On Mon, Nov 27, 2006 at 11:35:07 +0100, Martin Schulze wrote: > Julien Cristau wrote: > > Hi, > > > > do the security@ people have a DSA in preparation for links and/or > > elinks for CVE-2006-5925, or should I prepare a patch for the stable > > versions too? > > As far as I know, no. Please prepare an update. > I have source packages ready at: http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/links_0.99+1.00pre12-1sarge1.dsc http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/elinks_0.10.4-7.1.dsc
Please find the debdiffs attached to this mail. Let me know if you want me to have them uploaded. Cheers, Julien
diff -u links-0.99+1.00pre12/debian/changelog
links-0.99+1.00pre12/debian/changelog
--- links-0.99+1.00pre12/debian/changelog
+++ links-0.99+1.00pre12/debian/changelog
@@ -1,3 +1,11 @@
+links (0.99+1.00pre12-1sarge1) stable-security; urgency=high
+
+ * Non-maintainer upload for stable-security.
+ * Build without smb support to fix security issue (CVE-2006-5925),
+ closes: #399187.
+
+ -- Julien Cristau <[EMAIL PROTECTED]> Mon, 27 Nov 2006 11:50:37 +0100
+
links (0.99+1.00pre12-1) unstable; urgency=low
* New upstream version 1.00pre12 (closes: #240059).
diff -u links-0.99+1.00pre12/debian/rules links-0.99+1.00pre12/debian/rules
--- links-0.99+1.00pre12/debian/rules
+++ links-0.99+1.00pre12/debian/rules
@@ -17,6 +17,8 @@
cat http.c | sed -e "s/@@PKGVERSION@@/${PKGVER}/" >
http.c.versioned ; \
mv http.c http.c.unchanged ; mv http.c.versioned http.c ; \
fi
+ # make sure Makefile.in is newer than Makefile.am
+ touch Makefile.in
./configure --without-ssl --prefix=/usr --mandir=\$${prefix}/share/man
# Add here commands to compile the package.
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/links.h
+++ links-0.99+1.00pre12/links.h
@@ -957,7 +957,7 @@
/* smb.c */
-void smb_func(struct connection *);
+/* void smb_func(struct connection *); */
/* mailto.c */
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/Makefile.am
+++ links-0.99+1.00pre12/Makefile.am
@@ -8,7 +8,7 @@
EXTRA_DIST=$(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO SITES
mailcap.pl wipe-out-ssl wipe-out-ssl.awk
bin_PROGRAMS=links
-links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c
cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c
html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c
os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c view.c
win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
+links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c
cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c
html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c
os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c win32.c
links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
datadir = $(prefix)/@DATADIRNAME@
LIBS = @LIBS@
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/Makefile.in
+++ links-0.99+1.00pre12/Makefile.in
@@ -72,7 +72,7 @@
EXTRA_DIST = $(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO
SITES mailcap.pl wipe-out-ssl wipe-out-ssl.awk
bin_PROGRAMS = links
-links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c
connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c
html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c
menu.c os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c
view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h
codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
+links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c
connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c
html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c
menu.c os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c
win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc
entity.inc uni_7b.inc language.inc rebuild rebuild.cmd
datadir = $(prefix)/@DATADIRNAME@
LIBS = @LIBS@
@@ -89,7 +89,7 @@
links_OBJECTS = af_unix.o beos.o bfu.o bookmarks.o cache.o charsets.o \
connect.o cookies.o default.o dns.o error.o file.o finger.o ftp.o \
html.o html_r.o html_tbl.o http.o https.o kbd.o kbdbind.o language.o \
-mailto.o main.o menu.o os_dep.o sched.o select.o session.o smb.o \
+mailto.o main.o menu.o os_dep.o sched.o select.o session.o \
terminal.o types.o url.o view.o win32.o
links_LDADD = $(LDADD)
links_DEPENDENCIES =
only in patch2:
unchanged:
--- links-0.99+1.00pre12.orig/url.c
+++ links-0.99+1.00pre12/url.c
@@ -16,7 +16,6 @@
{"proxy", 3128, proxy_func, NULL, 0, 1, 1, 1},
{"ftp", 21, ftp_func, NULL, 0, 1, 1, 0},
{"finger", 79, finger_func, NULL, 0, 1, 1, 0},
- {"smb", 139, smb_func, NULL, 0, 1, 1, 0},
{"mailto", 0, NULL, mailto_func, 0, 0, 0, 0},
{"telnet", 0, NULL, telnet_func, 0, 0, 0, 0},
{"tn3270", 0, NULL, tn3270_func, 0, 0, 0, 0},
diff -u elinks-0.10.4/debian/changelog elinks-0.10.4/debian/changelog --- elinks-0.10.4/debian/changelog +++ elinks-0.10.4/debian/changelog @@ -1,3 +1,11 @@ +elinks (0.10.4-7.1) stable-security; urgency=low + + * Non-maintainer upload targetted at stable-security. + * Configure with --disable-smb to fix security issue (CVE-2006-5925), + closes #399188. + + -- Julien Cristau <[EMAIL PROTECTED]> Mon, 27 Nov 2006 11:59:10 +0100 + elinks (0.10.4-7) unstable; urgency=low * Reupload due to type-handling woes (closes: #309367) diff -u elinks-0.10.4/debian/rules elinks-0.10.4/debian/rules --- elinks-0.10.4/debian/rules +++ elinks-0.10.4/debian/rules @@ -54,7 +54,7 @@ --without-x \ --with-gnutls=/usr \ --with-perl --enable-nntp --enable-256-colors --enable-leds \ - --without-spidermonkey --enable-html-highlight + --without-spidermonkey --enable-html-highlight --disable-smb # spidermonkey: libsmjs-dev # perl libperl-dev
signature.asc
Description: Digital signature
