-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
407 lines (349 loc) · 13.7 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
Debian's w3m 0.5.3+git20230121
* new features
- location of ~/.w3m can be changed with the W3M_DIR environment variable
- new option tmp_dir to set directory for temporary files
e.g. W3M_DIR=~/.local/state/w3m w3m -o tmp_dir=~/.cache/w3m
- new option -H to use high-intensity colors
- recognize link targets in dfn elements
* bug fixes
- fix m17n backspace handling causes out-of-bounds write in checkType
[CVE-2022-38223]
- fix LESSOPEN format string problem
- fix potential overflow in checkType
- fix potential null deref for newBuffer
- fix potential null deref in main.c, file.c, etc.c, fb_imlib2.c, news.c
- fix browsing local file fails when argv_is_url
- skip soft hyphen when reading token
- fix configure tests broken with Clang 16
- do not override history file if it was changed
- only read a first title to avoid titles in svg
- use GROFF_NO_SGR=1 for w3mman with non-Debian groff
- handle failed system calls
- fix charset declaration parser fails with turkish locale
- fix images are not displayed for OSC 5379
- prevent unneeded image resizing for sixel
Debian's w3m 0.5.3+git20220429
* new features
- support kitty's APC G graphics protocol with ImageMagick's convert
- support iTerm2's OSC 1337 graphics protocol
- new option inline_img_protocol to select the graphics protocol
(0: w3m-img, 1: OSC 5379, 2: sixel, 3: OSC 1337, 4: APC G)
- new option ssl_cipher to specify TLSv1.2 ciphers, e.g. DEFAULT:@SECLEVEL=2
- new option ssl_min_version for OpenSSL 1.1
- new option -insecure to use insecure SSL config options
- new option ssl_ca_default, explicitly use OpenSSL default paths by default
- new option cross_origin_referer, use origin only Referer when cross origin
- new option localhost_only to restrict connections only to localhost
- new option disable_center to disable center alignment
- support brotli content encoding
- ignore the "-" option to accept `w3m -` as "read from stdin"
- new configure option --with-cafile to detect CA bundle file
- support auto-detection for configure --with-migemo
- add fuzzer for OSS-Fuzz
- add Italian translation
- add Swedish translation
* bug fixes
- prevent index overflow and huge allocation due to Str, libwc, and table
- prevent integer overflow due to fontstat
- prevent StrStream memory leak
- prevent GC warnings of repeated allocation
- prevent buffer overflow in shiftAnchorPosition
- prevent buffer overflow READ when parsing Gopher URLs
- prevent buffer overflow in gotoLine and gotoRealLine
- prevent warnings when -Wnull-dereference, enabled by default
- prevent warnings when -Wall, enabled by default
- prevent warnings from Cppcheck
- avoid zero length arrays even when GCC
- fix fail to render over 32767 lines in a table cell
- disable `<section>` behaves as `<hr>`
- disable TLSv1.0 and TLSv1.1 by default
- mention a workaround for SSL error
- fix manipulation of ASN1_STRING
- don't include username in Referer
- don't set Referer when data URI scheme
- fix broken anchor with link number at EOL
- fix incorrect query string for `w3mman 7z`
- drop imlib2-config, use pkg-config
- improve named character references
- improve `<dl>` rendering
- prefer Imlib2 over GTK2 by default
- replace encodeB with base64_encode to encode null bytes
- wording fixes for configure --help
Debian's w3m 0.5.3+git20210102
* new features
- support links containing divs for HTML5
- rudimentary support for HTML5 tags: figure, figcaption, and section
- enhance the behaviour of the q tag when m17n and Unicode are configured
- support for file://hostname/... URLs
- new commands CURSOR_TOP, CURSOR_MIDDLE, and CURSOR_BOTTOM
- new option space_autocomplete, disabled by default
* bug fixes
- fix and improve broken Gopher support, enabled by default
- change the encoding of the Japanese document files to UTF-8
- use the default ciphers without SSL_CTX_set_cipher_list for OpenSSL 1.1
- fix compilation errors due to sys_errlist and longjmp
- define X_DISPLAY_MISSING when configure --without-x for Imlib2
- avoid the -l option of the man command for w3mman
- fix some source formatting in the manual
- show keyboard shortcuts in a consistent order in help
- fix traditional Chinese translation
- drop obsolete w3m-doc
Debian's w3m 0.5.3+git20200502
* bug fixes
- support ' entity
- prevent multiple User-Agent with -header
- fix -Wchar-subscripts
* new features
- support setting user_agent in siteconf
- new command GOTO_HOME
- extend ssl_forbid_method for TLSv1.2 and TLSv1.3
Debian's w3m 0.5.3+git20190105
* bug fixes
- do not use deprecated features with OpenSSL 1.1
- fix dependency for Imlib2
- fix that the mark_all_pages option works
- respect the simple_preserve_space option for table cells
- fix error handling for ~/.w3m/request.log and localcgi_post()
* new feature
- w3mman supports specifying a section number during a keyword search
Debian's w3m 0.5.3+git20180125
* bug fixes
- fix stack overflow with malformed text [CVE-2018-6196]
- fix null deref with malformed text [CVE-2018-6197]
- fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
- do not remove w3mdict.cgi when "make distclean"
- do not turn a form's GET into POST
- correct <base ...> parsing
- accept TERM=fbterm
* new feature
- extend ssl_forbid_method to disable TLSv1.1
Debian's w3m 0.5.3+git20170102
* bug fixes
- fix multiple flaws with malformed text
(buffer overflow, use after free, infinite loop)
- fix uninitialized variable when not USE_IMAGE
Debian's w3m 0.5.3+git20161120
* bug fixes
- fix multiple flaws with malformed text
(stack overflow, buffer overflow, null deref, out of memory)
[CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
[CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
[CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
- fix stack overflow with nested table and textarea [CVE-2016-9439]
- fix suspend (^Z) behavior
Debian's w3m 0.5.3+git20161031
* new features
- support OSC 5379 remote imaging and sixel graphics
- support SGR style mouse handler
- support 32-bit color images
- support FreeBSD framebuffer
- support button element
- support meta charset
- include w3mdict.cgi to use a dictd dictionary query
- add extbrowser4..9
- add display_borders to display 0 pixel table borders
- add siteconf feature
- add German translation for options setting panel
- add translations for de, zh_CN and zh_TW
* bug fixes
- fix multiple flaws with malformed text
[CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
[CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
[CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
[CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
[CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
- fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
- disable SSLv2 and SSLv3 by default [CVE-2014-3566]
- set ssl_verify_server to 1 by default
- disable RC4, export ciphers, and keys < 128 bits
- use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
- use SSL_MODE_RELEASE_BUFFERS
- disable USE_EGD for LibreSSL
- appease gcc -Werror=format-security
- option -s is now "squeeze multiple blank lines" to work as pager, and
-j and -e are obsolete, so use -O{s|j|e} to specify display charset
- accept single quoted meta refresh URL
- assume "text" if a form input type is unknown
- accept cookies by default
- set use_dictcommand to 1 by default
- set default_url to 1 by default
- set argv_is_url to 1 by default
- set alt_entity to 0 by default
- fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
- fix parallel make failure
- fix incorrect ucs_ambwidth_map
- and many fixes
w3m 0.5.3 - 2011-01-15
* security fix
- fix vulnerabilities indicated by bugs.debian.org.
- suppress sending Referer, if https:// -> http://
* new features
- adapt w3mimg to native windows on MS Windows.
- support xterm-incompatible terminals without gpm.
- add "xhtml" to default guess.
- introduce option pseudo_inlines.
- add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
- fix "important" bugs from bugs.debian.org
- preserve spaces in multibyte context.
- fix proxy authentication.
w3m 0.5.2 - 2007-05-31
* security fix
- fix format string vulnerability.
* new features
- support gtk2 with w3m-img.
- new option for LiveHTTPHeaders-like logs.
- new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
- avoid errors in "configure" and "make".
- '\n' handling in attributes' values of HTML tags.
w3m 0.5.1 - 2004-04-29
* fix minor bugs
- build problem on some platform/some configuration
- authentication bug
- ipv6 FQDN resolv
- SSL verify
- search problem on different charset page/display
- cleanup LANG==JA
- DisplayCharset default
- w3mhelp.cgi charset
w3m 0.5 - 2004-03-22
* gettextize
* m17n patch merged
w3m 0.4.2 - 2003-09-23
* options: -4, -6
* configuration file in $(sysconfdir)/$(package)/
* func: NEXT_VISITED, PREV_VISITED
* autoconfiscate (partially)
* rc: use_history
w3m 0.4.1 - 2003-03-07
* fix bugs
- completion segfault in lineinput
- incremental search
- URL pattern fix
- UFhalfclose bug
- allow pipe in shell command
- enhance ftp directory support
- linenumber in edit
- fix Bug#181897
- W3M_TTY problem fixed
w3m 0.4 - 2003-02-24
* rc: decode_url
* func: RESHAPE
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* func: SEARCH can take arg
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* rc: use_proxy
* rc: preserve_timestamp
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* 2 stroke keybinding
* func: MULTIMAP
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST
* env: https_proxy
* rc: https_proxy
* options: -show-option
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir
* rc: disable_secret_security_check (for windows?)
* tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB,
* func: TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file
----------------------------------------------------------------
w3m 0.3.2.2 - 2002-12-06
* security fix: html_quote for img alt attributes
----------------------------------------------------------------
w3m 0.3.2.1 - 2002-11-27
* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs
- fix segmentation fault by large complex table.
[w3m-dev 03371][w3m-dev 03438]
----------------------------------------------------------------
w3m 0.3.2 - 2002-11-05
* ~/.netrc: password for ftp
* rc: display_lineinfo: display current line number
* rc: passwd_file: passwd file for HTTP auth
* func: MARK_WORD
* rc: imgsize: obsoleted
* w3m-img for framebuffer merged
----------------------------------------------------------------
w3m 0.3.1 - 2002-07-16
* func: REINIT
INIT_MAILCAP deleted, use REINIT MAILCAP instead
* func: DEFINE_KEY
* rc: keymap_file
* rc: use_dictcommand, dictcommand
* rc: mark_all_pages
* configure: -mandir
* func: COMMAND
* -title option: set buffer name to terminal title
* X-Face support: USE_XFACE, require uncompface
----------------------------------------------------------------
w3m 0.3 - 2002-03-06
* rc: mailer
if mailer is set, it will be used for simple mailto: URLs
otherwise, w3mmail.cgi will be used (when USE_W3MMAILER defined)
* rc: max_load_image
* rc: display_image, auto_image, image_scale, imgdisplay, imgsize
* func: DISPLAY_IMAGE, STOP_IMAGE
* w3m-img merged: w3m now can display images! see doc/README.img
----------------------------------------------------------------
w3m 0.2.5.1 - 2002-02-05
* backport from w3m/0.2.5+cvs-1.299
- fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985]
- fix SunOS 4.1.4 build problem [w3m-dev 02972]
- fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968]
----------------------------------------------------------------
w3m 0.2.5 - 2002-01-31
* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation
----------------------------------------------------------------
w3m 0.2.4 - 2002-01-07
* RFC2818 server identity check
* incremental search (C-s, C-r)
----------------------------------------------------------------
w3m 0.2.3.2 - 2001-12-22
* fix security hole in w3m/scripts
----------------------------------------------------------------
w3m 0.2.3.1 - 2001-12-20
* sync with cvs repository
* fix bug in configure
----------------------------------------------------------------
w3m 0.2.3 - 2001-12-20
* command line option: -help, -version
* new libgc included
* new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num
emacs_like_lineedit, ftppass_hostnamegen
* RFC2732 support (IPv6)
* new w3mhelp system
* several configure changes
* code cleanups, now gcc -Wall -Werror safe
----------------------------------------------------------------
w3m 0.2.2 - 2001-11-15
* sync with w3m 0.2.1-inu-1.5
* w3m maintained in sourceforge.net/projects/w3m