# # spec file for package w3m # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via http://bugs.opensuse.org/ # Name: w3m Url: http://w3m.sourceforge.net/ Version: 0.5.3+git20180125 Release: 1.13 Summary: A text-based WWW browser License: ISC Group: Productivity/Networking/Web/Browsers Source0: w3m-%{version}.tar.xz Patch0: 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch Patch1: 0001-implements-simple-session-management.patch Patch2: 0001-handle-EXDEV-during-history-file-rename.patch Patch3: 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildRequires: gc-devel BuildRequires: gcc-c++ BuildRequires: gpm BuildRequires: imlib2-devel BuildRequires: ncurses-devel BuildRequires: openssl-devel BuildRequires: pkgconfig Provides: w3m_ssl = %version Provides: web_browser Obsoletes: w3m_ssl < %version %package inline-image Summary: An inline image extension for w3m Group: Productivity/Networking/Web/Browsers Requires: imlib2-loaders Requires: w3m Provides: w3m:/usr/%_lib/w3m/w3mimgdisplay %description W3m is a pager and text-based WWW browser. It has a number of useful features: * w3m can render tables * w3m can render frames (it converts the frames into a table) * SSL support * w3m can easily display documents from standard input * w3m can handle cookies * w3m is small * w3m has mouse support If w3m-inline-image is installed it can display graphics inside terminals, even on the console on some platforms. %description inline-image Inline image extension for w3m, the text-based WWW browser. When this package is installed w3m can display images inline in an X terminal (if it runs in a graphical X Window System environment). %prep %setup -q -n w3m-%{version} find -name CVS -exec rm -Rf "{}" "+" %patch0 -p1 %patch1 -p1 %patch2 -p1 %patch3 -p1 %build export CFLAGS="$RPM_OPT_FLAGS -DUSE_BUFINFO -DOPENSSL_NO_SSL_INTERN -D_GNU_SOURCE $(getconf LFS_CFLAGS) -fno-strict-aliasing `ncursesw6-config --cflags` -fPIE" export CXXFLAGS="$CFLAGS" export LDFLAGS="`ncursesw6-config --libs` -pie" ./configure --bindir=/usr/bin \ --with-termlib=ncursesw \ --mandir=%_mandir \ --libdir=%_libdir \ --libexecdir=%_libdir \ --prefix=/usr \ --sysconfdir=/etc \ --enable-ipv6 \ --enable-alarm \ --enable-ansi-color \ --enable-digest-auth \ --enable-external-uri-loader \ --enable-gopher \ --enable-history \ --enable-image=x11,fb \ --enable-keymap=lynx \ --enable-m17n \ --enable-mouse \ --enable-nls \ --enable-nntp \ --enable-sslverify \ --enable-unicode \ --disable-w3mmailer make %{?_smp_mflags} %install make install install-helpfile DESTDIR=$RPM_BUILD_ROOT install -m 755 Bonus/*.cgi $RPM_BUILD_ROOT/usr/%_lib/w3m/cgi-bin %find_lang %{name} %files -f %{name}.lang %defattr(-,root,root) /usr/bin/w3m /usr/bin/w3mman %doc doc/* %doc ChangeLog %_mandir/de/man1/w3m* %_libdir/w3m %exclude %_libdir/w3m/w3mimgdisplay %lang(ja)%doc %_mandir/ja %doc %_mandir/man*/* %_datadir/%name %files inline-image %defattr(-,root,root) %dir %_libdir/w3m /usr/%_lib/w3m/w3mimgdisplay %changelog * Thu Jan 25 2018 Thomas.Blume@suse.com - add git ChangeLog to /usr/share/doc/w3m/ - update to version 0.5.3+git20180125 addressed security issue: CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value allows for (bsc#1077559) CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer in form.c (bsc#1077568) CVE-2018-6198: w3m: does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) other changes, bugfixes see: /usr/share/doc/w3m/ChangeLog * Thu Nov 24 2016 Thomas.Blume@suse.com - update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) dropped patches: w3m-fix-build-with-imlib2-1.4.6.patch w3m-scheme.patch w3mman-formatting.patch w3m-parallel-make.patch w3m-gc7.diff w3m-openssl.patch w3m-closedir.patch w3m-fh-def.patch w3m-ssl-verify.patch w3m-parsetagx-crash.patch w3m-tempdir-override.patch w3m-0.5.1-no-ASCII-equivalents-by-default.patch w3m-uninitialized.patch w3m-inline-image.patch w3m-0.4.1-textarea-segfault.dif ported patches: w3m-disable-cookie-special-domain-check.patch to 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch w3m-0.4.1-session-mgmt.dif to 0001-implements-simple-session-management.patch w3m-history-crossdev.patch to 0001-handle-EXDEV-during-history-file-rename.patch w3mman-formatting.patch to 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch * Fri Jun 24 2016 fweiss@suse.com - w3mman-formatting.patch: w3mman now doesn't show invalid characters anymore (bsc#950800) * Wed Jun 22 2016 max@suse.com - Add w3m-scheme.patch to fix a segfault when doing a https request to an unresolvable host (bsc#950468). * Mon Mar 2 2015 mlin@suse.com - Add w3m-fix-build-with-imlib2-1.4.6.patch: fix build with imlib2 1.4.6, the patch is from Debian. See http://sourceforge.net/p/w3m/patches/70/ * Sun Dec 21 2014 meissner@suse.com - build with PIE support * Wed Mar 12 2014 schwab@linux-m68k.org - w3m-parallel-make.patch: More dependency fixes for parallel build * Tue Aug 20 2013 schwab@suse.de - w3m-parallel-make.patch: Fix missing dependency for parallel build * Fri Jun 21 2013 crrodriguez@opensuse.org - attempting to download a large file will end in total fail on 32bit archs, use LFS_CFLAGS to fix that problem. * Thu Mar 21 2013 jengelh@inai.de - Make w3m compile with gc 7.x (adds w3m-gc7.diff), and also use the system libgc. * Mon Nov 12 2012 crrodriguez@opensuse.org - Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients that negotiate TLS-level compression can be abused for MITM attacks. (w3m-openssl.patch) - Use SSL_MODE_RELEASE_BUFFERS if available . * Fri Sep 28 2012 cfarrell@suse.com - license update: ISC w3m permissive license much more akin to ISC (spdx.org/licenses/ISC) than to either BSD or MIT * Thu Sep 27 2012 crrodriguez@opensuse.org - Build with OPENSSL_NO_SSL_INTERN, poor's man visibility to avoid ABI breaks between different openssl version. - Also define _GNU_SOURCE to allow some extra optimizations with recent GCC versions. * Fri Mar 23 2012 max@suse.com - Removed w3m-helppaths.patch, because it broke interactive help (bnc#747560). It was a leftover that should have been removed as part of the May 2011 package overhaul. * Tue Aug 30 2011 crrodriguez@opensuse.org - Fix build error: redefinition of 'struct file_handle' * Sat Jul 30 2011 crrodriguez@opensuse.org - Use ncursesw6 instead of old ncurses5 * Fri May 20 2011 max@novell.com - Overhaul the package - Add license files and other stuff from the doc subcdir (bnc#666935). * Tue Jan 18 2011 max@novell.com - Version 0.5.3: * security fix - fix vulnerabilities indicated by bugs.debian.org. - suppress sending Referer, if https:// -> http:// * new features - adapt w3mimg to native windows on MS Windows. - support xterm-incompatible terminals without gpm. - add "xhtml" to default guess. - introduce option pseudo_inlines. - add option to avoid "wrong number of dots" error in cookies. * other bug fixes - fix "important" bugs from bugs.debian.org - preserve spaces in multibyte context. - fix proxy authentication. * Tue Jun 15 2010 max@suse.de - Fix handling of embedded nul characters in certificate subjects. (bnc#609451, CVE-2010-2074). - Turn on certificate verification by default. * Thu Dec 31 2009 jengelh@medozas.de - enable parallel build * Tue Nov 3 2009 coolo@novell.com - updated patches to apply with fuzz=0 * Mon Sep 7 2009 max@suse.de - Added w3m-closedir.patch to fix a directory descriptor leak in loadLocalDir (bnc#531675). * Mon Aug 3 2009 jansimon.moeller@opensuse.org - small patch for gc to work with qemu-arm on the workers * Fri Nov 14 2008 max@suse.de - Re-added the private copy of gc, so that we don't need to provide generic L3 for the gc package, which is not used by anything else in the distribution. - Disable unneeded thread support in gc to fix build on ppc64. * Tue Oct 28 2008 max@suse.de - Removed unneeded explicit build dependencies - w3m-inline-image needs imlib2-loaders. - Use system-supplied gc library. * Mon Feb 25 2008 crrodriguez@suse.de - use find_lang macro * Wed Sep 5 2007 olh@suse.de - use expandPath to expand ~ in TMPDIR (306745) * Tue Aug 14 2007 olh@suse.de - handle EXDEV during history file rename() * Sat Aug 11 2007 olh@suse.de - fix crash in parse_tag() during every start use TMPDIR, TMP or TEMP enviroment variables fix a few harmless uninitialized variables * Fri Jun 1 2007 max@suse.de - New version: 0.5.2: * fix format string vulnerability. * support gtk2 with w3m-img. * new option for LiveHTTPHeaders-like logs. * new option to fontify , , , and so on. * avoid errors in "configure" and "make". * '\n' handling in attributes' values of HTML tags. - Enabled console mouse support via gpm. * Sun Apr 1 2007 ro@suse.de - added ncurses-devel to buildreq * Fri Feb 16 2007 od@suse.de - change the default for the option "Use ASCII equivalents to display entities" from YES to NO. (#247397) * Thu Jan 4 2007 max@suse.de - Fixed a format string problem that led to a crash. (#230775, CVE-2006-6772) - Made sure everything gets compiled with RPM_OPT_FLAGS. - Enabled inline images on frame buffer consoles. * Sat Mar 18 2006 od@suse.de - fixes for w3m-0.4.1-session-mgmt.dif: - longer session names: increase filename length for session files from 30 to 249 - fix buffer-overrun in several strncat() - report errors other than ENOENT when opening session and history files * Wed Jan 25 2006 mls@suse.de - converted neededforbuild to BuildRequires * Wed Apr 27 2005 ro@suse.de - remove boehm-gc from nfb (dropped) - use private copy of gc6.4 * Fri Aug 13 2004 mmj@suse.de - Don't --enable-messagel10n since it breaks w3m and makes every- thing Japanese [#43750] * Mon May 3 2004 mmj@suse.de - Update to 0.5.1 * Tue Apr 13 2004 mmj@suse.de - Update to 0.5 which merges the -m17 part, and also adds auto{make,conf} support. - Use %%_lib * Mon Mar 22 2004 mmj@suse.de - Fix illegal prefetch instructions on intel 64-bit platform [#36352] * Tue Feb 17 2004 kukuk@suse.de - Remove s390x ulimit hack (does not work as normal user) * Tue Feb 3 2004 mmj@suse.de - Compile with -fno-strict-aliasing * Sat Jan 10 2004 adrian@suse.de - add %%defattr * Fri Oct 10 2003 od@suse.de - added new option "-session=" which implements simple session management * Mon Aug 18 2003 uli@suse.de - replaced Boehm GC with a more recent version that works on s390x, ppc64 (obsoletes w3m-0.3.1-x86_64.dif) * Fri Jul 25 2003 poeml@suse.de - switch to w3m-m17n sources (w3m-0.4.1-m17n-20030308) for its UTF-8 support, and no longer build the extra w3mj binary - get rid of -m17n suffix - add patch by Bjoern Jacke to automatically follow locale - install the cgi's in /usr/lib/w3m/cgi-bin * Thu Jul 24 2003 poeml@suse.de - update to 0.4.1 - tab browsing * rc: open_tab_blank, close_tab_back * func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB, * func: TAB_GOTO, TAB_GOTO_RELATIVE * func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT * func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE * rc: open_tab_dl_list * func: DOWNLOAD_LIST - wheel scrolling * rc: relative_wheel_scroll * rc: relative_wheel_scroll_ratio * rc: fixed_wheel_scroll_count - https proxy * env: https_proxy * rc: https_proxy - form filling * pre_form: ~/.w3m/pre_form * rc: pre_form_file: pre_form configuration file - building * separate auxbindir and libdir (local-CGI, file:///$LIB/) * configure: -auxbindir - misc * options: -show-option * 2 stroke keybinding * rc: use_proxy * rc: preserve_timestamp * rc: fold_line * local cookie: passed via file named $LOCAL_COOKIE or posted not in url query * URL data: support * URL news:, nntp: newsgroup support * rc: nntpserver, nntpmode, max_news * rc: graphic_char * func: REDO, UNDO * func: LIST, LIST_MENU, MOVE_LIST_MENU * func: ACCESSKEY, LINK_MENU * rc: display_ins_del * func: MULTIMAP * options: -N * func: NEXT, PREV * rc: image_map_list * rc: decode_url * func: RESHAPE * func: SEARCH can take arg * rc: disable_secret_security_check (for windows?) - w3m-0.2.1-ia64.dif seems obsolete - re-diff textarea-segfault.dif, it seems still needed - package some of the new Bonus cgi's * Fri Jun 13 2003 kukuk@suse.de - Add missing directories to filelist * Mon Feb 24 2003 poeml@suse.de - add fix for segfault that can occur when editing a textarea field with vi, and returning to w3m (it seems to happen if the terminal is not writable, as when using w3m after 'su - some_user') [#17597] * Wed Jan 15 2003 adrian@suse.de - do not package files from sub package also into main package (no more X11 dependency on main package) - package also man pages * Thu Dec 5 2002 poeml@suse.de - update to 0.3.2.2 * security fix: html_quote for img alt attributes * security fix: html_quote for frame contents * backport from w3m 0.3.2+cvs - fix segmentation fault by large complex table. [w3m-dev 03371][w3m-dev 03438] * Mon Nov 4 2002 poeml@suse.de - update to 0.3.2 (which has framebuffer console image support, but we don't build it because the permissions of /dev/fb* can only be set globally) - w3mimgsize ceased to exist - add w3mman, a pretty handy man page browser * Thu Aug 15 2002 schwab@suse.de - Fix compilation on ia64. * Wed Aug 7 2002 poeml@suse.de - fixed for s390x - set ulimit -v unlimited otherwise the mktable helper segfaults - apply lib64 patch on all architectures * Tue Jul 16 2002 poeml@suse.de - define konqueror instead of mozilla as default external browser - no path needed for external helpers * Mon Jul 15 2002 poeml@suse.de - update to version 0.3.1. - cookie handling: don't treat toplevel domains with 2 letters different from ones with 3 letters ("special domain check"), by don't allowing domain= values with 2 periods in a Set-Cookie header (why should a cookie from .ebay.de be invalid, while the same cookie from .ebay.com is not?) - allow to configure the "accept" option for bad cookies - define mozilla instead of netscape as default external browser - show configuration in build log - don't explicitely -I/usr/include, avoid nasty compiler warnings - use RPM_OPT_FLAGS * Sun Jul 7 2002 schwab@suse.de - Update to version 0.3. * Tue May 28 2002 ro@suse.de - first hack to work on x86_64 * Tue May 21 2002 poeml@suse.de - fix wrong configuration which broke HTML text area editing (editor was set to -O) (#16260) * Thu May 16 2002 poeml@suse.de - split off a w3m-inline-image subpackage to avoid the main package RPM dependency on X stuff * Sat Feb 2 2002 poeml@suse.de - update to 0.2.5: * RFC2617: HTTP Digest authentication * rc: default_url=0(empty) 1(current URL) 2(link URL) * GOTO_RELATIVE (M-u) * highlight for incremental search * support migemo (romaji search) * use w3mmail.cgi for mailto: URL * support external URI loader * support -dump_extra ftp:// * new regex implementation - update inline image patch to w3m-0.2.5-img-2.2.patch.bz2 - add WWW-Authenticate.dif (makes w3m recognize WWW-Authenticate: token in lower case) * Thu Jan 31 2002 ro@suse.de - changed neededforbuild to * Thu Jan 24 2002 poeml@suse.de - update to 0.2.4 - use updated inline image patch w3m-0.2.4-img-1.18.patch.gz * Wed Nov 28 2001 mfabian@suse.de - add patch for inline images (tweaked to work with w3m-0.2.2-inu-1.1 by , originally from http://www2u.biglobe.ne.jp/~hsaka/w3m/patch/) * Fri Nov 23 2001 poeml@suse.de - update to w3m-0.2.2-inu-1.1. This time, the included gc is new enough (6.1alpha2), so we don't need to supply another one. * Mon Nov 12 2001 schwab@suse.de - Fix for ia64. * Wed Oct 31 2001 poeml@suse.de - update to w3m-0.2.1-inu-1.5. This includes almost all patches posted to w3m-dev ML and w3m-dev-en ML in Oct. For details, see: http://mi.med.tohoku.ac.jp/~satodai/w3m/inu/200110/index.en.html * Tue Oct 30 2001 poeml@suse.de - update to latest version: w3m-0.2.1-inu-1.4 [w3m-dev-en 00596] (it is semi-official, but all developers use that one) - drop all patches since they are now included - w3m ships with current gc now, but update to gc6.0alpha9 which has some s390 patches * Tue Aug 28 2001 poeml@suse.de - add w3m-0.2.1-javascript-hide.dif from author to hide javascript statements even if they are inside table tags - apply forgotten relURL patch * Thu Jun 28 2001 poeml@suse.de - security fix: w3m-0.2.1-mimehead-buf.dif to prevent possible buffer overflow when parsing malformed URLs - add patch that allows key mappings with a count - spec file cleanup * Wed Apr 4 2001 poeml@suse.de - add patch to help with pages containing javascript * Wed Apr 4 2001 poeml@suse.de - update to w3m-0.2.1 - as before, use a newer gc on ia64 and sparc - fix include path for gc on ia64 and sparc - undefine INET6 on sparc: struct sockaddr_storage seems to have no member ss_family - fix double declaration of CMT_SSL_FORBID_METHOD - add patch for problems caused by misunderstanding of relative URLs - fix Version tag (was a macro) * Sun Feb 18 2001 poeml@suse.de - update to 0.1.11-pre (which is actually more stable than 0.1.10) - apply massive kokb23 patch collection - add patch for lynx-like pauth option - drop norman.patch - add newer gc (6.0alpha6) for ia64 and sparc that works with glibc-2.2.1 - update autoconf and libtool on these archs * Wed Jan 31 2001 poeml@suse.de - add a version 5.1 of gc (Boehm-Weiser garbage collector) which is patched for ia64 ( http://www.cs.berkeley.edu/projects/ titanium/src/titaniumc/runtime/gc/ ). don't use GC_push_other_roots() for some reason -> gc-5.1.patch * Tue Jan 9 2001 poeml@suse.de - removed duplicate man page in %%{_defaultdocdir}/w3m/doc/ * Wed Dec 20 2000 poeml@suse.de - add web_browser to Provides (in sync with lynx and links) * Mon Dec 18 2000 poeml@suse.de - merged w3m and w3m_ssl - added openssl to neededforbuild - bzipped sources * Wed Dec 6 2000 poeml@suse.de - added japanese binary * Fri Oct 13 2000 poeml@suse.de - update to 0.1.10 - patch for perl path no longer necessary (now done by ./configure) - fix missing ifdef JP_CHARSET - readjust spec file to new option in ./configure - compile with lynx-like key binding * Sat Sep 9 2000 bjacke@suse.de - added Excludes with w3m_ssl * Mon May 15 2000 kukuk@suse.de - Update to 0.1.9 (works on SPARC) - Use /bin/vi for 7.0 - Fix defines on SPARC - Fix spec file - Add installed scripts to filelist * Sun Feb 13 2000 mge@suse.de - update to 0.1.6 - group tag * Tue Oct 26 1999 mge@suse.de - initial SuSE-RPM