Hello,
On Mon, Nov 27, 2006 at 12:09:56PM +0100, Julien Cristau wrote:
> On Mon, Nov 27, 2006 at 11:35:07 +0100, Martin Schulze wrote:
>
> > Julien Cristau wrote:
> > > Hi,
> > >
> > > do the security@ people have a DSA in preparation for links and/or
> > > elinks for CVE-2006-5925, or should I prepare a patch for the stable
> > > versions too?
> >
> > As far as I know, no. Please prepare an update.
> >
> I have source packages ready at:
> http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/links_0.99+1.00pre12-1sarge1.dsc
> http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/elinks_0.10.4-7.1.dsc
links2 is vulnerable too. The links patch needed a tweak for links2
but result is attached.
-Mikko
diff -u links2-2.1pre16/config.sub links2-2.1pre16/config.sub
--- links2-2.1pre16/config.sub
+++ links2-2.1pre16/config.sub
@@ -1,9 +1,9 @@
#! /bin/sh
# Configuration validation subroutine script.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2004-11-30'
+timestamp='2005-04-22'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@@ -70,7 +70,7 @@
version="\
GNU config.sub ($timestamp)
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004, 2005
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@@ -231,13 +231,14 @@
| alpha64 | alpha64ev[4-8] | alpha64ev56 | alpha64ev6[78] |
alpha64pca5[67] \
| am33_2.0 \
| arc | arm | arm[bl]e | arme[lb] | armv[2345] | armv[345][lb] | avr \
+ | bfin \
| c4x | clipper \
| d10v | d30v | dlx | dsp16xx \
| fr30 | frv \
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
- | m32r | m32rle | m68000 | m68k | m88k | mcore \
+ | m32r | m32rle | m68000 | m68k | m88k | maxq | mcore \
| mips | mipsbe | mipseb | mipsel | mipsle \
| mips16 \
| mips64 | mips64el \
@@ -262,7 +263,8 @@
| pyramid \
| sh | sh[1234] | sh[23]e | sh[34]eb | shbe | shle | sh[1234]le |
sh3ele \
| sh64 | sh64le \
- | sparc | sparc64 | sparc86x | sparclet | sparclite | sparcv8 | sparcv9
| sparcv9b \
+ | sparc | sparc64 | sparc64b | sparc86x | sparclet | sparclite \
+ | sparcv8 | sparcv9 | sparcv9b \
| strongarm \
| tahoe | thumb | tic4x | tic80 | tron \
| v850 | v850e \
@@ -298,7 +300,7 @@
| alphapca5[67]-* | alpha64pca5[67]-* | arc-* \
| arm-* | armbe-* | armle-* | armeb-* | armv*-* \
| avr-* \
- | bs2000-* \
+ | bfin-* | bs2000-* \
| c[123]* | c30-* | [cjt]90-* | c4x-* | c54x-* | c55x-* | c6x-* \
| clipper-* | craynv-* | cydra-* \
| d10v-* | d30v-* | dlx-* \
@@ -310,7 +312,7 @@
| ip2k-* | iq2000-* \
| m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
- | m88110-* | m88k-* | mcore-* \
+ | m88110-* | m88k-* | maxq-* | mcore-* \
| mips-* | mipsbe-* | mipseb-* | mipsel-* | mipsle-* \
| mips16-* \
| mips64-* | mips64el-* \
@@ -336,7 +338,8 @@
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[23]e-* | sh[34]eb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
- | sparc-* | sparc64-* | sparc86x-* | sparclet-* | sparclite-* \
+ | sparc-* | sparc64-* | sparc64b-* | sparc86x-* | sparclet-* \
+ | sparclite-* \
| sparcv8-* | sparcv9-* | sparcv9b-* | strongarm-* | sv1-* | sx?-* \
| tahoe-* | thumb-* \
| tic30-* | tic4x-* | tic54x-* | tic55x-* | tic6x-* | tic80-* \
diff -u links2-2.1pre16/debian/changelog links2-2.1pre16/debian/changelog
--- links2-2.1pre16/debian/changelog
+++ links2-2.1pre16/debian/changelog
@@ -1,3 +1,9 @@
+links2 (2.1pre16-1.0.0.mcf01) unstable; urgency=low
+
+ * try to disable smb
+
+ -- Mikko Rapeli <[EMAIL PROTECTED]> Tue, 28 Nov 2006 00:11:10 +0200
+
links2 (2.1pre16-1) unstable; urgency=low
* New upstream version. (Closes: #267686)
diff -u links2-2.1pre16/config.guess links2-2.1pre16/config.guess
--- links2-2.1pre16/config.guess
+++ links2-2.1pre16/config.guess
@@ -1,9 +1,9 @@
#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999,
-# 2000, 2001, 2002, 2003, 2004 Free Software Foundation, Inc.
+# 2000, 2001, 2002, 2003, 2004, 2005 Free Software Foundation, Inc.
-timestamp='2004-11-12'
+timestamp='2005-04-22'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@@ -53,7 +53,7 @@
GNU config.guess ($timestamp)
Originally written by Per Bothner.
-Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004
+Copyright (C) 1992, 1993, 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001,
2002, 2003, 2004, 2005
Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
@@ -804,6 +804,9 @@
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit 0 ;;
+ amd64:CYGWIN*:*:*)
+ echo x86_64-unknown-cygwin
+ exit 0 ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit 0 ;;
@@ -1137,6 +1140,10 @@
# From [EMAIL PROTECTED]
echo i860-stratus-sysv4
exit 0 ;;
+ i*86:VOS:*:*)
+ # From [EMAIL PROTECTED]
+ echo ${UNAME_MACHINE}-stratus-vos
+ exit 0 ;;
*:VOS:*:*)
# From [EMAIL PROTECTED]
echo hppa1.1-stratus-vos
@@ -1197,6 +1204,9 @@
*:QNX:*:4*)
echo i386-pc-qnx
exit 0 ;;
+ NSE-?:NONSTOP_KERNEL:*:*)
+ echo nse-tandem-nsk${UNAME_RELEASE}
+ exit 0 ;;
NSR-?:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit 0 ;;
@@ -1413,7 +1423,9 @@
the operating system you are using. It is advised that you
download the most up to date version of the config scripts from
- ftp://ftp.gnu.org/pub/gnu/config/
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.guess
+and
+ http://savannah.gnu.org/cgi-bin/viewcvs/*checkout*/config/config/config.sub
If the version you run ($0) is already up to date, please
send the following data and any information you think might be
only in patch2:
unchanged:
--- links2-2.1pre16.orig/Makefile.am
+++ links2-2.1pre16/Makefile.am
@@ -13,7 +13,7 @@
else
endif
-links_SOURCES=af_unix.c auth.c beos.c bfu.c block.c bookmarks.c builtin.c
cache.c charsets.c connect.c context.c cookies.c default.c dip.c directfb.c
directfb_cursors.h dither.c dns.c drivers.c error.c file.c finger.c
font_include.c framebuffer.c ftp.c gif.c html.c html_gr.c html_r.c html_tbl.c
http.c https.c img.c imgcache.c ipret.c javascr.c javascript.c jpeg.c jsint.c
kbd.c language.c links_icon.c listedit.c lru.c mailto.c main.c md5.c md5hl.c
menu.c memory.c ns.c objreq.c os_dep.c pmshell.c png.c pomocny.c sched.c sdl.c
select.c session.c smb.c svgalib.c terminal.c tiff.c types.c url.c view.c
view_gr.c win32.c x.c xbm.c links.h cfg.h os_dep.h os_depx.h setup.h codepage.h
language.h codepage.inc entity.inc uni_7b.inc language.inc arrow.inc md5.h ns.h
struct.h tree.h typy.h ipret.h javascript.h builtin.h builtin_keys.h bits.h
sdl_data.inc
+links_SOURCES=af_unix.c auth.c beos.c bfu.c block.c bookmarks.c builtin.c
cache.c charsets.c connect.c context.c cookies.c default.c dip.c directfb.c
directfb_cursors.h dither.c dns.c drivers.c error.c file.c finger.c
font_include.c framebuffer.c ftp.c gif.c html.c html_gr.c html_r.c html_tbl.c
http.c https.c img.c imgcache.c ipret.c javascr.c javascript.c jpeg.c jsint.c
kbd.c language.c links_icon.c listedit.c lru.c mailto.c main.c md5.c md5hl.c
menu.c memory.c ns.c objreq.c os_dep.c pmshell.c png.c pomocny.c sched.c sdl.c
select.c session.c svgalib.c terminal.c tiff.c types.c url.c view.c view_gr.c
win32.c x.c xbm.c links.h cfg.h os_dep.h os_depx.h setup.h codepage.h
language.h codepage.inc entity.inc uni_7b.inc language.inc arrow.inc md5.h ns.h
struct.h tree.h typy.h ipret.h javascript.h builtin.h builtin_keys.h bits.h
sdl_data.inc
dist-hook:
#remove the symlinka:
only in patch2:
unchanged:
--- links2-2.1pre16.orig/Makefile.in
+++ links2-2.1pre16/Makefile.in
@@ -77,7 +77,7 @@
@[EMAIL PROTECTED] = atheos.o
-links_SOURCES = af_unix.c auth.c beos.c bfu.c block.c bookmarks.c builtin.c
cache.c charsets.c connect.c context.c cookies.c default.c dip.c directfb.c
directfb_cursors.h dither.c dns.c drivers.c error.c file.c finger.c
font_include.c framebuffer.c ftp.c gif.c html.c html_gr.c html_r.c html_tbl.c
http.c https.c img.c imgcache.c ipret.c javascr.c javascript.c jpeg.c jsint.c
kbd.c language.c links_icon.c listedit.c lru.c mailto.c main.c md5.c md5hl.c
menu.c memory.c ns.c objreq.c os_dep.c pmshell.c png.c pomocny.c sched.c sdl.c
select.c session.c smb.c svgalib.c terminal.c tiff.c types.c url.c view.c
view_gr.c win32.c x.c xbm.c links.h cfg.h os_dep.h os_depx.h setup.h codepage.h
language.h codepage.inc entity.inc uni_7b.inc language.inc arrow.inc md5.h ns.h
struct.h tree.h typy.h ipret.h javascript.h builtin.h builtin_keys.h bits.h
sdl_data.inc
+links_SOURCES = af_unix.c auth.c beos.c bfu.c block.c bookmarks.c builtin.c
cache.c charsets.c connect.c context.c cookies.c default.c dip.c directfb.c
directfb_cursors.h dither.c dns.c drivers.c error.c file.c finger.c
font_include.c framebuffer.c ftp.c gif.c html.c html_gr.c html_r.c html_tbl.c
http.c https.c img.c imgcache.c ipret.c javascr.c javascript.c jpeg.c jsint.c
kbd.c language.c links_icon.c listedit.c lru.c mailto.c main.c md5.c md5hl.c
menu.c memory.c ns.c objreq.c os_dep.c pmshell.c png.c pomocny.c sched.c sdl.c
select.c session.c svgalib.c terminal.c tiff.c types.c url.c view.c view_gr.c
win32.c x.c xbm.c links.h cfg.h os_dep.h os_depx.h setup.h codepage.h
language.h codepage.inc entity.inc uni_7b.inc language.inc arrow.inc md5.h ns.h
struct.h tree.h typy.h ipret.h javascript.h builtin.h builtin_keys.h bits.h
sdl_data.inc
CXXFLAGS = @CXXFLAGS@
@@ -101,7 +101,7 @@
javascript.o jpeg.o jsint.o kbd.o language.o links_icon.o listedit.o \
lru.o mailto.o main.o md5.o md5hl.o menu.o memory.o ns.o objreq.o \
os_dep.o pmshell.o png.o pomocny.o sched.o sdl.o select.o session.o \
-smb.o svgalib.o terminal.o tiff.o types.o url.o view.o view_gr.o \
+svgalib.o terminal.o tiff.o types.o url.o view.o view_gr.o \
win32.o x.o xbm.o
@[EMAIL PROTECTED] = atheos.o
links_LDFLAGS =
only in patch2:
unchanged:
--- links2-2.1pre16.orig/url.c
+++ links2-2.1pre16/url.c
@@ -21,7 +21,6 @@
{"proxy", 3128, proxy_func, NULL, 0, 1, 1, 1},
{"ftp", 21, ftp_func, NULL, 0, 1, 1, 0},
{"finger", 79, finger_func, NULL, 0, 1, 1, 0},
- {"smb", 139, smb_func, NULL, 0, 1, 1, 0},
{"mailto", 0, NULL, mailto_func, 0, 0, 0, 0},
{"telnet", 0, NULL, telnet_func, 0, 0, 0, 0},
{"tn3270", 0, NULL, tn3270_func, 0, 0, 0, 0},
only in patch2:
unchanged:
--- links2-2.1pre16.orig/links.h
+++ links2-2.1pre16/links.h
@@ -1232,7 +1232,7 @@
/* smb.c */
-void smb_func(struct connection *);
+/* void smb_func(struct connection *); */
/* mailto.c */
