diff options
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 97 |
1 files changed, 97 insertions, 0 deletions
@@ -1,3 +1,100 @@ +Debian's w3m 0.5.3+git20200502 + +* bug fixes + - support ' entity + - prevent multiple User-Agent with -header + - fix -Wchar-subscripts +* new features + - support setting user_agent in siteconf + - new command GOTO_HOME + - extend ssl_forbid_method for TLSv1.2 and TLSv1.3 + +Debian's w3m 0.5.3+git20190105 + +* bug fixes + - do not use deprecated features with OpenSSL 1.1 + - fix dependency for Imlib2 + - fix that the mark_all_pages option works + - respect the simple_preserve_space option for table cells + - fix error handling for ~/.w3m/request.log and localcgi_post() +* new feature + - w3mman supports specifying a section number during a keyword search + +Debian's w3m 0.5.3+git20180125 + +* bug fixes + - fix stack overflow with malformed text [CVE-2018-6196] + - fix null deref with malformed text [CVE-2018-6197] + - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198] + - do not remove w3mdict.cgi when "make distclean" + - do not turn a form's GET into POST + - correct <base ...> parsing + - accept TERM=fbterm +* new feature + - extend ssl_forbid_method to disable TLSv1.1 + +Debian's w3m 0.5.3+git20170102 + +* bug fixes + - fix multiple flaws with malformed text + (buffer overflow, use after free, infinite loop) + - fix uninitialized variable when not USE_IMAGE + +Debian's w3m 0.5.3+git20161120 + +* bug fixes + - fix multiple flaws with malformed text + (stack overflow, buffer overflow, null deref, out of memory) + [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625], + [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629], + [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633] + - fix stack overflow with nested table and textarea [CVE-2016-9439] + - fix suspend (^Z) behavior + +Debian's w3m 0.5.3+git20161031 + +* new features + - support OSC 5379 remote imaging and sixel graphics + - support SGR style mouse handler + - support 32-bit color images + - support FreeBSD framebuffer + - support button element + - support meta charset + - include w3mdict.cgi to use a dictd dictionary query + - add extbrowser4..9 + - add display_borders to display 0 pixel table borders + - add siteconf feature + - add German translation for options setting panel + - add translations for de, zh_CN and zh_TW +* bug fixes + - fix multiple flaws with malformed text + [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425], + [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430], + [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434], + [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438], + [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621] + - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442] + - disable SSLv2 and SSLv3 by default [CVE-2014-3566] + - set ssl_verify_server to 1 by default + - disable RC4, export ciphers, and keys < 128 bits + - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929] + - use SSL_MODE_RELEASE_BUFFERS + - disable USE_EGD for LibreSSL + - appease gcc -Werror=format-security + - option -s is now "squeeze multiple blank lines" to work as pager, and + -j and -e are obsolete, so use -O{s|j|e} to specify display charset + - accept single quoted meta refresh URL + - assume "text" if a form input type is unknown + - accept cookies by default + - set use_dictcommand to 1 by default + - set default_url to 1 by default + - set argv_is_url to 1 by default + - set alt_entity to 0 by default + - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14 + - fix parallel make failure + - fix incorrect ucs_ambwidth_map + - and many fixes + w3m 0.5.3 - 2011-01-15 * security fix |