Subject: CVS commit: [pkgsrc-2016Q3] pkgsrc/www
From: Benny Siegert
Date: 2016-11-28 21:22:06
Message id: 20161128202206.6F8EFFBA6@cvs.NetBSD.org

Log Message:
Pullup ticket #5162 - requested by wiz
www/w3m: security fix
www/w3m-img: security fix

Revisions pulled up:
- www/w3m-img/Makefile                                          1.29
- www/w3m-img/PLIST                                             1.1
- www/w3m/Makefile                                              1.78
- www/w3m/Makefile.common                                       1.62-1.63
- www/w3m/PLIST                                                 1.17
- www/w3m/distinfo                                              1.27-1.29
- www/w3m/options.mk                                            1.15
- www/w3m/patches/patch-aa                                      deleted
- www/w3m/patches/patch-ab                                      deleted
- www/w3m/patches/patch-ac                                      deleted
- www/w3m/patches/patch-ak                                      deleted
- www/w3m/patches/patch-al                                      deleted
- www/w3m/patches/patch-scripts_w3mman_w3mman2html.cgi.in       deleted

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Nov  6 19:26:35 UTC 2016

   Modified Files:
   	pkgsrc/www/w3m: Makefile Makefile.common PLIST distinfo options.mk
   	pkgsrc/www/w3m/patches: patch-ab

   Log Message:
   Updated w3m to 0.5.3.0.20161031.

   Switch from dead sourceforge original to debian-maintained github version.

   * new features
   - support OSC 5379 remote imaging and sixel graphics
   - support SGR style mouse handler
   - support 32-bit color images
   - support FreeBSD framebuffer
   - support button element
   - support meta charset
   - add extbrowser4..9
   - add display_borders to display 0 pixel table borders
   - add siteconf feature
   - add German translation for options setting panel
   - add translations for de, zh_CN and zh_TW
   * bug fixes
   - fix segfaults with malformed text
   - disable SSLv2 and SSLv3 by default [CVE-2014-3566]
   - set ssl_verify_server to 1 by default
   - disable RC4, export ciphers, and keys < 128 bits
   - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
   - use SSL_MODE_RELEASE_BUFFERS
   - disable USE_EGD for LibreSSL
   - appease gcc -Werror=format-security
   - option -s is now "squeeze multiple blank lines" to work as pager, and
     -j and -e are obsolete, so use -O{s|j|e} to specify display charset
   - accept single quoted meta refresh URL
   - assume "text" if a form input type is unknown
   - accept cookies by default
   - set use_dictcommand to 1 by default
   - set default_url to 1 by default
   - set argv_is_url to 1 by default
   - set alt_entity to 0 by default
   - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
   - fix parallel make failure
   - fix incorrect ucs_ambwidth_map
   - and many fixes

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Nov  6 19:27:16 UTC 2016

   Modified Files:
   	pkgsrc/www/w3m-img: Makefile
   Added Files:
   	pkgsrc/www/w3m-img: PLIST

   Log Message:
   Updated w3m-img to 0.5.3.0.20161031.

   Changes same as for www/w3m.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Nov  6 19:27:25 UTC 2016

   Removed Files:
   	pkgsrc/www/w3m/patches: patch-aa patch-ac patch-ak patch-al
   	    patch-scripts_w3mman_w3mman2html.cgi.in

   Log Message:
   Remove obsolete patches.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Sun Nov  6 19:30:42 UTC 2016

   Modified Files:
   	pkgsrc/www/w3m: distinfo
   	pkgsrc/www/w3m/patches: patch-ab

   Log Message:
   Add upstream bug report URL.

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Nov 22 14:36:38 UTC 2016

   Modified Files:
   	pkgsrc/www/w3m: Makefile.common distinfo

   Log Message:
   Updated w3m to 0.5.3.0.20161120.

   Debian's w3m 0.5.3+git20161120

   * bug fixes
   - fix multiple flaws with malformed text
     (stack overflow, buffer overflow, null deref, out of memory)
   - fix stack overflow with nested table and textarea [CVE-2016-9439]
   - fix suspend (^Z) behavior

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Tue Nov 22 15:24:43 UTC 2016

   Removed Files:
   	pkgsrc/www/w3m/patches: patch-ab

   Log Message:
   Remove integrated patch.

Files:
RevisionActionfile
1.77.2.1modifypkgsrc/www/w3m/Makefile
1.61.16.1modifypkgsrc/www/w3m/Makefile.common
1.16.46.1modifypkgsrc/www/w3m/PLIST
1.26.8.1modifypkgsrc/www/w3m/distinfo
1.14.8.1modifypkgsrc/www/w3m/options.mk
1.28.6.1modifypkgsrc/www/w3m-img/Makefile
1.1.2.2addpkgsrc/www/w3m-img/PLIST
1.13removepkgsrc/www/w3m/patches/patch-aa
1.12removepkgsrc/www/w3m/patches/patch-ab
1.15removepkgsrc/www/w3m/patches/patch-ac
1.1removepkgsrc/www/w3m/patches/patch-ak
1.1removepkgsrc/www/w3m/patches/patch-al
1.1removepkgsrc/www/w3m/patches/patch-scripts_w3mman_w3mman2html.cgi.in