On Mon, Nov 27, 2006 at 11:35:07 +0100, Martin Schulze wrote: > Julien Cristau wrote: > > Hi, > > > > do the security@ people have a DSA in preparation for links and/or > > elinks for CVE-2006-5925, or should I prepare a patch for the stable > > versions too? > > As far as I know, no. Please prepare an update. > I have source packages ready at: http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/links_0.99+1.00pre12-1sarge1.dsc http://www.liafa.jussieu.fr/~jcristau/debian/CVE-2006-5925/elinks_0.10.4-7.1.dsc
Please find the debdiffs attached to this mail. Let me know if you want me to have them uploaded. Cheers, Julien
diff -u links-0.99+1.00pre12/debian/changelog links-0.99+1.00pre12/debian/changelog --- links-0.99+1.00pre12/debian/changelog +++ links-0.99+1.00pre12/debian/changelog @@ -1,3 +1,11 @@ +links (0.99+1.00pre12-1sarge1) stable-security; urgency=high + + * Non-maintainer upload for stable-security. + * Build without smb support to fix security issue (CVE-2006-5925), + closes: #399187. + + -- Julien Cristau <[EMAIL PROTECTED]> Mon, 27 Nov 2006 11:50:37 +0100 + links (0.99+1.00pre12-1) unstable; urgency=low * New upstream version 1.00pre12 (closes: #240059). diff -u links-0.99+1.00pre12/debian/rules links-0.99+1.00pre12/debian/rules --- links-0.99+1.00pre12/debian/rules +++ links-0.99+1.00pre12/debian/rules @@ -17,6 +17,8 @@ cat http.c | sed -e "s/@@PKGVERSION@@/${PKGVER}/" > http.c.versioned ; \ mv http.c http.c.unchanged ; mv http.c.versioned http.c ; \ fi + # make sure Makefile.in is newer than Makefile.am + touch Makefile.in ./configure --without-ssl --prefix=/usr --mandir=\$${prefix}/share/man # Add here commands to compile the package. only in patch2: unchanged: --- links-0.99+1.00pre12.orig/links.h +++ links-0.99+1.00pre12/links.h @@ -957,7 +957,7 @@ /* smb.c */ -void smb_func(struct connection *); +/* void smb_func(struct connection *); */ /* mailto.c */ only in patch2: unchanged: --- links-0.99+1.00pre12.orig/Makefile.am +++ links-0.99+1.00pre12/Makefile.am @@ -8,7 +8,7 @@ EXTRA_DIST=$(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO SITES mailcap.pl wipe-out-ssl wipe-out-ssl.awk bin_PROGRAMS=links -links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd +links_SOURCES=af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd datadir = $(prefix)/@DATADIRNAME@ LIBS = @LIBS@ only in patch2: unchanged: --- links-0.99+1.00pre12.orig/Makefile.in +++ links-0.99+1.00pre12/Makefile.in @@ -72,7 +72,7 @@ EXTRA_DIST = $(man_MANS) Unicode/* intl/* config2.h Makefile.gen BUGS TODO SITES mailcap.pl wipe-out-ssl wipe-out-ssl.awk bin_PROGRAMS = links -links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c os_dep.c sched.c select.c session.c smb.c terminal.c types.c url.c view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd +links_SOURCES = af_unix.c beos.c bfu.c bookmarks.c cache.c charsets.c connect.c cookies.c default.c dns.c error.c file.c finger.c ftp.c html.c html_r.c html_tbl.c http.c https.c kbd.c kbdbind.c language.c mailto.c main.c menu.c os_dep.c sched.c select.c session.c terminal.c types.c url.c view.c win32.c links.h os_dep.h os_depx.h setup.h codepage.h language.h codepage.inc entity.inc uni_7b.inc language.inc rebuild rebuild.cmd datadir = $(prefix)/@DATADIRNAME@ LIBS = @LIBS@ @@ -89,7 +89,7 @@ links_OBJECTS = af_unix.o beos.o bfu.o bookmarks.o cache.o charsets.o \ connect.o cookies.o default.o dns.o error.o file.o finger.o ftp.o \ html.o html_r.o html_tbl.o http.o https.o kbd.o kbdbind.o language.o \ -mailto.o main.o menu.o os_dep.o sched.o select.o session.o smb.o \ +mailto.o main.o menu.o os_dep.o sched.o select.o session.o \ terminal.o types.o url.o view.o win32.o links_LDADD = $(LDADD) links_DEPENDENCIES = only in patch2: unchanged: --- links-0.99+1.00pre12.orig/url.c +++ links-0.99+1.00pre12/url.c @@ -16,7 +16,6 @@ {"proxy", 3128, proxy_func, NULL, 0, 1, 1, 1}, {"ftp", 21, ftp_func, NULL, 0, 1, 1, 0}, {"finger", 79, finger_func, NULL, 0, 1, 1, 0}, - {"smb", 139, smb_func, NULL, 0, 1, 1, 0}, {"mailto", 0, NULL, mailto_func, 0, 0, 0, 0}, {"telnet", 0, NULL, telnet_func, 0, 0, 0, 0}, {"tn3270", 0, NULL, tn3270_func, 0, 0, 0, 0},
diff -u elinks-0.10.4/debian/changelog elinks-0.10.4/debian/changelog --- elinks-0.10.4/debian/changelog +++ elinks-0.10.4/debian/changelog @@ -1,3 +1,11 @@ +elinks (0.10.4-7.1) stable-security; urgency=low + + * Non-maintainer upload targetted at stable-security. + * Configure with --disable-smb to fix security issue (CVE-2006-5925), + closes #399188. + + -- Julien Cristau <[EMAIL PROTECTED]> Mon, 27 Nov 2006 11:59:10 +0100 + elinks (0.10.4-7) unstable; urgency=low * Reupload due to type-handling woes (closes: #309367) diff -u elinks-0.10.4/debian/rules elinks-0.10.4/debian/rules --- elinks-0.10.4/debian/rules +++ elinks-0.10.4/debian/rules @@ -54,7 +54,7 @@ --without-x \ --with-gnutls=/usr \ --with-perl --enable-nntp --enable-256-colors --enable-leds \ - --without-spidermonkey --enable-html-highlight + --without-spidermonkey --enable-html-highlight --disable-smb # spidermonkey: libsmjs-dev # perl libperl-dev
signature.asc
Description: Digital signature