Index: branches/2017Q1/www/lynx/Makefile
===================================================================
--- branches/2017Q1/www/lynx/Makefile	(revision 430984)
+++ branches/2017Q1/www/lynx/Makefile	(revision 430985)
@@ -1,71 +1,71 @@
 # Created by: Andrey Chernov <ache@FreeBSD.org>
 # $FreeBSD$
 
 PORTNAME=	lynx
 PORTVERSION=	2.8.8.2
-PORTREVISION=	4
+PORTREVISION=	5
 PORTEPOCH=	1
 CATEGORIES=	www ipv6
 MASTER_SITES=	http://invisible-mirror.net/archives/lynx/tarballs/ \
 		http://bitrote.org/distfiles/
 DISTNAME=	${PORTNAME}${PORTVERSION:R}rel.${PORTVERSION:E}
 
 MAINTAINER=	jharris@widomaker.com
 COMMENT=	Non-graphical, text-based World-Wide Web client
 
 LICENSE=	GPLv2
 
 CONFLICTS=	lynx-2.8.[8-9]d*
 
 USES=		cpe ncurses shebangfix tar:bzip2
 SHEBANG_FILES=	samples/mailto-form.pl
 WRKSRC=		${WRKDIR}/${PORTNAME}2-8-8
 GNU_CONFIGURE=	yes
 CONFIGURE_ARGS+=--with-zlib --libdir="${PREFIX}/etc" \
 		--enable-nsl-fork --enable-persistent-cookies \
 		--enable-nested-tables --enable-gzip-help \
 		--with-screen=ncursesw
 CPE_VERSION=	${PORTVERSION:R}
 CPE_UPDATE=	rel.${PORTVERSION:E}
 
 MAKEFILE=	makefile
 L_HELP=		${PREFIX}/share/lynx_help
 SUB_FILES=	pkg-message
 MAKE_JOBS_UNSAFE=	yes
 
 OPTIONS_DEFINE=	DEFAULT_COLORS IPV6 NLS SSL DOCS EXTERNALS
 OPTIONS_DEFAULT=	SSL EXTERNALS
 DEFAULT_COLORS_DESC=	Colors support
 EXTERNALS_DESC=	External application support
 OPTIONS_SUB=	yes
 
 NLS_USES=	gettext iconv
 NLS_CONFIGURE_ENABLE=	nls
 NLS_CONFIGURE_ON=	${ICONV_CONFIGURE_ARG}
 
 IPV6_CONFIGURE_ENABLE=	ipv6
 
 DEFAULT_COLORS_CONFIGURE_ENABLE=	default-colors
 
 DOCS_CONFIGURE_ENABLE=	local-docs
 DOCS_INSTALL_TARGET=	install-full
 DOCS_MAKE_ARGS=		helpdir=${L_HELP} docdir=${DOCSDIR}
 
 EXTERNALS_CONFIGURE_ENABLE=externs
 
 SSL_CONFIGURE_ON=	--with-ssl=${OPENSSLBASE}
 SSL_USES=		ssl
 
 post-install-DOCS-on:
 # Fix some stage symlinks
 .for doc in COPYHEADER COPYING COPYHEADER.asc COPYING.asc
 	(cd ${STAGEDIR}${L_HELP} && ln -sf ../doc/lynx/${doc} .)
 .endfor
 
 .include <bsd.port.pre.mk>
 
 .if ${PORT_OPTIONS:MSSL} && ${SSL_DEFAULT:Mopenssl-devel}
 BROKEN=		Does not build with openssl-devel
 .endif
 
 .include <bsd.port.post.mk>
Index: branches/2017Q1/www/lynx/files/patch-CVE-2014-3566
===================================================================
--- branches/2017Q1/www/lynx/files/patch-CVE-2014-3566	(nonexistent)
+++ branches/2017Q1/www/lynx/files/patch-CVE-2014-3566	(revision 430985)
@@ -0,0 +1,16 @@
+Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability".
+
+This change has been passed upstream.
+
+--- WWW/Library/Implementation/HTTP.c.orig	2015-02-16 12:48:34.014809453 -0800
++++ WWW/Library/Implementation/HTTP.c	2015-02-16 12:49:09.627395954 -0800
+@@ -119,7 +119,8 @@
+ #else
+ 	SSLeay_add_ssl_algorithms();
+ 	ssl_ctx = SSL_CTX_new(SSLv23_client_method());
+-	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2);
++	/* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */
++	SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
+ #ifdef SSL_OP_NO_COMPRESSION
+ 	SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION);
+ #endif

Property changes on: branches/2017Q1/www/lynx/files/patch-CVE-2014-3566
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2017Q1/www/lynx/files/patch-CVE-2016-9179
===================================================================
--- branches/2017Q1/www/lynx/files/patch-CVE-2016-9179	(nonexistent)
+++ branches/2017Q1/www/lynx/files/patch-CVE-2016-9179	(revision 430985)
@@ -0,0 +1,85 @@
+Fix for CVE-2016-9179
+See:
+http://lists.nongnu.org/archive/html/lynx-dev/2016-11/msg00018.html
+
+Re-engineered the upstream patch, which was only released
+for the unstable lynx2.8.9. Removed the at_sign, and made sure that
+the user id is correctly stripped of all non valid inputs.
+
+--- WWW/Library/Implementation/HTTCP.c_orig	2016-12-01 15:07:39.487753520 +0000
++++ WWW/Library/Implementation/HTTCP.c	2016-12-01 15:10:20.291328282 +0000
+@@ -1792,7 +1792,6 @@
+     int status = 0;
+     char *line = NULL;
+     char *p1 = NULL;
+-    char *at_sign = NULL;
+     char *host = NULL;
+ 
+ #ifdef INET6
+@@ -1814,14 +1813,8 @@
+      * Get node name and optional port number.
+      */
+     p1 = HTParse(url, "", PARSE_HOST);
+-    if ((at_sign = StrChr(p1, '@')) != NULL) {
+-	/*
+-	 * If there's an @ then use the stuff after it as a hostname.
+-	 */
+-	StrAllocCopy(host, (at_sign + 1));
+-    } else {
+ 	StrAllocCopy(host, p1);
+-    }
++    strip_userid(host, FALSE);
+     FREE(p1);
+ 
+     HTSprintf0(&line, "%s%s", WWW_FIND_MESSAGE, host);
+--- WWW/Library/Implementation/HTTP.c_orig	2016-12-01 15:13:24.171404704 +0000
++++ WWW/Library/Implementation/HTTP.c	2016-12-01 15:19:59.699276204 +0000
+@@ -426,7 +426,7 @@
+ /*
+  * Strip any username from the given string so we retain only the host.
+  */
+-static void strip_userid(char *host)
++void strip_userid(char *host, int parse_only)
+ {
+     char *p1 = host;
+     char *p2 = StrChr(host, '@');
+@@ -439,7 +439,8 @@
+ 
+ 	    CTRACE((tfp, "parsed:%s\n", fake));
+ 	    HTSprintf0(&msg, gettext("Address contains a username: %s"), host);
+-	    HTAlert(msg);
++           if (msg !=0 && !parse_only)
++	        HTAlert(msg);
+ 	    FREE(msg);
+ 	}
+ 	while ((*p1++ = *p2++) != '\0') {
+@@ -1081,7 +1082,7 @@
+ 	char *host = NULL;
+ 
+ 	if ((host = HTParse(anAnchor->address, "", PARSE_HOST)) != NULL) {
+-	    strip_userid(host);
++	    strip_userid(host, TRUE);
+ 	    HTBprintf(&command, "Host: %s%c%c", host, CR, LF);
+ 	    FREE(host);
+ 	}
+--- WWW/Library/Implementation/HTUtils.h_orig	2016-12-01 15:21:38.919699987 +0000
++++ WWW/Library/Implementation/HTUtils.h	2016-12-01 15:22:57.870511104 +0000
+@@ -801,6 +801,8 @@
+ 
+     extern FILE *TraceFP(void);
+ 
++    extern void strip_userid(char *host, int warn);
++
+ #ifdef USE_SSL
+     extern SSL *HTGetSSLHandle(void);
+     extern void HTSSLInitPRNG(void);
+--- src/LYUtils.c_orig	2016-12-01 15:25:21.769447171 +0000
++++ src/LYUtils.c	2016-12-01 15:28:31.901411555 +0000
+@@ -4693,6 +4693,7 @@
+      * Do a DNS test on the potential host field as presently trimmed.  - FM
+      */
+     StrAllocCopy(host, Str);
++    strip_userid(host, FALSE);
+     HTUnEscape(host);
+     if (LYCursesON) {
+ 	StrAllocCopy(MsgStr, WWW_FIND_MESSAGE);

Property changes on: branches/2017Q1/www/lynx/files/patch-CVE-2016-9179
___________________________________________________________________
Added: fbsd:nokeywords
## -0,0 +1 ##
+yes
\ No newline at end of property
Added: svn:eol-style
## -0,0 +1 ##
+native
\ No newline at end of property
Added: svn:mime-type
## -0,0 +1 ##
+text/plain
\ No newline at end of property
Index: branches/2017Q1
===================================================================
--- branches/2017Q1	(revision 430984)
+++ branches/2017Q1	(revision 430985)

Property changes on: branches/2017Q1
___________________________________________________________________
Modified: svn:mergeinfo
## -0,0 +0,1 ##
   Merged /head:r430984