Date: Mon, 26 Aug 2002 18:06:04 +0900 (JST) From: KOMATSU Shinichiro <koma2@jiro.c.u-tokyo.ac.jp> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/42024: Update www/lynx to 2.8.4.1c (contains security fix) Message-ID: <20020826090604.D20F9193A@taro.c.u-tokyo.ac.jp>
next in thread | raw e-mail | index | archive | help
>Number: 42024
>Category: ports
>Synopsis: Update www/lynx to 2.8.4.1c (contains security fix)
>Confidential: no
>Severity: serious
>Priority: high
>Responsible: freebsd-ports
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: update
>Submitter-Id: current-users
>Arrival-Date: Mon Aug 26 02:10:01 PDT 2002
>Closed-Date:
>Last-Modified:
>Originator: KOMATSU Shinichiro
>Release: FreeBSD 4.6.2-RELEASE i386
>Organization:
>Environment:
FreeBSD 4.6.2-RELEASE i386
>Description:
- [security] Update to 2.8.4rel.1c.
This patch fixes the "Lynx CRLF Injection". See
http://online.securityfocus.com/archive/1/288054
http://online.securityfocus.com/archive/1/288620
for details.
- Change patch site to ftp://lynx.isc.org/lynx/lynx2.8.4/patches/.
The patches on this site are slightly different from previous ones.
>How-To-Repeat:
>Fix:
Index: Makefile
===================================================================
RCS file: /home/ncvs/ports/www/lynx/Makefile,v
retrieving revision 1.99
diff -u -u -r1.99 Makefile
--- Makefile 2 Apr 2002 16:04:24 -0000 1.99
+++ Makefile 26 Aug 2002 08:53:58 -0000
@@ -6,14 +6,16 @@
#
PORTNAME= lynx
-PORTVERSION= 2.8.4.1b
-PORTREVISION= 1
+PORTVERSION= 2.8.4.1c
+PORTREVISION= 0
CATEGORIES= www ipv6
MASTER_SITES= http://lynx.isc.org/current/
DISTNAME= ${PORTNAME}2.8.4rel.1
-PATCH_SITES= http://lynx.isc.org/current/
-PATCHFILES= lynx2.8.4rel.1a.patch.gz lynx2.8.4rel.1b.patch.gz
+PATCH_SITES= ftp://lynx.isc.org/lynx/lynx2.8.4/patches/
+PATCHFILES= lynx2.8.4rel.1a.patch \
+ lynx2.8.4rel.1b.patch \
+ lynx2.8.4rel.1c.patch
MAINTAINER= ports@FreeBSD.org
Index: distinfo
===================================================================
RCS file: /home/ncvs/ports/www/lynx/distinfo,v
retrieving revision 1.128
diff -u -u -r1.128 distinfo
--- distinfo 16 Jan 2002 19:46:33 -0000 1.128
+++ distinfo 26 Aug 2002 08:53:58 -0000
@@ -1,3 +1,4 @@
MD5 (lynx2.8.4rel.1.tar.bz2) = 6916c0127839f1e454052b683e4691c4
-MD5 (lynx2.8.4rel.1a.patch.gz) = 84a00365afe757edabdb55cb6d73e10d
-MD5 (lynx2.8.4rel.1b.patch.gz) = 34e2c40e93c412e792a7989f30619662
+MD5 (lynx2.8.4rel.1a.patch) = d209e52d8182c7c12d784e90c0890ee4
+MD5 (lynx2.8.4rel.1b.patch) = a687a3d2465d5fd42ce686485dbf71eb
+MD5 (lynx2.8.4rel.1c.patch) = 728c8dfde1484b68940673ccf060707e
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020826090604.D20F9193A>