Backport links+-2.0.14 to -stable (was: Re: [UPDATE] www/links+ to 2.14)

Thu, 01 Dec 2016 02:10:41 -0800 

Jeremie Courreges-Anglas <j...@wxcvbn.org> writes:

> trondd <tro...@kagu-tsuchi.com> writes:
>
>> Update links+ to 2.14
>>
>> Fixes some security related issues:
>>
>> * Limit keepalive of ciphers with 64-bit block size to mitigate
>> the SWEET32 attack
>> * Improved tor hardening - when the user toggles the "Only Proxies" option
>> (i.e. when connecting to tor), we reset certain other options to their
>> default values, so that it is not possible to identify user behind tor
>> based on the selected options.
>> * Security bug fixed: Don't load or render the content of
>> "407 Proxy Authentication Required" reply when using https proxy.
>> This avoids the FalseCONNECT attack.
>> Also, don't allow 401 and 407 responses to set cookies.
>
> Should this be backported to -stable?

It appears so, as discussed with Tim.  Could someone give this a shot
on -stable?  Please include the output of
''make port-lib-depends-check''.


Index: Makefile
===================================================================
RCS file: /d/cvs/ports/www/links+/Makefile,v
retrieving revision 1.58
diff -u -p -r1.58 Makefile
--- Makefile    17 Jan 2016 17:29:10 -0000      1.58
+++ Makefile    1 Dec 2016 09:58:08 -0000
@@ -1,8 +1,7 @@
 # $OpenBSD: Makefile,v 1.58 2016/01/17 17:29:10 sthen Exp $
 
 COMMENT=       graphics and text browser
-VER=           2.12
-REVISION=      0
+VER=           2.14
 DISTNAME=      links-${VER}
 PKGNAME=       links+-${VER}
 CATEGORIES=    www
@@ -34,7 +33,7 @@ LIB_DEPENDS+= graphics/jpeg \
 CONFIGURE_ARGS+= --with-x --enable-graphics
 WANTLIB+=      X11 jpeg>=62 m png>=2 tiff>=35
 WANTLIB +=     cairo event gdk_pixbuf-2.0 gio-2.0 glib-2.0 gobject-2.0
-WANTLIB +=     rsvg-2
+WANTLIB +=     rsvg-2 fontconfig
 
 MESSAGE=       ${PKGDIR}/MESSAGE.x11
 .endif
Index: distinfo
===================================================================
RCS file: /d/cvs/ports/www/links+/distinfo,v
retrieving revision 1.29
diff -u -p -r1.29 distinfo
--- distinfo    6 Oct 2015 22:43:50 -0000       1.29
+++ distinfo    1 Dec 2016 09:51:54 -0000
@@ -1,2 +1,2 @@
-SHA256 (links-2.12.tar.gz) = Lj2mGT3p1u5xvEvqsXFp7MWNfL8uIBkqP1GO2ffyLjM=
-SIZE (links-2.12.tar.gz) = 7032939
+SHA256 (links-2.14.tar.gz) = IvqNy1pguP/WEd4x69THntzkcmN6NVS6tAF5XakdQ4c=
+SIZE (links-2.14.tar.gz) = 7142389
Index: patches/patch-html_c
===================================================================
RCS file: /d/cvs/ports/www/links+/patches/patch-html_c,v
retrieving revision 1.15
diff -u -p -r1.15 patch-html_c
--- patches/patch-html_c        20 Sep 2015 08:01:09 -0000      1.15
+++ patches/patch-html_c        1 Dec 2016 09:53:25 -0000
@@ -1,7 +1,7 @@
 $OpenBSD: patch-html_c,v 1.15 2015/09/20 08:01:09 landry Exp $
---- html.c.orig        Sat Jul 25 13:41:36 2015
-+++ html.c     Sun Sep 20 09:33:31 2015
-@@ -970,6 +970,7 @@ static void html_a(unsigned char *a)
+--- html.c.orig        Wed Nov 16 23:49:10 2016
++++ html.c     Thu Dec  1 10:53:25 2016
+@@ -987,6 +987,7 @@ static void html_a(unsigned char *a)
                        format_.target = stracpy(format_.target_base);
                }
                /*format_.attr ^= AT_BOLD;*/
Index: patches/patch-https_c
===================================================================
RCS file: /d/cvs/ports/www/links+/patches/patch-https_c,v
retrieving revision 1.3
diff -u -p -r1.3 patch-https_c
--- patches/patch-https_c       6 Oct 2015 22:43:50 -0000       1.3
+++ patches/patch-https_c       1 Dec 2016 09:56:30 -0000
@@ -1,11 +1,11 @@
 $OpenBSD: patch-https_c,v 1.3 2015/10/06 22:43:50 sthen Exp $
---- https.c.orig       Thu Sep 17 18:28:56 2015
-+++ https.c    Tue Oct  6 10:49:16 2015
-@@ -87,6 +87,10 @@ SSL *getSSL(void)
-                       if (RAND_load_file(cast_const_char f_randfile, -1))
-                               RAND_write_file(cast_const_char f_randfile);
+--- https.c.orig       Sat Nov 19 19:52:07 2016
++++ https.c    Thu Dec  1 10:56:17 2016
+@@ -88,6 +88,10 @@ links_ssl *getSSL(void)
+                                       RAND_write_file(cast_const_char 
f_randfile);
+                       }
                }
-+#elif defined(HAVE_RAND_FILE_NAME) && defined(HAVE_RAND_LOAD_FILE) && 
defined(HAVE_RAND_WRITE_FILE)
++#elif defined(HAVE_RAND_EGD) && defined(HAVE_RAND_FILE_NAME) && 
defined(HAVE_RAND_LOAD_FILE) && defined(HAVE_RAND_WRITE_FILE)
 +              const unsigned char *f = (const unsigned char 
*)RAND_file_name(cast_char f_randfile, sizeof(f_randfile));
 +              if (RAND_load_file(cast_const_char f_randfile, -1))
 +                      RAND_write_file(cast_const_char f_randfile);

-- 
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE 1524 E7EE

Reply via email to