From 1d0ba25a660483da1272a31dd077ed94441e3d9f Mon Sep 17 00:00:00 2001 From: Tatsuya Kinoshita Date: Sat, 2 Jan 2021 09:20:37 +0900 Subject: New upstream version 0.5.3+git20210102 --- NEWS | 118 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 118 insertions(+) (limited to 'NEWS') diff --git a/NEWS b/NEWS index 66e309d..7a215e8 100644 --- a/NEWS +++ b/NEWS @@ -1,3 +1,121 @@ +Debian's w3m 0.5.3+git20210102 + +* new features + - support links containing divs for HTML5 + - rudimentary support for HTML5 tags: figure, figcaption, and section + - enhance the behaviour of the q tag when m17n and Unicode are configured + - support for file://hostname/... URLs + - new commands CURSOR_TOP, CURSOR_MIDDLE, and CURSOR_BOTTOM + - new option space_autocomplete, disabled by default +* bug fixes + - fix and improve broken Gopher support, enabled by default + - change the encoding of the Japanese document files to UTF-8 + - use the default ciphers without SSL_CTX_set_cipher_list for OpenSSL 1.1 + - fix compilation errors due to sys_errlist and longjmp + - define X_DISPLAY_MISSING when configure --without-x for Imlib2 + - avoid the -l option of the man command for w3mman + - fix some source formatting in the manual + - show keyboard shortcuts in a consistent order in help + - fix traditional Chinese translation + - drop obsolete w3m-doc + +Debian's w3m 0.5.3+git20200502 + +* bug fixes + - support ' entity + - prevent multiple User-Agent with -header + - fix -Wchar-subscripts +* new features + - support setting user_agent in siteconf + - new command GOTO_HOME + - extend ssl_forbid_method for TLSv1.2 and TLSv1.3 + +Debian's w3m 0.5.3+git20190105 + +* bug fixes + - do not use deprecated features with OpenSSL 1.1 + - fix dependency for Imlib2 + - fix that the mark_all_pages option works + - respect the simple_preserve_space option for table cells + - fix error handling for ~/.w3m/request.log and localcgi_post() +* new feature + - w3mman supports specifying a section number during a keyword search + +Debian's w3m 0.5.3+git20180125 + +* bug fixes + - fix stack overflow with malformed text [CVE-2018-6196] + - fix null deref with malformed text [CVE-2018-6197] + - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198] + - do not remove w3mdict.cgi when "make distclean" + - do not turn a form's GET into POST + - correct parsing + - accept TERM=fbterm +* new feature + - extend ssl_forbid_method to disable TLSv1.1 + +Debian's w3m 0.5.3+git20170102 + +* bug fixes + - fix multiple flaws with malformed text + (buffer overflow, use after free, infinite loop) + - fix uninitialized variable when not USE_IMAGE + +Debian's w3m 0.5.3+git20161120 + +* bug fixes + - fix multiple flaws with malformed text + (stack overflow, buffer overflow, null deref, out of memory) + [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625], + [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629], + [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633] + - fix stack overflow with nested table and textarea [CVE-2016-9439] + - fix suspend (^Z) behavior + +Debian's w3m 0.5.3+git20161031 + +* new features + - support OSC 5379 remote imaging and sixel graphics + - support SGR style mouse handler + - support 32-bit color images + - support FreeBSD framebuffer + - support button element + - support meta charset + - include w3mdict.cgi to use a dictd dictionary query + - add extbrowser4..9 + - add display_borders to display 0 pixel table borders + - add siteconf feature + - add German translation for options setting panel + - add translations for de, zh_CN and zh_TW +* bug fixes + - fix multiple flaws with malformed text + [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425], + [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430], + [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434], + [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438], + [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621] + - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442] + - disable SSLv2 and SSLv3 by default [CVE-2014-3566] + - set ssl_verify_server to 1 by default + - disable RC4, export ciphers, and keys < 128 bits + - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929] + - use SSL_MODE_RELEASE_BUFFERS + - disable USE_EGD for LibreSSL + - appease gcc -Werror=format-security + - option -s is now "squeeze multiple blank lines" to work as pager, and + -j and -e are obsolete, so use -O{s|j|e} to specify display charset + - accept single quoted meta refresh URL + - assume "text" if a form input type is unknown + - accept cookies by default + - set use_dictcommand to 1 by default + - set default_url to 1 by default + - set argv_is_url to 1 by default + - set alt_entity to 0 by default + - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14 + - fix parallel make failure + - fix incorrect ucs_ambwidth_map + - and many fixes + w3m 0.5.3 - 2011-01-15 * security fix -- cgit v1.2.3