Index: head/www/lynx/Makefile =================================================================== --- head/www/lynx/Makefile (revision 478087) +++ head/www/lynx/Makefile (revision 478088) @@ -1,67 +1,65 @@ # Created by: Andrey Chernov # $FreeBSD$ PORTNAME= lynx -PORTVERSION= 2.8.8.2 -PORTREVISION= 6 +PORTVERSION= 2.8.9.1 PORTEPOCH= 1 CATEGORIES= www ipv6 MASTER_SITES= http://invisible-mirror.net/archives/lynx/tarballs/ \ http://bitrote.org/distfiles/ DISTNAME= ${PORTNAME}${PORTVERSION:R}rel.${PORTVERSION:E} MAINTAINER= jharris@widomaker.com COMMENT= Non-graphical, text-based World-Wide Web client LICENSE= GPLv2 LIB_DEPENDS= libidn.so:dns/libidn CONFLICTS= lynx-2.8.[8-9]d* USES= cpe ncurses shebangfix tar:bzip2 SHEBANG_FILES= samples/mailto-form.pl -WRKSRC= ${WRKDIR}/${PORTNAME}2-8-8 GNU_CONFIGURE= yes CONFIGURE_ARGS+=--with-zlib --libdir="${PREFIX}/etc" \ --enable-nsl-fork --enable-persistent-cookies \ --enable-nested-tables --enable-gzip-help \ --with-screen=ncursesw CPE_VERSION= ${PORTVERSION:R} CPE_UPDATE= rel.${PORTVERSION:E} MAKEFILE= makefile L_HELP= ${PREFIX}/share/lynx_help SUB_FILES= pkg-message MAKE_JOBS_UNSAFE= yes OPTIONS_DEFINE= DEFAULT_COLORS IPV6 NLS SSL DOCS EXTERNALS OPTIONS_DEFAULT= SSL EXTERNALS DEFAULT_COLORS_DESC= Colors support EXTERNALS_DESC= External application support OPTIONS_SUB= yes NLS_USES= gettext iconv NLS_CONFIGURE_ENABLE= nls NLS_CONFIGURE_ON= ${ICONV_CONFIGURE_ARG} IPV6_CONFIGURE_ENABLE= ipv6 DEFAULT_COLORS_CONFIGURE_ENABLE= default-colors DOCS_CONFIGURE_ENABLE= local-docs DOCS_INSTALL_TARGET= install-full DOCS_MAKE_ARGS= helpdir=${L_HELP} docdir=${DOCSDIR} EXTERNALS_CONFIGURE_ENABLE=externs SSL_CONFIGURE_ON= --with-ssl=${OPENSSLBASE} SSL_USES= ssl post-install-DOCS-on: # Fix some stage symlinks .for doc in COPYHEADER COPYING COPYHEADER.asc COPYING.asc (cd ${STAGEDIR}${L_HELP} && ${LN} -sf ../doc/lynx/${doc} .) .endfor .include Index: head/www/lynx/distinfo =================================================================== --- head/www/lynx/distinfo (revision 478087) +++ head/www/lynx/distinfo (revision 478088) @@ -1,2 +1,3 @@ -SHA256 (lynx2.8.8rel.2.tar.bz2) = 6980e75cf0d677fd52c116e2e0dfd3884e360970c88c8356a114338500d5bee7 -SIZE (lynx2.8.8rel.2.tar.bz2) = 2587120 +TIMESTAMP = 1534076790 +SHA256 (lynx2.8.9rel.1.tar.bz2) = 387f193d7792f9cfada14c60b0e5c0bff18f227d9257a39483e14fa1aaf79595 +SIZE (lynx2.8.9rel.1.tar.bz2) = 2689171 Index: head/www/lynx/files/patch-CVE-2016-9179 =================================================================== --- head/www/lynx/files/patch-CVE-2016-9179 (revision 478087) +++ head/www/lynx/files/patch-CVE-2016-9179 (nonexistent) @@ -1,85 +0,0 @@ -Fix for CVE-2016-9179 -See: -http://lists.nongnu.org/archive/html/lynx-dev/2016-11/msg00018.html - -Re-engineered the upstream patch, which was only released -for the unstable lynx2.8.9. Removed the at_sign, and made sure that -the user id is correctly stripped of all non valid inputs. - ---- WWW/Library/Implementation/HTTCP.c_orig 2016-12-01 15:07:39.487753520 +0000 -+++ WWW/Library/Implementation/HTTCP.c 2016-12-01 15:10:20.291328282 +0000 -@@ -1792,7 +1792,6 @@ - int status = 0; - char *line = NULL; - char *p1 = NULL; -- char *at_sign = NULL; - char *host = NULL; - - #ifdef INET6 -@@ -1814,14 +1813,8 @@ - * Get node name and optional port number. - */ - p1 = HTParse(url, "", PARSE_HOST); -- if ((at_sign = StrChr(p1, '@')) != NULL) { -- /* -- * If there's an @ then use the stuff after it as a hostname. -- */ -- StrAllocCopy(host, (at_sign + 1)); -- } else { - StrAllocCopy(host, p1); -- } -+ strip_userid(host, FALSE); - FREE(p1); - - HTSprintf0(&line, "%s%s", WWW_FIND_MESSAGE, host); ---- WWW/Library/Implementation/HTTP.c_orig 2016-12-01 15:13:24.171404704 +0000 -+++ WWW/Library/Implementation/HTTP.c 2016-12-01 15:19:59.699276204 +0000 -@@ -426,7 +426,7 @@ - /* - * Strip any username from the given string so we retain only the host. - */ --static void strip_userid(char *host) -+void strip_userid(char *host, int parse_only) - { - char *p1 = host; - char *p2 = StrChr(host, '@'); -@@ -439,7 +439,8 @@ - - CTRACE((tfp, "parsed:%s\n", fake)); - HTSprintf0(&msg, gettext("Address contains a username: %s"), host); -- HTAlert(msg); -+ if (msg !=0 && !parse_only) -+ HTAlert(msg); - FREE(msg); - } - while ((*p1++ = *p2++) != '\0') { -@@ -1081,7 +1082,7 @@ - char *host = NULL; - - if ((host = HTParse(anAnchor->address, "", PARSE_HOST)) != NULL) { -- strip_userid(host); -+ strip_userid(host, TRUE); - HTBprintf(&command, "Host: %s%c%c", host, CR, LF); - FREE(host); - } ---- WWW/Library/Implementation/HTUtils.h_orig 2016-12-01 15:21:38.919699987 +0000 -+++ WWW/Library/Implementation/HTUtils.h 2016-12-01 15:22:57.870511104 +0000 -@@ -801,6 +801,8 @@ - - extern FILE *TraceFP(void); - -+ extern void strip_userid(char *host, int warn); -+ - #ifdef USE_SSL - extern SSL *HTGetSSLHandle(void); - extern void HTSSLInitPRNG(void); ---- src/LYUtils.c_orig 2016-12-01 15:25:21.769447171 +0000 -+++ src/LYUtils.c 2016-12-01 15:28:31.901411555 +0000 -@@ -4693,6 +4693,7 @@ - * Do a DNS test on the potential host field as presently trimmed. - FM - */ - StrAllocCopy(host, Str); -+ strip_userid(host, FALSE); - HTUnEscape(host); - if (LYCursesON) { - StrAllocCopy(MsgStr, WWW_FIND_MESSAGE); Property changes on: head/www/lynx/files/patch-CVE-2016-9179 ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c =================================================================== --- head/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c (revision 478087) +++ head/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c (nonexistent) @@ -1,11 +0,0 @@ ---- WWW/Library/Implementation/HTTP.c.orig 2017-02-09 21:20:27 UTC -+++ WWW/Library/Implementation/HTTP.c -@@ -721,7 +722,7 @@ static int HTLoadHTTP(const char *arg, - #elif SSLEAY_VERSION_NUMBER >= 0x0900 - #ifndef USE_NSS_COMPAT_INCL - if (!try_tls) { -- handle->options |= SSL_OP_NO_TLSv1; -+ SSL_set_options(handle, SSL_OP_NO_TLSv1); - #if OPENSSL_VERSION_NUMBER >= 0x0090806fL && !defined(OPENSSL_NO_TLSEXT) - } else { - int ret = (int) SSL_set_tlsext_host_name(handle, ssl_host); Property changes on: head/www/lynx/files/patch-WWW_Library_Implementation_HTTP.c ___________________________________________________________________ Deleted: fbsd:nokeywords ## -1 +0,0 ## -yes \ No newline at end of property Deleted: svn:eol-style ## -1 +0,0 ## -native \ No newline at end of property Deleted: svn:mime-type ## -1 +0,0 ## -text/plain \ No newline at end of property Index: head/www/lynx/files/patch-CVE-2014-3566 =================================================================== --- head/www/lynx/files/patch-CVE-2014-3566 (revision 478087) +++ head/www/lynx/files/patch-CVE-2014-3566 (revision 478088) @@ -1,16 +1,16 @@ -Disable SSLv2 and SSLv3 in lynx to "mitigate POODLE vulnerability". - -This change has been passed upstream. - ---- WWW/Library/Implementation/HTTP.c.orig 2015-02-16 12:48:34.014809453 -0800 -+++ WWW/Library/Implementation/HTTP.c 2015-02-16 12:49:09.627395954 -0800 -@@ -119,7 +119,8 @@ +--- WWW/Library/Implementation/HTTP.c.orig 2018-08-12 12:33:30 UTC ++++ WWW/Library/Implementation/HTTP.c +@@ -206,11 +206,8 @@ SSL *HTGetSSLHandle(void) #else SSLeay_add_ssl_algorithms(); - ssl_ctx = SSL_CTX_new(SSLv23_client_method()); -- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); -+ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ -+ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); + if ((ssl_ctx = SSL_CTX_new(TLS_client_method())) != NULL) { +-#ifdef SSL_OP_NO_SSLv2 +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2); +-#else +- SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL); +-#endif ++ /* Always disable SSLv2 & SSLv3 to "mitigate POODLE vulnerability". */ ++ SSL_CTX_set_options(ssl_ctx, SSL_OP_ALL | SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); #ifdef SSL_OP_NO_COMPRESSION - SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); + SSL_CTX_set_options(ssl_ctx, SSL_OP_NO_COMPRESSION); #endif