supported */ + #define TRST_MAXROWSPAN 10000 /* max rowspan accepted by TRST code */ + #define TRST_MAXCOLSPAN 1000 /* max colspan and COL/COLGROUP span accepted */ ++#define MAX_TABLE_ROWS 200 /* max rows for tables */ ++#define MAX_TABLE_COLS 200 /* max cols for tables */ + #define SAVE_TIME_NOT_SPACE /* minimize number of some malloc calls */ + + /* Win32 may support more, but old win16 helper apps may not. */ diff --git a/lynx-2.8.5-localization.patch b/lynx-2.8.5-localization.patch new file mode 100644 index 0000000..c16549a --- /dev/null +++ b/lynx-2.8.5-localization.patch @@ -0,0 +1,51 @@ +--- lynx2-8-5/userdefs.h.pix 2002-12-02 03:07:38.000000000 +0100 ++++ lynx2-8-5/userdefs.h 2003-01-22 01:29:40.000000000 +0100 +@@ -110,8 +110,8 @@ + * Mappings in these global and personal files override any SUFFIX + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_EXTENSION_MAP "Lynx_Dir:mime.types" +-#define PERSONAL_EXTENSION_MAP "mime.types" ++#define GLOBAL_EXTENSION_MAP "/etc/mime.types" ++#define PERSONAL_EXTENSION_MAP ".mime.types" + + /************************** + * The MAILCAP file allows you to map file MIME types to +@@ -120,7 +120,7 @@ + * Mappings in these global and personal files override any VIEWER + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_MAILCAP "Lynx_Dir:mailcap" ++#define GLOBAL_MAILCAP "/etc/mailcap" + #define PERSONAL_MAILCAP ".mailcap" + + /************************** +@@ -296,7 +296,7 @@ + * Mappings in these global and personal files override any SUFFIX + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_EXTENSION_MAP "/usr/local/lib/mosaic/mime.types" ++#define GLOBAL_EXTENSION_MAP "/etc/mime.types" + #define PERSONAL_EXTENSION_MAP ".mime.types" + + /************************** +@@ -306,7 +306,7 @@ + * Mappings in these global and personal files override any VIEWER + * definitions in lynx.cfg and built-in defaults from src/HTInit.c. + */ +-#define GLOBAL_MAILCAP "/usr/local/lib/mosaic/mailcap" ++#define GLOBAL_MAILCAP "/etc/mailcap" + #define PERSONAL_MAILCAP ".mailcap" + + /************************** +--- lynx2-8-5/lynx.cfg.pix 2002-12-02 03:19:26.000000000 +0100 ++++ lynx2-8-5/lynx.cfg 2003-01-22 01:29:40.000000000 +0100 +@@ -11,7 +11,7 @@ + # Definition pairs are of the form VARIABLE:DEFINITION + # NO spaces are allowed between the pair items. + # +-# If you do not have write access to /usr/local/lib you may change ++# If you do not have write access to /usr/bin you may change + # the default location of this file in the userdefs.h file and recompile, + # or specify its location on the command line with the "-cfg" + # command line option. diff --git a/lynx-2.8.6-lynxcfg.patch b/lynx-2.8.6-lynxcfg.patch new file mode 100644 index 0000000..cb95c5d --- /dev/null +++ b/lynx-2.8.6-lynxcfg.patch @@ -0,0 +1,50 @@ +--- lynx2-8-6/lynx.cfg 2008-07-07 01:44:53.000000000 +0200 ++++ lynx2-8-6/lynx.cfg.orig 2008-07-07 01:58:54.000000000 +0200 +@@ -1,6 +1,6 @@ + # lynx.cfg file. +-# The default placement for this file is /usr/local/lib/lynx.cfg (Unix) +-# or Lynx_Dir:lynx.cfg (VMS) ++# Please don't edit this file directly, it will be overwritten at the ++# next update of lynx. Instead, edit /etc/lynx.cfg. + # + # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$ + #PRCS LYNX_VERSION "2.8.6rel.5" +@@ -92,7 +92,7 @@ + # + # Normally we expect you will connect to a remote site, e.g., the Lynx starting + # site: +-STARTFILE:http://lynx.isc.org/ ++STARTFILE:http://www.openmamba.org + # + # As an alternative, you may want to use a local URL. A good choice for this is + # the user's home directory: +@@ -115,9 +115,9 @@ + # http://www.subir.com/lynx/lynx_help/lynx_help_main.html + # This should be changed to the local path. + # +-HELPFILE:http://www.subir.com/lynx/lynx_help/lynx_help_main.html ++HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html + .ex +-#HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html ++#HELPFILE:http://www.subir.com/lynx/lynx_help/lynx_help_main.html + + + .h2 DEFAULT_INDEX_FILE +@@ -506,7 +506,7 @@ + # Older browser versions will fail so keep NCR_IN_BOOKMARKS:FALSE if you + # plan to use them. + # +-#NCR_IN_BOOKMARKS:FALSE ++NCR_IN_BOOKMARKS:TRUE + + + .h2 FORCE_8BIT_TOUPPER +@@ -3420,6 +3420,8 @@ + # requires PDCurses 2.5. The values given are width,height. + #SCREEN_SIZE:80,24 + ++# included last to allow overriding configuration above ++INCLUDE:/etc/lynx.cfg + .h2 NO_MARGINS + # Disable left/right margins in the default style sheet. + # This is the same as the command-line "-nomargins" option. diff --git a/lynx-2.8.6-no_telnel_args.patch b/lynx-2.8.6-no_telnel_args.patch new file mode 100644 index 0000000..00874f4 --- /dev/null +++ b/lynx-2.8.6-no_telnel_args.patch @@ -0,0 +1,14 @@ +--- lynx2-8-6/WWW/Library/Implementation/HTTelnet.c 2006-05-30 00:44:54.000000000 +0200 ++++ lynx2-8-6/WWW/Library/Implementation/HTTelnet.c.pix 2008-07-07 02:07:08.000000000 +0200 +@@ -72,6 +72,11 @@ + * *cp=0; // terminate at any ;,<,>,`,|,",' or space or return + * or tab to prevent security whole + */ ++ /* don't accept command line args to telnet */ ++ /* notting@redhat.com, 8-25-99 */ ++ for (; *host && *host =='-' ; host ++) { ++ *host = '\0'; ++ } + for (cp = (strchr(host, '@') ? strchr(host, '@') : host); *cp != '\0'; + cp++) { + if (!isalnum(UCH(*cp)) && *cp != '_' && *cp != '-' && diff --git a/lynx-2.8.6-tmp_dir.patch b/lynx-2.8.6-tmp_dir.patch new file mode 100644 index 0000000..07ce6a5 --- /dev/null +++ b/lynx-2.8.6-tmp_dir.patch @@ -0,0 +1,11 @@ +--- lynx2-8-6/userdefs.h 2008-07-07 01:44:53.000000000 +0200 ++++ lynx2-8-6/userdefs.h.pix 2008-07-07 02:15:48.000000000 +0200 +@@ -345,7 +345,7 @@ + * the "TMPDIR" (unix), or "TEMP" or "TMP" (Windows,DOS,OS/2) + * variable. + */ +-#define TEMP_SPACE "/tmp/" ++#define TEMP_SPACE "~/tmp/" + + /******************************** + * Comment this line out to disable code that implements command logging diff --git a/lynx.spec b/lynx.spec new file mode 100644 index 0000000..c831333 --- /dev/null +++ b/lynx.spec @@ -0,0 +1,199 @@ +### AUTOUPDATE-OFF: 6 +%define dottedver %(echo %version | tr . - ) + +Name: lynx +Version: 2.8.8 +Release: 1mamba +Summary: Text based browser for the world wide web +Group: Applications/Web +Vendor: openmamba +Distribution: openmamba +Packager: Silvan Calarco +URL: http://lynx.isc.org +Source: http://lynx.isc.org/lynx%{version}/lynx%{version}.tar.bz2 +Patch0: %{name}-2.8.5-localization.patch +Patch1: %{name}-1-2.8.6-tmp_dir.patch +Patch2: %{name}-2.8.6-tmp_dir.patch +Patch3: %{name}-2.8.6-no_telnel_args.patch +Patch4: %{name}-2.8.6-lynxcfg.patch +Patch5: %{name}-2.8.5-can_2005_3120.patch +Patch6: %{name}-2.8.5-cve_2004_1617.patch +Patch7: %{name}-2.8.5-can_2005_2929.patch +License: GPL +BuildRequires: gettext-devel >= 0.14.0 +BuildRequires: ncompress +## AUTOBUILDREQ-BEGIN +BuildRequires: glibc-devel +BuildRequires: gnome-icon-theme +BuildRequires: gzip +BuildRequires: libbzip2-devel >= 1.0.3 +BuildRequires: libopenssl-devel >= 0.9.7h +BuildRequires: libncurses-devel >= 5.4 +BuildRequires: libz-devel >= 1.2.3 +BuildRequires: perl-devel +BuildRequires: sharutils +BuildRequires: zip +## AUTOBUILDREQ-END +Requires: gzip +Requires: sharutils +Requires: zip +BuildRoot: %{_tmppath}/%{name}-%{version}-root + +%description +This a terminal based WWW browser. +While it does not make any attempt at displaying graphics, it has good support +for HTML text formatting, forms, and tables. + +%package desktop +Group: Graphical Desktop/Applications/Internet +Summary: Desktop menu entry for the lynx text based browser for the world wide web +Requires: %{name} = %{?epoch:%epoch:}%{version}-%{release} +Requires: gnome-icon-theme + +%description desktop +Desktop menu entry for the lynx text based browser for the world wide web. + +%prep +%setup -q -n lynx%{dottedver} +#%patch0 -p1 -b .localization +#%patch1 -p1 -b .tmp_dir +%patch2 -p1 -b .tmp_dir +#%patch3 -p1 -b .no_telnel_args +#%patch4 -p1 -b .lynxcfg +#%patch5 -p1 -b .can-2005-3120 +#%patch6 -p1 -b .can-2005-2929 +#%patch7 -p1 -b .cve-2004-1617 + + +%build +%configure \ + --prefix=%{_prefix} \ + --libdir=%{_datadir}/lynx \ + --mandir=%{_mandir} \ + --with-screen=ncurses \ + --enable-8bit-toupper \ + --enable-externs \ + --enable-cgi-links \ + --enable-persistent-cookies \ + --enable-nls \ + --enable-prettysrc \ + --enable-source-cache \ + --enable-charset-choice \ + --enable-default-colors \ + --enable-ipv6 \ + --enable-nested-tables \ + --enable-read-eta \ + --enable-internal-links \ + --enable-libjs \ + --enable-scrollbar \ + --enable-file-upload \ + --enable-addrlist-page \ + --enable-justify-elts \ + --enable-color-style \ + --enable-nsl-fork \ + --with-ssl \ + --with-bzlib \ + --with-zlib \ + --without-x + +%install +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%makeinstall install-full DESTDIR=%{buildroot} +%makeinstall install-help DESTDIR=%{buildroot} + +install -d %{buildroot}%{_sysconfdir} +echo "\ +# place any local lynx configuration options (proxies, etc.) here +" > %{buildroot}%{_sysconfdir}/lynx.cfg + + +%{__mkdir_p} %{buildroot}%{_datadir}/applications +cat > %{buildroot}%{_datadir}/applications/%{name}.desktop << EOF +[Desktop Entry] +Encoding=UTF-8 +StartupNotify=true +Name=Lynx +Name[de]=Lynx +Name[it]=Lynx +Name[ja]=Lynx +Name[sv]=Lynx +Comment=Text based WWW browser +Comment[de]=Textbasierter WWW-Browser +Comment[it]=Browser testuale +Comment[ja]=テキストベース WWW ブラウザ +Comment[sv]=Textbeserad webbläsare +Exec=lynx %u +Icon=/usr/share/pixmaps/gnome-html.png +MimeType=text/html +Terminal=true +Type=Application +Categories=Application;Network; +OnlyShowIn=GNOME;KDE; +EOF + + +%find_lang %{name} + +%clean +[ "%{buildroot}" != / ] && rm -rf "%{buildroot}" + +%files -f %{name}.lang +%defattr(-,root,root) +%config(noreplace) %{_sysconfdir}/lynx.cfg +%config(noreplace) %{_sysconfdir}/lynx.lss +#%config(noreplace) %{_sysconfdir}/lynx.oldlss +%{_bindir}/lynx +%{_bindir}/lynx.old +%dir %{_datadir}/lynx_help +%{_datadir}/lynx_help/*.html +%dir %{_datadir}/lynx_help/keystrokes +%{_datadir}/lynx_help/keystrokes/*.html +%dir %{_datadir}/lynx_doc +%{_datadir}/lynx_doc/ +%{_mandir}/man1/lynx.1.gz +%doc CHANGES COPYHEADER COPYING PROBLEMS README + +%files desktop +%defattr(-,root,root) +%{_datadir}/applications/%{name}.desktop + +%changelog +* Sat Feb 15 2014 Automatic Build System 2.8.8-1mamba +- automatic version update by autodist + +* Tue Apr 12 2011 Silvan Calarco 2.8.7-3mamba +- moved desktop menu entry file and requirements to the new subpackage lynx-desktop + +* Thu Mar 31 2011 Silvan Calarco 2.8.7-2mamba +- rebuilt with openssl 1.0.0 + +* Thu Jul 09 2009 Automatic Build System 2.8.7-1mamba +- automatic update to 2.8.7 by autodist + +* Sat Jul 05 2008 gil 2.8.6-1mamba +- update to 2.8.6 +- renoved patches: 5,6,7 +- added: lynx.desktop + +* Mon May 29 2006 Davide Madrisan 2.8.5-5qilnx +- security update: CVE-2004-1617 (qibug:177) + +* Tue Nov 15 2005 Davide Madrisan 2.8.5-4qilnx +- security fix for CAN-2005-2929 (qibug:72), QSA-2005-133 + +* Wed Oct 19 2005 Davide Madrisan 2.8.5-3qilnx +- default configuration file updated + +* Wed Oct 19 2005 Davide Madrisan 2.8.5-2qilnx +- security fix QSA-2005-122 (CAN-2005-3120) +- updates and cleanups on specfile +- added build requirents and support for bzlib + +* Fri Feb 05 2004 Davide Madrisan 2.8.5-1qilnx +- cleanups on specfile +- added localisation +- rebuilt with lynx2.8.5 + +* Tue Apr 22 2003 Alessandro Ramazzina 2.8.4-1qilnx +- creation of lynx package