Path to this page:
Subject: CVS commit: [pkgsrc-2016Q3] pkgsrc/www
From: Benny Siegert
Date: 2016-11-28 21:22:06
Message id: 20161128202206.6F8EFFBA6@cvs.NetBSD.org
Log Message:
Pullup ticket #5162 - requested by wiz
www/w3m: security fix
www/w3m-img: security fix
Revisions pulled up:
- www/w3m-img/Makefile 1.29
- www/w3m-img/PLIST 1.1
- www/w3m/Makefile 1.78
- www/w3m/Makefile.common 1.62-1.63
- www/w3m/PLIST 1.17
- www/w3m/distinfo 1.27-1.29
- www/w3m/options.mk 1.15
- www/w3m/patches/patch-aa deleted
- www/w3m/patches/patch-ab deleted
- www/w3m/patches/patch-ac deleted
- www/w3m/patches/patch-ak deleted
- www/w3m/patches/patch-al deleted
- www/w3m/patches/patch-scripts_w3mman_w3mman2html.cgi.in deleted
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Nov 6 19:26:35 UTC 2016
Modified Files:
pkgsrc/www/w3m: Makefile Makefile.common PLIST distinfo options.mk
pkgsrc/www/w3m/patches: patch-ab
Log Message:
Updated w3m to 0.5.3.0.20161031.
Switch from dead sourceforge original to debian-maintained github version.
* new features
- support OSC 5379 remote imaging and sixel graphics
- support SGR style mouse handler
- support 32-bit color images
- support FreeBSD framebuffer
- support button element
- support meta charset
- add extbrowser4..9
- add display_borders to display 0 pixel table borders
- add siteconf feature
- add German translation for options setting panel
- add translations for de, zh_CN and zh_TW
* bug fixes
- fix segfaults with malformed text
- disable SSLv2 and SSLv3 by default [CVE-2014-3566]
- set ssl_verify_server to 1 by default
- disable RC4, export ciphers, and keys < 128 bits
- use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
- use SSL_MODE_RELEASE_BUFFERS
- disable USE_EGD for LibreSSL
- appease gcc -Werror=format-security
- option -s is now "squeeze multiple blank lines" to work as pager, and
-j and -e are obsolete, so use -O{s|j|e} to specify display charset
- accept single quoted meta refresh URL
- assume "text" if a form input type is unknown
- accept cookies by default
- set use_dictcommand to 1 by default
- set default_url to 1 by default
- set argv_is_url to 1 by default
- set alt_entity to 0 by default
- fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
- fix parallel make failure
- fix incorrect ucs_ambwidth_map
- and many fixes
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Nov 6 19:27:16 UTC 2016
Modified Files:
pkgsrc/www/w3m-img: Makefile
Added Files:
pkgsrc/www/w3m-img: PLIST
Log Message:
Updated w3m-img to 0.5.3.0.20161031.
Changes same as for www/w3m.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Nov 6 19:27:25 UTC 2016
Removed Files:
pkgsrc/www/w3m/patches: patch-aa patch-ac patch-ak patch-al
patch-scripts_w3mman_w3mman2html.cgi.in
Log Message:
Remove obsolete patches.
---
Module Name: pkgsrc
Committed By: wiz
Date: Sun Nov 6 19:30:42 UTC 2016
Modified Files:
pkgsrc/www/w3m: distinfo
pkgsrc/www/w3m/patches: patch-ab
Log Message:
Add upstream bug report URL.
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Nov 22 14:36:38 UTC 2016
Modified Files:
pkgsrc/www/w3m: Makefile.common distinfo
Log Message:
Updated w3m to 0.5.3.0.20161120.
Debian's w3m 0.5.3+git20161120
* bug fixes
- fix multiple flaws with malformed text
(stack overflow, buffer overflow, null deref, out of memory)
- fix stack overflow with nested table and textarea [CVE-2016-9439]
- fix suspend (^Z) behavior
---
Module Name: pkgsrc
Committed By: wiz
Date: Tue Nov 22 15:24:43 UTC 2016
Removed Files:
pkgsrc/www/w3m/patches: patch-ab
Log Message:
Remove integrated patch.
Files: