# HG changeset patch
# User Pascal Bellard <pascal.bellard@slitaz.org>
# Date 1649316018 0
# Node ID 617f7ee416b11098dbffb01068dc1069b82f5188
# Parent  9aa1f88b45dbf527ef814e56f68d5fa624f3dc74
lynx: use ncursesw (tanks ceel)

diff -r 9aa1f88b45db -r 617f7ee416b1 lynx/receipt
--- a/lynx/receipt	Tue Apr 05 09:06:43 2022 +0000
+++ b/lynx/receipt	Thu Apr 07 07:20:18 2022 +0000
@@ -6,14 +6,14 @@
 SHORT_DESC="Terminal-based text-only browser."
 MAINTAINER="samuel_trassare@yahoo.com"
 LICENSE="GPL2"
-WEB_SITE="https://lynx.browser.org/"
+WEB_SITE="https://lynx.invisible-island.net/"
 
 TARBALL="$PACKAGE${VERSION/rel/rel.}.tar.bz2"
 WGET_URL="https://invisible-mirror.net/archives/$PACKAGE/tarballs/$TARBALL"
 
 # Will require build dep libtirpc after glibc is upgraded to 2.14.
-DEPENDS="libssl ncurses zlib"
-BUILD_DEPENDS="ncurses-dev openssl-dev zlib-dev"
+DEPENDS="libssl ncursesw zlib"
+BUILD_DEPENDS="libtirpc ncursesw-dev openssl-dev zlib-dev patch"
 
 HOST_ARCH="i486 arm"
 
@@ -27,6 +27,9 @@
 # Rules to configure and make the package.
 compile_rules()
 {
+	# LFS security patch
+	patch -Np1 -i $stuff/lynx-2.8.9rel.1-security_fix-1.patch || return 1
+
 	./configure $CONFIGURE_ARGS	\
 		--sysconfdir=/etc	\
 		--mandir=/usr/share/man	\
@@ -36,8 +39,9 @@
 		--with-ssl		\
 		--with-gnutls		\
 		--with-zlib		\
+		--with-screen=ncursesw	\
 		--with-nss-compat &&
-	make -j 1 && 
+	make && 
 	make install
 }
 
diff -r 9aa1f88b45db -r 617f7ee416b1 lynx/stuff/lynx-2.8.9rel.1-security_fix-1.patch
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/lynx/stuff/lynx-2.8.9rel.1-security_fix-1.patch	Thu Apr 07 07:20:18 2022 +0000
@@ -0,0 +1,43 @@
+Submitted By:            Douglas R. Reno <renodr at linuxfromscratch dot org>
+Date:                    2021-12-18
+Initial Package Version: 2.8.9rel.1
+Upstream Status:         Applied
+Origin:                  Arch Linux (https://github.com/archlinux/svntogit-packages/blob/packages/lynx/trunk/CVE-2021-38165.diff)
+Description:             Fixes CVE-2021-38165 in Lynx, which allows for
+                         usernames and passwords to be transmitted in cleartext
+                         anytime an HTTPS connection is used. 
+
+diff -Naurp lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c
+--- lynx2.8.9rel.1.orig/WWW/Library/Implementation/HTTP.c	2018-05-04 15:07:43.000000000 -0500
++++ lynx2.8.9rel.1/WWW/Library/Implementation/HTTP.c	2021-12-18 14:12:57.503796366 -0600
+@@ -761,6 +761,22 @@ static char *StripIpv6Brackets(char *hos
+     return host;
+ }
+ #endif
++/*
++ * Remove user/password, if any, from the given host-string.
++ */
++#ifdef USE_SSL
++static char *StripUserAuthents(char *host)
++{
++   char *p = strchr(host, '@');
++
++   if (p != NULL) {
++      char *q = host;
++
++      while ((*q++ = *++p) != '\0') ;
++   }
++   return host;
++}
++#endif
+ 
+ /*		Load Document from HTTP Server			HTLoadHTTP()
+  *		==============================
+@@ -957,6 +973,7 @@ static int HTLoadHTTP(const char *arg,
+ 	/* get host we're connecting to */
+ 	ssl_host = HTParse(url, "", PARSE_HOST);
+ 	ssl_host = StripIpv6Brackets(ssl_host);
++	ssl_host = StripUserAuthents(ssl_host);
+ #if defined(USE_GNUTLS_FUNCS)
+ 	ret = gnutls_server_name_set(handle->gnutls_state,
+ 				     GNUTLS_NAME_DNS,
diff -r 9aa1f88b45db -r 617f7ee416b1 partimage-pam/receipt
--- a/partimage-pam/receipt	Tue Apr 05 09:06:43 2022 +0000
+++ b/partimage-pam/receipt	Thu Apr 07 07:20:18 2022 +0000
@@ -8,7 +8,7 @@
 LICENSE="GPL2"
 SOURCE="partimage"
 TARBALL="$SOURCE-$VERSION.tar.bz2"
-WEB_SITE="http://www.partimage.org/"
+WEB_SITE="https://www.partimage.org/"
 WGET_URL="$SF_MIRROR/$SOURCE/$TARBALL"
 PROVIDE="partimage:pam"
 
diff -r 9aa1f88b45db -r 617f7ee416b1 partimage/receipt
--- a/partimage/receipt	Tue Apr 05 09:06:43 2022 +0000
+++ b/partimage/receipt	Thu Apr 07 07:20:18 2022 +0000
@@ -7,7 +7,7 @@
 MAINTAINER="erjo@slitaz.org"
 LICENSE="GPL2"
 TARBALL="$PACKAGE-$VERSION.tar.bz2"
-WEB_SITE="http://www.partimage.org/"
+WEB_SITE="https://www.partimage.org/"
 WGET_URL="$SF_MIRROR/$PACKAGE/$TARBALL"
 
 DEPENDS="newt bzip2 openssl slitaz-base-files zlib gcc-lib-base"