From 20c4a7381e30d5095d9df02e58ec44b0959c3eb0 Mon Sep 17 00:00:00 2001 From: xhaa123 Date: Mon, 18 Nov 2024 20:59:21 +0800 Subject: [PATCH] lynx 2.8.9rel.1-1 --- PKGBUILD | 54 ++++++++++++++++++++++++++++ lynx-2.8.9rel.1-security_fix-1.patch | 43 ++++++++++++++++++++++ 2 files changed, 97 insertions(+) create mode 100644 PKGBUILD create mode 100644 lynx-2.8.9rel.1-security_fix-1.patch diff --git a/PKGBUILD b/PKGBUILD new file mode 100644 index 0000000..70f60e1 --- /dev/null +++ b/PKGBUILD @@ -0,0 +1,54 @@ +# Maintainer: Future Linux Team + +pkgname=lynx +pkgver=2.8.9rel.1 +pkgrel=1 +pkgdesc="A text browser for the World Wide Web" +arch=('x86_64') +url="https://lynx.invisible-island.net/" +license=('GPL-2.0-only') +depends=('brotli' 'bzip2' 'glibc' 'libidn2' 'ncurses' 'openssl' 'zlib') +backup=(etc/lynx/lynx.cfg) +options=('!lto') +source=(https://invisible-mirror.net/archives/lynx/tarballs/${pkgname}${pkgver}.tar.bz2 + ${pkgname}-${pkgver}-security_fix-1.patch) +sha256sums=(387f193d7792f9cfada14c60b0e5c0bff18f227d9257a39483e14fa1aaf79595 + 35c4bd61c8bce6887efeeb0979d39dc65a8ebf9df4433df45362ce7a970f02f6) + +prepare() { + cd ${pkgname}${pkgver} + + patch -Np1 -i ${srcdir}/${pkgname}-${pkgver}-security_fix-1.patch +} + +build() { + cd ${pkgname}${pkgver} + + ${CONFIGURE} \ + --sysconfdir=/etc/lynx \ + --with-zlib \ + --with-bzlib \ + --with-ssl \ + --with-screen=ncursesw \ + --enable-locale-charset \ + --enable-ipv6 \ + --enable-nls \ + --datadir=/usr/share/doc/${pkgname}-${pkgver} + + make +} + +package() { + cd ${pkgname}${pkgver} + + make DESTDIR=${pkgdir} install-full + + chgrp -v -R root ${pkgdir}/usr/share/doc/${pkgname}-${pkgver}/lynx_doc + + sed -e '/#LOCALE/ a LOCALE_CHARSET:TRUE' \ + -i ${pkgdir}/etc/lynx/lynx.cfg + sed -e '/#DEFAULT_ED/ a DEFAULT_EDITOR:vi' \ + -i ${pkgdir}/etc/lynx/lynx.cfg + sed -e '/#PERSIST/ a PERSISTENT_COOKIES:TRUE' \ + -i ${pkgdir}/etc/lynx/lynx.cfg +} diff --git a/lynx-2.8.9rel.1-security_fix-1.patch b/lynx-2.8.9rel.1-security_fix-1.patch new file mode 100644 index 0000000..3365098 --- /dev/null +++ b/lynx-2.8.9rel.1-security_fix-1.patch @@ -0,0 +1,43 @@ +Submitted By: Douglas R. Reno +Date: 2021-12-18 +Initial Package Version: 2.8.9rel.1 +Upstream Status: Applied +Origin: Arch Linux (https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff) +Description: Fixes CVE-2021-38165 in Lynx, which allows for + usernames and passwords to be transmitted in cleartext + anytime an HTTPS connection is used. + +diff -Naurp lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c +--- lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c 2018-05-04 15:07:43.000000000 -0500 ++++ lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c 2021-12-18 14:12:57.503796366 -0600 +@@ -761,6 +761,22 @@ static char *StripIpv6Brackets(char *hos + return host; + } + #endif ++/* ++ * Remove user/password, if any, from the given host-string. ++ */ ++#ifdef USE_SSL ++static char *StripUserAuthents(char *host) ++{ ++ char *p = strchr(host, '@'); ++ ++ if (p != NULL) { ++ char *q = host; ++ ++ while ((*q++ = *++p) != '\0') ; ++ } ++ return host; ++} ++#endif + + /* Load Document from HTTP Server HTLoadHTTP() + * ============================== +@@ -957,6 +973,7 @@ static int HTLoadHTTP(const char *arg, + /* get host we're connecting to */ + ssl_host = HTParse(url, "", PARSE_HOST); + ssl_host = StripIpv6Brackets(ssl_host); ++ ssl_host = StripUserAuthents(ssl_host); + #if defined(USE_GNUTLS_FUNCS) + ret = gnutls_server_name_set(handle->gnutls_state, + GNUTLS_NAME_DNS,