On Wed, Jul 05, 2017 at 09:29:49AM +0100, Stuart Henderson wrote:
> > The www/lynx port has execution of external programs disabled. However,
> > trying to use features which spawn external programs just causes it to crash.
> > If I understand correctly, it is not supposed to call external programs,
> > but it also shouldn't just crash if you try to.
> >
> > Steps to reproduce (or at least one way):
> > 1. Add 'DOWNLOADER:Open with feh:feh %s' to /etc/lynx.cfg (replace
> > 'feh' with any image viewer).
> > 2. Run 'lynx https://www.openbsd.org/images/rack2009-s.png' (for example)
> > and press 'd' to download the image.
> > 3. Choose 'Open with feh'; lynx will crash with 'Abort trap (core dumped)'.
> The lynx port uses pledge(7) to disallow certain operations, including
> spawning another process. If those operations are attempted anyway,
> it *is* supposed to crash.
>
> It would be a little nicer if the operation just failed rather than
> crashing the process, however the end result would still be "can't
> do what you want", so the simplest way to do that is to avoid setting
> DOWNLOADER: to open the file.
Agreed, the following diff should take care of that, it avoids parsing
DOWNLOADER directives from lynx.cfg. While there I also did the same
for the PRINTER directives, which are using the same scheme.
As a side note, there is no need to explicitely disable parsing UPLOADER
directives because we --disable-dired at configure time, nor EXTERNAL
directives as we do not build with --enable-externs.
Comments? OK?
Index: Makefile
===================================================================
RCS file: /cvs/ports/www/lynx/Makefile,v
retrieving revision 1.34
diff -u -p -r1.34 Makefile
--- Makefile 5 Jul 2017 22:04:11 -0000 1.34
+++ Makefile 6 Jul 2017 10:20:34 -0000
@@ -5,6 +5,7 @@ PL = 15
COMMENT = text web browser
DISTNAME = lynx${V}dev.${PL}
PKGNAME = lynx-${V}pl${PL}
+REVISION = 0
EXTRACT_SUFX = .tar.bz2
CATEGORIES = www net
Index: patches/patch-src_LYReadCFG_c
===================================================================
RCS file: /cvs/ports/www/lynx/patches/patch-src_LYReadCFG_c,v
retrieving revision 1.4
diff -u -p -r1.4 patch-src_LYReadCFG_c
--- patches/patch-src_LYReadCFG_c 30 Apr 2017 12:08:32 -0000 1.4
+++ patches/patch-src_LYReadCFG_c 6 Jul 2017 10:20:34 -0000
@@ -1,7 +1,16 @@
$OpenBSD: patch-src_LYReadCFG_c,v 1.4 2017/04/30 12:08:32 fcambus Exp $
---- src/LYReadCFG.c.orig Thu Nov 24 16:35:29 2016
-+++ src/LYReadCFG.c Sat Apr 29 11:09:38 2017
-@@ -1537,7 +1537,6 @@ static Config_Type Config_Table [] =
+Index: src/LYReadCFG.c
+--- src/LYReadCFG.c.orig
++++ src/LYReadCFG.c
+@@ -1508,7 +1508,6 @@ static Config_Type Config_Table [] =
+ PARSE_FUN(RC_DISPLAY_CHARSET_CHOICE, parse_display_charset_choice),
+
No comments:
Post a Comment