path: root/NEWS

                              

Debian's w3m 0.5.3+git20170102

* bug fixes
 - fix multiple flaws with malformed text
   (buffer overflow, use after free, infinite loop)
 - fix uninitialized variable when not USE_IMAGE

Debian's w3m 0.5.3+git20161120

* bug fixes
 - fix multiple flaws with malformed text
   (stack overflow, buffer overflow, null deref, out of memory)
   [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
   [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
   [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
 - fix stack overflow with nested table and textarea [CVE-2016-9439]
 - fix suspend (^Z) behavior

Debian's w3m 0.5.3+git20161031

* new features
 - support OSC 5379 remote imaging and sixel graphics
 - support SGR style mouse handler
 - support 32-bit color images
 - support FreeBSD framebuffer
 - support button element
 - support meta charset
 - include w3mdict.cgi to use a dictd dictionary query
 - add extbrowser4..9
 - add display_borders to display 0 pixel table borders
 - add siteconf feature
 - add German translation for options setting panel
 - add translations for de, zh_CN and zh_TW
* bug fixes
 - fix multiple flaws with malformed text
   [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
   [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
   [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
   [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
   [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
 - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
 - disable SSLv2 and SSLv3 by default [CVE-2014-3566]
 - set ssl_verify_server to 1 by default
 - disable RC4, export ciphers, and keys < 128 bits
 - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
 - use SSL_MODE_RELEASE_BUFFERS
 - disable USE_EGD for LibreSSL
 - appease gcc -Werror=format-security
 - option -s is now "squeeze multiple blank lines" to work as pager, and
   -j and -e are obsolete, so use -O{s|j|e} to specify display charset
 - accept single quoted meta refresh URL
 - assume "text" if a form input type is unknown
 - accept cookies by default
 - set use_dictcommand to 1 by default
 - set default_url to 1 by default
 - set argv_is_url to 1 by default
 - set alt_entity to 0 by default
 - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
 - fix parallel make failure
 - fix incorrect ucs_ambwidth_map
 - and many fixes

w3m 0.5.3 - 2011-01-15

* security fix
 - fix vulnerabilities indicated by bugs.debian.org.
 - suppress sending Referer, if https:// -> http://
* new features
 - adapt w3mimg to native windows on MS Windows.
 - support xterm-incompatible terminals without gpm.
 - add "xhtml" to default guess.
 - introduce option pseudo_inlines.
 - add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
 - fix "important" bugs from bugs.debian.org
 - preserve spaces in multibyte context.
 - fix proxy authentication.

w3m 0.5.2 - 2007-05-31

* security fix
 - fix format string vulnerability.
* new features
 - support gtk2 with w3m-img.
 - new option for LiveHTTPHeaders-like logs.
 - new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
 - avoid errors in "configure" and "make".
 - '\n' handling in attributes' values of HTML tags.

w3m 0.5.1 - 2004-04-29

* fix minor bugs
 - build problem on some platform/some configuration
 - authentication bug
 - ipv6 FQDN resolv
 - SSL verify
 - search problem on different charset page/display
 - cleanup LANG==JA
 - DisplayCharset default
 - w3mhelp.cgi charset

w3m 0.5	- 2004-03-22

* gettextize
* m17n patch merged

w3m 0.4.2 - 2003-09-23

* options: -4, -6
* configuration file in $(sysconfdir)/$(package)/
* func: NEXT_VISITED, PREV_VISITED
* autoconfiscate (partially)
* rc: use_history

w3m 0.4.1 - 2003-03-07

* fix bugs
  - completion segfault in lineinput
  - incremental search
  - URL pattern fix
  - UFhalfclose bug
  - allow pipe in shell command
  - enhance ftp directory support
  - linenumber in edit
  - fix Bug#181897
  - W3M_TTY problem fixed

w3m 0.4 - 2003-02-24

* rc: decode_url
* func: RESHAPE
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* func: SEARCH can take arg
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* rc: use_proxy
* rc: preserve_timestamp
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* 2 stroke keybinding
* func: MULTIMAP
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST
* env: https_proxy
* rc: https_proxy
* options: -show-option
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir
* rc: disable_secret_security_check (for windows?)
* tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB, 
* func:	TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file

----------------------------------------------------------------

w3m 0.3.2.2 - 2002-12-06

* security fix: html_quote for img alt attributes

----------------------------------------------------------------

w3m 0.3.2.1 - 2002-11-27

* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs
 - fix segmentation fault by large complex table.
	[w3m-dev 03371][w3m-dev 03438]

----------------------------------------------------------------
w3m 0.3.2 - 2002-11-05

* ~/.netrc: password for ftp
* rc: display_lineinfo: display current line number
* rc: passwd_file: passwd file for HTTP auth
* func: MARK_WORD
* rc: imgsize: obsoleted
* w3m-img for framebuffer merged

----------------------------------------------------------------
w3m 0.3.1 - 2002-07-16

* func: REINIT
	INIT_MAILCAP deleted, use REINIT MAILCAP instead
* func: DEFINE_KEY
* rc: keymap_file
* rc: use_dictcommand, dictcommand
* rc: mark_all_pages
* configure: -mandir
* func: COMMAND
* -title option: set buffer name to terminal title
* X-Face support: USE_XFACE, require uncompface

----------------------------------------------------------------
w3m 0.3 - 2002-03-06

* rc: mailer
	if mailer is set, it will be used for simple mailto: URLs
	otherwise, w3mmail.cgi will be used (when USE_W3MMAILER defined)
* rc: max_load_image
* rc: display_image, auto_image, image_scale, imgdisplay, imgsize
* func: DISPLAY_IMAGE, STOP_IMAGE
* w3m-img merged: w3m now can display images! see doc/README.img

----------------------------------------------------------------
w3m 0.2.5.1 - 2002-02-05

* backport from w3m/0.2.5+cvs-1.299
 - fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985]
 - fix SunOS 4.1.4 build problem [w3m-dev 02972]
 - fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968]

----------------------------------------------------------------
w3m 0.2.5 - 2002-01-31

* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation

----------------------------------------------------------------
w3m 0.2.4 - 2002-01-07

* RFC2818 server identity check
* incremental search (C-s, C-r)

----------------------------------------------------------------
w3m 0.2.3.2 - 2001-12-22

* fix security hole in w3m/scripts

----------------------------------------------------------------
w3m 0.2.3.1 - 2001-12-20

* sync with cvs repository
* fix bug in configure

----------------------------------------------------------------
w3m 0.2.3 - 2001-12-20

* command line option: -help, -version
* new libgc included
* new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num
   emacs_like_lineedit, ftppass_hostnamegen
* RFC2732 support (IPv6)
* new w3mhelp system
* several configure changes
* code cleanups, now gcc -Wall -Werror safe

----------------------------------------------------------------
w3m 0.2.2 - 2001-11-15

* sync with w3m 0.2.1-inu-1.5
* w3m maintained in sourceforge.net/projects/w3m
Debian's w3m 0.5.3+git20170102

* bug fixes
 - fix multiple flaws with malformed text
   (buffer overflow, use after free, infinite loop)
 - fix uninitialized variable when not USE_IMAGE

Debian's w3m 0.5.3+git20161120

* bug fixes
 - fix multiple flaws with malformed text
   (stack overflow, buffer overflow, null deref, out of memory)
   [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
   [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
   [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
 - fix stack overflow with nested table and textarea [CVE-2016-9439]
 - fix suspend (^Z) behavior

Debian's w3m 0.5.3+git20161031

* new features
 - support OSC 5379 remote imaging and sixel graphics
 - support SGR style mouse handler
 - support 32-bit color images
 - support FreeBSD framebuffer
 - support button element
 - support meta charset
 - include w3mdict.cgi to use a dictd dictionary query
 - add extbrowser4..9
 - add display_borders to display 0 pixel table borders
 - add siteconf feature
 - add German translation for options setting panel
 - add translations for de, zh_CN and zh_TW
* bug fixes
 - fix multiple flaws with malformed text
   [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
   [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
   [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
   [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
   [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
 - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
 - disable SSLv2 and SSLv3 by default [CVE-2014-3566]
 - set ssl_verify_server to 1 by default
 - disable RC4, export ciphers, and keys < 128 bits
 - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
 - use SSL_MODE_RELEASE_BUFFERS
 - disable USE_EGD for LibreSSL
 - appease gcc -Werror=format-security
 - option -s is now "squeeze multiple blank lines" to work as pager, and
   -j and -e are obsolete, so use -O{s|j|e} to specify display charset
 - accept single quoted meta refresh URL
 - assume "text" if a form input type is unknown
 - accept cookies by default
 - set use_dictcommand to 1 by default
 - set default_url to 1 by default
 - set argv_is_url to 1 by default
 - set alt_entity to 0 by default
 - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
 - fix parallel make failure
 - fix incorrect ucs_ambwidth_map
 - and many fixes

w3m 0.5.3 - 2011-01-15

* security fix
 - fix vulnerabilities indicated by bugs.debian.org.
 - suppress sending Referer, if https:// -> http://
* new features
 - adapt w3mimg to native windows on MS Windows.
 - support xterm-incompatible terminals without gpm.
 - add "xhtml" to default guess.
 - introduce option pseudo_inlines.
 - add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
 - fix "important" bugs from bugs.debian.org
 - preserve spaces in multibyte context.
 - fix proxy authentication.

w3m 0.5.2 - 2007-05-31

* security fix
 - fix format string vulnerability.
* new features
 - support gtk2 with w3m-img.
 - new option for LiveHTTPHeaders-like logs.
 - new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
 - avoid errors in "configure" and "make".
 - '\n' handling in attributes' values of HTML tags.

w3m 0.5.1 - 2004-04-29

* fix minor bugs
 - build problem on some platform/some configuration
 - authentication bug
 - ipv6 FQDN resolv
 - SSL verify
 - search problem on different charset page/display
 - cleanup LANG==JA
 - DisplayCharset default
 - w3mhelp.cgi charset

w3m 0.5	- 2004-03-22

* gettextize
* m17n patch merged

w3m 0.4.2 - 2003-09-23

* options: -4, -6
* configuration file in $(sysconfdir)/$(package)/
* func: NEXT_VISITED, PREV_VISITED
* autoconfiscate (partially)
* rc: use_history

w3m 0.4.1 - 2003-03-07

* fix bugs
  - completion segfault in lineinput
  - incremental search
  - URL pattern fix
  - UFhalfclose bug
  - allow pipe in shell command
  - enhance ftp directory support
  - linenumber in edit
  - fix Bug#181897
  - W3M_TTY problem fixed

w3m 0.4 - 2003-02-24

* rc: decode_url
* func: RESHAPE
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* func: SEARCH can take arg
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* rc: use_proxy
* rc: preserve_timestamp
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* 2 stroke keybinding
* func: MULTIMAP
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST
* env: https_proxy
* rc: https_proxy
* options: -show-option
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir
* rc: disable_secret_security_check (for windows?)
* tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB, 
* func:	TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file

----------------------------------------------------------------

w3m 0.3.2.2 - 2002-12-06

* security fix: html_quote for img alt attributes

----------------------------------------------------------------

w3m 0.3.2.1 - 2002-11-27

* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs
 - fix segmentation fault by large complex table.
	[w3m-dev 03371][w3m-dev 03438]

----------------------------------------------------------------
w3m 0.3.2 - 2002-11-05

* ~/.netrc: password for ftp
* rc: display_lineinfo: display current line number
* rc: passwd_file: passwd file for HTTP auth
* func: MARK_WORD
* rc: imgsize: obsoleted
* w3m-img for framebuffer merged

----------------------------------------------------------------
w3m 0.3.1 - 2002-07-16

* func: REINIT
	INIT_MAILCAP deleted, use REINIT MAILCAP instead
* func: DEFINE_KEY
* rc: keymap_file
* rc: use_dictcommand, dictcommand
* rc: mark_all_pages
* configure: -mandir
* func: COMMAND
* -title option: set buffer name to terminal title
* X-Face support: USE_XFACE, require uncompface

----------------------------------------------------------------
w3m 0.3 - 2002-03-06

* rc: mailer
	if mailer is set, it will be used for simple mailto: URLs
	otherwise, w3mmail.cgi will be used (when USE_W3MMAILER defined)
* rc: max_load_image
* rc: display_image, auto_image, image_scale, imgdisplay, imgsize
* func: DISPLAY_IMAGE, STOP_IMAGE
* w3m-img merged: w3m now can display images! see doc/README.img

----------------------------------------------------------------
w3m 0.2.5.1 - 2002-02-05

* backport from w3m/0.2.5+cvs-1.299
 - fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985]
 - fix SunOS 4.1.4 build problem [w3m-dev 02972]
 - fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968]

----------------------------------------------------------------
w3m 0.2.5 - 2002-01-31

* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation

----------------------------------------------------------------
w3m 0.2.4 - 2002-01-07

* RFC2818 server identity check
* incremental search (C-s, C-r)

----------------------------------------------------------------
w3m 0.2.3.2 - 2001-12-22

* fix security hole in w3m/scripts

----------------------------------------------------------------
w3m 0.2.3.1 - 2001-12-20

* sync with cvs repository
* fix bug in configure

----------------------------------------------------------------
w3m 0.2.3 - 2001-12-20

* command line option: -help, -version
* new libgc included
* new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num
   emacs_like_lineedit, ftppass_hostnamegen
* RFC2732 support (IPv6)
* new w3mhelp system
* several configure changes
* code cleanups, now gcc -Wall -Werror safe

----------------------------------------------------------------
w3m 0.2.2 - 2001-11-15

* sync with w3m 0.2.1-inu-1.5
* w3m maintained in sourceforge.net/projects/w3m