[packages/lynx] remove CVE-2008-4690 patch dropped from spec in 8c36682

atler atler at pld-linux.org
Mon Oct 4 19:05:34 CEST 2021 

commit 2c79326063936dc601d8ebbb6a452c83af11927f
Author: Jan Palus <atler at pld-linux.org>
Date:   Mon Oct 4 19:04:57 2021 +0200

    remove CVE-2008-4690 patch dropped from spec in 8c36682

 lynx-CVE-2008-4690.patch | 36 ------------------------------------
 1 file changed, 36 deletions(-)
---
diff --git a/lynx-CVE-2008-4690.patch b/lynx-CVE-2008-4690.patch
deleted file mode 100644
index 5f8e375..0000000
--- a/lynx-CVE-2008-4690.patch
+++ /dev/null
@@ -1,36 +0,0 @@
---- lynx2-8-6/CHANGES.old	2008-11-06 15:29:26.000000000 +0100
-+++ lynx2-8-6/CHANGES	2008-11-06 15:32:44.000000000 +0100
-@@ -1,5 +1,11 @@
- Changes since Lynx 2.8 release
- ===============================================================================
-+2008-10-26 
-+* modify patch for CVE-2005-2929 to prompt user before executing command via 
-+  a lynxcgi link even in advanced mode, as the actual URL may not be shown but 
-+  hidden behind an HTTP redirect 
-+* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default 
-+  [CVE-2008-4690] 
- 
- 2007-05-09 (2.8.6rel.5 fix from 2.8.7dev.5)
- * correct loop-limit in print_crawl_to_fd(), which broke
---- lynx2-8-6/src/LYCgi.c.old	2008-11-06 15:29:58.000000000 +0100
-+++ lynx2-8-6/src/LYCgi.c	2008-11-06 15:30:53.000000000 +0100
-@@ -165,7 +165,7 @@ static BOOL can_exec_cgi(const char *lin
-     if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {
- 	/* exec_ok gives out msg. */
- 	result = FALSE;
--    } else if (user_mode < ADVANCED_MODE) {
-+    } else {
- 	StrAllocCopy(command, linktext);
- 	if (non_empty(linkargs)) {
- 	    HTSprintf(&command, " %s", linkargs);
---- lynx2-8-5.orig/lynx.cfg	2008-10-26 21:45:02.000000000 +0100
-+++ lynx2-8-5/lynx.cfg	2008-10-26 21:45:38.000000000 +0100
-@@ -997,7 +997,7 @@ CHARACTER_SET:utf-8
- # ====
- # Do not define this.
- #
--#TRUSTED_LYNXCGI:none
-+TRUSTED_LYNXCGI:none
- 
- 
- .h2 LYNXCGI_ENVIRONMENT
================================================================

---- gitweb:

http://git.pld-linux.org/gitweb.cgi/packages/lynx.git/commitdiff/2c79326063936dc601d8ebbb6a452c83af11927f

More information about the pld-cvs-commit mailing list