[pkg-lynx-commits] [lynx-cur] 01/03: New upstream version 2.8.9dev11
Axel Beckert
abe at deuxchevaux.org
Thu Nov 17 00:33:23 UTC 2016
This is an automated email from the git hooks/post-receive script.
abe pushed a commit to branch master
in repository lynx-cur.
commit b8b6495234d23fe0ed0754dafdcf1ce7d2f3e967
Author: Axel Beckert <abe at deuxchevaux.org>
Date: Thu Nov 17 01:12:06 2016 +0100
New upstream version 2.8.9dev11
---
CHANGES | 7 ++++++-
PACKAGE/debian/changelog | 4 ++--
PACKAGE/lynx.nsi | 6 +++---
PACKAGE/lynx.spec | 4 ++--
PACKAGE/version.iss | 2 +-
WWW/Library/Implementation/HTTCP.c | 13 +++----------
WWW/Library/Implementation/HTTP.c | 8 ++++----
WWW/Library/Implementation/HTUtils.h | 4 +++-
configure | 2 +-
configure.in | 6 +++---
lynx.cfg | 6 +++---
makefile.in | 4 ++--
src/LYIcon.rc | 10 +++++-----
src/LYUtils.c | 3 ++-
userdefs.h | 6 +++---
15 files changed, 43 insertions(+), 42 deletions(-)
diff --git a/CHANGES b/CHANGES
index 3d9f122..5ce6305 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,8 +1,13 @@
--- $LynxId: CHANGES,v 1.859 2016/11/08 09:38:27 tom Exp $
+-- $LynxId: CHANGES,v 1.862 2016/11/16 00:35:39 tom Exp $
===============================================================================
Changes since Lynx 2.8 release
===============================================================================
+2016-11-15 (2.8.9dev.11)
+* amend fix for stripping user/password to ensure that the stripped value is
+ used when connecting to the host (prompted by discussion of CVE-2016-9179
+ at https://lists.debian.org/debian-lts/2016/11/threads.html#00072) -TD
+
2016-11-08 (2.8.9dev.10)
* improved fix for OpenSSL 1.1 (Taketo Kabe).
* improve warning message when stripping user/password from URL; report on
diff --git a/PACKAGE/debian/changelog b/PACKAGE/debian/changelog
index 8f51043..0818a58 100644
--- a/PACKAGE/debian/changelog
+++ b/PACKAGE/debian/changelog
@@ -1,8 +1,8 @@
-lynx-dev (2.8.9dev.10) unstable; urgency=low
+lynx-dev (2.8.9dev.11) unstable; urgency=low
* maintenance updates
- -- Thomas E. Dickey <dickey at invisible-island.net> Sat, 10 Sep 2016 07:22:22 -0400
+ -- Thomas E. Dickey <dickey at invisible-island.net> Tue, 15 Nov 2016 04:04:25 -0500
lynx-dev (2.8.8dev.16) unstable; urgency=high
diff --git a/PACKAGE/lynx.nsi b/PACKAGE/lynx.nsi
index 131dfe3..192f7d1 100644
--- a/PACKAGE/lynx.nsi
+++ b/PACKAGE/lynx.nsi
@@ -1,4 +1,4 @@
-; $LynxId: lynx.nsi,v 1.30 2016/09/10 11:22:22 tom Exp $
+; $LynxId: lynx.nsi,v 1.31 2016/11/15 09:04:25 tom Exp $
; Script originally generated with the Venis Install Wizard, but customized.
; The Inno Setup script is preferred; but this can be built via cross-compiling.
@@ -9,8 +9,8 @@
!define VERSION_EPOCH "2"
!define VERSION_MAJOR "8"
!define VERSION_MINOR "9"
-!define VERSION_LEVEL "1010"
-!define VERSION_PATCH "dev.10"
+!define VERSION_LEVEL "1011"
+!define VERSION_PATCH "dev.11"
!define SUBKEY "Lynx"
diff --git a/PACKAGE/lynx.spec b/PACKAGE/lynx.spec
index 942e621..a93c497 100644
--- a/PACKAGE/lynx.spec
+++ b/PACKAGE/lynx.spec
@@ -1,8 +1,8 @@
-# $LynxId: lynx.spec,v 1.37 2016/09/10 11:22:22 tom Exp $
+# $LynxId: lynx.spec,v 1.38 2016/11/15 09:04:25 tom Exp $
Summary: A text-based Web browser
Name: lynx
Version: 2.8.9
-Release: dev.10
+Release: dev.11
License: GPLv2
Group: Applications/Internet
Source: lynx%{version}%{release}.tgz
diff --git a/PACKAGE/version.iss b/PACKAGE/version.iss
index 7afb951..281ab3c 100644
--- a/PACKAGE/version.iss
+++ b/PACKAGE/version.iss
@@ -1,7 +1,7 @@
; version used for Inno Setup files.
; $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$
-#define LYNX_VERSION "2.8.9dev.10"
+#define LYNX_VERSION "2.8.9dev.11"
; most-recent full release and target
#define LYNX_RELEASE "2.8.9"
diff --git a/WWW/Library/Implementation/HTTCP.c b/WWW/Library/Implementation/HTTCP.c
index ff1cf9a..5449195 100644
--- a/WWW/Library/Implementation/HTTCP.c
+++ b/WWW/Library/Implementation/HTTCP.c
@@ -1,5 +1,5 @@
/*
- * $LynxId: HTTCP.c,v 1.134 2014/12/03 01:00:40 tom Exp $
+ * $LynxId: HTTCP.c,v 1.135 2016/11/15 09:31:58 tom Exp $
*
* Generic Communication Code HTTCP.c
* ==========================
@@ -1804,7 +1804,6 @@ int HTDoConnect(const char *url,
int status = 0;
char *line = NULL;
char *p1 = NULL;
- char *at_sign = NULL;
char *host = NULL;
#ifdef INET6
@@ -1826,14 +1825,8 @@ int HTDoConnect(const char *url,
* Get node name and optional port number.
*/
p1 = HTParse(url, "", PARSE_HOST);
- if ((at_sign = StrChr(p1, '@')) != NULL) {
- /*
- * If there's an @ then use the stuff after it as a hostname.
- */
- StrAllocCopy(host, (at_sign + 1));
- } else {
- StrAllocCopy(host, p1);
- }
+ StrAllocCopy(host, p1);
+ strip_userid(host, FALSE);
FREE(p1);
HTSprintf0(&line, "%s%s", WWW_FIND_MESSAGE, host);
diff --git a/WWW/Library/Implementation/HTTP.c b/WWW/Library/Implementation/HTTP.c
index a5be926..08ed0c0 100644
--- a/WWW/Library/Implementation/HTTP.c
+++ b/WWW/Library/Implementation/HTTP.c
@@ -1,5 +1,5 @@
/*
- * $LynxId: HTTP.c,v 1.159 2016/11/08 09:38:27 tom Exp $
+ * $LynxId: HTTP.c,v 1.160 2016/11/15 09:31:41 tom Exp $
*
* HyperText Tranfer Protocol - Client implementation HTTP.c
* ==========================
@@ -582,7 +582,7 @@ static char *fake_hostname(char *auth)
/*
* Strip any username from the given string so we retain only the host.
*/
-static void strip_userid(char *host)
+void strip_userid(char *host, int parse_only)
{
char *p1 = host;
char *p2 = skip_user_passwd(host);
@@ -633,7 +633,7 @@ static void strip_userid(char *host)
gettext("User/password may be confused with hostname: '%s' (e.g, '%s')"),
auth, fake);
}
- if (msg != 0)
+ if (msg != 0 && !parse_only)
HTAlert(msg);
if (do_trimming) {
while ((*p1++ = *p2++) != '\0') {
@@ -1312,7 +1312,7 @@ static int HTLoadHTTP(const char *arg,
char *host = NULL;
if ((host = HTParse(anAnchor->address, "", PARSE_HOST)) != NULL) {
- strip_userid(host);
+ strip_userid(host, TRUE);
HTBprintf(&command, "Host: %s%c%c", host, CR, LF);
FREE(host);
}
diff --git a/WWW/Library/Implementation/HTUtils.h b/WWW/Library/Implementation/HTUtils.h
index d0757e5..5c221cc 100644
--- a/WWW/Library/Implementation/HTUtils.h
+++ b/WWW/Library/Implementation/HTUtils.h
@@ -1,5 +1,5 @@
/*
- * $LynxId: HTUtils.h,v 1.120 2014/01/19 15:18:01 tom Exp $
+ * $LynxId: HTUtils.h,v 1.121 2016/11/15 09:26:37 tom Exp $
*
* Utility macros for the W3 code library
* MACROS FOR GENERAL USE
@@ -801,6 +801,8 @@ extern "C" {
extern FILE *TraceFP(void);
+ extern void strip_userid(char *host, int warn);
+
#ifdef USE_SSL
extern SSL *HTGetSSLHandle(void);
extern void HTSSLInitPRNG(void);
diff --git a/configure b/configure
index 52fed60..d8468ba 100755
--- a/configure
+++ b/configure
@@ -1274,7 +1274,7 @@ rm conftest.sed
PACKAGE=lynx
# $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.9dev.10
+VERSION=2.8.9dev.11
echo "$as_me:1279: checking for DESTDIR" >&5
echo $ECHO_N "checking for DESTDIR... $ECHO_C" >&6
diff --git a/configure.in b/configure.in
index 3993342..610fa14 100644
--- a/configure.in
+++ b/configure.in
@@ -1,4 +1,4 @@
-dnl $LynxId: configure.in,v 1.283 2016/09/10 11:22:22 tom Exp $
+dnl $LynxId: configure.in,v 1.284 2016/11/15 09:04:25 tom Exp $
dnl
dnl Process this file with autoconf to produce a configure script.
dnl
@@ -29,7 +29,7 @@ dnl ---------------------------------------------------------------------------
dnl
dnl ask PRCS to plug-in the project-version for the configure-script.
dnl $Format: "AC_REVISION($ProjectVersion$)"$
-AC_REVISION(2.8.9dev.10)
+AC_REVISION(2.8.9dev.11)
# Save the original $CFLAGS so we can distinguish whether the user set those
# in the environment, or whether autoconf added -O and -g options:
@@ -64,7 +64,7 @@ AC_ARG_PROGRAM
PACKAGE=lynx
dnl ask PRCS to plug-in the project-version for the packages.
# $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.9dev.10
+VERSION=2.8.9dev.11
AC_SUBST(PACKAGE)
AC_SUBST(VERSION)
diff --git a/lynx.cfg b/lynx.cfg
index d0baa4d..e5cfc4f 100644
--- a/lynx.cfg
+++ b/lynx.cfg
@@ -1,13 +1,13 @@
-# $LynxId: lynx.cfg,v 1.273 2016/09/10 11:22:22 tom Exp $
+# $LynxId: lynx.cfg,v 1.274 2016/11/15 09:04:25 tom Exp $
# lynx.cfg file.
# The default placement for this file is /usr/local/lib/lynx.cfg (Unix)
# or Lynx_Dir:lynx.cfg (VMS)
#
# $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$
-#PRCS LYNX_VERSION "2.8.9dev.10"
+#PRCS LYNX_VERSION "2.8.9dev.11"
#
# $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$
-#PRCS LYNX_DATE "Sat, 10 Sep 2016 07:22:22 -0400"
+#PRCS LYNX_DATE "Tue, 15 Nov 2016 04:04:25 -0500"
#
# Definition pairs are of the form VARIABLE:DEFINITION
# NO spaces are allowed between the pair items.
diff --git a/makefile.in b/makefile.in
index c664411..c434b62 100644
--- a/makefile.in
+++ b/makefile.in
@@ -1,4 +1,4 @@
-# $LynxId: makefile.in,v 1.157 2016/09/10 11:22:22 tom Exp $
+# $LynxId: makefile.in,v 1.158 2016/11/15 09:04:25 tom Exp $
##makefile for lynx
SHELL = @CONFIG_SHELL@
@@ -46,7 +46,7 @@ TAR_UP = $(TAR) @TAR_UP_OPTIONS@ @TAR_PIPE_OPTIONS@
TAR_DOWN = $(TAR) @TAR_DOWN_OPTIONS@ @TAR_PIPE_OPTIONS@
# $Format: "LYNX_VERSION = $ProjectVersion$"$
-LYNX_VERSION = 2.8.9dev.10
+LYNX_VERSION = 2.8.9dev.11
## This is the version which we are developing (or, upon release, make this
## the same). Use no dots in the name, since it must work on VMS and MS-DOS.
diff --git a/src/LYIcon.rc b/src/LYIcon.rc
index 1aaf083..2752f8f 100644
--- a/src/LYIcon.rc
+++ b/src/LYIcon.rc
@@ -1,12 +1,12 @@
-// $LynxId: LYIcon.rc,v 1.24 2016/09/10 11:22:22 tom Exp $
+// $LynxId: LYIcon.rc,v 1.25 2016/11/15 09:04:25 tom Exp $
#include <windows.h>
100 ICON "../samples/lynx.ico"
VS_VERSION_INFO VERSIONINFO
-FILEVERSION 2,8,9,1010
-PRODUCTVERSION 2,8,9,1010
+FILEVERSION 2,8,9,1011
+PRODUCTVERSION 2,8,9,1011
FILEFLAGSMASK VS_FFI_FILEFLAGSMASK
FILEFLAGS 0
FILEOS VOS_NT_WINDOWS32
@@ -19,12 +19,12 @@ BEGIN
BEGIN
VALUE "CompanyName", "http://invisible-island.net/lynx"
VALUE "FileDescription", "Lynx - web browser"
- VALUE "FileVersion", "2.8.9.1010"
+ VALUE "FileVersion", "2.8.9.1011"
VALUE "InternalName", "Lynx"
VALUE "LegalCopyright", "�1997-2016 Thomas E. Dickey"
VALUE "OriginalFilename", "lynx.exe"
VALUE "ProductName", "Lynx - web browser"
- VALUE "ProductVersion", "2.8.9.1010"
+ VALUE "ProductVersion", "2.8.9.1011"
END
END
BLOCK "VarFileInfo"
diff --git a/src/LYUtils.c b/src/LYUtils.c
index 4772fa4..b47779e 100644
--- a/src/LYUtils.c
+++ b/src/LYUtils.c
@@ -1,5 +1,5 @@
/*
- * $LynxId: LYUtils.c,v 1.274 2015/03/22 15:38:23 tom Exp $
+ * $LynxId: LYUtils.c,v 1.275 2016/11/15 09:34:30 tom Exp $
*/
#include <HTUtils.h>
#include <HTTCP.h>
@@ -4689,6 +4689,7 @@ BOOLEAN LYExpandHostForURL(char **AllocatedString,
* Do a DNS test on the potential host field as presently trimmed. - FM
*/
StrAllocCopy(host, Str);
+ strip_userid(host, FALSE);
HTUnEscape(host);
if (LYCursesON) {
StrAllocCopy(MsgStr, WWW_FIND_MESSAGE);
diff --git a/userdefs.h b/userdefs.h
index 5526638..edec5b8 100644
--- a/userdefs.h
+++ b/userdefs.h
@@ -1,5 +1,5 @@
/*
- * $LynxId: userdefs.h,v 1.320 2016/09/10 11:22:22 tom Exp $
+ * $LynxId: userdefs.h,v 1.321 2016/11/15 09:04:25 tom Exp $
*
* Lynx - Hypertext navigation system
*
@@ -1442,11 +1442,11 @@
* the version definition with the Project Version on checkout. Just
* ignore it. - kw */
/* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */
-#define LYNX_VERSION "2.8.9dev.10"
+#define LYNX_VERSION "2.8.9dev.11"
#define LYNX_WWW_HOME "http://lynx.invisible-island.net/"
#define LYNX_WWW_DIST "http://lynx.invisible-island.net/current/"
/* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */
-#define LYNX_DATE "Sat, 10 Sep 2016 07:22:22 -0400"
+#define LYNX_DATE "Tue, 15 Nov 2016 04:04:25 -0500"
#define LYNX_DATE_OFF 5 /* truncate the automatically-generated date */
#define LYNX_DATE_LEN 11 /* truncate the automatically-generated date */
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-lynx/lynx-cur.git
More information about the pkg-lynx-commits
mailing list