Adding debian version 2.8.9rel.1-3+deb10u1.debian/2.8.9rel.1-3+deb10u1debian

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>

7 files changed, 373 insertions, 0 deletions

diff --git a/debian/patches/21_do_not_strip_-g.diff b/debian/patches/21_do_not_strip_-g.diff
new file mode 100644
index 0000000..048bf99
--- /dev/null
+++ b/debian/patches/21_do_not_strip_-g.diff
@@ -0,0 +1,17 @@
+Description: Stop ./configure from stripping out -g from CFLAGS
+Author: Andreas Metzler <ametzler@debian.org>,
+ Simon Ruderich <simon@ruderich.org>
+Origin: vendor
+Last-Update: 2015-05-08
+
+--- a/configure
++++ b/configure
+@@ -3475,7 +3475,7 @@
+ 		test -z "$ORIGINAL_CFLAGS" && CFLAGS=`echo ${CFLAGS} | sed -e 's%-g %%' -e 's%-g$%%'`
+ 		;;
+ 	(*)
+-		test -z "$ORIGINAL_CFLAGS" && CFLAGS=`echo ${CFLAGS} | sed -e 's%-g %%' -e 's%-g$%%'`
++		:
+ 		;;
+ 	esac
+ fi
diff --git a/debian/patches/90_CVE-2021-38165.patch b/debian/patches/90_CVE-2021-38165.patch
new file mode 100644
index 0000000..b9f9a54
--- /dev/null
+++ b/debian/patches/90_CVE-2021-38165.patch
@@ -0,0 +1,49 @@
+Description: Fix CVE-2021-38165
+ CVE-2021-38165: If Lynx is given an HTTPS URL which included username
+ and password, e.g. https://username:password@www.example.org/,
+ username and password were sent over the wire in clear text if the
+ TLS 1.2 Server Name Indication (SNI) extension was used.
+ .
+ This patch is extracted from upstream's patch from 2.9.0dev.8 to
+ 2.9.0dev.9 to fix this issue.
+Origin: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz
+Author: Thomas E. Dickey <dickey@invisible-island.net>
+Reviewed-By: Axel Beckert <abe@debian.org>
+Bug-Debian: https://bugs.debian.org/991971
+Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00000.html
+Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html
+
+--- a/WWW/Library/Implementation/HTTP.c
++++ b/WWW/Library/Implementation/HTTP.c
+@@ -762,6 +762,23 @@
+ }
+ #endif
+ 
++/*
++ * Remove user/password, if any, from the given host-string.
++ */
++#ifdef USE_SSL
++static char *StripUserAuthents(char *host)
++{
++    char *p = strchr(host, '@');
++
++    if (p != NULL) {
++	char *q = host;
++
++	while ((*q++ = *++p) != '\0') ;
++    }
++    return host;
++}
++#endif
++
+ /*		Load Document from HTTP Server			HTLoadHTTP()
+  *		==============================
+  *
+@@ -957,6 +974,7 @@
+ 	/* get host we're connecting to */
+ 	ssl_host = HTParse(url, "", PARSE_HOST);
+ 	ssl_host = StripIpv6Brackets(ssl_host);
++	ssl_host = StripUserAuthents(ssl_host);
+ #if defined(USE_GNUTLS_FUNCS)
+ 	ret = gnutls_server_name_set(handle->gnutls_state,
+ 				     GNUTLS_NAME_DNS,
diff --git a/debian/patches/aboutlynx.patch b/debian/patches/aboutlynx.patch
new file mode 100644
index 0000000..72335d6
--- /dev/null
+++ b/debian/patches/aboutlynx.patch
@@ -0,0 +1,19 @@
+Description: Modify about_lynx.html for Debian package
+Author: Atsuhito Kohda <kohda@debian.org>
+Forwarded: not-needed
+
+--- ./lynx_help/about_lynx.html.orgl	Tue Oct  9 12:34:06 2001
++++ ./lynx_help/about_lynx.html	Tue Oct  9 12:35:16 2001
+@@ -65,9 +65,9 @@
+   the University of Kansas. However most of the release (and
+   corresponding copyright) is the work of developers on the
+   <a href="#lynx-dev_list"><em>lynx-dev mailing list</em></a>. It
+-  is distributed <a href="COPYHEADER">without restrictions on usage
+-  or redistribution</a> under the <a href="COPYING">GNU General
+-  Public License (Version 2)</a>.</p>
++  is distributed without restrictions on usage
++  or redistribution under the GNU General
++  Public License (Version 2).</p>
+ 
+   <p><strong>Lynx</strong> was built over an early version of the
+   Common Code Library developed by the CERN WWW Project. That code
diff --git a/debian/patches/fix-tls-1.3.patch b/debian/patches/fix-tls-1.3.patch
new file mode 100644
index 0000000..e318b76
--- /dev/null
+++ b/debian/patches/fix-tls-1.3.patch
@@ -0,0 +1,48 @@
+Description: Fix connection to HTTPS sites offering TLS 1.3
+Author: Andreas Metzler <ametzler@bebt.de>
+Origin: https://lists.gnu.org/archive/html/lynx-dev/2018-12/msg00009.html
+
+--- a/src/tidy_tls.c
++++ b/src/tidy_tls.c
+@@ -462,13 +462,25 @@
+ {
+     int rc;
+ 
+-    rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length);
++    do
++    {
++        rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length);
++    }
++    while ((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED));
+ 
+     if (rc < 0 && gnutls_error_is_fatal(rc) == 0) {
+ 	if (rc == GNUTLS_E_REHANDSHAKE) {
+ 	    (void) gnutls_handshake(ssl->gnutls_state);
+-	    gnutls_record_send(ssl->gnutls_state, ssl->sendbuffer, (size_t) ssl->bytes_sent);
+-	    rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length);
++        do
++        {
++            rc = (int) gnutls_record_send(ssl->gnutls_state, ssl->sendbuffer, (size_t) ssl->bytes_sent);
++        }
++        while ((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED));
++        do
++        {
++	        rc = (int) gnutls_record_recv(ssl->gnutls_state, buffer, (size_t) length);
++        }
++        while ((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED));
+ 	}
+     }
+ 
+@@ -500,7 +512,11 @@
+ {
+     int rc;
+ 
+-    rc = (int) gnutls_record_send(ssl->gnutls_state, buffer, (size_t) length);
++    do
++    {
++        rc = (int) gnutls_record_send(ssl->gnutls_state, buffer, (size_t) length);
++    }
++    while ((rc == GNUTLS_E_AGAIN) || (rc == GNUTLS_E_INTERRUPTED));
+     ssl->last_error = rc;
+ 
+     if (rc < 0) {
diff --git a/debian/patches/lynxcfg.patch b/debian/patches/lynxcfg.patch
new file mode 100644
index 0000000..fceb8d4
--- /dev/null
+++ b/debian/patches/lynxcfg.patch
@@ -0,0 +1,219 @@
+Description: Modify the lynx.cfg to Debian system
+Author: Atsuhito Kohda <kohda@debian.org>
+Author: Denis Briand <debian@denis-briand.fr>
+Author: Axel Beckert <abe@debian.org>
+Forwarded: not-needed
+Last-Update: 2017-10-30
+
+--- a/lynx.cfg
++++ b/lynx.cfg
+@@ -108,12 +108,13 @@
+ #
+ # Normally we expect you will connect to a remote site, e.g., the Lynx starting
+ # site:
+-STARTFILE:https://lynx.invisible-island.net/
++#STARTFILE:https://lynx.invisible-island.net/
+ #
+ # As an alternative, you may want to use a local URL.  A good choice for this is
+ # the user's home directory:
+ .ex
+ #STARTFILE:file://localhost/~/
++STARTFILE:file://localhost/usr/share/doc/lynx/lynx_help/about_lynx.html.gz
+ #
+ # Your choice of STARTFILE should reflect your site's needs, and be a URL that
+ # you can connect to reliably.  Otherwise users will become confused and think
+@@ -132,9 +133,10 @@
+ # This definition will be overridden if the "LYNX_HELPFILE" environment
+ # variable has been set.
+ #
+-HELPFILE:https://lynx.invisible-island.net/lynx_help/lynx_help_main.html
++#HELPFILE:https://lynx.invisible-island.net/lynx_help/lynx_help_main.html
+ .ex
+-#HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html
++##HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html
++HELPFILE:file://localhost/usr/share/doc/lynx-common/lynx_help/lynx_help_main.html
+ 
+ .h2 DEFAULT_INDEX_FILE
+ # DEFAULT_INDEX_FILE is the default file retrieved when the
+@@ -454,7 +456,7 @@
+ # Find RFC 1345 at
+ .url http://tools.ietf.org/html/rfc1345
+ #
+-#CHARACTER_SET:iso-8859-1
++CHARACTER_SET:iso-8859-1
+ 
+ .h2 LOCALE_CHARSET
+ # LOCALE_CHARSET overrides CHARACTER_SET if true, using the current locale to
+@@ -468,6 +470,7 @@
+ # happens to give useful values, but other implementations are not guaranteed
+ # to do this.
+ #LOCALE_CHARSET:FALSE
++LOCALE_CHARSET:TRUE
+ 
+ .h2 HTML5_CHARSETS
+ # HTML5_CHARSETS is an alternative to ASSUME_CHARSET and ASSUME_LOCAL_CHARSET.
+@@ -565,7 +568,7 @@
+ # compatibility problems with other browsers, see also PREPEND_BASE_TO_SOURCE.
+ # Note that the prepending is not done for -source dumps.
+ #
+-#PREPEND_CHARSET_TO_SOURCE:TRUE
++PREPEND_CHARSET_TO_SOURCE:FALSE
+ 
+ .h2 NCR_IN_BOOKMARKS
+ # NCR_IN_BOOKMARKS:TRUE allows you to save 8-bit characters in bookmark titles
+@@ -617,7 +620,7 @@
+ # the 'o'ptions menu and save that preference in their RC file.
+ # This may be a comma-separated list of languages in decreasing preference.
+ #
+-#PREFERRED_LANGUAGE:en
++PREFERRED_LANGUAGE:en
+ 
+ .h2 PREFERRED_CHARSET
+ # PREFERRED_CHARSET specifies the character set in MIME notation (e.g.,
+@@ -809,7 +812,7 @@
+ # 'o'ptions menu and saved in the RC file, and always can be toggled
+ # via the -show_cursor command line switch.
+ #
+-#SHOW_CURSOR:FALSE
++SHOW_CURSOR:TRUE
+ 
+ .h2 UNDERLINE_LINKS
+ # UNDERLINE_LINKS controls whether links are underlined by default, or shown
+@@ -997,8 +1000,8 @@
+ # executed.  This is much less dangerous than enabling all execution
+ # links, but can still be dangerous.
+ #
+-#LOCAL_EXECUTION_LINKS_ALWAYS_ON:FALSE
+-#LOCAL_EXECUTION_LINKS_ON_BUT_NOT_REMOTE:FALSE
++LOCAL_EXECUTION_LINKS_ALWAYS_ON:FALSE
++LOCAL_EXECUTION_LINKS_ON_BUT_NOT_REMOTE:FALSE
+ 
+ .h2 TRUSTED_EXEC
+ # If LOCAL_EXECUTION_LINK_ON_BUT_NOT_REMOTE is TRUE, and no TRUSTED_EXEC
+@@ -1045,7 +1048,7 @@
+ # as well (i.e., they will only be able to access lynxexec or lynxprog
+ # URLs which meet any ALWAYS_TRUSTED_EXEC rules).
+ #
+-#TRUSTED_EXEC:none
++TRUSTED_EXEC:none
+ 
+ .h2 ALWAYS_TRUSTED_EXEC
+ # If EXEC_LINKS was defined, any lynxexec or lynxprog URL can be made
+@@ -1066,7 +1069,7 @@
+ #
+ # The default ALWAYS_TRUSTED_EXEC rule is "none".
+ #
+-#ALWAYS_TRUSTED_EXEC:none
++ALWAYS_TRUSTED_EXEC:none
+ 
+ .h2 TRUSTED_LYNXCGI
+ # Unix:
+@@ -1085,7 +1088,7 @@
+ #
+ # The default TRUSTED_LYNXCGI rule is "none".
+ #
+-#TRUSTED_LYNXCGI:none
++TRUSTED_LYNXCGI:none
+ 
+ .h2 LYNXCGI_ENVIRONMENT
+ # Unix:
+@@ -1411,7 +1414,7 @@
+ # The default is FALSE, so that the feature needs to be enabled here
+ # explicitly if you want it.
+ #
+-#PERSISTENT_COOKIES:FALSE
++PERSISTENT_COOKIES:FALSE
+ 
+ .h2 COOKIE_FILE
+ # COOKIE_FILE is the default file from which persistent cookies are read
+@@ -1858,7 +1861,7 @@
+ # and not forced TRUE, the user can regulate it via the 'o'ptions menu (and
+ # may save the preference in the RC file).
+ #
+-#NO_DOT_FILES:TRUE
++NO_DOT_FILES:FALSE
+ 
+ .h1 Internal Behavior
+ 
+@@ -2119,13 +2122,13 @@
+ #
+ # Unix:
+ # ====
+-#GLOBAL_EXTENSION_MAP:/usr/local/lib/mosaic/mime.types
++GLOBAL_EXTENSION_MAP:/etc/mime.types
+ # VMS:
+ # ===
+ #GLOBAL_EXTENSION_MAP:Lynx_Dir:mime.types
+ #
+ #	Unix (sought in user's home directory):
+-#PERSONAL_EXTENSION_MAP:.mime.types
++PERSONAL_EXTENSION_MAP:.mime.types
+ #	VMS (sought in user's sys$login directory):
+ #PERSONAL_EXTENSION_MAP:mime.types
+ 
+@@ -2260,6 +2263,8 @@
+ #SUFFIX:.dms:application/x-dms
+ #SUFFIX:.html:text/html
+ #SUFFIX:.txt:text/plain
++SUFFIX:.tgz:application/octet-stream
++SUFFIX:.deb:application/octet-stream
+ 
+ .h2 XLOADIMAGE_COMMAND
+ # VMS:
+@@ -2363,13 +2368,13 @@
+ #
+ # Unix:
+ # ====
+-#GLOBAL_MAILCAP:/usr/local/lib/mosaic/mailcap
++GLOBAL_MAILCAP:/etc/mailcap
+ # VMS:
+ # ===
+ #GLOBAL_MAILCAP:Lynx_Dir:mailcap
+ #
+ #	Sought in user's home (Unix) or sys$login (VMS) directory.
+-#PERSONAL_MAILCAP:.mailcap
++PERSONAL_MAILCAP:.mailcap
+ 
+ .h2 PREFERRED_MEDIA_TYPES
+ # When doing a GET, lynx lists the MIME types which it knows how to present
+@@ -3583,7 +3588,7 @@
+ # should accept, in case the $SSL_CERT_FILE environment variable is not set,
+ # e.g.,
+ #
+-#SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt
++SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt
+ #SSL_CERT_FILE:NULL
+ 
+ .h2 SSL_CLIENT_CERT_FILE
+@@ -3623,7 +3628,7 @@
+ 
+ .h2 SYSLOG_REQUESTED_URLS
+ # Log the requested URLs using the syslog interface.
+-#SYSLOG_REQUESTED_URLS:TRUE
++SYSLOG_REQUESTED_URLS:FALSE
+ 
+ .h2 SYSLOG_TEXT
+ # Add the given text to calls made to syslog, to distinguish Lynx from other
+@@ -3797,6 +3802,22 @@
+ # several other features of HTTP/1.1.  You may encounter a server which does
+ # not support HTTP/1.0 which can be used by switching to the later protocol.
+ #HTTP_PROTOCOL:1.0
++
++# external
++EXTERNAL:ftp:w3m %s:TRUE
++EXTERNAL:file:w3m %s:TRUE
++EXTERNAL:http:w3m %s:TRUE
++EXTERNAL:http:wget %s:TRUE
++EXTERNAL:http:wget -r %s:TRUE
++EXTERNAL:ftp:x-www-browser %s:TRUE
++EXTERNAL:file:x-www-browser %s:TRUE
++EXTERNAL:http:x-www-browser %s:TRUE
++# include
++INCLUDE:/etc/lynx/local.cfg
++INCLUDE:~/.lynx/colors:COLOR
++INCLUDE:~/.lynx/keymap:KEYMAP
++INCLUDE:~/.lynx/viewers:VIEWER
++INCLUDE:~/.lynx/external:EXTERNAL
+ 
+ .h2 GUESS_SCHEME
+ # When true, Lynx may fill in a missing "scheme" for URIs which you provide.
diff --git a/debian/patches/nested_tables.patch b/debian/patches/nested_tables.patch
new file mode 100644
index 0000000..a36fd67
--- /dev/null
+++ b/debian/patches/nested_tables.patch
@@ -0,0 +1,15 @@
+Description: turn off nested-tables option
+Author: Denis Briand <debian@denis-briand.fr>
+Bug-Debian: https://bugs.debian.org/387555
+
+--- a/lynx.cfg
++++ b/lynx.cfg
+@@ -3033,7 +3033,7 @@
+ # It is enabled by default when the COLOR_STYLE configuration is used,
+ # and false otherwise.
+ #
+-#NESTED_TABLES: true
++NESTED_TABLES: false
+ 
+ .h2 ASSUMED_COLOR
+ # If built with a library that recognizes default colors (usually ncurses or
diff --git a/debian/patches/series b/debian/patches/series
new file mode 100644
index 0000000..e2737bd
--- /dev/null
+++ b/debian/patches/series
@@ -0,0 +1,6 @@
+lynxcfg.patch
+aboutlynx.patch
+21_do_not_strip_-g.diff
+nested_tables.patch
+fix-tls-1.3.patch
+90_CVE-2021-38165.patch