From kon at iki.fi Wed Apr 4 15:45:28 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Thu, 05 Apr 2007 00:45:28 +0300 Subject: [elinks-dev] Revert Python goto_url_hook change before 0.11.3? Message-ID: <87ps6jke4n.fsf@Astalo.kon.iki.fi> I'd like to revert this commit from ELinks 0.11.2.GIT before 0.11.3 is released: commit 8bedf25bf84d60b143b16d0fe1b384dc17c93569 tree 4b752e88247d9722399bab58d08d748f215388ea parent e1ae6a0cdf12f05a0f642f70de02c513c69648e5 author witekfl Sun, 29 Jan 2006 14:58:03 +0100 committer Jonas Fonseca Mon, 27 Nov 2006 17:13:02 +0100 * contrib/python/hooks.py, src/scripting/python/hooks.c: goto_url_hook takes 2 params not 1. Some dumbprefixes defined in hooks.py ELinks 0.11.0, 0.11.1, and 0.11.2 call the Python goto_url_hook with one argument: the current URI. This commit changes goto_url_hook(current) to goto_url_hook(new, current): the new URI typed by the user becomes the first parameter. ELinks 0.12.GIT calls the hook as goto_url_hook(new): the hook no longer gets the current URI as a parameter but can instead read that From a separate function. So we have three different calling conventions here. I think it will be less confusing to users if we drop the middle one and make the rest of the stable 0.11 branch call the hook in the same way as 0.11.2 did. The difference would then be only between the 0.11 and 0.12 branches. Objections? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070405/7253a722/attachment.bin From fonseca at diku.dk Thu Apr 5 11:14:29 2007 From: fonseca at diku.dk (Jonas Fonseca) Date: Thu, 5 Apr 2007 19:14:29 +0200 Subject: [elinks-dev] Revert Python goto_url_hook change before 0.11.3? In-Reply-To: <87ps6jke4n.fsf@Astalo.kon.iki.fi> References: <87ps6jke4n.fsf@Astalo.kon.iki.fi> Message-ID: <20070405171429.GB23626@diku.dk> Kalle Olavi Niemitalo wrote Thu, Apr 05, 2007: > I'd like to revert this commit from ELinks 0.11.2.GIT before > 0.11.3 is released: > > commit 8bedf25bf84d60b143b16d0fe1b384dc17c93569 > tree 4b752e88247d9722399bab58d08d748f215388ea > parent e1ae6a0cdf12f05a0f642f70de02c513c69648e5 > author witekfl Sun, 29 Jan 2006 14:58:03 +0100 > committer Jonas Fonseca Mon, 27 Nov 2006 17:13:02 +0100 > > * contrib/python/hooks.py, src/scripting/python/hooks.c: > > goto_url_hook takes 2 params not 1. Some dumbprefixes defined > in hooks.py > ... > So we have three different calling conventions here. I think it > will be less confusing to users if we drop the middle one and > make the rest of the stable 0.11 branch call the hook in the same > way as 0.11.2 did. The difference would then be only between the > 0.11 and 0.12 branches. > > Objections? Sound like a good idea! -- Jonas Fonseca From yan at seiner.com Mon Apr 16 13:03:22 2007 From: yan at seiner.com (Yan Seiner) Date: Mon, 16 Apr 2007 12:03:22 -0700 Subject: [elinks-dev] Javascript in forms Message-ID: <4623C87A.5080305@seiner.com> Hi folks: We're working on a control system for a control panel. We need a browser that can use some sort of scripting language in forms - javascript would be ideal. With javascript, we would need event support (onload, onfocus, etc) and at least partial DOM support so that we could change the values in one field based on user input in another field. We also need the ability to copy information from one row of the form to another. If any of the devs are interested in taking this on, my company is willing to sponsor this work (provided, of course, we can come to mutually agreeable terms. :-) ) We can provide detailed information of our needs - in fact I can provide all of the javascript we need to run. Thanks, --Yan From at at altlinux.org Mon Apr 16 15:07:43 2007 From: at at altlinux.org (Alexey Tourbin) Date: Tue, 17 Apr 2007 01:07:43 +0400 Subject: [elinks-dev] unprotected error in call to Lua API In-Reply-To: <6EB652BF05BEE44FA2A29B23F3A71528083FD62C@UBIMAIL1.ubisoft.org> References: <20070416200457.GB5165@solemn.turbinal> <6EB652BF05BEE44FA2A29B23F3A71528083FD62C@UBIMAIL1.ubisoft.org> Message-ID: <20070416210743.GD5165@solemn.turbinal> On Mon, Apr 16, 2007 at 04:11:33PM -0400, Jerome Vuarand wrote: > Alexey Tourbin wrote: > > What is wrong with the following code? > > > > #include > > #include > > #include > > int main() > > { > > lua_State *L = lua_open(); > > luaopen_base(L); > > luaopen_table(L); > > luaopen_io(L); > > luaopen_string(L); > > luaopen_math(L); > > return 0; > > } > > > > [...] > > > > lua-5.1.2 > > Manual, section 7.3: > > http://www.lua.org/manual/5.1/manual.html#7.3 > > "The luaopen_* functions (to open libraries) cannot be called directly, > like a regular C function. They must be called through Lua, like a Lua > function." Thanks. Actually I'm trying to fix the ELinks web browser code. I guess using luaL_openlibs() is just okay, but it probably requires lua >= 5.1. commit 8c4596096c122cc9fa2eba1e35f7e13f0b69039c Author: Alexey Tourbin Date: Mon Apr 16 22:55:32 2007 +0400 elinks-0.11.1-alt-lua51.patch Ported to lua-5.1. This also implies some compatibility fixes in lua5 package, i.e. liblualib.so -> liblua.so (so I do not alter configre.in about it). (cherry picked from commit ce2d9e404543caf7f37aca6a73dc05f4e2d164b7) Conflicts: configure.in diff --git a/configure.in b/configure.in index cba0c81..bcbcacf 100644 --- a/configure.in +++ b/configure.in @@ -907,11 +907,7 @@ if test -z "$disable_lua"; then AC_TRY_LINK([ #include #include ], [ lua_State *L = lua_open(); - luaopen_base(L); - luaopen_table(L); - luaopen_io(L); - luaopen_string(L); - luaopen_math(L); + luaL_openlibs(L); lua_pushboolean(L, 1); lua_close(L);], cf_result=yes, cf_result=no) diff --git a/src/scripting/lua/core.c b/src/scripting/lua/core.c index fcd7176..7fa4405 100644 --- a/src/scripting/lua/core.c +++ b/src/scripting/lua/core.c @@ -655,7 +655,7 @@ do_hooks_file(LS, unsigned char *prefix, unsigned char *filename) if (file_can_read(file)) { int oldtop = lua_gettop(S); - if (lua_dofile(S, file) != 0) + if (luaL_dofile(S, file) != 0) sleep(3); /* Let some time to see error messages. */ lua_settop(S, oldtop); } @@ -667,12 +667,7 @@ void init_lua(struct module *module) { L = lua_open(); - - luaopen_base(L); - luaopen_table(L); - luaopen_io(L); - luaopen_string(L); - luaopen_math(L); + luaL_openlibs(L); lua_register(L, LUA_ALERT, l_alert); lua_register(L, "current_url", l_current_url); @@ -777,7 +772,7 @@ handle_ret_eval(struct session *ses) int oldtop = lua_gettop(L); if (prepare_lua(ses) == 0) { - lua_dostring(L, expr); + (void)luaL_dostring(L, expr); lua_settop(L, oldtop); finish_lua(); } diff --git a/src/scripting/lua/hooks.c b/src/scripting/lua/hooks.c index d79ad80..47c0091 100644 --- a/src/scripting/lua/hooks.c +++ b/src/scripting/lua/hooks.c @@ -200,7 +200,7 @@ static enum evhook_status script_hook_quit(va_list ap, void *data) { if (!prepare_lua(NULL)) { - lua_dostring(lua_state, "if quit_hook then quit_hook() end"); + (void)luaL_dostring(lua_state, "if quit_hook then quit_hook() end"); finish_lua(); } -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070417/be051ad8/attachment.bin From at at altlinux.ru Mon Apr 16 15:27:05 2007 From: at at altlinux.ru (Alexey Tourbin) Date: Tue, 17 Apr 2007 01:27:05 +0400 Subject: [elinks-dev] [PATCH] error.c: fix gcc warning (vasprintf) In-Reply-To: <873b4rjpr2.fsf@Astalo.kon.iki.fi> References: <20070227103714.GG2404@localhost.localdomain> <873b4rjpr2.fsf@Astalo.kon.iki.fi> Message-ID: <20070416212705.GE5165@solemn.turbinal> On Tue, Feb 27, 2007 at 10:43:13PM +0200, Kalle Olavi Niemitalo wrote: > Alexey Tourbin writes: > > > va_start(params, fmt); > > - vasprintf((char **) &buf, fmt, params); > > + rv = vasprintf((char **) &buf, fmt, params); > > + if (rv < 0) { > > + perror("vasprintf"); > > + return; > > + } > > va_end(params); > > elinks_internal("assertion failed: %s", buf); > > This is wrong. va_end and elinks_internal must be called even if > vasprintf fails. > > Possibilities to be handled: > (a) vasprintf returns an error and doesn't alter buf. Because > buf is initialized as NULL, this is the same as (b). > (b) vasprintf returns an error and sets buf = NULL. This NULL > should not be passed to elinks_internal because it will go > to snprintf from there and perhaps cause a crash. The NULL > could be replaced with an empty string. Displaying the > error from vasprintf may be useful but may also distract > users into reporting that error instead of the file name and > line number. > (c) vasprintf returns an error but sets buf != NULL. In this > case the string probably contains something sensible so it > should be used. > (d) vasprintf returns success but sets buf = NULL. That should > not be possible. > (e) vasprintf returns success and sets buf != NULL. This is the > usual case. commit 021a1d43da2db001436d777eeb2f533f011aa471 Author: Alexey Tourbin Date: Sun Oct 15 17:42:31 2006 +0400 error.c: fix gcc warning (vasprintf) (cherry picked from commit 55dff3d9c23e2c8f3358fa265fc4276616713ed5) Actually if vasprintf fails, use plain fmt string. diff --git a/src/util/error.c b/src/util/error.c index 34e4c88..ba6b0ee 100644 --- a/src/util/error.c +++ b/src/util/error.c @@ -145,13 +145,16 @@ void elinks_assertm(int x, unsigned char *fmt, ...) { unsigned char *buf = NULL; + int rv; va_list params; if (assert_failed) return; if (!(assert_failed = !x)) return; va_start(params, fmt); - vasprintf((char **) &buf, fmt, params); + rv = vasprintf((char **) &buf, fmt, params); + if (rv < 0) + buf = fmt; va_end(params); elinks_internal("assertion failed: %s", buf); if (buf) free(buf); -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070417/ca7aedc8/attachment.bin From yan at seiner.com Mon Apr 16 18:48:33 2007 From: yan at seiner.com (Yan Seiner) Date: Mon, 16 Apr 2007 17:48:33 -0700 Subject: [elinks-dev] Elinks crash Message-ID: <46241961.9080109@seiner.com> OK, I'm playing on dangerous ground... Javascript. So elinks died... :-( Unfortunately I can't get a core as I am running on a read-only embedded system.... Is there anything we can do to help with getting javascript working for forms entry and verification? Thanks, --Yan root:/lib> elinks 127.0.0.1/cgi-bin/HomeMenu.php Field Schedule (1/2) Field Schedule 1 Wiper: [ ] Start: 0____ End: 0____ ELinks crashed. That shouldn't happen. Please report this incident to the developers. If you would like to help to debug the problem you just uncovered, please keep the core you just got and send the developers the output of 'bt' command entered inside of gdb (which you run as: gdb elinks core). Thanks a lot for your cooperation! 4_ [X] [ ] [ ] [ ] 305__ 325__ ELinks 0.12.GIT (built on Apr 16 2007 16:53:19) 6_ [ ] [ ] [ ] [ ] _____ _____ Features: [ ] [ ] [ ] _____ _____ Standard, IPv6, gzip, No mouse, Periodic Saving, Viewer (Search History, Timer, Marks), Cascading Style Sheets, Protocol (Authentication, File, FTP, HTTP, URI rewrite, User protocols), _ [ ] [ ] [ ] [ ] _____ _____ MIME (Option system, Mailcap, Mimetypes files), LED indicators, Bookmarks, Cookies, ECMAScript (SpiderMonkey), Form History, Global History, Scripting (Spidermonkey ECMAScript), [ ] [ ] [ ] _____ _____ Goto URL History] [ ] _____ _____ 5_ [ ] [ ] [ ] [ ] _____ _____ elinks(dump_backtrace+0x28)[0xe857c] elinks[0xb3514] ] [ ] _____ _____ elinks[0xb37ec]e startBearing (press Enter to edit) [------] /lib/libc.so.6[0x2abbd2b0] elinks(push_dom_node+0x270)[0x84d40] elinks[0x88c30] elinks(parse_sgml+0x78)[0x88b10] elinks(render_dom_document+0x1f4)[0x5b9f8] elinks[0x50de4] elinks(render_document+0x294)[0x5115c] elinks(render_document_frames+0x36c)[0x517d0] elinks(draw_formatted+0x108)[0xf908c] elinks(toggle_plain_html+0x130)[0x10eeac] elinks(do_action+0xd9c)[0xf5584] elinks[0x1107c8] elinks(send_event+0xe4)[0x110af4] elinks[0xd7e60] elinks(term_send_event+0x3f0)[0xdc640] elinks[0xdce2c] elinks(in_term+0x230)[0xdd2d8] Abort From kon at iki.fi Tue Apr 17 00:49:16 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Tue, 17 Apr 2007 09:49:16 +0300 Subject: [elinks-dev] Elinks crash In-Reply-To: <46241961.9080109@seiner.com> References: <46241961.9080109@seiner.com> Message-ID: <873b2zts0j.fsf@Astalo.kon.iki.fi> Yan Seiner writes: > OK, I'm playing on dangerous ground... Javascript. > > So elinks died... :-( Unfortunately I can't get a core as I am running > on a read-only embedded system.... I don't see anything script-related in your backtrace. I however see parse_sgml, which is part of the SGML/DOM engine you have apparently enabled with configure --enable-html-highlight. So far, ELinks uses the SGML/DOM engine for HTML documents only when it displays the HTML source, so you would not lose any ECMAScript DOM features by disabling it. Nevertheless, the SGML/DOM engine is supposed to replace the old HTML parser in some future version of ELinks, so the crash should eventually be fixed. If you can provide an HTML file with which the crash can be reproduced, that will be useful. From kon at iki.fi Tue Apr 17 00:54:46 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Tue, 17 Apr 2007 09:54:46 +0300 Subject: [elinks-dev] unprotected error in call to Lua API In-Reply-To: <20070416210743.GD5165@solemn.turbinal> References: <20070416200457.GB5165@solemn.turbinal> <6EB652BF05BEE44FA2A29B23F3A71528083FD62C@UBIMAIL1.ubisoft.org> <20070416210743.GD5165@solemn.turbinal> Message-ID: <87y7krsd6x.fsf@Astalo.kon.iki.fi> Alexey Tourbin writes: > Ported to lua-5.1. This seems to be ELinks bug 742. http://bugzilla.elinks.cz/show_bug.cgi?id=742 From simon at josefsson.org Thu Apr 19 07:32:42 2007 From: simon at josefsson.org (Simon Josefsson) Date: Thu, 19 Apr 2007 15:32:42 +0200 Subject: [elinks-dev] GnuTLS improvements Message-ID: <87odlkfq11.fsf@mocca.josefsson.org> Hello elinks workers! I have been using elinks to test HTTPS with GnuTLS (I'm the GnuTLS maintainer) and I've noticed some, let's say, sub-optimal things in elinks related to the GnuTLS code, and I'd like to offer fixes for some of the problems. I hope to find time to add support for client certificates etc too, it is mostly a matter of cut'n'paste from the example code. The patch to ssl.c below removes some hard-coding of specific algorithms, and use the gnutls_set_default_priority() which is the recommended way. It should work with GnuTLS back to 1.2.x which you already require in configure.in. The patch to socket.? removes some never needed code with GnuTLS, and removes the need for the no_tls variable and the ssl_set_no_tls() function altogether by replacing each occurrence of setting the no_tls variable, and calling the function if that variable is set, with the actions done by that function (for the OpenSSL case, no such code is needed for GnuTLS). I have not tested this with OpenSSL, so please double check it. If you apply this, and link with GnuTLS 1.7.x, you'll become (as far as I know) the first TLS 1.2 web browser in the world! :) To test whether TLS 1.2 works for you with this patch, use: ./elinks https://test.gnutls.org:5556 Thanks, Simon diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c index 3c38765..241113a 100644 --- a/src/network/ssl/ssl.c +++ b/src/network/ssl/ssl.c @@ -107,9 +107,6 @@ static struct module openssl_module = struct_module( gnutls_anon_client_credentials_t anon_cred = NULL; gnutls_certificate_credentials_t xcred = NULL; -const static int protocol_priority[16] = { - GNUTLS_TLS1, GNUTLS_SSL3, 0 -}; const static int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, /* Do not use anonymous authentication, unless you know what that means */ @@ -119,8 +116,6 @@ const static int cipher_priority[16] = { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40, 0 }; -const static int comp_priority[16] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; -const static int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; const static int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; static void @@ -232,12 +227,10 @@ init_ssl_connection(struct socket *socket) return S_SSL_ERROR; } + gnutls_set_default_priority (*state); gnutls_handshake_set_private_extensions(*state, 1); gnutls_cipher_set_priority(*state, cipher_priority); - gnutls_compression_set_priority(*state, comp_priority); gnutls_kx_set_priority(*state, kx_priority); - gnutls_protocol_set_priority(*state, protocol_priority); - gnutls_mac_set_priority(*state, mac_priority); gnutls_certificate_type_set_priority(*state, cert_type_priority); gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name, sizeof(server_name) - 1); diff --git a/src/network/socket.h b/src/network/socket.h index d04bdb5..205d9e5 100644 --- a/src/network/socket.h +++ b/src/network/socket.h @@ -96,7 +96,6 @@ struct socket { unsigned int protocol_family:1; /* EL_PF_INET, EL_PF_INET6 */ unsigned int need_ssl:1; /* If the socket needs SSL support */ - unsigned int no_tls:1; /* Internal SSL flag. */ unsigned int duplex:1; /* Allow simultaneous reads & writes. */ }; diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c index 96caf8b..c4f3d86 100644 --- a/src/network/ssl/socket.c +++ b/src/network/ssl/socket.c @@ -57,98 +57,9 @@ #endif - -static void -ssl_set_no_tls(struct socket *socket) -{ -#ifdef CONFIG_OPENSSL - ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; -#elif defined(CONFIG_GNUTLS) - /* We do a little more work here, setting up all these priorities (like - * they couldn't have some reasonable defaults there).. */ - - { - int protocol_priority[3] = { - GNUTLS_TLS1, - GNUTLS_SSL3, - 0 - }; - - gnutls_protocol_set_priority(*((ssl_t *) socket->ssl), protocol_priority); - } - - /* Note that I have no clue about these; I just put all I found here - * ;-). It is all a bit confusing for me, and I just want this to work. - * Feel free to send me patch removing useless superfluous bloat, - * thanks in advance. --pasky */ - - { - int cipher_priority[5] = { - GNUTLS_CIPHER_RIJNDAEL_128_CBC, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR, - GNUTLS_CIPHER_RIJNDAEL_256_CBC, - 0 - }; - - gnutls_cipher_set_priority(*((ssl_t *) socket->ssl), cipher_priority); - } - - { - /* Does any httpd support this..? ;) */ - int comp_priority[3] = { - GNUTLS_COMP_ZLIB, - GNUTLS_COMP_NULL, - 0 - }; - - gnutls_compression_set_priority(*((ssl_t *) socket->ssl), comp_priority); - } - - { - int kx_priority[5] = { - GNUTLS_KX_RSA, - GNUTLS_KX_DHE_DSS, - GNUTLS_KX_DHE_RSA, - /* Looks like we don't want SRP, do we? */ - GNUTLS_KX_ANON_DH, - 0 - }; - - gnutls_kx_set_priority(*((ssl_t *) socket->ssl), kx_priority); - } - - { - int mac_priority[3] = { - GNUTLS_MAC_SHA, - GNUTLS_MAC_MD5, - 0 - }; - - gnutls_mac_set_priority(*((ssl_t *) socket->ssl), mac_priority); - } - - { - int cert_type_priority[2] = { - GNUTLS_CRT_X509, - /* We don't link with -extra now; by time of writing - * this, it's unclear where OpenPGP will end up. */ - 0 - }; - - gnutls_certificate_type_set_priority(*((ssl_t *) socket->ssl), cert_type_priority); - } - - gnutls_dh_set_prime_bits(*((ssl_t *) socket->ssl), 1024); -#endif -} - static void ssl_want_read(struct socket *socket) { - if (socket->no_tls) - ssl_set_no_tls(socket); - switch (ssl_do_connect(socket)) { case SSL_ERROR_NONE: #ifdef CONFIG_GNUTLS @@ -168,7 +79,9 @@ ssl_want_read(struct socket *socket) break; default: - socket->no_tls = 1; +#ifdef CONFIG_OPENSSL + ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; +#endif socket->ops->retry(socket, S_SSL_ERROR); } } @@ -184,9 +97,6 @@ ssl_connect(struct socket *socket) return -1; } - if (socket->no_tls) - ssl_set_no_tls(socket); - #ifdef CONFIG_OPENSSL SSL_set_fd(socket->ssl, socket->fd); @@ -243,7 +153,9 @@ ssl_connect(struct socket *socket) default: if (ret != SSL_ERROR_NONE) { /* DBG("sslerr %s", gnutls_strerror(ret)); */ - socket->no_tls = 1; +#ifdef CONFIG_OPENSSL + ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; +#endif } connect_socket(socket, S_SSL_ERROR); From kon at iki.fi Fri Apr 20 01:13:22 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Fri, 20 Apr 2007 10:13:22 +0300 Subject: [elinks-dev] [PATCH] error.c: fix gcc warning (vasprintf) In-Reply-To: <20070416212705.GE5165@solemn.turbinal> References: <20070227103714.GG2404@localhost.localdomain> <873b4rjpr2.fsf@Astalo.kon.iki.fi> <20070416212705.GE5165@solemn.turbinal> Message-ID: <871wifcyct.fsf@Astalo.kon.iki.fi> Alexey Tourbin writes: > + rv = vasprintf((char **) &buf, fmt, params); > + if (rv < 0) > + buf = fmt; > va_end(params); > elinks_internal("assertion failed: %s", buf); > if (buf) free(buf); It can then call free(fmt) and probably get a SIGSEGV. Would you be happy with the following? diff --git a/src/util/error.c b/src/util/error.c index 34e4c88..4e6afe5 100644 --- a/src/util/error.c +++ b/src/util/error.c @@ -147,17 +147,17 @@ elinks_assertm(int x, unsigned char *fmt, ...) unsigned char *buf = NULL; va_list params; if (assert_failed) return; if (!(assert_failed = !x)) return; va_start(params, fmt); - vasprintf((char **) &buf, fmt, params); + (void) vasprintf((char **) &buf, fmt, params); va_end(params); - elinks_internal("assertion failed: %s", buf); + elinks_internal("assertion failed: %s", buf ? buf : fmt); if (buf) free(buf); } #ifdef CONFIG_DEBUG void force_dump(void) -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070420/c9b176c3/attachment.bin From kon at iki.fi Fri Apr 20 02:49:33 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Fri, 20 Apr 2007 11:49:33 +0300 Subject: [elinks-dev] GnuTLS improvements In-Reply-To: <87odlkfq11.fsf@mocca.josefsson.org> References: <87odlkfq11.fsf@mocca.josefsson.org> Message-ID: <87tzvbbfc2.fsf@Astalo.kon.iki.fi> Simon Josefsson writes: > The patch to socket.? removes some never needed code with GnuTLS, and > removes the need for the no_tls variable and the ssl_set_no_tls() > function altogether by replacing each occurrence of setting the no_tls > variable, and calling the function if that variable is set, with the > actions done by that function (for the OpenSSL case, no such code is > needed for GnuTLS). I have not tested this with OpenSSL, so please > double check it. It seems wrong to me. Previously, ssl_connect() could set socket->no_tls = 1, and then call connect_socket(), which would indirectly call done_ssl_connection(), which sets socket->ssl = NULL; the next call to ssl_connect() would then construct a new ssl_t, make socket->ssl point to it, and see that socket->no_tls is 1. That is, socket->no_tls used to outlive socket->ssl. With your change, ssl_connect() now alters *socket->ssl directly, and this effect is lost in done_ssl_connection(). The no_tls flag was already present (as no_tsl) in connect.c when it was first imported to the ELinks CVS repository on 2001-10-27. I don't know why it was originally added, but I'm guessing it works around buggy servers that happily negotiate TLS but then fail to implement it properly. Could you explain why you think ELinks does not need such a workaround with GnuTLS? Of course, it is possible that all the buggy servers have already been fixed and we can remove the workaround for OpenSSL too, but even in that case it should be done as a separate patch, so it's easier to revert if necessary. If your patches are applied to ELinks, I would like to add your name and email address (as shown above) to the AUTHORS file and to the author field of the commits in the ELinks Git repository. From there, they would then propagate to an unknown number of mirrors and other systems (e.g. CIA.vc) worldwide. It would be difficult to remove this information afterwards. Do you consent to this, or would you rather like to e.g. obscure the email address? -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070420/a759fdb2/attachment.bin From simon at josefsson.org Fri Apr 20 03:28:04 2007 From: simon at josefsson.org (Simon Josefsson) Date: Fri, 20 Apr 2007 11:28:04 +0200 Subject: [elinks-dev] GnuTLS improvements In-Reply-To: <87tzvbbfc2.fsf@Astalo.kon.iki.fi> (Kalle Olavi Niemitalo's message of "Fri\, 20 Apr 2007 11\:49\:33 +0300") References: <87odlkfq11.fsf@mocca.josefsson.org> <87tzvbbfc2.fsf@Astalo.kon.iki.fi> Message-ID: <871wifcs4b.fsf@mocca.josefsson.org> Kalle Olavi Niemitalo writes: > Simon Josefsson writes: > >> The patch to socket.? removes some never needed code with GnuTLS, and >> removes the need for the no_tls variable and the ssl_set_no_tls() >> function altogether by replacing each occurrence of setting the no_tls >> variable, and calling the function if that variable is set, with the >> actions done by that function (for the OpenSSL case, no such code is >> needed for GnuTLS). I have not tested this with OpenSSL, so please >> double check it. > > It seems wrong to me. Previously, ssl_connect() could set > socket->no_tls = 1, and then call connect_socket(), which would > indirectly call done_ssl_connection(), which sets socket->ssl = > NULL; the next call to ssl_connect() would then construct a new > ssl_t, make socket->ssl point to it, and see that socket->no_tls > is 1. That is, socket->no_tls used to outlive socket->ssl. > With your change, ssl_connect() now alters *socket->ssl directly, > and this effect is lost in done_ssl_connection(). Ah, I think you are right. I did not properly understand the logic here -- I only noticed that the GnuTLS code would never be necessary, and then removed too much code. > The no_tls flag was already present (as no_tsl) in connect.c when > it was first imported to the ELinks CVS repository on 2001-10-27. > I don't know why it was originally added, but I'm guessing it > works around buggy servers that happily negotiate TLS but then > fail to implement it properly. Could you explain why you think > ELinks does not need such a workaround with GnuTLS? Because trying to do the same handshake another time will not make it work better. If I understand the OpenSSL code part correctly, it disables TLS (i.e., then only SSL 3.0 is supported). The GnuTLS code does not disable TLS. The algorithm settings looks rather similar to those in ssl.c. What you might want to do is to disable TLS and only use SSL 3.0 with GnuTLS too. However, unless there are documented examples of web servers that need this workaround, I'm not sure it should be added. > Of course, it is possible that all the buggy servers have already > been fixed and we can remove the workaround for OpenSSL too, but > even in that case it should be done as a separate patch, so it's > easier to revert if necessary. Yeah, I agree, and I did not mean to touch existing OpenSSL code since I have not tested it. I only meant to clean up the GnuTLS code. Below is an updated patch that only touch GnuTLS code. > If your patches are applied to ELinks, I would like to add your > name and email address (as shown above) to the AUTHORS file and > to the author field of the commits in the ELinks Git repository. > From there, they would then propagate to an unknown number of > mirrors and other systems (e.g. CIA.vc) worldwide. It would be > difficult to remove this information afterwards. Do you consent > to this, or would you rather like to e.g. obscure the email > address? No, my real address is fine. Btw, if you have any GnuTLS-related problems in the future (I've noticed one such report in your mailing list related to nordea.fi and I'll try to debug it), please let me know and I can try to help. Thanks, Simon diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c index 96caf8b..322a718 100644 --- a/src/network/ssl/socket.c +++ b/src/network/ssl/socket.c @@ -63,83 +63,6 @@ ssl_set_no_tls(struct socket *socket) { #ifdef CONFIG_OPENSSL ((ssl_t *) socket->ssl)->options |= SSL_OP_NO_TLSv1; -#elif defined(CONFIG_GNUTLS) - /* We do a little more work here, setting up all these priorities (like - * they couldn't have some reasonable defaults there).. */ - - { - int protocol_priority[3] = { - GNUTLS_TLS1, - GNUTLS_SSL3, - 0 - }; - - gnutls_protocol_set_priority(*((ssl_t *) socket->ssl), protocol_priority); - } - - /* Note that I have no clue about these; I just put all I found here - * ;-). It is all a bit confusing for me, and I just want this to work. - * Feel free to send me patch removing useless superfluous bloat, - * thanks in advance. --pasky */ - - { - int cipher_priority[5] = { - GNUTLS_CIPHER_RIJNDAEL_128_CBC, - GNUTLS_CIPHER_3DES_CBC, - GNUTLS_CIPHER_ARCFOUR, - GNUTLS_CIPHER_RIJNDAEL_256_CBC, - 0 - }; - - gnutls_cipher_set_priority(*((ssl_t *) socket->ssl), cipher_priority); - } - - { - /* Does any httpd support this..? ;) */ - int comp_priority[3] = { - GNUTLS_COMP_ZLIB, - GNUTLS_COMP_NULL, - 0 - }; - - gnutls_compression_set_priority(*((ssl_t *) socket->ssl), comp_priority); - } - - { - int kx_priority[5] = { - GNUTLS_KX_RSA, - GNUTLS_KX_DHE_DSS, - GNUTLS_KX_DHE_RSA, - /* Looks like we don't want SRP, do we? */ - GNUTLS_KX_ANON_DH, - 0 - }; - - gnutls_kx_set_priority(*((ssl_t *) socket->ssl), kx_priority); - } - - { - int mac_priority[3] = { - GNUTLS_MAC_SHA, - GNUTLS_MAC_MD5, - 0 - }; - - gnutls_mac_set_priority(*((ssl_t *) socket->ssl), mac_priority); - } - - { - int cert_type_priority[2] = { - GNUTLS_CRT_X509, - /* We don't link with -extra now; by time of writing - * this, it's unclear where OpenPGP will end up. */ - 0 - }; - - gnutls_certificate_type_set_priority(*((ssl_t *) socket->ssl), cert_type_priority); - } - - gnutls_dh_set_prime_bits(*((ssl_t *) socket->ssl), 1024); #endif } diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c index 3c38765..c14ab67 100644 --- a/src/network/ssl/ssl.c +++ b/src/network/ssl/ssl.c @@ -107,9 +107,6 @@ static struct module openssl_module = struct_module( gnutls_anon_client_credentials_t anon_cred = NULL; gnutls_certificate_credentials_t xcred = NULL; -const static int protocol_priority[16] = { - GNUTLS_TLS1, GNUTLS_SSL3, 0 -}; const static int kx_priority[16] = { GNUTLS_KX_RSA, GNUTLS_KX_DHE_DSS, GNUTLS_KX_DHE_RSA, GNUTLS_KX_SRP, /* Do not use anonymous authentication, unless you know what that means */ @@ -119,8 +116,6 @@ const static int cipher_priority[16] = { GNUTLS_CIPHER_RIJNDAEL_128_CBC, GNUTLS_CIPHER_ARCFOUR_128, GNUTLS_CIPHER_3DES_CBC, GNUTLS_CIPHER_AES_256_CBC, GNUTLS_CIPHER_ARCFOUR_40, 0 }; -const static int comp_priority[16] = { GNUTLS_COMP_ZLIB, GNUTLS_COMP_NULL, 0 }; -const static int mac_priority[16] = { GNUTLS_MAC_SHA, GNUTLS_MAC_MD5, 0 }; const static int cert_type_priority[16] = { GNUTLS_CRT_X509, GNUTLS_CRT_OPENPGP, 0 }; static void @@ -232,12 +227,10 @@ init_ssl_connection(struct socket *socket) return S_SSL_ERROR; } + gnutls_set_default_priority(*state); gnutls_handshake_set_private_extensions(*state, 1); gnutls_cipher_set_priority(*state, cipher_priority); - gnutls_compression_set_priority(*state, comp_priority); gnutls_kx_set_priority(*state, kx_priority); - gnutls_protocol_set_priority(*state, protocol_priority); - gnutls_mac_set_priority(*state, mac_priority); gnutls_certificate_type_set_priority(*state, cert_type_priority); gnutls_server_name_set(*state, GNUTLS_NAME_DNS, server_name, sizeof(server_name) - 1); From kon at iki.fi Sat Apr 21 01:13:27 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Sat, 21 Apr 2007 10:13:27 +0300 Subject: [elinks-dev] GnuTLS improvements In-Reply-To: <871wifcs4b.fsf@mocca.josefsson.org> References: <87odlkfq11.fsf@mocca.josefsson.org> <87tzvbbfc2.fsf@Astalo.kon.iki.fi> <871wifcs4b.fsf@mocca.josefsson.org> Message-ID: <87lkgmgpyg.fsf@Astalo.kon.iki.fi> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070421/7abce1b2/attachment.bin From simon at josefsson.org Sat Apr 21 09:50:35 2007 From: simon at josefsson.org (Simon Josefsson) Date: Sat, 21 Apr 2007 17:50:35 +0200 Subject: [elinks-dev] GnuTLS improvements In-Reply-To: <87lkgmgpyg.fsf@Astalo.kon.iki.fi> (Kalle Olavi Niemitalo's message of "Sat\, 21 Apr 2007 10\:13\:27 +0300") References: <87odlkfq11.fsf@mocca.josefsson.org> <87tzvbbfc2.fsf@Astalo.kon.iki.fi> <871wifcs4b.fsf@mocca.josefsson.org> <87lkgmgpyg.fsf@Astalo.kon.iki.fi> Message-ID: <871widafqs.fsf@mocca.josefsson.org> Kalle Olavi Niemitalo writes: >> What you might want to do is to disable TLS and only use SSL >> 3.0 with GnuTLS too. However, unless there are documented >> examples of web servers that need this workaround, I'm not sure >> it should be added. > > Bug 712 says > doesn't work with GnuTLS. Which seems reproducible here. > If I disable GNUTLS_TLS1 in ssl_set_no_tls(), then it works. Ah, yes, I can reproduce it too using gnutls-cli. Thanks, it is a good test-case. > However, an ELinks built with OpenSSL can access this site just > fine even if I remove SSL_OP_NO_TLSv1 from ssl_set_no_tls(). I'm not sure why that happens. Using 'openssl s_client' I see that it reverts to SSLv3 successfully. > If you have some test program that can send the same HTTPS > request as ELinks and then receive the data, I think that would > help figure out whether the bug is in the server or in ELinks > (or even in GnuTLS). Here are my request headers for reference. > Sending these with openssl s_client showed that SSLv3 was used. I think one could debug it further, and I've added it to the GnuTLS TODO: - Debug why www-s.uiuc.edu:443 refuse to negotiate sslv3 when we propose sslv3+tls1. The tool to use is typically 'gnutls-cli -d 4711' and ethereal. >> diff --git a/src/network/ssl/socket.c b/src/network/ssl/socket.c >> index 96caf8b..322a718 100644 > >> diff --git a/src/network/ssl/ssl.c b/src/network/ssl/ssl.c >> index 3c38765..c14ab67 100644 > > I am going to apply this patch to ELinks 0.12.GIT but reinstate > the gnutls_protocol_set_priority() call in ssl_set_no_tls() > because it appears to fix or at least hide bug 712. If the real > bug is later found elsewhere, the call can then be removed again. Thanks! Your change looks correct to me. Btw, I don't think this is a bug in elinks. I'm not even sure it is a bug in GnuTLS, I suspect it is an area where GnuTLS simply could be improved to handle buggy servers better. /Simon From kon at iki.fi Mon Apr 23 21:36:32 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Tue, 24 Apr 2007 06:36:32 +0300 Subject: [elinks-dev] set_line() ignores wrap_nbsp when document == NULL Message-ID: <87fy6q5tq7.fsf@Astalo.kon.iki.fi> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070424/be073fa4/attachment.bin From kon at iki.fi Wed Apr 25 23:26:20 2007 From: kon at iki.fi (Kalle Olavi Niemitalo) Date: Thu, 26 Apr 2007 08:26:20 +0300 Subject: [elinks-dev] set_line() ignores wrap_nbsp when document == NULL In-Reply-To: <87fy6q5tq7.fsf@Astalo.kon.iki.fi> References: <87fy6q5tq7.fsf@Astalo.kon.iki.fi> Message-ID: <87irbjzoxv.fsf@Astalo.kon.iki.fi> A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 188 bytes Desc: not available Url : http://linuxfromscratch.org/pipermail/elinks-dev/attachments/20070426/adb63f06/attachment.bin From witekfl at poczta.onet.pl Thu Apr 26 03:16:26 2007 From: witekfl at poczta.onet.pl (Witold Filipczyk) Date: Thu, 26 Apr 2007 11:16:26 +0200 Subject: [elinks-dev] getELementById Message-ID: <20070426091626.GA4526@pldmachine.fixsoftware.pl> Hello, I want to add support for document.getELementById with minimal effort and minimal slowdown. My idea is: In parse_element instead of returning attr, alloc and return struct node2: struct node2 { LIST_HEAD(struct node2); // unsigned char *start; /* start of HTML element at char '<' */ unsigned char *a; /* start of attributes, the value of attr */ struct list_head attrs; } struct attrs { LIST_HEAD(struct attrs); unsigned char *name; unsigned char *value; } get_attr_val_node(struct node2 *node, unsigned char *name, ...) { struct attrs *at; int found = 0; foreach (at, node->attrs) { if (!strcasecmp(name, at->name)) { found = 1; break; } } if (found) return stracpy(at->value); return get_attr_val(node->a, name, ...); } Unfortunately for consistency nodes cannot be allocated every time. Instead, they should be lookup in the hastable 1. Big slowdown. Which struct should contain this hashtable? In start_element in ELEMENT_RENDER_PROLOGUE nodes will be stored in the hashtable 2, which will be used by getElementById. Which struct should contain this hashtable? innerHTML: struct innerHTML { unsigned char *html; /* start of new html */ unsigned char *eof; /* end of new html */ unsigned char *end; /* end of original element (first char after closing tag '') */ } Places where the html is changed mark using special char, eg. (char)0x05. Pointers to those chars will be keys in the hastable 3. parse_html should parse them somehow. I don't know how yet. Which struct should contain this hashtable? After any change of attribute or innerHTML the whole document should be reparsed. Big slowdown. Have you got any idea how to make it better? From yan at seiner.com Mon Apr 30 18:00:17 2007 From: yan at seiner.com (Yan Seiner) Date: Mon, 30 Apr 2007 17:00:17 -0700 Subject: [elinks-dev] How do I tell the document has changed? Message-ID: <46368311.9070801@seiner.com> I'm trying to splice a custom forms editor into elinks. This editor will cache some of the information in the form for faster response and some intelligent editing functions. This is for a custom front end on an embedded machine. The editor is hooked into src/viewer/text/form.c::field_op. I need to figure out a way to tell that the document has changed (i.e. the user has navigated to a new page) so the editor can flush its cache and parse the form again. Is there something that is guaranteed to change on load/reload that I can check for quickly? Perhaps something like document_view->name? Thanks, --Yan