rpms/lynx/FC-4 lynx-CVE-2005-2929.patch, NONE, 1.1 lynx.spec, 1.27, 1.28
fedora-cvs-commits at redhat.com
fedora-cvs-commits at redhat.com
Mon Nov 14 11:53:58 UTC 2005
Author: twaugh
Update of /cvs/dist/rpms/lynx/FC-4
In directory cvs.devel.redhat.com:/tmp/cvs-serv17152
Modified Files:
lynx.spec
Added Files:
lynx-CVE-2005-2929.patch
Log Message:
* Mon Nov 14 2005 Tim Waugh <twaugh at redhat.com> 2.8.5-23.2
- Apply patch to fix CVE-2005-2929 (bug #172973).
lynx-CVE-2005-2929.patch:
CHANGES | 7 +++++++
src/LYCgi.c | 40 ++++++++++++++++++++++++++++++++++++----
src/LYGetFile.c | 2 ++
3 files changed, 45 insertions(+), 4 deletions(-)
--- NEW FILE lynx-CVE-2005-2929.patch ---
--- lynx2-8-5/src/LYCgi.c.CVE-2005-2929 2004-02-02 20:02:28.000000000 +0000
+++ lynx2-8-5/src/LYCgi.c 2005-11-13 22:44:25.000000000 +0000
@@ -140,6 +140,40 @@
}
}
+#ifdef LYNXCGI_LINKS
+/*
+ * Wrapper for exec_ok(), confirming with user if the link text is not visible
+ * in the status line.
+ */
+static BOOL can_exec_cgi(const char *linktext, const char *linkargs)
+{
+ const char *format = gettext("Do you want to execute \"%s\"?");
+ char *message = NULL;
+ char *command = NULL;
+ char *p;
+ BOOL result = TRUE;
+
+ if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {
+ /* exec_ok gives out msg. */
+ result = FALSE;
+ } else if (user_mode < ADVANCED_MODE) {
+ StrAllocCopy(command, linktext);
+ if (non_empty(linkargs)) {
+ HTSprintf(&command, " %s", linkargs);
+ }
+ HTUnEscape(command);
+ for (p = command; *p; ++p)
+ if (*p == '+')
+ *p = ' ';
+ HTSprintf0(&message, format, command);
+ result = HTConfirm(message);
+ FREE(message);
+ FREE(command);
+ }
+ return result;
+}
+#endif /* LYNXCGI_LINKS */
+
#ifdef __MINGW32__
PRIVATE int LYLoadCGI ARGS4(
CONST char *, arg,
@@ -281,8 +315,7 @@
strcmp(arg, HTLoadedDocumentURL()) &&
HText_AreDifferent(anAnchor, arg) &&
HTUnEscape(orig_pgm) &&
- !exec_ok(HTLoadedDocumentURL(), orig_pgm,
- CGI_PATH)) { /* exec_ok gives out msg. */
+ !can_exec_cgi(orig_pgm, "")) {
/*
* If we have extra path info and are not just reloading
* the current, check the full file path (after unescaping)
@@ -313,8 +346,7 @@
!(reloading && anAnchor->document) &&
strcmp(arg, HTLoadedDocumentURL()) &&
HText_AreDifferent(anAnchor, arg) &&
- !exec_ok(HTLoadedDocumentURL(), pgm,
- CGI_PATH)) { /* exec_ok gives out msg. */
+ !can_exec_cgi(pgm, pgm_args)) {
/*
* If we are reloading a lynxcgi document that had already been
* loaded, the various checks above should allow it even if
--- lynx2-8-5/src/LYGetFile.c.CVE-2005-2929 2003-06-02 02:16:28.000000000 +0100
+++ lynx2-8-5/src/LYGetFile.c 2005-11-13 22:42:25.000000000 +0000
@@ -1478,6 +1478,8 @@
if (strstr(command,"//") == linktext) {
command += 2;
}
+ CTRACE((tfp, "comparing source\n\t'%s'\n\t'%s'\n", source, tp->src));
+ CTRACE((tfp, "comparing command\n\t'%s'\n\t'%s'\n", command, tp->path));
if (STRNADDRCOMP(source, tp->src, strlen(tp->src)) == 0 &&
STRNADDRCOMP(command, tp->path, strlen(tp->path)) == 0)
return TRUE;
--- lynx2-8-5/CHANGES.CVE-2005-2929 2005-11-13 22:41:01.000000000 +0000
+++ lynx2-8-5/CHANGES 2005-11-13 22:42:25.000000000 +0000
@@ -258,6 +258,13 @@
* correct construction of link to temporary filename in download options, did
not port to DOS-pathnames (report by LP) -TD
+2005-10-30 (2.8.6dev.15)
+* modify LYLoadCGI() to prompt user, displaying the command that would be
+ executed, to confirm that it should be. This makes it easier to notice when
+ a local program would be run by activating a lynxcgi link. This is not done
+ in advanced mode, since the URL is already visible in the status line (report
+ by vade79, comments by Greg MacManus) -TD
+
2003-06-01 (2.8.5dev.16)
* add zh_CN.po from
http://www.iro.umontreal.ca/contrib/po/maint/lynx/
Index: lynx.spec
===================================================================
RCS file: /cvs/dist/rpms/lynx/FC-4/lynx.spec,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- lynx.spec 17 Oct 2005 09:52:59 -0000 1.27
+++ lynx.spec 14 Nov 2005 11:53:55 -0000 1.28
@@ -1,7 +1,7 @@
Summary: A text-based Web browser.
Name: lynx
Version: 2.8.5
-Release: 23.1
+Release: 23.2
License: GPL
Group: Applications/Internet
Source: http://lynx.isc.org/current/lynx2.8.5rel.1.tar.bz2
@@ -9,6 +9,7 @@
Patch0: lynx-2.8.4-redhat.patch
Patch1: lynx-crash.patch
Patch2: lynx-CAN-2005-3120.patch
+Patch3: lynx-CVE-2005-2929.patch
Requires: indexhtml
Provides: webclient
BuildRequires: openssl-devel, pkgconfig, ncurses-devel >= 5.3-5, slang-devel, zlib-devel
@@ -25,6 +26,7 @@
%patch0 -p1 -b .redhat
%patch1 -p1 -b .crash
%patch2 -p1 -b .CAN-2005-3120
+%patch3 -p1 -b .CVE-2005-2929
perl -pi -e "s,^HELPFILE:.*,HELPFILE:file://localhost/usr/share/doc/lynx-%{version}/lynx_help/lynx_help_main.html,g" lynx.cfg
perl -pi -e "s,^DEFAULT_INDEX_FILE:.*,DEFAULT_INDEX_FILE:http://www.google.com/,g" lynx.cfg
perl -pi -e 's,^#LOCALE_CHARSET:.*,LOCALE_CHARSET:TRUE,' lynx.cfg
@@ -94,6 +96,9 @@
%config(noreplace,missingok) %{_sysconfdir}/lynx-site.cfg
%changelog
+* Mon Nov 14 2005 Tim Waugh <twaugh at redhat.com> 2.8.5-23.2
+- Apply patch to fix CVE-2005-2929 (bug #172973).
+
* Tue Oct 11 2005 Tim Waugh <twaugh at redhat.com> 2.8.5-23.1
- Apply patch to fix CAN-2005-3120 (bug #170253).
More information about the fedora-cvs-commits
mailing list