#
# spec file for package w3m
#
# Copyright (c) 2023 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
Name: w3m
URL: http://w3m.sourceforge.net/
Version: 0.5.3+git20230121
Release: 1.2
Summary: A text-based WWW browser
License: ISC
Group: Productivity/Networking/Web/Browsers
Source0: https://salsa.debian.org/debian/w3m/-/archive/v%{version}/w3m-v%{version}.tar.bz2
patch0: 0001-Update-German-message-catalogue.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildRequires: gc-devel
BuildRequires: gcc-c++
BuildRequires: gpm
BuildRequires: imlib2-devel
BuildRequires: ncurses-devel
BuildRequires: openssl-devel
BuildRequires: pkgconfig
Provides: w3m_ssl = %version
Provides: web_browser
Obsoletes: w3m_ssl < %version
%package inline-image
Summary: An inline image extension for w3m
Group: Productivity/Networking/Web/Browsers
Requires: imlib2-loaders
Requires: w3m
Provides: w3m:/usr/%_lib/w3m/w3mimgdisplay
%description
W3m is a pager and text-based WWW browser. It has a number of useful
features:
* w3m can render tables
* w3m can render frames (it converts the frames into a table)
* SSL support
* w3m can easily display documents from standard input
* w3m can handle cookies
* w3m is small
* w3m has mouse support
If w3m-inline-image is installed it can display graphics inside
terminals, even on the console on some platforms.
%description inline-image
Inline image extension for w3m, the text-based WWW browser.
When this package is installed w3m can display images inline in an X
terminal (if it runs in a graphical X Window System environment).
%prep
%setup -q -n w3m-v%{version}
find -name CVS -exec rm -Rf "{}" "+"
%autopatch -p1
%build
export CFLAGS="$RPM_OPT_FLAGS -DUSE_BUFINFO -DOPENSSL_NO_SSL_INTERN -D_GNU_SOURCE $(getconf LFS_CFLAGS) -fno-strict-aliasing `ncursesw6-config --cflags` -fPIE"
export CXXFLAGS="$CFLAGS"
export LDFLAGS="`ncursesw6-config --libs` -pie"
./configure --bindir=/usr/bin \
--with-termlib=ncursesw \
--mandir=%_mandir \
--libdir=%_libdir \
--libexecdir=%_libdir \
--prefix=/usr \
--sysconfdir=/etc \
--enable-ipv6 \
--enable-alarm \
--enable-ansi-color \
--enable-digest-auth \
--enable-external-uri-loader \
--enable-gopher \
--enable-history \
--enable-image=x11,fb \
--enable-keymap=lynx \
--enable-m17n \
--enable-mouse \
--enable-nls \
--enable-nntp \
--enable-sslverify \
--enable-unicode \
--disable-w3mmailer
make %{?_smp_mflags}
%install
make install install-helpfile DESTDIR=$RPM_BUILD_ROOT
install -m 755 Bonus/*.cgi $RPM_BUILD_ROOT/usr/%_lib/w3m/cgi-bin
%find_lang %{name}
%files -f %{name}.lang
%defattr(-,root,root)
/usr/bin/w3m
/usr/bin/w3mman
%doc doc/*
%doc ChangeLog
%_mandir/de/man1/w3m*
%_libdir/w3m
%exclude %_libdir/w3m/w3mimgdisplay
%lang(ja)%doc %_mandir/ja
%doc %_mandir/man*/*
%_datadir/%name
%files inline-image
%defattr(-,root,root)
%dir %_libdir/w3m
/usr/%_lib/w3m/w3mimgdisplay
%changelog
* Fri Apr 28 2023 Muhammad Akbar Yanuar Mantari <mantarimay@pm.me>
- update to version 0.5.3+git20230121
- add 0001-Update-German-message-catalogue.patch
- dropped patches:
0001-allow-to-configure-the-accept-option-for-bad-cookies.patch
0001-implements-simple-session-management.patch
0001-handle-EXDEV-during-history-file-rename.patch
0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch
0001-Fix-warning-for-unused-variable-without-USE_M17N.patch
0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch
* Tue Jan 10 2023 Thomas Blume <thomas.blume@suse.com>
- CVE-2022-38223 Out-of-bounds write in checkType located in etc.c
(bsc#1202684)
- add:
0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch
0001-Fix-warning-for-unused-variable-without-USE_M17N.patch
* Thu Jan 25 2018 Thomas.Blume@suse.com
- add git ChangeLog to /usr/share/doc/w3m/
- update to version 0.5.3+git20180125
addressed security issue:
CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0
because the feed_table_block_tag function in table.c does not
prevent a negative indent value allows for (bsc#1077559)
CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer
in form.c (bsc#1077568)
CVE-2018-6198: w3m: does not properly handle temporary files when
the ~/.w3m directory is unwritable, which allows a local attacker to
craft a symlink attack to overwrite arbitrary files (bsc#1077572)
other changes, bugfixes see: /usr/share/doc/w3m/ChangeLog
* Thu Nov 24 2016 Thomas.Blume@suse.com
- update to debian git version (bsc#1011293)
addressed security issues:
CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020)
CVE-2016-9622: w3m: null deref (bsc#1012021)
CVE-2016-9623: w3m: null deref (bsc#1012022)
CVE-2016-9624: w3m: near-null deref (bsc#1012023)
CVE-2016-9625: w3m: stack overflow (bsc#1012024)
CVE-2016-9626: w3m: stack overflow (bsc#1012025)
CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026)
CVE-2016-9628: w3m: null deref (bsc#1012027)
CVE-2016-9629: w3m: null deref (bsc#1012028)
CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029)
CVE-2016-9631: w3m: null deref (bsc#1012030)
CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031)
CVE-2016-9633: w3m: OOM (bsc#1012032)
CVE-2016-9434: w3m: null deref (bsc#1011283)
CVE-2016-9435: w3m: use uninit value (bsc#1011284)
CVE-2016-9436: w3m: use uninit value (bsc#1011285)
CVE-2016-9437: w3m: write to rodata (bsc#1011286)
CVE-2016-9438: w3m: null deref (bsc#1011287)
CVE-2016-9439: w3m: stack overflow (bsc#1011288)
CVE-2016-9440: w3m: near-null deref (bsc#1011289)
CVE-2016-9441: w3m: near-null deref (bsc#1011290)
CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291)
CVE-2016-9443: w3m: null deref (bsc#1011292)
dropped patches:
w3m-fix-build-with-imlib2-1.4.6.patch
w3m-scheme.patch
w3mman-formatting.patch
w3m-parallel-make.patch
w3m-gc7.diff
w3m-openssl.patch
w3m-closedir.patch
w3m-fh-def.patch
w3m-ssl-verify.patch
w3m-parsetagx-crash.patch
w3m-tempdir-override.patch
w3m-0.5.1-no-ASCII-equivalents-by-default.patch
w3m-uninitialized.patch
w3m-inline-image.patch
w3m-0.4.1-textarea-segfault.dif
ported patches:
w3m-disable-cookie-special-domain-check.patch to
0001-allow-to-configure-the-accept-option-for-bad-cookies.patch
w3m-0.4.1-session-mgmt.dif to
0001-implements-simple-session-management.patch
w3m-history-crossdev.patch to
0001-handle-EXDEV-during-history-file-rename.patch
w3mman-formatting.patch to
0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch
* Fri Jun 24 2016 fweiss@suse.com
- w3mman-formatting.patch: w3mman now doesn't show invalid
characters anymore (bsc#950800)
* Wed Jun 22 2016 max@suse.com
- Add w3m-scheme.patch to fix a segfault when doing a https request
to an unresolvable host (bsc#950468).
* Mon Mar 2 2015 mlin@suse.com
- Add w3m-fix-build-with-imlib2-1.4.6.patch: fix build with imlib2 1.4.6,
the patch is from Debian. See http://sourceforge.net/p/w3m/patches/70/
* Sun Dec 21 2014 meissner@suse.com
- build with PIE support
* Wed Mar 12 2014 schwab@linux-m68k.org
- w3m-parallel-make.patch: More dependency fixes for parallel build
* Tue Aug 20 2013 schwab@suse.de
- w3m-parallel-make.patch: Fix missing dependency for parallel build
* Fri Jun 21 2013 crrodriguez@opensuse.org
- attempting to download a large file will end in total fail
on 32bit archs, use LFS_CFLAGS to fix that problem.
* Thu Mar 21 2013 jengelh@inai.de
- Make w3m compile with gc 7.x (adds w3m-gc7.diff),
and also use the system libgc.
* Mon Nov 12 2012 crrodriguez@opensuse.org
- Due to the "CRIME attack" (CVE-2012-4929) HTTPS clients
that negotiate TLS-level compression can be abused for
MITM attacks. (w3m-openssl.patch)
- Use SSL_MODE_RELEASE_BUFFERS if available .
* Fri Sep 28 2012 cfarrell@suse.com
- license update: ISC
w3m permissive license much more akin to ISC (spdx.org/licenses/ISC) than
to either BSD or MIT
* Thu Sep 27 2012 crrodriguez@opensuse.org
- Build with OPENSSL_NO_SSL_INTERN, poor's man visibility
to avoid ABI breaks between different openssl version.
- Also define _GNU_SOURCE to allow some extra optimizations
with recent GCC versions.
* Fri Mar 23 2012 max@suse.com
- Removed w3m-helppaths.patch, because it broke interactive help
(bnc#747560). It was a leftover that should have been removed
as part of the May 2011 package overhaul.
* Tue Aug 30 2011 crrodriguez@opensuse.org
- Fix build error: redefinition of 'struct file_handle'
* Sat Jul 30 2011 crrodriguez@opensuse.org
- Use ncursesw6 instead of old ncurses5
* Fri May 20 2011 max@novell.com
- Overhaul the package
- Add license files and other stuff from the doc subcdir
(bnc#666935).
* Tue Jan 18 2011 max@novell.com
- Version 0.5.3:
* security fix
- fix vulnerabilities indicated by bugs.debian.org.
- suppress sending Referer, if https:// -> http://
* new features
- adapt w3mimg to native windows on MS Windows.
- support xterm-incompatible terminals without gpm.
- add "xhtml" to default guess.
- introduce option pseudo_inlines.
- add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
- fix "important" bugs from bugs.debian.org
- preserve spaces in multibyte context.
- fix proxy authentication.
* Tue Jun 15 2010 max@suse.de
- Fix handling of embedded nul characters in certificate subjects.
(bnc#609451, CVE-2010-2074).
- Turn on certificate verification by default.
* Thu Dec 31 2009 jengelh@medozas.de
- enable parallel build
* Tue Nov 3 2009 coolo@novell.com
- updated patches to apply with fuzz=0
* Mon Sep 7 2009 max@suse.de
- Added w3m-closedir.patch to fix a directory descriptor leak in
loadLocalDir (bnc#531675).
* Mon Aug 3 2009 jansimon.moeller@opensuse.org
- small patch for gc to work with qemu-arm on the workers
* Fri Nov 14 2008 max@suse.de
- Re-added the private copy of gc, so that we don't need to
provide generic L3 for the gc package, which is not used by
anything else in the distribution.
- Disable unneeded thread support in gc to fix build on ppc64.
* Tue Oct 28 2008 max@suse.de
- Removed unneeded explicit build dependencies
- w3m-inline-image needs imlib2-loaders.
- Use system-supplied gc library.
* Mon Feb 25 2008 crrodriguez@suse.de
- use find_lang macro
* Wed Sep 5 2007 olh@suse.de
- use expandPath to expand ~ in TMPDIR (306745)
* Tue Aug 14 2007 olh@suse.de
- handle EXDEV during history file rename()
* Sat Aug 11 2007 olh@suse.de
- fix crash in parse_tag() during every start
use TMPDIR, TMP or TEMP enviroment variables
fix a few harmless uninitialized variables
* Fri Jun 1 2007 max@suse.de
- New version: 0.5.2:
* fix format string vulnerability.
* support gtk2 with w3m-img.
* new option for LiveHTTPHeaders-like logs.
* new option to fontify <del>, <s>, <ins>, and so on.
* avoid errors in "configure" and "make".
* '\n' handling in attributes' values of HTML tags.
- Enabled console mouse support via gpm.
* Sun Apr 1 2007 ro@suse.de
- added ncurses-devel to buildreq
* Fri Feb 16 2007 od@suse.de
- change the default for the option "Use ASCII equivalents to
display entities" from YES to NO. (#247397)
* Thu Jan 4 2007 max@suse.de
- Fixed a format string problem that led to a crash.
(#230775, CVE-2006-6772)
- Made sure everything gets compiled with RPM_OPT_FLAGS.
- Enabled inline images on frame buffer consoles.
* Sat Mar 18 2006 od@suse.de
- fixes for w3m-0.4.1-session-mgmt.dif:
- longer session names: increase filename length for session
files from 30 to 249
- fix buffer-overrun in several strncat()
- report errors other than ENOENT when opening session and
history files
* Wed Jan 25 2006 mls@suse.de
- converted neededforbuild to BuildRequires
* Wed Apr 27 2005 ro@suse.de
- remove boehm-gc from nfb (dropped)
- use private copy of gc6.4
* Fri Aug 13 2004 mmj@suse.de
- Don't --enable-messagel10n since it breaks w3m and makes every-
thing Japanese [#43750]
* Mon May 3 2004 mmj@suse.de
- Update to 0.5.1
* Tue Apr 13 2004 mmj@suse.de
- Update to 0.5 which merges the -m17 part, and also adds
auto{make,conf} support.
- Use %%_lib
* Mon Mar 22 2004 mmj@suse.de
- Fix illegal prefetch instructions on intel 64-bit platform [#36352]
* Tue Feb 17 2004 kukuk@suse.de
- Remove s390x ulimit hack (does not work as normal user)
* Tue Feb 3 2004 mmj@suse.de
- Compile with -fno-strict-aliasing
* Sat Jan 10 2004 adrian@suse.de
- add %%defattr
* Fri Oct 10 2003 od@suse.de
- added new option "-session=<sessionname>" which implements simple
session management
* Mon Aug 18 2003 uli@suse.de
- replaced Boehm GC with a more recent version that works on s390x,
ppc64 (obsoletes w3m-0.3.1-x86_64.dif)
* Fri Jul 25 2003 poeml@suse.de
- switch to w3m-m17n sources (w3m-0.4.1-m17n-20030308) for its
UTF-8 support, and no longer build the extra w3mj binary
- get rid of -m17n suffix
- add patch by Bjoern Jacke to automatically follow locale
- install the cgi's in /usr/lib/w3m/cgi-bin
* Thu Jul 24 2003 poeml@suse.de
- update to 0.4.1
- tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB,
* func: TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST
- wheel scrolling
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count
- https proxy
* env: https_proxy
* rc: https_proxy
- form filling
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file
- building
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir
- misc
* options: -show-option
* 2 stroke keybinding
* rc: use_proxy
* rc: preserve_timestamp
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* func: MULTIMAP
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: decode_url
* func: RESHAPE
* func: SEARCH can take arg
* rc: disable_secret_security_check (for windows?)
- w3m-0.2.1-ia64.dif seems obsolete
- re-diff textarea-segfault.dif, it seems still needed
- package some of the new Bonus cgi's
* Fri Jun 13 2003 kukuk@suse.de
- Add missing directories to filelist
* Mon Feb 24 2003 poeml@suse.de
- add fix for segfault that can occur when editing a textarea field
with vi, and returning to w3m (it seems to happen if the terminal
is not writable, as when using w3m after 'su - some_user') [#17597]
* Wed Jan 15 2003 adrian@suse.de
- do not package files from sub package also into main package
(no more X11 dependency on main package)
- package also man pages
* Thu Dec 5 2002 poeml@suse.de
- update to 0.3.2.2
* security fix: html_quote for img alt attributes
* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs
- fix segmentation fault by large complex table.
[w3m-dev 03371][w3m-dev 03438]
* Mon Nov 4 2002 poeml@suse.de
- update to 0.3.2 (which has framebuffer console image support, but
we don't build it because the permissions of /dev/fb* can only be
set globally)
- w3mimgsize ceased to exist
- add w3mman, a pretty handy man page browser
* Thu Aug 15 2002 schwab@suse.de
- Fix compilation on ia64.
* Wed Aug 7 2002 poeml@suse.de
- fixed for s390x
- set ulimit -v unlimited otherwise the mktable helper segfaults
- apply lib64 patch on all architectures
* Tue Jul 16 2002 poeml@suse.de
- define konqueror instead of mozilla as default external browser
- no path needed for external helpers
* Mon Jul 15 2002 poeml@suse.de
- update to version 0.3.1.
- cookie handling: don't treat toplevel domains with 2 letters
different from ones with 3 letters ("special domain check"), by
don't allowing domain= values with 2 periods in a Set-Cookie
header (why should a cookie from .ebay.de be invalid, while the
same cookie from .ebay.com is not?)
- allow to configure the "accept" option for bad cookies
- define mozilla instead of netscape as default external browser
- show configuration in build log
- don't explicitely -I/usr/include, avoid nasty compiler warnings
- use RPM_OPT_FLAGS
* Sun Jul 7 2002 schwab@suse.de
- Update to version 0.3.
* Tue May 28 2002 ro@suse.de
- first hack to work on x86_64
* Tue May 21 2002 poeml@suse.de
- fix wrong configuration which broke HTML text area editing
(editor was set to -O) (#16260)
* Thu May 16 2002 poeml@suse.de
- split off a w3m-inline-image subpackage to avoid the main package
RPM dependency on X stuff
* Sat Feb 2 2002 poeml@suse.de
- update to 0.2.5:
* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation
- update inline image patch to w3m-0.2.5-img-2.2.patch.bz2
- add WWW-Authenticate.dif (makes w3m recognize WWW-Authenticate:
token in lower case)
* Thu Jan 31 2002 ro@suse.de
- changed neededforbuild <libpng> to <libpng-devel-packages>
* Thu Jan 24 2002 poeml@suse.de
- update to 0.2.4
- use updated inline image patch w3m-0.2.4-img-1.18.patch.gz
* Wed Nov 28 2001 mfabian@suse.de
- add patch for inline images (tweaked to work with
w3m-0.2.2-inu-1.1 by <tiwai@suse.de>,
originally from http://www2u.biglobe.ne.jp/~hsaka/w3m/patch/)
* Fri Nov 23 2001 poeml@suse.de
- update to w3m-0.2.2-inu-1.1. This time, the included gc is new
enough (6.1alpha2), so we don't need to supply another one.
* Mon Nov 12 2001 schwab@suse.de
- Fix for ia64.
* Wed Oct 31 2001 poeml@suse.de
- update to w3m-0.2.1-inu-1.5. This includes almost all patches
posted to w3m-dev ML and w3m-dev-en ML in Oct. For details, see:
http://mi.med.tohoku.ac.jp/~satodai/w3m/inu/200110/index.en.html
* Tue Oct 30 2001 poeml@suse.de
- update to latest version: w3m-0.2.1-inu-1.4 [w3m-dev-en 00596]
(it is semi-official, but all developers use that one)
- drop all patches since they are now included
- w3m ships with current gc now, but update to gc6.0alpha9 which
has some s390 patches
* Tue Aug 28 2001 poeml@suse.de
- add w3m-0.2.1-javascript-hide.dif from author to hide javascript
statements even if they are inside table tags
- apply forgotten relURL patch
* Thu Jun 28 2001 poeml@suse.de
- security fix: w3m-0.2.1-mimehead-buf.dif to prevent possible
buffer overflow when parsing malformed URLs
- add patch that allows key mappings with a count
- spec file cleanup
* Wed Apr 4 2001 poeml@suse.de
- add patch to help with pages containing javascript
* Wed Apr 4 2001 poeml@suse.de
- update to w3m-0.2.1
- as before, use a newer gc on ia64 and sparc
- fix include path for gc on ia64 and sparc
- undefine INET6 on sparc: struct sockaddr_storage seems to have no
member ss_family
- fix double declaration of CMT_SSL_FORBID_METHOD
- add patch for problems caused by misunderstanding of relative
URLs
- fix Version tag (was a macro)
* Sun Feb 18 2001 poeml@suse.de
- update to 0.1.11-pre (which is actually more stable than 0.1.10)
- apply massive kokb23 patch collection
- add patch for lynx-like pauth option
- drop norman.patch
- add newer gc (6.0alpha6) for ia64 and sparc that works with
glibc-2.2.1
- update autoconf and libtool on these archs
* Wed Jan 31 2001 poeml@suse.de
- add a version 5.1 of gc (Boehm-Weiser garbage collector) which is
patched for ia64 ( http://www.cs.berkeley.edu/projects/
titanium/src/titaniumc/runtime/gc/ ).
don't use GC_push_other_roots() for some reason -> gc-5.1.patch
* Tue Jan 9 2001 poeml@suse.de
- removed duplicate man page in %%{_defaultdocdir}/w3m/doc/
* Wed Dec 20 2000 poeml@suse.de
- add web_browser to Provides (in sync with lynx and links)
* Mon Dec 18 2000 poeml@suse.de
- merged w3m and w3m_ssl
- added openssl to neededforbuild
- bzipped sources
* Wed Dec 6 2000 poeml@suse.de
- added japanese binary
* Fri Oct 13 2000 poeml@suse.de
- update to 0.1.10
- patch for perl path no longer necessary (now done by ./configure)
- fix missing ifdef JP_CHARSET
- readjust spec file to new option in ./configure
- compile with lynx-like key binding
* Sat Sep 9 2000 bjacke@suse.de
- added Excludes with w3m_ssl
* Mon May 15 2000 kukuk@suse.de
- Update to 0.1.9 (works on SPARC)
- Use /bin/vi for 7.0
- Fix defines on SPARC
- Fix spec file
- Add installed scripts to filelist
* Sun Feb 13 2000 mge@suse.de
- update to 0.1.6
- group tag
* Tue Oct 26 1999 mge@suse.de
- initial SuSE-RPM