# ------------------------------------------------------------------------------
# CHANGES       |    8 ++++++++
# configure     |    2 +-
# configure.in  |    4 ++--
# lynx.cfg      |    4 ++--
# src/HTInit.c  |   24 +++++++++++++++---------
# src/LYUtils.c |   21 ++++++++-------------
# src/LYUtils.h |    6 ++++++
# userdefs.h    |    4 ++--
# 8 files changed, 44 insertions(+), 29 deletions(-)
# ------------------------------------------------------------------------------
Index: CHANGES
--- 2.8.6rel.2/CHANGES	Thu Oct 12 16:00:01 2006
+++ 2.8.6rel.3/CHANGES	Mon Nov  6 17:27:15 2006
@@ -1,6 +1,14 @@
 Changes since Lynx 2.8 release
 ===============================================================================
 
+2006-11-06 (2.8.6rel.3 from 2.8.7dev.2)
+* ensure that the configured values for PERSONAL_EXTENSION_MAP and
+  PERSONAL_MAILCAP are absolute pathnames -TD
+* modify logic for reading PERSONAL_EXTENSION_MAP and PERSONAL_MAILCAP to
+  ensure that they are files that are controlled only by the user.  The
+  default values for these allow lynx to read configuration information
+  from the user's current directory at lynx's startup (Debian #396949) -TD
+
 2006-10-12 (2.8.6rel.2)
 * update version numbers in documentation -TD
 * change embedded URL for HTML'ized lynx.cfg to point to example in current
Index: configure
--- 2.8.6rel.2/configure	Tue Oct 10 16:39:50 2006
+++ 2.8.6rel.3/configure	Tue Oct 10 16:39:50 2006
@@ -1228,7 +1228,7 @@
 
 PACKAGE=lynx
 # $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.6rel.2
+VERSION=2.8.6rel.3
 
 test -z "$ALL_LINGUAS" && ALL_LINGUAS=`test -d $srcdir/po && cd $srcdir/po && echo *.po|sed -e 's/\.po//g' -e 's/*//'`
 
Index: configure.in
--- 2.8.6rel.2/configure.in	Tue Oct 10 16:39:50 2006
+++ 2.8.6rel.3/configure.in	Tue Oct 10 16:39:50 2006
@@ -25,7 +25,7 @@
 dnl
 dnl ask PRCS to plug-in the project-version for the configure-script.
 dnl $Format: "AC_REVISION($ProjectVersion$)"$
-AC_REVISION(2.8.6rel.2)
+AC_REVISION(2.8.6rel.3)
 
 # Save the original $CFLAGS so we can distinguish whether the user set those
 # in the environment, or whether autoconf added -O and -g options:
@@ -57,7 +57,7 @@
 PACKAGE=lynx
 dnl ask PRCS to plug-in the project-version for the packages.
 # $Format: "VERSION=$ProjectVersion$"$
-VERSION=2.8.6rel.2
+VERSION=2.8.6rel.3
 AC_SUBST(PACKAGE)
 AC_SUBST(VERSION)
 AC_SUBST(DESTDIR)
Index: lynx.cfg
--- 2.8.6rel.2/lynx.cfg	Mon Sep 18 17:28:28 2006
+++ 2.8.6rel.3/lynx.cfg	Mon Sep 18 17:28:28 2006
@@ -3,10 +3,10 @@
 #                                     or Lynx_Dir:lynx.cfg (VMS)
 #
 # $Format: "#PRCS LYNX_VERSION \"$ProjectVersion$\""$
-#PRCS LYNX_VERSION "2.8.6rel.2"
+#PRCS LYNX_VERSION "2.8.6rel.3"
 #
 # $Format: "#PRCS LYNX_DATE \"$ProjectDate$\""$
-#PRCS LYNX_DATE "Thu, 12 Oct 2006 16:00:01 -0700"
+#PRCS LYNX_DATE "Mon, 06 Nov 2006 17:27:15 -0800"
 #
 # Definition pairs are of the form  VARIABLE:DEFINITION
 # NO spaces are allowed between the pair items.
Index: src/HTInit.c
--- 2.8.6rel.2/src/HTInit.c	Mon Oct  2 12:56:53 2006
+++ 2.8.6rel.3/src/HTInit.c	Mon Nov  6 17:27:15 2006
@@ -153,15 +153,16 @@
     SET_INTERNL("text/html", "www/present", HTMLPresent, 1.0);
     SET_INTERNL("text/xml", "www/present", HTMLPresent, 2.0);
 
-    /*
-     * These should override the default types as necessary.
-     */
-    HTLoadTypesConfigFile(global_type_map, mediaSYS);
+    if (LYisAbsPath(global_type_map)) {
+	/* These should override the default types as necessary.  */
+	HTLoadTypesConfigFile(global_type_map, mediaSYS);
+    }
 
     /*
      * Load the local maps.
      */
-    if (LYCanReadFile(personal_type_map)) {
+    if (IsOurFile(personal_type_map)
+	&& LYCanReadFile(personal_type_map)) {
 	/* These should override everything else. */
 	HTLoadTypesConfigFile(personal_type_map, mediaUSR);
     } else {
@@ -1332,17 +1333,22 @@
     SET_SUFFIX1(".html", "text/html", "8bit");
 #endif /* BUILTIN_SUFFIX_MAPS */
 
-    /* These should override the default extensions as necessary. */
-    HTLoadExtensionsConfigFile(global_extension_map);
+    if (LYisAbsPath(global_extension_map)) {
+	/* These should override the default extensions as necessary. */
+	HTLoadExtensionsConfigFile(global_extension_map);
+    }
 
-    if (LYCanReadFile(personal_extension_map)) {
+    /*
+     * Load the local maps.
+     */
+    if (IsOurFile(personal_extension_map)
+	&& LYCanReadFile(personal_extension_map)) {
 	/* These should override everything else. */
 	HTLoadExtensionsConfigFile(personal_extension_map);
     } else {
 	char buffer[LY_MAXPATH];
 
 	LYAddPathToHome(buffer, sizeof(buffer), personal_extension_map);
-	/* These should override everything else. */
 	HTLoadExtensionsConfigFile(buffer);
     }
 }
Index: src/LYUtils.c
--- 2.8.6rel.2/src/LYUtils.c	Mon Oct  2 12:56:53 2006
+++ 2.8.6rel.3/src/LYUtils.c	Mon Nov  6 17:27:15 2006
@@ -5789,28 +5789,20 @@
 }
 #endif
 
-/*
- * Default, for single-user systems such as Cygwin and OS/2 EMX:
- */
-#define IsOurFile(name) TRUE
-#define OpenHiddenFile(name, mode) fopen(name, mode)
-
 #if defined(MULTI_USER_UNIX)
-
-#undef IsOurFile
-#undef OpenHiddenFile
-
 /*
  * Verify if this is really a file, not accessed by a link, except for the
  * special case of its directory being pointed to by a link from a directory
  * owned by root and not writable by other users.
  */
-static BOOL IsOurFile(const char *name)
+BOOL IsOurFile(const char *name)
 {
+    BOOL result = FALSE;
     struct stat data;
 
     if (lstat(name, &data) == 0
 	&& S_ISREG(data.st_mode)
+	&& (data.st_mode & (S_IWOTH | S_IWGRP)) == 0
 	&& data.st_nlink == 1
 	&& data.st_uid == getuid()) {
 	int linked = FALSE;
@@ -5860,9 +5852,10 @@
 	} while (leaf != path);
 	FREE(path);
 #endif
-	return !linked;
+	result = !linked;
     }
-    return FALSE;
+    CTRACE2(TRACE_CFG, (tfp, "IsOurFile(%s) %d\n", name, result));
+    return result;
 }
 
 /*
@@ -5922,6 +5915,8 @@
     }
     return fp;
 }
+#else
+#define OpenHiddenFile(name, mode) fopen(name, mode)
 #endif /* MULTI_USER_UNIX */
 
 FILE *LYNewBinFile(const char *name)
Index: src/LYUtils.h
--- 2.8.6rel.2/src/LYUtils.h	Sun Oct 16 17:17:20 2005
+++ 2.8.6rel.3/src/LYUtils.h	Mon Nov  6 17:27:15 2006
@@ -196,6 +196,12 @@
     extern void statusline(const char *text);
     extern void toggle_novice_line(void);
 
+#if defined(MULTI_USER_UNIX)
+    extern BOOL IsOurFile(const char *name);
+#else
+#define IsOurFile(name) TRUE
+#endif
+
 #ifdef EXP_ASCII_CTYPES
     extern int ascii_tolower(int i);
     extern int ascii_toupper(int i);
Index: userdefs.h
--- 2.8.6rel.2/userdefs.h	Thu Dec 30 04:11:59 2004
+++ 2.8.6rel.3/userdefs.h	Thu Dec 30 04:11:59 2004
@@ -1360,11 +1360,11 @@
  * the version definition with the Project Version on checkout.  Just
  * ignore it. - kw */
 /* $Format: "#define LYNX_VERSION \"$ProjectVersion$\""$ */
-#define LYNX_VERSION "2.8.6rel.2"
+#define LYNX_VERSION "2.8.6rel.3"
 #define LYNX_WWW_HOME "http://lynx.isc.org/"
 #define LYNX_WWW_DIST "http://lynx.isc.org/current/"
 /* $Format: "#define LYNX_DATE \"$ProjectDate$\""$ */
-#define LYNX_DATE "Thu, 12 Oct 2006 16:00:01 -0700"
+#define LYNX_DATE "Mon, 06 Nov 2006 17:27:15 -0800"
 #define LYNX_DATE_OFF 5		/* truncate the automatically-generated date */
 #define LYNX_DATE_LEN 11	/* truncate the automatically-generated date */