diff options
Diffstat (limited to 'debian/patches')
| -rw-r--r-- | debian/patches/21_do_not_strip_-g.diff | 17 | ||||
| -rw-r--r-- | debian/patches/30_build_path_in_binary.diff | 18 | ||||
| -rw-r--r-- | debian/patches/40_parallel_build_fix.diff | 22 | ||||
| -rw-r--r-- | debian/patches/90_CVE-2021-38165.patch | 49 | ||||
| -rw-r--r-- | debian/patches/aboutlynx.patch | 19 | ||||
| -rw-r--r-- | debian/patches/lynxcfg.patch | 219 | ||||
| -rw-r--r-- | debian/patches/nested_tables.patch | 17 | ||||
| -rw-r--r-- | debian/patches/series | 7 |
8 files changed, 368 insertions, 0 deletions
diff --git a/debian/patches/21_do_not_strip_-g.diff b/debian/patches/21_do_not_strip_-g.diff new file mode 100644 index 0000000..78bca55 --- /dev/null +++ b/debian/patches/21_do_not_strip_-g.diff @@ -0,0 +1,17 @@ +Description: Stop ./configure from stripping out -g from CFLAGS +Author: Andreas Metzler <ametzler@debian.org>, + Simon Ruderich <simon@ruderich.org> +Origin: vendor +Last-Update: 2015-05-08 + +--- a/configure ++++ b/configure +@@ -3737,7 +3737,7 @@ + test -z "$ORIGINAL_CFLAGS" && CFLAGS=`echo ${CFLAGS} | sed -e 's%-g %%' -e 's%-g$%%'` + ;; + (*) +- test -z "$ORIGINAL_CFLAGS" && CFLAGS=`echo ${CFLAGS} | sed -e 's%-g %%' -e 's%-g$%%'` ++ : + ;; + esac + fi diff --git a/debian/patches/30_build_path_in_binary.diff b/debian/patches/30_build_path_in_binary.diff new file mode 100644 index 0000000..fba050a --- /dev/null +++ b/debian/patches/30_build_path_in_binary.diff @@ -0,0 +1,18 @@ +Description: Strip out build path from cfg_defs.h + For build reproducibility when building in a different directory. Debian + builds use -fdebug-prefix-map=$builddir=. +Author: Andreas Metzler <ametzler@debian.org> +Origin: vendor +Forwarded: no +Last-Update: 2019-03-02 + +--- a/scripts/cfg_defs.sh ++++ b/scripts/cfg_defs.sh +@@ -19,6 +19,7 @@ static const struct { + EOF + + sed \ ++ -e "s@`pwd`@SUPRRESSED4REPRODUCIBLEBUILD@g" \ + -e '/^#/d' \ + -e 's/^.[^=]*_cv_//' \ + -e 's/=\${.*=/=/' \ diff --git a/debian/patches/40_parallel_build_fix.diff b/debian/patches/40_parallel_build_fix.diff new file mode 100644 index 0000000..d873b94 --- /dev/null +++ b/debian/patches/40_parallel_build_fix.diff @@ -0,0 +1,22 @@ +Description: Use "grouped target" to fix doc breakage on parallel build. +Author: Andreas Mettzler <ametzler@debian.org> +Bug-Debian: https://bugs.debian.org/983209 +Origin: vendor +Forwarded: https://lists.nongnu.org/archive/html/lynx-dev/2021-02/msg00042.html +Last-Update: 2021-03-02 + +--- a/makefile.in ++++ b/makefile.in +@@ -336,11 +336,11 @@ + + LYNX_URL='@HOMEPAGE_URL@release/breakout' + LYNXDOCS_URL='$(LYNX_URL)/docs/' + LYNXHELP_URL='$(LYNX_URL)/lynx_help/' + +-@LYNXCFG_MAKE@$(CFG2HTML) : ++@LYNXCFG_MAKE@$(CFG2HTML) &: + @LYNXCFG_MAKE@ @echo 'Making htmlized lynx.cfg' + @LYNXCFG_MAKE@ cd $(SRC_DIR) && $(MAKE_RECUR) LYReadCFG.i + @LYNXCFG_MAKE@ @-rm -f $(CFG2HTML) + @LYNXCFG_MAKE@ sed -n -e '/Config_Type *Config_Table/,/{0, *0, *0}/ p' $(SRC_DIR)/LYReadCFG.i | \ + @LYNXCFG_MAKE@ sed -e 's/ *{ *"\([^"]*\)".*/\1/' | \ diff --git a/debian/patches/90_CVE-2021-38165.patch b/debian/patches/90_CVE-2021-38165.patch new file mode 100644 index 0000000..b9f9a54 --- /dev/null +++ b/debian/patches/90_CVE-2021-38165.patch @@ -0,0 +1,49 @@ +Description: Fix CVE-2021-38165 + CVE-2021-38165: If Lynx is given an HTTPS URL which included username + and password, e.g. https://username:password@www.example.org/, + username and password were sent over the wire in clear text if the + TLS 1.2 Server Name Indication (SNI) extension was used. + . + This patch is extracted from upstream's patch from 2.9.0dev.8 to + 2.9.0dev.9 to fix this issue. +Origin: https://invisible-mirror.net/archives/lynx/patches/lynx2.9.0dev.9.patch.gz +Author: Thomas E. Dickey <dickey@invisible-island.net> +Reviewed-By: Axel Beckert <abe@debian.org> +Bug-Debian: https://bugs.debian.org/991971 +Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00000.html +Bug: https://lists.nongnu.org/archive/html/lynx-dev/2021-08/msg00002.html + +--- a/WWW/Library/Implementation/HTTP.c ++++ b/WWW/Library/Implementation/HTTP.c +@@ -762,6 +762,23 @@ + } + #endif + ++/* ++ * Remove user/password, if any, from the given host-string. ++ */ ++#ifdef USE_SSL ++static char *StripUserAuthents(char *host) ++{ ++ char *p = strchr(host, '@'); ++ ++ if (p != NULL) { ++ char *q = host; ++ ++ while ((*q++ = *++p) != '\0') ; ++ } ++ return host; ++} ++#endif ++ + /* Load Document from HTTP Server HTLoadHTTP() + * ============================== + * +@@ -957,6 +974,7 @@ + /* get host we're connecting to */ + ssl_host = HTParse(url, "", PARSE_HOST); + ssl_host = StripIpv6Brackets(ssl_host); ++ ssl_host = StripUserAuthents(ssl_host); + #if defined(USE_GNUTLS_FUNCS) + ret = gnutls_server_name_set(handle->gnutls_state, + GNUTLS_NAME_DNS, diff --git a/debian/patches/aboutlynx.patch b/debian/patches/aboutlynx.patch new file mode 100644 index 0000000..72335d6 --- /dev/null +++ b/debian/patches/aboutlynx.patch @@ -0,0 +1,19 @@ +Description: Modify about_lynx.html for Debian package +Author: Atsuhito Kohda <kohda@debian.org> +Forwarded: not-needed + +--- ./lynx_help/about_lynx.html.orgl Tue Oct 9 12:34:06 2001 ++++ ./lynx_help/about_lynx.html Tue Oct 9 12:35:16 2001 +@@ -65,9 +65,9 @@ + the University of Kansas. However most of the release (and + corresponding copyright) is the work of developers on the + <a href="#lynx-dev_list"><em>lynx-dev mailing list</em></a>. It +- is distributed <a href="COPYHEADER">without restrictions on usage +- or redistribution</a> under the <a href="COPYING">GNU General +- Public License (Version 2)</a>.</p> ++ is distributed without restrictions on usage ++ or redistribution under the GNU General ++ Public License (Version 2).</p> + + <p><strong>Lynx</strong> was built over an early version of the + Common Code Library developed by the CERN WWW Project. That code diff --git a/debian/patches/lynxcfg.patch b/debian/patches/lynxcfg.patch new file mode 100644 index 0000000..7e023fd --- /dev/null +++ b/debian/patches/lynxcfg.patch @@ -0,0 +1,219 @@ +Description: Modify the lynx.cfg to Debian system +Author: Atsuhito Kohda <kohda@debian.org> +Author: Denis Briand <debian@denis-briand.fr> +Author: Axel Beckert <abe@debian.org> +Forwarded: not-needed +Last-Update: 2017-10-30 + +--- a/lynx.cfg ++++ b/lynx.cfg +@@ -108,12 +108,13 @@ + # + # Normally we expect you will connect to a remote site, e.g., the Lynx starting + # site: +-STARTFILE:https://lynx.invisible-island.net/ ++#STARTFILE:https://lynx.invisible-island.net/ + # + # As an alternative, you may want to use a local URL. A good choice for this is + # the user's home directory: + .ex + #STARTFILE:file://localhost/~/ ++STARTFILE:file://localhost/usr/share/doc/lynx/lynx_help/about_lynx.html.gz + # + # Your choice of STARTFILE should reflect your site's needs, and be a URL that + # you can connect to reliably. Otherwise users will become confused and think +@@ -132,9 +133,10 @@ + # This definition will be overridden if the "LYNX_HELPFILE" environment + # variable has been set. + # +-HELPFILE:https://lynx.invisible-island.net/lynx_help/lynx_help_main.html ++#HELPFILE:https://lynx.invisible-island.net/lynx_help/lynx_help_main.html + .ex +-#HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html ++##HELPFILE:file://localhost/PATH_TO/lynx_help/lynx_help_main.html ++HELPFILE:file://localhost/usr/share/doc/lynx-common/lynx_help/lynx_help_main.html + + .h2 DEFAULT_INDEX_FILE + # DEFAULT_INDEX_FILE is the default file retrieved when the +@@ -454,7 +456,7 @@ + # Find RFC 1345 at + .url http://tools.ietf.org/html/rfc1345 + # +-#CHARACTER_SET:iso-8859-1 ++CHARACTER_SET:iso-8859-1 + + .h2 LOCALE_CHARSET + # LOCALE_CHARSET overrides CHARACTER_SET if true, using the current locale to +@@ -468,6 +470,7 @@ + # happens to give useful values, but other implementations are not guaranteed + # to do this. + #LOCALE_CHARSET:FALSE ++LOCALE_CHARSET:TRUE + + .h2 HTML5_CHARSETS + # HTML5_CHARSETS is an alternative to ASSUME_CHARSET and ASSUME_LOCAL_CHARSET. +@@ -565,7 +568,7 @@ + # compatibility problems with other browsers, see also PREPEND_BASE_TO_SOURCE. + # Note that the prepending is not done for -source dumps. + # +-#PREPEND_CHARSET_TO_SOURCE:TRUE ++PREPEND_CHARSET_TO_SOURCE:FALSE + + .h2 NCR_IN_BOOKMARKS + # NCR_IN_BOOKMARKS:TRUE allows you to save 8-bit characters in bookmark titles +@@ -617,7 +620,7 @@ + # the 'o'ptions menu and save that preference in their RC file. + # This may be a comma-separated list of languages in decreasing preference. + # +-#PREFERRED_LANGUAGE:en ++PREFERRED_LANGUAGE:en + + .h2 PREFERRED_CHARSET + # PREFERRED_CHARSET specifies the character set in MIME notation (e.g., +@@ -809,7 +812,7 @@ + # 'o'ptions menu and saved in the RC file, and always can be toggled + # via the -show_cursor command line switch. + # +-#SHOW_CURSOR:FALSE ++SHOW_CURSOR:TRUE + + .h2 UNDERLINE_LINKS + # UNDERLINE_LINKS controls whether links are underlined by default, or shown +@@ -997,8 +1000,8 @@ + # executed. This is much less dangerous than enabling all execution + # links, but can still be dangerous. + # +-#LOCAL_EXECUTION_LINKS_ALWAYS_ON:FALSE +-#LOCAL_EXECUTION_LINKS_ON_BUT_NOT_REMOTE:FALSE ++LOCAL_EXECUTION_LINKS_ALWAYS_ON:FALSE ++LOCAL_EXECUTION_LINKS_ON_BUT_NOT_REMOTE:FALSE + + .h2 TRUSTED_EXEC + # If LOCAL_EXECUTION_LINK_ON_BUT_NOT_REMOTE is TRUE, and no TRUSTED_EXEC +@@ -1045,7 +1048,7 @@ + # as well (i.e., they will only be able to access lynxexec or lynxprog + # URLs which meet any ALWAYS_TRUSTED_EXEC rules). + # +-#TRUSTED_EXEC:none ++TRUSTED_EXEC:none + + .h2 ALWAYS_TRUSTED_EXEC + # If EXEC_LINKS was defined, any lynxexec or lynxprog URL can be made +@@ -1066,7 +1069,7 @@ + # + # The default ALWAYS_TRUSTED_EXEC rule is "none". + # +-#ALWAYS_TRUSTED_EXEC:none ++ALWAYS_TRUSTED_EXEC:none + + .h2 TRUSTED_LYNXCGI + # Unix: +@@ -1085,7 +1088,7 @@ + # + # The default TRUSTED_LYNXCGI rule is "none". + # +-#TRUSTED_LYNXCGI:none ++TRUSTED_LYNXCGI:none + + .h2 LYNXCGI_ENVIRONMENT + # Unix: +@@ -1422,7 +1425,7 @@ + # The default is FALSE, so that the feature needs to be enabled here + # explicitly if you want it. + # +-#PERSISTENT_COOKIES:FALSE ++PERSISTENT_COOKIES:FALSE + + .h2 COOKIE_FILE + # COOKIE_FILE is the default file from which persistent cookies are read +@@ -1869,7 +1872,7 @@ + # and not forced TRUE, the user can regulate it via the 'o'ptions menu (and + # may save the preference in the RC file). + # +-#NO_DOT_FILES:TRUE ++NO_DOT_FILES:FALSE + + .h1 Internal Behavior + +@@ -2130,13 +2133,13 @@ + # + # Unix: + # ==== +-#GLOBAL_EXTENSION_MAP:/usr/local/lib/mosaic/mime.types ++GLOBAL_EXTENSION_MAP:/etc/mime.types + # VMS: + # === + #GLOBAL_EXTENSION_MAP:Lynx_Dir:mime.types + # + # Unix (sought in user's home directory): +-#PERSONAL_EXTENSION_MAP:.mime.types ++PERSONAL_EXTENSION_MAP:.mime.types + # VMS (sought in user's sys$login directory): + #PERSONAL_EXTENSION_MAP:mime.types + +@@ -2271,6 +2274,8 @@ + #SUFFIX:.dms:application/x-dms + #SUFFIX:.html:text/html + #SUFFIX:.txt:text/plain ++SUFFIX:.tgz:application/octet-stream ++SUFFIX:.deb:application/octet-stream + + .h2 XLOADIMAGE_COMMAND + # VMS: +@@ -2374,13 +2379,13 @@ + # + # Unix: + # ==== +-#GLOBAL_MAILCAP:/usr/local/lib/mosaic/mailcap ++GLOBAL_MAILCAP:/etc/mailcap + # VMS: + # === + #GLOBAL_MAILCAP:Lynx_Dir:mailcap + # + # Sought in user's home (Unix) or sys$login (VMS) directory. +-#PERSONAL_MAILCAP:.mailcap ++PERSONAL_MAILCAP:.mailcap + + .h2 PREFERRED_MEDIA_TYPES + # When doing a GET, lynx lists the MIME types which it knows how to present +@@ -3592,7 +3597,7 @@ + # should accept, in case the $SSL_CERT_FILE environment variable is not set, + # e.g., + # +-#SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt ++SSL_CERT_FILE:/etc/ssl/certs/ca-certificates.crt + #SSL_CERT_FILE:NULL + + .h2 SSL_CLIENT_CERT_FILE +@@ -3639,7 +3644,7 @@ + + .h2 SYSLOG_REQUESTED_URLS + # Log the requested URLs using the syslog interface. +-#SYSLOG_REQUESTED_URLS:TRUE ++SYSLOG_REQUESTED_URLS:FALSE + + .h2 SYSLOG_TEXT + # Add the given text to calls made to syslog, to distinguish Lynx from other +@@ -3814,6 +3819,22 @@ + # not support HTTP/1.0 which can be used by switching to the later protocol. + #HTTP_PROTOCOL:1.0 + ++# external ++EXTERNAL:ftp:w3m %s:TRUE ++EXTERNAL:file:w3m %s:TRUE ++EXTERNAL:http:w3m %s:TRUE ++EXTERNAL:http:wget %s:TRUE ++EXTERNAL:http:wget -r %s:TRUE ++EXTERNAL:ftp:x-www-browser %s:TRUE ++EXTERNAL:file:x-www-browser %s:TRUE ++EXTERNAL:http:x-www-browser %s:TRUE ++# include ++INCLUDE:/etc/lynx/local.cfg ++INCLUDE:~/.lynx/colors:COLOR ++INCLUDE:~/.lynx/keymap:KEYMAP ++INCLUDE:~/.lynx/viewers:VIEWER ++INCLUDE:~/.lynx/external:EXTERNAL ++ + .h2 GUESS_SCHEME + # When true, Lynx may fill in a missing "scheme" for URIs which you provide. + # This is different from URL_DOMAIN_PREFIXES and URL_DOMAIN_SUFFIXES. diff --git a/debian/patches/nested_tables.patch b/debian/patches/nested_tables.patch new file mode 100644 index 0000000..9ac6def --- /dev/null +++ b/debian/patches/nested_tables.patch @@ -0,0 +1,17 @@ +Description: turn off nested-tables option +Author: Denis Briand <debian@denis-briand.fr> +Bug-Debian: https://bugs.debian.org/387555 + +Index: lynx/lynx.cfg +=================================================================== +--- lynx.orig/lynx.cfg ++++ lynx/lynx.cfg +@@ -3044,7 +3044,7 @@ COLOR:6:brightred:black + # It is enabled by default when the COLOR_STYLE configuration is used, + # and false otherwise. + # +-#NESTED_TABLES: true ++NESTED_TABLES: false + + .h2 ASSUMED_COLOR + # If built with a library that recognizes default colors (usually ncurses or diff --git a/debian/patches/series b/debian/patches/series new file mode 100644 index 0000000..5361522 --- /dev/null +++ b/debian/patches/series @@ -0,0 +1,7 @@ +lynxcfg.patch +aboutlynx.patch +21_do_not_strip_-g.diff +nested_tables.patch +30_build_path_in_binary.diff +40_parallel_build_fix.diff +90_CVE-2021-38165.patch |