Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
View | Details | Raw Unified | Return to bug 243058
Collapse All | Expand All

(-)lynx2-8-6/CHANGES (+7 lines)
Lines 1-6 Link Here
1 
Changes since Lynx 2.8 release
 1 
Changes since Lynx 2.8 release
2 
===============================================================================
 2 
===============================================================================
3 

          3
          

        

            

              
              
              4
              
2008-10-26

            

            

              5
              
* modify patch for CVE-2005-2929 to prompt user before executing command via

            

            

              6
              
  a lynxcgi link even in advanced mode, as the actual URL may not be shown but

            

            

              7
              
  hidden behind an HTTP redirect

            

            

              8
              
* set TRUSTED_LYNXCGI:none in lynx.cfg to disable all lynxcgi URLs by default

            

            

              9
              
  [CVE-2008-4690]

            

            

              10
              

            

        

          4
          
2006-11-15 (2.8.6rel.4 diverges from 2.8.7dev.4)

          11
          
2006-11-15 (2.8.6rel.4 diverges from 2.8.7dev.4)

        

        

          5
          
* limit files set via PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP to be found

          12
          
* limit files set via PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP to be found

        

        

          6
          
  relative to the user's home directory.  This change is less flexible than the

          13
          
  relative to the user's home directory.  This change is less flexible than the

        



(-)lynx2-8-6/lynx.cfg
      (-1 / +1 lines)




  

    
      
            Lines 1026-1032
          DEFAULT_INDEX_FILE:http://lynx.isc.org/
      
      
        Link Here
      
    
  

        

          1026
          
# ====

          1026
          
# ====

        

        

          1027
          
# Do not define this.

          1027
          
# Do not define this.

        

        

          1028
          
#

          1028
          
#

        

          
            

              1029
              
#TRUSTED_LYNXCGI:none


              1029
              
TRUSTED_LYNXCGI:none

            

        

          1030
          

          1030
          

        

        

          1031
          

          1031
          

        

        

          1032
          
.h2 LYNXCGI_ENVIRONMENT

          1032
          
.h2 LYNXCGI_ENVIRONMENT

        



(-)lynx2-8-6/src/LYCgi.c
      (-1 / +1 lines)




  

    
      
            Lines 165-171
          static BOOL can_exec_cgi(const char *lin
      
      
        Link Here
      
    
  

        

          165
          
    if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {

          165
          
    if (!exec_ok(HTLoadedDocumentURL(), linktext, CGI_PATH)) {

        

        

          166
          
	/* exec_ok gives out msg. */

          166
          
	/* exec_ok gives out msg. */

        

        

          167
          
	result = FALSE;

          167
          
	result = FALSE;

        

          
            

              168
              
    } else if (user_mode < ADVANCED_MODE) {


              168
              
    } else {

            

        

          169
          
	StrAllocCopy(command, linktext);

          169
          
	StrAllocCopy(command, linktext);

        

        

          170
          
	if (non_empty(linkargs)) {

          170
          
	if (non_empty(linkargs)) {

        

        

          171
          
	    HTSprintf(&command, " %s", linkargs);

          171
          
	    HTSprintf(&command, " %s", linkargs);

        






  

  Return to bug 243058