Package: lynx / 2.8.9rel.1-3+deb10u1

Metadata

Package Version Patches format
lynx 2.8.9rel.1-3+deb10u1 3.0 (quilt)

Patch series

view the series file
Patch File delta Description
lynxcfg.patch | (download)

lynx.cfg | 61 41 + 20 - 0 !
1 file changed, 41 insertions(+), 20 deletions(-)

 
 modify the lynx.cfg to debian system
aboutlynx.patch | (download)

lynx_help/about_lynx.html | 6 3 + 3 - 0 !
1 file changed, 3 insertions(+), 3 deletions(-)

 
 modify about_lynx.html for debian package
21_do_not_strip_ g.diff | (download)

configure | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 stop ./configure from stripping out -g from cflags
nested_tables.patch | (download)

lynx.cfg | 2 1 + 1 - 0 !
1 file changed, 1 insertion(+), 1 deletion(-)

 
 turn off nested-tables option
fix tls 1.3.patch | (download)

src/tidy_tls.c | 24 20 + 4 - 0 !
1 file changed, 20 insertions(+), 4 deletions(-)

 
 fix connection to https sites offering tls 1.3
90_CVE 2021 38165.patch | (download)

WWW/Library/Implementation/HTTP.c | 18 18 + 0 - 0 !
1 file changed, 18 insertions(+)

 
 fix cve-2021-38165
 CVE-2021-38165: If Lynx is given an HTTPS URL which included username
 and password, e.g. https://username:password@www.example.org/,
 username and password were sent over the wire in clear text if the
 TLS 1.2 Server Name Indication (SNI) extension was used.
 .
 This patch is extracted from upstream's patch from 2.9.0dev.8 to
 2.9.0dev.9 to fix this issue.