head 1.2; access; symbols pkgsrc-2026Q1:1.1.0.4 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.2; locks; strict; comment @ * @; 1.2 date 2026.05.05.15.20.14; author ktnb; state dead; branches; next 1.1; commitid zKeMYcEMEXFNDDEG; 1.1 date 2026.01.18.13.00.40; author leot; state Exp; branches 1.1.2.1; next ; commitid SOyqfTJG5bmJiSqG; 1.1.2.1 date 2026.01.18.13.00.40; author maya; state dead; branches; next 1.1.2.2; commitid F25rFhfz2lbPDSuG; 1.1.2.2 date 2026.02.18.17.00.59; author maya; state Exp; branches; next ; commitid F25rFhfz2lbPDSuG; desc @@ 1.2 log @dillo: update to 3.3.0 Packaging: - Most patches have been removed thanks to leot@@'s patches being merged upstream! Upstream: - Add optional support for brotli (br) content encoding. - Add about:keys to display current keyboard shortcuts. - Control + left click opens links in new tab (emulates mouse middle button). - Ctrl+C copies selected text into the clipboard so Ctrl+V works as expected. - Enable IPv6 support by default if supported by the platform. - Focus the N-th tab with the Alt+ shortcut. - Fix vsource dpi infinite loop on musl due to unescaped "%" printf format. - Add about:cache and about:dicache pages to show internal cache details. - Add mojeek search engine with shortcut "mj". - Hide form elements (like buttons and inputs) with display:none in CSS. - Increase margin in location bar to make it easier to select with the mouse. - Navigate back and forward with mouse buttons. - Fix OAuth login by allowing cookies in root 30X redirects. - Add support for remote control via a UNIX socket (enabled by default, disable with --disable-control-socket). - Add new dilloc program to remote control dillo from the command line. - Set DILLO_PID variable when executing actions so dilloc can read it. - Add support for "page_action" option to define custom entries in the page menu to run programs or scripts. - Add "mark_unloaded_images" option to show a border in images not loaded, so they are easier to see. - Fix segfault on CurveBall TLS test with LibreSSL. - Match complete search prefixes in "search_url" to avoid partial matches. - Add "trace_http" option to debug HTTP traffic. - Avoid cached responses when submitting forms. - Fix cookie Max-Age parsing using the epoch instead of the local timezone. - Add experimental FLTK >= 1.4 support with the --enable-experimental-fltk configure flag. - Middle click on back or forward button opens page in new tab. - Add support for Content-Disposition header to set the filename. - Fix build in NetBSD and avoid ctype(3) incorrect sign extension. - Fix use-after-free in HTTP server and OpenSSL connection dialog. @ text @$NetBSD: patch-dpi_cookies.c,v 1.1 2026/01/18 13:00:40 leot Exp $ Avoid ctype(3) abuses Valid argument of ctype(3) functions must be either EOF or non-negative value within the range representable as unsigned char. Invalid values leads to undefined behavior. Add all missing d*() ctype(3) helper functions and switch to use them. Noticed by running dillo on NetBSD where dillo crashes due such abuses. See: https://lists.mailman3.com/hyperkitty/list/dillo-dev@@mailman3.com/thread/L6QLXSD6UBDK3M5CMXQMRWD6ZB4C65MR/ --- dpi/cookies.c.orig 2025-01-18 10:51:30.000000000 +0000 +++ dpi/cookies.c @@@@ -44,7 +44,6 @@@@ int main(void) #include #include #include /* for time() and time_t */ -#include #include #include #include @@@@ -487,14 +486,14 @@@@ static int Cookies_get_timefield(const c int n; const char *s = *str; - if (!isdigit(*s)) + if (!dIsdigit(*s)) return -1; n = *(s++) - '0'; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; - if (isdigit(*s)) + if (dIsdigit(*s)) return -1; } *str = s; @@@@ -550,24 +549,24 @@@@ static bool_t Cookies_get_year(struct tm int n; const char *s = *str; - if (isdigit(*s)) + if (dIsdigit(*s)) n = *(s++) - '0'; else return FALSE; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } else return FALSE; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } - if (isdigit(*s)) { + if (dIsdigit(*s)) { /* Sorry, users of prehistoric software in the year 10000! */ return FALSE; } @@@@ -936,7 +935,7 @@@@ static CookieData_t *Cookies_parse(char cookie->domain = value; } else if (dStrAsciiCasecmp(attr, "Max-Age") == 0) { value = Cookies_parse_value(&str); - if (isdigit(*value) || *value == '-') { + if (dIsdigit(*value) || *value == '-') { long age; time_t now = time(NULL); struct tm *tm = gmtime(&now); @ 1.1 log @dillo: Avoid ctype(3) abuses Backport a patch shared and applied upstream via commit 5e2bc90ea2f80dce3a20ef9c1a282e11d6d67236 to stop abusing ctype(3) functions. Now dillo should no longer crashes due ctype(3) on NetBSD>=11. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-dpi_cookies.c was added on branch pkgsrc-2025Q4 on 2026-02-18 17:00:59 +0000 @ text @d1 82 @ 1.1.2.2 log @Pullup ticket #7052 - requested by leot www/dillo: Bug fix Revisions pulled up: - www/dillo/Makefile 1.98 - www/dillo/distinfo 1.47 - www/dillo/patches/patch-dlib_dlib.c 1.1 - www/dillo/patches/patch-dlib_dlib.h 1.1 - www/dillo/patches/patch-dpi_bookmarks.c 1.1 - www/dillo/patches/patch-dpi_cookies.c 1.1 - www/dillo/patches/patch-dpi_datauri.c 1.1 - www/dillo/patches/patch-dpi_downloads.cc 1.1 - www/dillo/patches/patch-dpi_dpiutil.c 1.1 - www/dillo/patches/patch-dpi_file.c 1.1 - www/dillo/patches/patch-dpi_ftp.c 1.1 - www/dillo/patches/patch-dpid_dpidc.c 1.1 - www/dillo/patches/patch-dpip_dpip.c 1.1 - www/dillo/patches/patch-dw_findtext.hh 1.1 - www/dillo/patches/patch-dw_fltkui.cc 1.1 - www/dillo/patches/patch-dw_style.cc 1.1 - www/dillo/patches/patch-dw_textblock.cc 1.1 - www/dillo/patches/patch-lout_misc.cc 1.1 - www/dillo/patches/patch-src_IO_dpi.c 1.1 - www/dillo/patches/patch-src_IO_http.c 1.1 - www/dillo/patches/patch-src_IO_tls__openssl.c 1.1 - www/dillo/patches/patch-src_auth.c 1.1 - www/dillo/patches/patch-src_colors.c 1.1 - www/dillo/patches/patch-src_cookies.c 1.1 - www/dillo/patches/patch-src_cssparser.cc 1.1 - www/dillo/patches/patch-src_hsts.c 1.1 - www/dillo/patches/patch-src_html.cc 1.1 - www/dillo/patches/patch-src_keys.cc 1.1 - www/dillo/patches/patch-src_misc.c 1.1 - www/dillo/patches/patch-src_table.cc 1.1 - www/dillo/patches/patch-src_url.c 1.1 - www/dillo/patches/patch-src_xembed.cc 1.1 - www/dillo/patches/patch-test_dw_dw__anchors__test.cc 1.1 - www/dillo/patches/patch-test_unit_cookies.c 1.1 --- Module Name: pkgsrc Committed By: leot Date: Sun Jan 18 13:00:41 UTC 2026 Modified Files: pkgsrc/www/dillo: Makefile distinfo Added Files: pkgsrc/www/dillo/patches: patch-dlib_dlib.c patch-dlib_dlib.h patch-dpi_bookmarks.c patch-dpi_cookies.c patch-dpi_datauri.c patch-dpi_downloads.cc patch-dpi_dpiutil.c patch-dpi_file.c patch-dpi_ftp.c patch-dpid_dpidc.c patch-dpip_dpip.c patch-dw_findtext.hh patch-dw_fltkui.cc patch-dw_style.cc patch-dw_textblock.cc patch-lout_misc.cc patch-src_IO_dpi.c patch-src_IO_http.c patch-src_IO_tls__openssl.c patch-src_auth.c patch-src_colors.c patch-src_cookies.c patch-src_cssparser.cc patch-src_hsts.c patch-src_html.cc patch-src_keys.cc patch-src_misc.c patch-src_table.cc patch-src_url.c patch-src_xembed.cc patch-test_dw_dw__anchors__test.cc patch-test_unit_cookies.c Log Message: dillo: Avoid ctype(3) abuses Backport a patch shared and applied upstream via commit 5e2bc90ea2f80dce3a20ef9c1a282e11d6d67236 to stop abusing ctype(3) functions. Now dillo should no longer crashes due ctype(3) on NetBSD>=11. PKGREVISION++ @ text @a0 82 $NetBSD: patch-dpi_cookies.c,v 1.1 2026/01/18 13:00:40 leot Exp $ Avoid ctype(3) abuses Valid argument of ctype(3) functions must be either EOF or non-negative value within the range representable as unsigned char. Invalid values leads to undefined behavior. Add all missing d*() ctype(3) helper functions and switch to use them. Noticed by running dillo on NetBSD where dillo crashes due such abuses. See: https://lists.mailman3.com/hyperkitty/list/dillo-dev@@mailman3.com/thread/L6QLXSD6UBDK3M5CMXQMRWD6ZB4C65MR/ --- dpi/cookies.c.orig 2025-01-18 10:51:30.000000000 +0000 +++ dpi/cookies.c @@@@ -44,7 +44,6 @@@@ int main(void) #include #include #include /* for time() and time_t */ -#include #include #include #include @@@@ -487,14 +486,14 @@@@ static int Cookies_get_timefield(const c int n; const char *s = *str; - if (!isdigit(*s)) + if (!dIsdigit(*s)) return -1; n = *(s++) - '0'; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; - if (isdigit(*s)) + if (dIsdigit(*s)) return -1; } *str = s; @@@@ -550,24 +549,24 @@@@ static bool_t Cookies_get_year(struct tm int n; const char *s = *str; - if (isdigit(*s)) + if (dIsdigit(*s)) n = *(s++) - '0'; else return FALSE; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } else return FALSE; - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } - if (isdigit(*s)) { + if (dIsdigit(*s)) { n *= 10; n += *(s++) - '0'; } - if (isdigit(*s)) { + if (dIsdigit(*s)) { /* Sorry, users of prehistoric software in the year 10000! */ return FALSE; } @@@@ -936,7 +935,7 @@@@ static CookieData_t *Cookies_parse(char cookie->domain = value; } else if (dStrAsciiCasecmp(attr, "Max-Age") == 0) { value = Cookies_parse_value(&str); - if (isdigit(*value) || *value == '-') { + if (dIsdigit(*value) || *value == '-') { long age; time_t now = time(NULL); struct tm *tm = gmtime(&now); @