head 1.2; access; symbols pkgsrc-2026Q1:1.1.0.4 pkgsrc-2026Q1-base:1.1 pkgsrc-2025Q4:1.1.0.2; locks; strict; comment @// @; 1.2 date 2026.05.05.15.20.15; author ktnb; state dead; branches; next 1.1; commitid zKeMYcEMEXFNDDEG; 1.1 date 2026.01.18.13.00.41; author leot; state Exp; branches 1.1.2.1; next ; commitid SOyqfTJG5bmJiSqG; 1.1.2.1 date 2026.01.18.13.00.41; author maya; state dead; branches; next 1.1.2.2; commitid F25rFhfz2lbPDSuG; 1.1.2.2 date 2026.02.18.17.01.00; author maya; state Exp; branches; next ; commitid F25rFhfz2lbPDSuG; desc @@ 1.2 log @dillo: update to 3.3.0 Packaging: - Most patches have been removed thanks to leot@@'s patches being merged upstream! Upstream: - Add optional support for brotli (br) content encoding. - Add about:keys to display current keyboard shortcuts. - Control + left click opens links in new tab (emulates mouse middle button). - Ctrl+C copies selected text into the clipboard so Ctrl+V works as expected. - Enable IPv6 support by default if supported by the platform. - Focus the N-th tab with the Alt+ shortcut. - Fix vsource dpi infinite loop on musl due to unescaped "%" printf format. - Add about:cache and about:dicache pages to show internal cache details. - Add mojeek search engine with shortcut "mj". - Hide form elements (like buttons and inputs) with display:none in CSS. - Increase margin in location bar to make it easier to select with the mouse. - Navigate back and forward with mouse buttons. - Fix OAuth login by allowing cookies in root 30X redirects. - Add support for remote control via a UNIX socket (enabled by default, disable with --disable-control-socket). - Add new dilloc program to remote control dillo from the command line. - Set DILLO_PID variable when executing actions so dilloc can read it. - Add support for "page_action" option to define custom entries in the page menu to run programs or scripts. - Add "mark_unloaded_images" option to show a border in images not loaded, so they are easier to see. - Fix segfault on CurveBall TLS test with LibreSSL. - Match complete search prefixes in "search_url" to avoid partial matches. - Add "trace_http" option to debug HTTP traffic. - Avoid cached responses when submitting forms. - Fix cookie Max-Age parsing using the epoch instead of the local timezone. - Add experimental FLTK >= 1.4 support with the --enable-experimental-fltk configure flag. - Middle click on back or forward button opens page in new tab. - Add support for Content-Disposition header to set the filename. - Fix build in NetBSD and avoid ctype(3) incorrect sign extension. - Fix use-after-free in HTTP server and OpenSSL connection dialog. @ text @$NetBSD: patch-src_cssparser.cc,v 1.1 2026/01/18 13:00:41 leot Exp $ Avoid ctype(3) abuses Valid argument of ctype(3) functions must be either EOF or non-negative value within the range representable as unsigned char. Invalid values leads to undefined behavior. Add all missing d*() ctype(3) helper functions and switch to use them. Noticed by running dillo on NetBSD where dillo crashes due such abuses. See: https://lists.mailman3.com/hyperkitty/list/dillo-dev@@mailman3.com/thread/L6QLXSD6UBDK3M5CMXQMRWD6ZB4C65MR/ --- src/cssparser.cc.orig 2025-01-18 10:51:30.000000000 +0000 +++ src/cssparser.cc @@@@ -16,7 +16,6 @@@@ * a dillo1 based CSS prototype written by Sebastian Geerken. */ -#include #include #include @@@@ -530,7 +529,7 @@@@ void CssParser::nextToken() while (true) { c = getChar(); - if (isspace(c)) { // ignore whitespace + if (dIsspace(c)) { // ignore whitespace spaceSeparated = true; } else if (skipString(c, "/*")) { // ignore comments do { @@@@ -550,7 +549,7 @@@@ void CssParser::nextToken() c = getChar(); } - if (isdigit(c)) { + if (dIsdigit(c)) { ttype = CSS_TK_DECINT; do { if (i < maxStrLen - 1) { @@@@ -558,7 +557,7 @@@@ void CssParser::nextToken() } /* else silently truncated */ c = getChar(); - } while (isdigit(c)); + } while (dIsdigit(c)); if (c != '.') ungetChar(); @@@@ -567,7 +566,7 @@@@ void CssParser::nextToken() if (c == '.') { c = getChar(); - if (isdigit(c)) { + if (dIsdigit(c)) { ttype = CSS_TK_FLOAT; if (i < maxStrLen - 1) tval[i++] = '.'; @@@@ -576,7 +575,7 @@@@ void CssParser::nextToken() tval[i++] = c; /* else silently truncated */ c = getChar(); - } while (isdigit(c)); + } while (dIsdigit(c)); ungetChar(); tval[i] = 0; @@@@ -604,13 +603,13 @@@@ void CssParser::nextToken() c = getChar(); } - if (isalpha(c) || c == '_' || c == '-') { + if (dIsalpha(c) || c == '_' || c == '-') { ttype = CSS_TK_SYMBOL; tval[0] = c; i = 1; c = getChar(); - while (isalnum(c) || c == '_' || c == '-') { + while (dIsalnum(c) || c == '_' || c == '-') { if (i < maxStrLen - 1) { tval[i] = c; i++; @@@@ -633,13 +632,13 @@@@ void CssParser::nextToken() while (c != EOF && c != c1) { if (c == '\\') { d = getChar(); - if (isxdigit(d)) { + if (dIsxdigit(d)) { /* Read hex Unicode char. (Actually, strings are yet only 8 * bit.) */ hexbuf[0] = d; j = 1; d = getChar(); - while (j < 4 && isxdigit(d)) { + while (j < 4 && dIsxdigit(d)) { hexbuf[j] = d; j++; d = getChar(); @@@@ -674,7 +673,7 @@@@ void CssParser::nextToken() tval[0] = c; i = 1; c = getChar(); - while (isxdigit(c)) { + while (dIsxdigit(c)) { if (i < maxStrLen - 1) { tval[i] = c; i++; @ 1.1 log @dillo: Avoid ctype(3) abuses Backport a patch shared and applied upstream via commit 5e2bc90ea2f80dce3a20ef9c1a282e11d6d67236 to stop abusing ctype(3) functions. Now dillo should no longer crashes due ctype(3) on NetBSD>=11. PKGREVISION++ @ text @d1 1 a1 1 $NetBSD$ @ 1.1.2.1 log @file patch-src_cssparser.cc was added on branch pkgsrc-2025Q4 on 2026-02-18 17:01:00 +0000 @ text @d1 111 @ 1.1.2.2 log @Pullup ticket #7052 - requested by leot www/dillo: Bug fix Revisions pulled up: - www/dillo/Makefile 1.98 - www/dillo/distinfo 1.47 - www/dillo/patches/patch-dlib_dlib.c 1.1 - www/dillo/patches/patch-dlib_dlib.h 1.1 - www/dillo/patches/patch-dpi_bookmarks.c 1.1 - www/dillo/patches/patch-dpi_cookies.c 1.1 - www/dillo/patches/patch-dpi_datauri.c 1.1 - www/dillo/patches/patch-dpi_downloads.cc 1.1 - www/dillo/patches/patch-dpi_dpiutil.c 1.1 - www/dillo/patches/patch-dpi_file.c 1.1 - www/dillo/patches/patch-dpi_ftp.c 1.1 - www/dillo/patches/patch-dpid_dpidc.c 1.1 - www/dillo/patches/patch-dpip_dpip.c 1.1 - www/dillo/patches/patch-dw_findtext.hh 1.1 - www/dillo/patches/patch-dw_fltkui.cc 1.1 - www/dillo/patches/patch-dw_style.cc 1.1 - www/dillo/patches/patch-dw_textblock.cc 1.1 - www/dillo/patches/patch-lout_misc.cc 1.1 - www/dillo/patches/patch-src_IO_dpi.c 1.1 - www/dillo/patches/patch-src_IO_http.c 1.1 - www/dillo/patches/patch-src_IO_tls__openssl.c 1.1 - www/dillo/patches/patch-src_auth.c 1.1 - www/dillo/patches/patch-src_colors.c 1.1 - www/dillo/patches/patch-src_cookies.c 1.1 - www/dillo/patches/patch-src_cssparser.cc 1.1 - www/dillo/patches/patch-src_hsts.c 1.1 - www/dillo/patches/patch-src_html.cc 1.1 - www/dillo/patches/patch-src_keys.cc 1.1 - www/dillo/patches/patch-src_misc.c 1.1 - www/dillo/patches/patch-src_table.cc 1.1 - www/dillo/patches/patch-src_url.c 1.1 - www/dillo/patches/patch-src_xembed.cc 1.1 - www/dillo/patches/patch-test_dw_dw__anchors__test.cc 1.1 - www/dillo/patches/patch-test_unit_cookies.c 1.1 --- Module Name: pkgsrc Committed By: leot Date: Sun Jan 18 13:00:41 UTC 2026 Modified Files: pkgsrc/www/dillo: Makefile distinfo Added Files: pkgsrc/www/dillo/patches: patch-dlib_dlib.c patch-dlib_dlib.h patch-dpi_bookmarks.c patch-dpi_cookies.c patch-dpi_datauri.c patch-dpi_downloads.cc patch-dpi_dpiutil.c patch-dpi_file.c patch-dpi_ftp.c patch-dpid_dpidc.c patch-dpip_dpip.c patch-dw_findtext.hh patch-dw_fltkui.cc patch-dw_style.cc patch-dw_textblock.cc patch-lout_misc.cc patch-src_IO_dpi.c patch-src_IO_http.c patch-src_IO_tls__openssl.c patch-src_auth.c patch-src_colors.c patch-src_cookies.c patch-src_cssparser.cc patch-src_hsts.c patch-src_html.cc patch-src_keys.cc patch-src_misc.c patch-src_table.cc patch-src_url.c patch-src_xembed.cc patch-test_dw_dw__anchors__test.cc patch-test_unit_cookies.c Log Message: dillo: Avoid ctype(3) abuses Backport a patch shared and applied upstream via commit 5e2bc90ea2f80dce3a20ef9c1a282e11d6d67236 to stop abusing ctype(3) functions. Now dillo should no longer crashes due ctype(3) on NetBSD>=11. PKGREVISION++ @ text @a0 111 $NetBSD: patch-src_cssparser.cc,v 1.1 2026/01/18 13:00:41 leot Exp $ Avoid ctype(3) abuses Valid argument of ctype(3) functions must be either EOF or non-negative value within the range representable as unsigned char. Invalid values leads to undefined behavior. Add all missing d*() ctype(3) helper functions and switch to use them. Noticed by running dillo on NetBSD where dillo crashes due such abuses. See: https://lists.mailman3.com/hyperkitty/list/dillo-dev@@mailman3.com/thread/L6QLXSD6UBDK3M5CMXQMRWD6ZB4C65MR/ --- src/cssparser.cc.orig 2025-01-18 10:51:30.000000000 +0000 +++ src/cssparser.cc @@@@ -16,7 +16,6 @@@@ * a dillo1 based CSS prototype written by Sebastian Geerken. */ -#include #include #include @@@@ -530,7 +529,7 @@@@ void CssParser::nextToken() while (true) { c = getChar(); - if (isspace(c)) { // ignore whitespace + if (dIsspace(c)) { // ignore whitespace spaceSeparated = true; } else if (skipString(c, "/*")) { // ignore comments do { @@@@ -550,7 +549,7 @@@@ void CssParser::nextToken() c = getChar(); } - if (isdigit(c)) { + if (dIsdigit(c)) { ttype = CSS_TK_DECINT; do { if (i < maxStrLen - 1) { @@@@ -558,7 +557,7 @@@@ void CssParser::nextToken() } /* else silently truncated */ c = getChar(); - } while (isdigit(c)); + } while (dIsdigit(c)); if (c != '.') ungetChar(); @@@@ -567,7 +566,7 @@@@ void CssParser::nextToken() if (c == '.') { c = getChar(); - if (isdigit(c)) { + if (dIsdigit(c)) { ttype = CSS_TK_FLOAT; if (i < maxStrLen - 1) tval[i++] = '.'; @@@@ -576,7 +575,7 @@@@ void CssParser::nextToken() tval[i++] = c; /* else silently truncated */ c = getChar(); - } while (isdigit(c)); + } while (dIsdigit(c)); ungetChar(); tval[i] = 0; @@@@ -604,13 +603,13 @@@@ void CssParser::nextToken() c = getChar(); } - if (isalpha(c) || c == '_' || c == '-') { + if (dIsalpha(c) || c == '_' || c == '-') { ttype = CSS_TK_SYMBOL; tval[0] = c; i = 1; c = getChar(); - while (isalnum(c) || c == '_' || c == '-') { + while (dIsalnum(c) || c == '_' || c == '-') { if (i < maxStrLen - 1) { tval[i] = c; i++; @@@@ -633,13 +632,13 @@@@ void CssParser::nextToken() while (c != EOF && c != c1) { if (c == '\\') { d = getChar(); - if (isxdigit(d)) { + if (dIsxdigit(d)) { /* Read hex Unicode char. (Actually, strings are yet only 8 * bit.) */ hexbuf[0] = d; j = 1; d = getChar(); - while (j < 4 && isxdigit(d)) { + while (j < 4 && dIsxdigit(d)) { hexbuf[j] = d; j++; d = getChar(); @@@@ -674,7 +673,7 @@@@ void CssParser::nextToken() tval[0] = c; i = 1; c = getChar(); - while (isxdigit(c)) { + while (dIsxdigit(c)) { if (i < maxStrLen - 1) { tval[i] = c; i++; @