Bug#387279: lynx 2.8.5-2sarge1.2 NMU diff

Aníbal Monsalve Salazar Wed, 13 Sep 2006 04:05:07 -0700

Package: lynx
Version: 2.8.5-2sarge1.2
Severity: important
Tags: patch

Hello,


Please find the lynx 2.8.5-2sarge1.2 NMU diff file as an
attachment.

Aníbal Monsalve Salazar
-- 
http://v7w.com/anibal

interdiff -z -p1 cache/lynx/lynx_2.8.5-2sarge1.1.diff.gz 
cache/lynx/lynx_2.8.5-2sarge1.2.diff.gz
diff -u lynx-2.8.5/debian/changelog lynx-2.8.5/debian/changelog
--- lynx-2.8.5/debian/changelog
+++ lynx-2.8.5/debian/changelog
@@ -1,3 +1,15 @@
+lynx (2.8.5-2sarge1.2) unstable; urgency=high
+
+  * NMU.
+  * Added OpenBSD patch to fix infinete loop rendering broken HTML
+    [debian/patches/04_CVE-2004-1617.dpatch]
+    Closes: #384725.
+  * Fixed "FTBFS on GNU/Hurd (and GNU/k*BSD)".
+    Patch by Robert Millan <[EMAIL PROTECTED]>.
+    Closes: #238057.
+
+ -- Anibal Monsalve Salazar <[EMAIL PROTECTED]>  Wed, 13 Sep 2006 18:41:49 
+1000
+
 lynx (2.8.5-2sarge1.1) unstable; urgency=low
 
   * Non-maintainer upload.
diff -u lynx-2.8.5/debian/patches/00list lynx-2.8.5/debian/patches/00list
--- lynx-2.8.5/debian/patches/00list
+++ lynx-2.8.5/debian/patches/00list
@@ -3,0 +4,2 @@
+04_CVE-2004-1617.dpatch
+05_FTBFS_on_GNUHurd_and_GNUkBSD
only in patch2:
unchanged:
--- lynx-2.8.5.orig/debian/patches/04_CVE-2004-1617.dpatch
+++ lynx-2.8.5/debian/patches/04_CVE-2004-1617.dpatch
@@ -0,0 +1,225 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+## 04_CVE-2004-1617.dpatch from the OpenBSD project.
+## ftp://ftp.openbsd.org/pub/OpenBSD/patches/3.6/common/004_lynx.patch
+##
+## All lines beginning with `## DP:' are a description of the patch.
+## DP: CVE-2004-1617: Lynx allows remote attackers to cause a denial of service
+## DP: (infinite loop) via a web page or HTML email that contains invalid HTML
+## DP: including (1) a TEXTAREA tag with a large COLS value and (2) a large tag
+## DP: name in an element that is not terminated.
+
[EMAIL PROTECTED]@
+diff -urNad lynx-2.8.5~/src/GridText.c lynx-2.8.5/src/GridText.c
+--- lynx-2.8.5~/src/GridText.c 2004-01-28 19:30:38.000000000 +0000
++++ lynx-2.8.5/src/GridText.c  2006-05-12 15:12:32.000000000 +0100
+@@ -9589,8 +9589,8 @@
+     /*
+      *  Set SIZE.
+      */
+-    if (I->size != NULL) {
+-      f->size = atoi(I->size);
++    if (I->size != 0) {
++      f->size = I->size;
+       /*
+        *  Leave at zero for option lists.
+        */
+diff -urNad lynx-2.8.5~/src/HTForms.h lynx-2.8.5/src/HTForms.h
+--- lynx-2.8.5~/src/HTForms.h  2003-06-02 02:16:28.000000000 +0100
++++ lynx-2.8.5/src/HTForms.h   2006-05-12 15:12:32.000000000 +0100
+@@ -40,7 +40,7 @@
+       CONST char *md;
+       CONST char *min;
+       CONST char *name;
+-      CONST char *size;
++      int   size;
+       CONST char *src;
+       CONST char *type;
+       char *value;
+diff -urNad lynx-2.8.5~/src/HTML.c lynx-2.8.5/src/HTML.c
+--- lynx-2.8.5~/src/HTML.c     2004-01-19 12:16:02.000000000 +0000
++++ lynx-2.8.5/src/HTML.c      2006-05-12 15:12:32.000000000 +0100
+@@ -80,6 +80,19 @@
+ 
+ #define STACKLEVEL(me) ((me->stack + MAX_NESTING - 1) - me->sp)
+ 
++#define DFT_TEXTAREA_COLS 60
++#define DFT_TEXTAREA_ROWS 4
++
++#define MAX_TEXTAREA_COLS LYcolLimit
++#define MAX_TEXTAREA_ROWS (3 * LYlines)
++
++#define LimitValue(name, value) \
++      if (name > value) { \
++              CTRACE((tfp, "Limited " #name " to %d, was %d\n", \
++                      value, name)); \
++              name = value; \
++      }
++
+ struct _HTStream {
+     CONST HTStreamClass *     isa;
+ #ifdef USE_SOURCE_CACHE
+@@ -4316,7 +4329,7 @@
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.accept_cs = NULL;
+           I.name_cs = ATTR_CS_IN;
+@@ -4502,7 +4515,7 @@
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.accept_cs = NULL;
+           I.name_cs = ATTR_CS_IN;
+@@ -4794,7 +4807,7 @@
+               I.checked = YES;
+           if (present && present[HTML_INPUT_SIZE] &&
+               value[HTML_INPUT_SIZE] && *value[HTML_INPUT_SIZE])
+-              I.size = value[HTML_INPUT_SIZE];
++              I.size = atoi(value[HTML_INPUT_SIZE]);
+           if (present && present[HTML_INPUT_MAXLENGTH] &&
+               value[HTML_INPUT_MAXLENGTH] && *value[HTML_INPUT_MAXLENGTH])
+               I.maxlength = value[HTML_INPUT_MAXLENGTH];
+@@ -5033,26 +5046,28 @@
+       if (present && present[HTML_TEXTAREA_COLS] &&
+           value[HTML_TEXTAREA_COLS] &&
+           isdigit(UCH(*value[HTML_TEXTAREA_COLS])))
+-          StrAllocCopy(me->textarea_cols, value[HTML_TEXTAREA_COLS]);
++          me->textarea_cols = atoi(value[HTML_TEXTAREA_COLS]);
+       else {
+           int width;
+           width = LYcols - 1 -
+                   me->new_style->leftIndent - me->new_style->rightIndent;
+           if (dump_output_immediately) /* don't waste too much for this */
+-              width = HTMIN(width, 60);
++              width = HTMIN(width, DFT_TEXTAREA_COLS);
+           if (width > 1 && (width-1)*6 < MAX_LINE - 3 -
+               me->new_style->leftIndent - me->new_style->rightIndent)
+-              HTSprintf0(&me->textarea_cols, "%d", width);
++              me->textarea_cols = width;
+           else
+-              StrAllocCopy(me->textarea_cols, "60");
++              me->textarea_cols = DFT_TEXTAREA_COLS;
+       }
++      LimitValue(me->textarea_cols, MAX_TEXTAREA_COLS);
+ 
+       if (present && present[HTML_TEXTAREA_ROWS] &&
+           value[HTML_TEXTAREA_ROWS] &&
+           isdigit(UCH(*value[HTML_TEXTAREA_ROWS])))
+           me->textarea_rows = atoi(value[HTML_TEXTAREA_ROWS]);
+       else
+-          me->textarea_rows = 4;
++          me->textarea_rows = DFT_TEXTAREA_ROWS;
++      LimitValue(me->textarea_rows, MAX_TEXTAREA_ROWS);
+ 
+       if (present && present[HTML_TEXTAREA_DISABLED])
+           me->textarea_disabled = YES;
+@@ -5169,7 +5184,7 @@
+               I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+               I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+               I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-              I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++              I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+               I.type=NULL; I.value=NULL; I.width=NULL;
+               I.accept_cs = NULL;
+               I.name_cs = -1;
+@@ -6818,7 +6833,7 @@
+           I.align=NULL; I.accept=NULL; I.checked=NO; I.class=NULL;
+           I.disabled=NO; I.error=NULL; I.height= NULL; I.id=NULL;
+           I.lang=NULL; I.max=NULL; I.maxlength=NULL; I.md=NULL;
+-          I.min=NULL; I.name=NULL; I.size=NULL; I.src=NULL;
++          I.min=NULL; I.name=NULL; I.size=0; I.src=NULL;
+           I.type=NULL; I.value=NULL; I.width=NULL;
+           I.value_cs = current_char_set;
+ 
+@@ -6969,7 +6984,7 @@
+               }
+               I.value = temp;
+               chars = HText_beginInput(me->text, me->inUnderline, &I);
+-              for (chars = atoi(me->textarea_cols); chars > 0; chars--)
++              for (chars = me->textarea_cols; chars > 0; chars--)
+                   HTML_put_character(me, '_');
+               HText_appendCharacter(me->text, '\r');
+               if (*data == '\n') {
+@@ -6994,7 +7009,6 @@
+           HTChunkClear(&me->textarea);
+           FREE(me->textarea_name);
+           me->textarea_name_cs = -1;
+-          FREE(me->textarea_cols);
+           FREE(me->textarea_id);
+           break;
+       }
+@@ -7541,7 +7555,6 @@
+     FREE(me->map_address);
+     FREE(me->textarea_name);
+     FREE(me->textarea_accept_cs);
+-    FREE(me->textarea_cols);
+     FREE(me->textarea_id);
+     FREE(me->LastOptionValue);
+     FREE(me->xinclude);
+@@ -7721,7 +7734,7 @@
+     me->textarea_name = NULL;
+     me->textarea_name_cs = -1;
+     me->textarea_accept_cs = NULL;
+-    me->textarea_cols = NULL;
++    me->textarea_cols = 0;
+     me->textarea_rows = 4;
+     me->textarea_disabled = NO;
+     me->textarea_id = NULL;
+diff -urNad lynx-2.8.5~/src/HTML.h lynx-2.8.5/src/HTML.h
+--- lynx-2.8.5~/src/HTML.h     2004-01-08 02:03:09.000000000 +0000
++++ lynx-2.8.5/src/HTML.h      2006-05-12 15:12:32.000000000 +0100
+@@ -104,7 +104,7 @@
+     char *                    textarea_name;
+     int                               textarea_name_cs;
+     char *                    textarea_accept_cs;
+-    char *                    textarea_cols;
++    int                               textarea_cols;
+     int                               textarea_rows;
+     int                               textarea_disabled;
+     char *                    textarea_id;
+diff -urNad lynx-2.8.5~/src/LYCurses.h lynx-2.8.5/src/LYCurses.h
+--- lynx-2.8.5~/src/LYCurses.h 2004-01-28 19:30:38.000000000 +0000
++++ lynx-2.8.5/src/LYCurses.h  2006-05-12 15:12:32.000000000 +0100
+@@ -365,6 +365,24 @@
+ extern int LYlines;   /* replaces LINES */
+ extern int LYcols;    /* replaces COLS */
+ 
++/*
++ * The scrollbar, if used, occupies the rightmost column.
++ */
++#ifdef USE_SCROLLBAR
++#define LYbarWidth (LYShowScrollbar ? 1 : 0)
++#else
++#define LYbarWidth 0
++#endif
++
++/*
++ * Usable limits for display:
++ */
++#if defined(FANCY_CURSES) || defined(USE_SLANG)
++#define LYcolLimit (LYcols - LYbarWidth)
++#else
++#define LYcolLimit (LYcols - 1)
++#endif
++
+ #ifdef USE_CURSES_PADS
+ extern WINDOW *LYwin;
+ extern int LYshiftWin;
+diff -urNad lynx-2.8.5~/userdefs.h lynx-2.8.5/userdefs.h
+--- lynx-2.8.5~/userdefs.h     2006-05-12 15:11:12.000000000 +0100
++++ lynx-2.8.5/userdefs.h      2006-05-12 15:12:32.000000000 +0100
+@@ -1379,6 +1379,8 @@
+ #define MAXCHARSETS 60                /* max character sets supported */
+ #define TRST_MAXROWSPAN 10000 /* max rowspan accepted by TRST code */
+ #define TRST_MAXCOLSPAN 1000  /* max colspan and COL/COLGROUP span accepted */
++#define MAX_TABLE_ROWS  200   /* max rows for tables */
++#define MAX_TABLE_COLS  200   /* max cols for tables */
+ #define SAVE_TIME_NOT_SPACE   /* minimize number of some malloc calls */
+ 
+ /* Win32 may support more, but old win16 helper apps may not. */
only in patch2:
unchanged:
--- lynx-2.8.5.orig/debian/patches/05_FTBFS_on_GNUHurd_and_GNUkBSD
+++ lynx-2.8.5/debian/patches/05_FTBFS_on_GNUHurd_and_GNUkBSD
@@ -0,0 +1,37 @@
+#! /bin/sh -e
+## 05_FTBFS_on_GNUHurd_and_GNUkBSD by Aníbal Monsalve Salazar
+##
+## DP: FTBFS on GNU/Hurd (and GNU/k*BSD)
+## DP: [FIXME: we shouldn't be editing configure directly]
+
+if [ $# -lt 1 ]; then
+    echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+    exit 1
+fi
+
+[ -f debian/patches/00patch-opts ] && . debian/patches/00patch-opts
+patch_opts="${patch_opts:--f --no-backup-if-mismatch} ${2:+-d $2}"
+
+case "$1" in
+    -patch) patch -p1 ${patch_opts} < $0;;
+    -unpatch) patch -R -p1 ${patch_opts} < $0;;
+    *)
+        echo "`basename $0`: script expects -patch|-unpatch as argument" >&2
+        exit 1;;
+esac
+
+exit 0
+
[EMAIL PROTECTED]@
+diff -urNad lynx-2.8.5/aclocal.m4~ lynx-2.8.5/aclocal.m4
+--- lynx-2.8.5/aclocal.m4~     2004-01-28 20:30:38.000000000 +0100
++++ lynx-2.8.5/aclocal.m4      2004-03-14 22:02:27.000000000 +0100
+@@ -4232,7 +4232,7 @@
+ irix6.*) #(vi
+       CPPFLAGS="$CPPFLAGS -D_SGI_SOURCE"
+       ;;
+-linux*) #(vi
++linux*-gnu|gnu*|k*bsd*-gnu) #(vi
+       CF_GNU_SOURCE
+       ;;
+ mirbsd*) #(vi

signature.asc
Description: Digital signature

Bug#387279: lynx 2.8.5-2sarge1.2 NMU diff

Reply via email to