head 1.2; access; symbols pkgsrc-2013Q2:1.2.0.54 pkgsrc-2013Q2-base:1.2 pkgsrc-2012Q4:1.2.0.52 pkgsrc-2012Q4-base:1.2 pkgsrc-2011Q4:1.2.0.50 pkgsrc-2011Q4-base:1.2 pkgsrc-2011Q2:1.2.0.48 pkgsrc-2011Q2-base:1.2 pkgsrc-2009Q4:1.2.0.46 pkgsrc-2009Q4-base:1.2 pkgsrc-2008Q4:1.2.0.44 pkgsrc-2008Q4-base:1.2 pkgsrc-2008Q3:1.2.0.42 pkgsrc-2008Q3-base:1.2 cube-native-xorg:1.2.0.40 cube-native-xorg-base:1.2 pkgsrc-2008Q2:1.2.0.38 pkgsrc-2008Q2-base:1.2 pkgsrc-2008Q1:1.2.0.36 pkgsrc-2008Q1-base:1.2 pkgsrc-2007Q4:1.2.0.34 pkgsrc-2007Q4-base:1.2 pkgsrc-2007Q3:1.2.0.32 pkgsrc-2007Q3-base:1.2 pkgsrc-2007Q2:1.2.0.30 pkgsrc-2007Q2-base:1.2 pkgsrc-2007Q1:1.2.0.28 pkgsrc-2007Q1-base:1.2 pkgsrc-2006Q4:1.2.0.26 pkgsrc-2006Q4-base:1.2 pkgsrc-2006Q3:1.2.0.24 pkgsrc-2006Q3-base:1.2 pkgsrc-2006Q2:1.2.0.22 pkgsrc-2006Q2-base:1.2 pkgsrc-2006Q1:1.2.0.20 pkgsrc-2006Q1-base:1.2 pkgsrc-2005Q4:1.2.0.18 pkgsrc-2005Q4-base:1.2 pkgsrc-2005Q3:1.2.0.16 pkgsrc-2005Q3-base:1.2 pkgsrc-2005Q2:1.2.0.14 pkgsrc-2005Q2-base:1.2 pkgsrc-2005Q1:1.2.0.12 pkgsrc-2005Q1-base:1.2 pkgsrc-2004Q4:1.2.0.10 pkgsrc-2004Q4-base:1.2 pkgsrc-2004Q3:1.2.0.8 pkgsrc-2004Q3-base:1.2 pkgsrc-2004Q2:1.2.0.6 pkgsrc-2004Q2-base:1.2 pkgsrc-2004Q1:1.2.0.4 pkgsrc-2004Q1-base:1.2 pkgsrc-2003Q4:1.2.0.2 pkgsrc-2003Q4-base:1.2 buildlink2-base:1.2; locks; strict; comment @# @; 1.2 date 2002.03.02.00.08.16; author kei; state dead; branches; next 1.1; 1.1 date 2001.09.28.10.10.41; author itojun; state Exp; branches; next ; desc @@ 1.2 log @* Update w3m package from 0.2.1-m17n-0.19 to 0.2.5-m17n-20020216 version. Significant changes has been made. More info is in the ChnagLog file (~3000 lines) in distributed archive. Users of older versions are recommended to update. From NEWS file: ------------ w3m 0.3? * rc: max_load_image * rc: display_image, auto_image, image_scale, imgdisplay, imgsize * func: DISPLAY_IMAGE, STOP_IMAGE * w3m-img merged: w3m now can display images! see doc/README.img ---------------------------------------------------------------- w3m 0.2.5.1 - 2002-02-05 * backport from w3m/0.2.5+cvs-1.299 - fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985] - fix SunOS 4.1.4 build problem [w3m-dev 02972] - fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968] ---------------------------------------------------------------- w3m 0.2.5 - 2002-01-31 * RFC2617: HTTP Digest authentication * rc: default_url=0(empty) 1(current URL) 2(link URL) * GOTO_RELATIVE (M-u) * highlight for incremental search * support migemo (romaji search) * use w3mmail.cgi for mailto: URL * support external URI loader * support -dump_extra ftp:// * new regex implementation ---------------------------------------------------------------- w3m 0.2.4 - 2002-01-07 * RFC2818 server identity check * incremental search (C-s, C-r) ---------------------------------------------------------------- w3m 0.2.3.2 - 2001-12-22 * fix security hole in w3m/scripts ---------------------------------------------------------------- w3m 0.2.3.1 - 2001-12-20 * sync with cvs repository * fix bug in configure ---------------------------------------------------------------- w3m 0.2.3 - 2001-12-20 * command line option: -help, -version * new libgc included * new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num emacs_like_lineedit, ftppass_hostnamegen * RFC2732 support (IPv6) * new w3mhelp system * several configure changes * code cleanups, now gcc -Wall -Werror safe ---------------------------------------------------------------- w3m 0.2.2 - 2001-11-15 * sync with w3m 0.2.1-inu-1.5 * w3m maintained in sourceforge.net/projects/w3m ------------ @ text @$NetBSD: patch-aj,v 1.1 2001/09/28 10:10:41 itojun Exp $ plug security hole. http://mi.med.tohoku.ac.jp/~satodai/w3m-dev/200109.month/2226.html --- url.c.orig Fri Sep 28 18:57:05 2001 +++ url.c Fri Sep 28 18:59:14 2001 @@@@ -949,7 +949,7 @@@@ pu->file = cleanupName(pu->file); } if (pu->scheme == SCM_LOCAL) - pu->real_file = file_unquote(pu->file); + pu->real_file = cleanupName2(file_unquote(pu->file), FALSE); } } @@@@ -1247,7 +1247,7 @@@@ Str tmp2 = Strnew_charp("#"); Strcat_charp(tmp2, pu->label); pu->file = tmp2->ptr; - pu->real_file = file_unquote(pu->file); + pu->real_file = cleanupName2(file_unquote(pu->file), FALSE); pu->label = NULL; } else { @@@@ -1284,7 +1284,7 @@@@ else if ((q = strchr(pu->file, '?')) != NULL) { /* local CGI: GET */ p = Strnew_charp_n(pu->file, (int)(q - pu->file))->ptr; - pu->real_file = file_unquote(p); + pu->real_file = cleanupName2(file_unquote(p), FALSE); uf.stream = newFileStream(localcgi_get(pu->real_file, q + 1, option->referer), (void (*)()) pclose); if (uf.stream != NULL) { @@@@ -1322,7 +1322,7 @@@@ Strcat_char(tmp, '/'); Strcat_charp(tmp, pu->file); p = cleanupName(tmp->ptr); - q = file_unquote(p); + q = cleanupName2(file_unquote(p), FALSE); if (dir_exist(q)) { pu->file = p; pu->real_file = q; @@@@ -1606,7 +1606,7 @@@@ } p = Strnew_m_charp(pu->file, "/", file_quote(index_file), NULL)->ptr; p = cleanupName(p); - q = file_unquote(p); + q = cleanupName2(file_unquote(p), FALSE); examineFile(q, uf); if (uf->stream == NULL) return; @ 1.1 log @plug a security hole (any command can be invoked from remote). bump version to w3m-0.2.1.0.19nb2 @ text @d1 1 a1 1 $NetBSD$ @