Debian's w3m 0.5.3+git20180121 * bug fixes - fix stack overflow with malformed text - fix null deref with malformed text - make temporary directory safely when ~/.w3m is unwritable - do not remove w3mdict.cgi when "make distclean" - do not turn a form's GET into POST - correct parsing - accept TERM=fbterm * new feature - extend ssl_forbid_method to disable TLSv1.1 Debian's w3m 0.5.3+git20170102 * bug fixes - fix multiple flaws with malformed text (buffer overflow, use after free, infinite loop) - fix uninitialized variable when not USE_IMAGE Debian's w3m 0.5.3+git20161120 * bug fixes - fix multiple flaws with malformed text (stack overflow, buffer overflow, null deref, out of memory) [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625], [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629], [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633] - fix stack overflow with nested table and textarea [CVE-2016-9439] - fix suspend (^Z) behavior Debian's w3m 0.5.3+git20161031 * new features - support OSC 5379 remote imaging and sixel graphics - support SGR style mouse handler - support 32-bit color images - support FreeBSD framebuffer - support button element - support meta charset - include w3mdict.cgi to use a dictd dictionary query - add extbrowser4..9 - add display_borders to display 0 pixel table borders - add siteconf feature - add German translation for options setting panel - add translations for de, zh_CN and zh_TW * bug fixes - fix multiple flaws with malformed text [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425], [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430], [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434], [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438], [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621] - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442] - disable SSLv2 and SSLv3 by default [CVE-2014-3566] - set ssl_verify_server to 1 by default - disable RC4, export ciphers, and keys < 128 bits - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929] - use SSL_MODE_RELEASE_BUFFERS - disable USE_EGD for LibreSSL - appease gcc -Werror=format-security - option -s is now "squeeze multiple blank lines" to work as pager, and -j and -e are obsolete, so use -O{s|j|e} to specify display charset - accept single quoted meta refresh URL - assume "text" if a form input type is unknown - accept cookies by default - set use_dictcommand to 1 by default - set default_url to 1 by default - set argv_is_url to 1 by default - set alt_entity to 0 by default - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14 - fix parallel make failure - fix incorrect ucs_ambwidth_map - and many fixes w3m 0.5.3 - 2011-01-15 * security fix - fix vulnerabilities indicated by bugs.debian.org. - suppress sending Referer, if https:// -> http:// * new features - adapt w3mimg to native windows on MS Windows. - support xterm-incompatible terminals without gpm. - add "xhtml" to default guess. - introduce option pseudo_inlines. - add option to avoid "wrong number of dots" error in cookies. * other bug fixes - fix "important" bugs from bugs.debian.org - preserve spaces in multibyte context. - fix proxy authentication. w3m 0.5.2 - 2007-05-31 * security fix - fix format string vulnerability. * new features - support gtk2 with w3m-img. - new option for LiveHTTPHeaders-like logs. - new option to fontify , , , and so on. * other bug fixes - avoid errors in "configure" and "make". - '\n' handling in attributes' values of HTML tags. w3m 0.5.1 - 2004-04-29 * fix minor bugs - build problem on some platform/some configuration - authentication bug - ipv6 FQDN resolv - SSL verify - search problem on different charset page/display - cleanup LANG==JA - DisplayCharset default - w3mhelp.cgi charset w3m 0.5 - 2004-03-22 * gettextize * m17n patch merged w3m 0.4.2 - 2003-09-23 * options: -4, -6 * configuration file in $(sysconfdir)/$(package)/ * func: NEXT_VISITED, PREV_VISITED * autoconfiscate (partially) * rc: use_history w3m 0.4.1 - 2003-03-07 * fix bugs - completion segfault in lineinput - incremental search - URL pattern fix - UFhalfclose bug - allow pipe in shell command - enhance ftp directory support - linenumber in edit - fix Bug#181897 - W3M_TTY problem fixed w3m 0.4 - 2003-02-24 * rc: decode_url * func: RESHAPE * rc: fold_line * local cookie: passed via file named $LOCAL_COOKIE or posted not in url query * func: SEARCH can take arg * URL data: support * URL news:, nntp: newsgroup support * rc: nntpserver, nntpmode, max_news * rc: graphic_char * rc: use_proxy * rc: preserve_timestamp * func: REDO, UNDO * func: LIST, LIST_MENU, MOVE_LIST_MENU * func: ACCESSKEY, LINK_MENU * rc: display_ins_del * 2 stroke keybinding * func: MULTIMAP * func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE * options: -N * func: NEXT, PREV * rc: image_map_list * rc: open_tab_dl_list * func: DOWNLOAD_LIST * env: https_proxy * rc: https_proxy * options: -show-option * rc: relative_wheel_scroll * rc: relative_wheel_scroll_ratio * rc: fixed_wheel_scroll_count * separate auxbindir and libdir (local-CGI, file:///$LIB/) * configure: -auxbindir * rc: disable_secret_security_check (for windows?) * tab browsing * rc: open_tab_blank, close_tab_back * func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB, * func: TAB_GOTO, TAB_GOTO_RELATIVE * func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT * pre_form: ~/.w3m/pre_form * rc: pre_form_file: pre_form configuration file ---------------------------------------------------------------- w3m 0.3.2.2 - 2002-12-06 * security fix: html_quote for img alt attributes ---------------------------------------------------------------- w3m 0.3.2.1 - 2002-11-27 * security fix: html_quote for frame contents * backport from w3m 0.3.2+cvs - fix segmentation fault by large complex table. [w3m-dev 03371][w3m-dev 03438] ---------------------------------------------------------------- w3m 0.3.2 - 2002-11-05 * ~/.netrc: password for ftp * rc: display_lineinfo: display current line number * rc: passwd_file: passwd file for HTTP auth * func: MARK_WORD * rc: imgsize: obsoleted * w3m-img for framebuffer merged ---------------------------------------------------------------- w3m 0.3.1 - 2002-07-16 * func: REINIT INIT_MAILCAP deleted, use REINIT MAILCAP instead * func: DEFINE_KEY * rc: keymap_file * rc: use_dictcommand, dictcommand * rc: mark_all_pages * configure: -mandir * func: COMMAND * -title option: set buffer name to terminal title * X-Face support: USE_XFACE, require uncompface ---------------------------------------------------------------- w3m 0.3 - 2002-03-06 * rc: mailer if mailer is set, it will be used for simple mailto: URLs otherwise, w3mmail.cgi will be used (when USE_W3MMAILER defined) * rc: max_load_image * rc: display_image, auto_image, image_scale, imgdisplay, imgsize * func: DISPLAY_IMAGE, STOP_IMAGE * w3m-img merged: w3m now can display images! see doc/README.img ---------------------------------------------------------------- w3m 0.2.5.1 - 2002-02-05 * backport from w3m/0.2.5+cvs-1.299 - fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985] - fix SunOS 4.1.4 build problem [w3m-dev 02972] - fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968] ---------------------------------------------------------------- w3m 0.2.5 - 2002-01-31 * RFC2617: HTTP Digest authentication * rc: default_url=0(empty) 1(current URL) 2(link URL) * GOTO_RELATIVE (M-u) * highlight for incremental search * support migemo (romaji search) * use w3mmail.cgi for mailto: URL * support external URI loader * support -dump_extra ftp:// * new regex implementation ---------------------------------------------------------------- w3m 0.2.4 - 2002-01-07 * RFC2818 server identity check * incremental search (C-s, C-r) ---------------------------------------------------------------- w3m 0.2.3.2 - 2001-12-22 * fix security hole in w3m/scripts ---------------------------------------------------------------- w3m 0.2.3.1 - 2001-12-20 * sync with cvs repository * fix bug in configure ---------------------------------------------------------------- w3m 0.2.3 - 2001-12-20 * command line option: -help, -version * new libgc included * new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num emacs_like_lineedit, ftppass_hostnamegen * RFC2732 support (IPv6) * new w3mhelp system * several configure changes * code cleanups, now gcc -Wall -Werror safe ---------------------------------------------------------------- w3m 0.2.2 - 2001-11-15 * sync with w3m 0.2.1-inu-1.5 * w3m maintained in sourceforge.net/projects/w3m