NEWS 9.09 KB
Newer Older
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
1 2 3 4 5 6 7 8 9 10 11
Debian's w3m 0.5.3+git20190105

* bug fixes
 - do not use deprecated features with OpenSSL 1.1
 - fix dependency for Imlib2
 - fix that the mark_all_pages option works
 - respect the simple_preserve_space option for table cells
 - fix error handling for ~/.w3m/request.log and localcgi_post()
* new feature
 - w3mman supports specifying a section number during a keyword search

Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
12
Debian's w3m 0.5.3+git20180125
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
13 14

* bug fixes
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
15 16 17
 - fix stack overflow with malformed text [CVE-2018-6196]
 - fix null deref with malformed text [CVE-2018-6197]
 - fix /tmp file races only when ~/.w3m is unwritable [CVE-2018-6198]
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
18 19 20 21 22 23 24
 - do not remove w3mdict.cgi when "make distclean"
 - do not turn a form's GET into POST
 - correct <base ...> parsing
 - accept TERM=fbterm
* new feature
 - extend ssl_forbid_method to disable TLSv1.1

Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
25
Debian's w3m 0.5.3+git20170102
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
26 27

* bug fixes
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
28 29 30
 - fix multiple flaws with malformed text
   (buffer overflow, use after free, infinite loop)
 - fix uninitialized variable when not USE_IMAGE
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
31

Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
32 33 34 35 36
Debian's w3m 0.5.3+git20161120

* bug fixes
 - fix multiple flaws with malformed text
   (stack overflow, buffer overflow, null deref, out of memory)
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
37 38 39
   [CVE-2016-9622], [CVE-2016-9623], [CVE-2016-9624], [CVE-2016-9625],
   [CVE-2016-9626], [CVE-2016-9627], [CVE-2016-9628], [CVE-2016-9629],
   [CVE-2016-9630], [CVE-2016-9631], [CVE-2016-9632], [CVE-2016-9633]
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
40 41 42 43
 - fix stack overflow with nested table and textarea [CVE-2016-9439]
 - fix suspend (^Z) behavior

Debian's w3m 0.5.3+git20161031
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
44 45 46 47 48 49 50 51

* new features
 - support OSC 5379 remote imaging and sixel graphics
 - support SGR style mouse handler
 - support 32-bit color images
 - support FreeBSD framebuffer
 - support button element
 - support meta charset
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
52
 - include w3mdict.cgi to use a dictd dictionary query
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
53 54 55
 - add extbrowser4..9
 - add display_borders to display 0 pixel table borders
 - add siteconf feature
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
56
 - add German translation for options setting panel
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
57 58
 - add translations for de, zh_CN and zh_TW
* bug fixes
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
59
 - fix multiple flaws with malformed text
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
60 61 62 63
   [CVE-2016-9422], [CVE-2016-9423], [CVE-2016-9424], [CVE-2016-9425],
   [CVE-2016-9426], [CVE-2016-9428], [CVE-2016-9429], [CVE-2016-9430],
   [CVE-2016-9431], [CVE-2016-9432], [CVE-2016-9433], [CVE-2016-9434],
   [CVE-2016-9435], [CVE-2016-9436], [CVE-2016-9437], [CVE-2016-9438],
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
64
   [CVE-2016-9440], [CVE-2016-9441], [CVE-2016-9443], [CVE-2016-9621]
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
65
 - fix potential heap buffer corruption due to Strgrow [CVE-2016-9442]
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
66 67 68 69 70 71 72 73 74 75 76 77
 - disable SSLv2 and SSLv3 by default [CVE-2014-3566]
 - set ssl_verify_server to 1 by default
 - disable RC4, export ciphers, and keys < 128 bits
 - use SSL_OP_NO_COMPRESSION due to "CRIME attack" [CVE-2012-4929]
 - use SSL_MODE_RELEASE_BUFFERS
 - disable USE_EGD for LibreSSL
 - appease gcc -Werror=format-security
 - option -s is now "squeeze multiple blank lines" to work as pager, and
   -j and -e are obsolete, so use -O{s|j|e} to specify display charset
 - accept single quoted meta refresh URL
 - assume "text" if a form input type is unknown
 - accept cookies by default
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
78
 - set use_dictcommand to 1 by default
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
79
 - set default_url to 1 by default
Tatsuya Kinoshita's avatar
Tatsuya Kinoshita committed
80 81 82 83 84 85 86
 - set argv_is_url to 1 by default
 - set alt_entity to 0 by default
 - fix build problems with Boehm GC 7.2, imlib2 1.4.6 and glibc 2.14
 - fix parallel make failure
 - fix incorrect ucs_ambwidth_map
 - and many fixes

87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102
w3m 0.5.3 - 2011-01-15

* security fix
 - fix vulnerabilities indicated by bugs.debian.org.
 - suppress sending Referer, if https:// -> http://
* new features
 - adapt w3mimg to native windows on MS Windows.
 - support xterm-incompatible terminals without gpm.
 - add "xhtml" to default guess.
 - introduce option pseudo_inlines.
 - add option to avoid "wrong number of dots" error in cookies.
* other bug fixes
 - fix "important" bugs from bugs.debian.org
 - preserve spaces in multibyte context.
 - fix proxy authentication.

103 104 105 106 107 108 109 110 111 112 113 114
w3m 0.5.2 - 2007-05-31

* security fix
 - fix format string vulnerability.
* new features
 - support gtk2 with w3m-img.
 - new option for LiveHTTPHeaders-like logs.
 - new option to fontify <del>, <s>, <ins>, and so on.
* other bug fixes
 - avoid errors in "configure" and "make".
 - '\n' handling in attributes' values of HTML tags.

115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 253 254 255 256 257 258 259 260 261 262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285 286 287 288 289 290 291 292 293 294 295 296 297 298 299 300
w3m 0.5.1 - 2004-04-29

* fix minor bugs
 - build problem on some platform/some configuration
 - authentication bug
 - ipv6 FQDN resolv
 - SSL verify
 - search problem on different charset page/display
 - cleanup LANG==JA
 - DisplayCharset default
 - w3mhelp.cgi charset

w3m 0.5	- 2004-03-22

* gettextize
* m17n patch merged

w3m 0.4.2 - 2003-09-23

* options: -4, -6
* configuration file in $(sysconfdir)/$(package)/
* func: NEXT_VISITED, PREV_VISITED
* autoconfiscate (partially)
* rc: use_history

w3m 0.4.1 - 2003-03-07

* fix bugs
  - completion segfault in lineinput
  - incremental search
  - URL pattern fix
  - UFhalfclose bug
  - allow pipe in shell command
  - enhance ftp directory support
  - linenumber in edit
  - fix Bug#181897
  - W3M_TTY problem fixed

w3m 0.4 - 2003-02-24

* rc: decode_url
* func: RESHAPE
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* func: SEARCH can take arg
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* rc: use_proxy
* rc: preserve_timestamp
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* 2 stroke keybinding
* func: MULTIMAP
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST
* env: https_proxy
* rc: https_proxy
* options: -show-option
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir
* rc: disable_secret_security_check (for windows?)
* tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB, 
* func:	TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file

----------------------------------------------------------------

w3m 0.3.2.2 - 2002-12-06

* security fix: html_quote for img alt attributes

----------------------------------------------------------------

w3m 0.3.2.1 - 2002-11-27

* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs
 - fix segmentation fault by large complex table.
	[w3m-dev 03371][w3m-dev 03438]

----------------------------------------------------------------
w3m 0.3.2 - 2002-11-05

* ~/.netrc: password for ftp
* rc: display_lineinfo: display current line number
* rc: passwd_file: passwd file for HTTP auth
* func: MARK_WORD
* rc: imgsize: obsoleted
* w3m-img for framebuffer merged

----------------------------------------------------------------
w3m 0.3.1 - 2002-07-16

* func: REINIT
	INIT_MAILCAP deleted, use REINIT MAILCAP instead
* func: DEFINE_KEY
* rc: keymap_file
* rc: use_dictcommand, dictcommand
* rc: mark_all_pages
* configure: -mandir
* func: COMMAND
* -title option: set buffer name to terminal title
* X-Face support: USE_XFACE, require uncompface

----------------------------------------------------------------
w3m 0.3 - 2002-03-06

* rc: mailer
	if mailer is set, it will be used for simple mailto: URLs
	otherwise, w3mmail.cgi will be used (when USE_W3MMAILER defined)
* rc: max_load_image
* rc: display_image, auto_image, image_scale, imgdisplay, imgsize
* func: DISPLAY_IMAGE, STOP_IMAGE
* w3m-img merged: w3m now can display images! see doc/README.img

----------------------------------------------------------------
w3m 0.2.5.1 - 2002-02-05

* backport from w3m/0.2.5+cvs-1.299
 - fix inputAnswer() and no "ssl_forbid_method" [w3m-dev 02985]
 - fix SunOS 4.1.4 build problem [w3m-dev 02972]
 - fix problem with Netscape-Enterprise WWW-authenticate [w3m-dev 02968]

----------------------------------------------------------------
w3m 0.2.5 - 2002-01-31

* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation

----------------------------------------------------------------
w3m 0.2.4 - 2002-01-07

* RFC2818 server identity check
* incremental search (C-s, C-r)

----------------------------------------------------------------
w3m 0.2.3.2 - 2001-12-22

* fix security hole in w3m/scripts

----------------------------------------------------------------
w3m 0.2.3.1 - 2001-12-20

* sync with cvs repository
* fix bug in configure

----------------------------------------------------------------
w3m 0.2.3 - 2001-12-20

* command line option: -help, -version
* new libgc included
* new runtime option use_mark, nextpage_topline, label_topline, vi_prec_num
   emacs_like_lineedit, ftppass_hostnamegen
* RFC2732 support (IPv6)
* new w3mhelp system
* several configure changes
* code cleanups, now gcc -Wall -Werror safe

----------------------------------------------------------------
w3m 0.2.2 - 2001-11-15

* sync with w3m 0.2.1-inu-1.5
* w3m maintained in sourceforge.net/projects/w3m