Revert commit 5a49b9f14d of 2007-05-28,
"NEWS: mention bug 951", which was reverted in commit
f553679336 on 2007-05-30.
It is now safe to apply because bug 956 has been fixed.
Reapply commit 644908c130 of 2007-05-28,
"Garbage-collect SMJS objects before flushing caches." which was reverted
in commit 6cd6a843d1 on 2007-05-30.
It is now safe to apply because bug 956 has been fixed.
Add ecmascript_interpreter.backend_nesting, increment it when
beginning to evaluate an expression, and decrement it when evaluation
finishes. Then assert that it is zero in ecmascript_put_interpreter.
This detects bug 957 and similar ones before they corrupt memory.
[ Backported from commit 58e3ebf2e7 in
ELinks 0.12.GIT. --KON ]
The previous code cast the integer (long actually) to void * and gave
that to JS_SetPrivate. This did not work because JS_SetPrivate
expects pointers to be aligned and replaces the least significant bit
with a tag.
[ From attachment 379 of bug 755. This is less clean than attachment
380 (aka commit 871a1befad in ELinks
0.12.GIT) but avoids the need to raise the SpiderMonkey version
requirement in the ELinks 0.11 stable branch. --KON ]
This is a further precaution against reading a pointer from the wrong
type of object. All of the JS_GetPrivate calls were already protected
with JS_InstanceOf checks if assertions are enabled, and many of them
also if assertions are not enabled.
[ Backported from commit 99f648b911 in
ELinks 0.12.GIT. --KON ]
Remember the index of struct form_state in vs->form_info
instead of the pointer to it. The pointer may change,
the index is persistent.
The field ecmascript_obj of the struct form_state is unused.
[ Backported from commit ecc03ad608 in
ELinks 0.12.GIT. --KON ]
screen_driver_change_hook was comparing only strlen(name) characters
and ignoring the '\0'. To reproduce the bug in ELinks 0.11.3 and
ELinks 0.12.GIT:
- Run TERM=screen elinks.
- In another terminal, run TERM=scr elinks. Quit this slave ELinks.
- Open the terminal options dialog and set 16 colors.
- Open the option manager and change the terminal.scr.colors option to
1 and back to 0.
- Note that ELinks no longer displays colors.
That bug could be fixed just by using len+1 instead of len. However,
there is also another bug: memcmp may compare the specified number of
bytes, even if some of the earlier ones differ; thus, it could in
principle read past the end of the malloc block and thereby crash
ELinks. Using strcmp may be a little slower but I do not believe it
could become a bottleneck.
[ Backported from commit f6f5eeceb7 in
ELinks 0.12.GIT. --KON ]
It was broken in 0.11.2.GIT (a64dd281e9).
Since then, $QUERY_STRING has been empty for <file:///foo/bar?query>.
uri.data is documented as containing both the path and the query.
[ Commit message by me. --KON ]
Revert commit 644908c130,
"Garbage-collect SMJS objects before flushing caches."
The extra garbage collections increase the risk of crashing because of
dangling pointers in form_state.ecmascript_obj. I don't think I'll
have time to properly document the bug and backport the fix before
the 0.11.4 release, so I'm reverting the change instead.
Revert commit 5a49b9f14d,
"NEWS: mention bug 951"
The extra garbage collections increase the risk of crashing because of
dangling pointers in form_state.ecmascript_obj. I don't think I'll
have time to properly document the bug and backport the fix before
the 0.11.4 release, so I'm reverting the change instead.
$(AM_CFLAGS) is one of the variables set by Automake, which ELinks no
longer uses. $(CPPFLAGS) should be used whenever the C preprocessor
is run, according to the GNU Coding Standards. (My build environment
does have an important -I option there.)
[ From commit 40e257bedd in ELinks
0.12.GIT. --KON ]
Support the new libmozjs packages in Debian unstable that replace the
old libsmjs packages.
[ From commits b2ec6e0a3e and
368504f736 in ELinks 0.12.GIT. --KON ]
Reported to elinks-users on 2006-08-23.
[ From commit 57a9871ea1 in ELinks 0.12.GIT.
Should fix an error building ELinks in the source directory on SunOS.
The error was again reported to elinks-users on 2007-05-10. --KON ]
Don't look for gettext message catalogs in ../po/ unless ELinks is being
run as src/elinks, ./src/elinks, or .../src/elinks.
Discovered by Arnaud Giersch, this alternate fix (than what is in debian
package 0.11.1-1.4) closes debian bug #417789 and redhat bug #235411.
Also reported in: CVE-2007-2027.
Restricting it to only work with --enable-debug was also considered,
however, it is an important feature for translaters so this less
paranoid fix was chosen.
The configure script checks whether it is possible to compile a use of
POPpx without an n_a variable; if not, the source code then defines
those variables. This is slower than including Perl's patchlevel.h
and comparing the version numbers to 5.8.8 but I expect this to be
more reliable as well.
[ Backported from commit 432969a3a9 in
ELinks 0.12.GIT. --KON ]
In revision 1.15 of dns.c (as it was called way back then), pasky
backported a fix from Links 0.97pre2 to try gethostbyaddr before
trying gethostbyname for DNS lookups:
MacOS address resolution fix (Aldy Hernandez) (from 0.97pre2)
However, that fix introduced a bug, because it was calling gethostbyaddr
on all addresses, not just IP addresses. Mikulas fixed that bug in Links
0.98:
Do not call gethostbyaddr when name is not ip address (it should avoid
some useless nameserver queries)'
This fix was never backported to ELinks. Until today.
This commit is functionally the same as the fix in Links 0.98, plus it uses
inet_aton for great correctness!
This fixes a bug reported in #elinks by tnks, whereby lookups for
yubnub.org resulted in 121.117.98.110 == 0x7975626E == 'y', 'u', 'b', 'n'.
I believe that it also fixes bug 691 (which is already closed with a
workaround).
[ From commit 8344dfe6c9 in ELinks
0.12.GIT. --KON ]