NEWS: Bug 937 is CVE-2007-5034.

[elinks.git] / NEWS

Release info
============

You can see the complete list of recent changes, bugfixes and new features
in the http://repo.or.cz/w/elinks.git[gitweb interface]. See the ChangeLog
file for details.

ELinks 0.11.3.GIT now:
----------------------

To be released as 0.11.4.

* critical bug 755: fix crashes due to dangling pointers to struct
  form_state
* critical bugs 613, 714, 961: ``assertion list_empty(form_controls)
  failed''
* critical bug 945: don't crash if a Lua script calls e.g. error(nil)
* major bug 956: don't reuse pointers to SpiderMonkey objects that may
  have been collected as garbage.  This fix causes bug 954.
* CVE-2007-2027: check if the program path contains "src/" before
  using ../po files
* important Debian bug 380347: prevent a buffer overflow in entity_cache
  and a possible subsequent crash
* major bug 788: don't read STRLEN n_a, which isn't initialized by
  POPpx of Perl v5.8.8 and later
* fix query parsing in file: URIs for local CGI (was broken in 0.11.3)
* bug 691: don't look up bogus IPv4 addresses based on characters of a
  hostname
* bug 712: GnuTLS works on https://www-s.uiuc.edu/[]
* fix passive FTP over IPv6 when connect() fails with EINPROGRESS
* minor bug 951 in user SMJS: garbage-collect SMJS objects on 'File ->
  Flush all caches' to work around their holding cache entries busy
* minor bug 396: never show empty filename in the what-to-do dialog
* minor bug 461: ensure contrast in blank areas, to keep the cursor visible
* minor bug 928: properly display no-break spaces in a UTF-8 document
  if the terminal uses some other charset
* trivial bug 947: document.html.wrap_nbsp also affects text in tables
* build bug 950: fix ``config/install-sh: No such file or directory''
  on SunOS
* build bug 936: fix errors about undefined off_t (autoheader
  incompatibility)
* build bug 959: test in configure whether -lX11 works
* build: update SpiderMonkey configure check Debian compatibility
* build: use $(CPPFLAGS) rather than $(AM_CFLAGS)
* minor build bug 960: fix errors in loadmsgcat.c if mmap() exists but
  munmap() doesn't

ELinks 0.11.3:
--------------

Released on 2007-04-15.

* critical bugs 846, 870: fix crashes in web ECMAScripts and SMJS user
  scripting
* critical bug 927: fix null pointer crash if META Refresh is in a
  table cell
* critical bug 941: fix assertion failure or memory corruption if FTP
  server responds to PASV with status 200
* critical bug 729 in experimental BitTorrent: fix crashes with
  various bogus BitTorrent URLs
* critical bug 868: fix segfault in check_timers
* critical bugs 897, 919: fix crashes on operating systems lacking
  mremap()
* critical: fix null pointer crash if XBEL bookmark has no title
* critical bug 760: fix crash when moving bookmarks out of a folder
* critical: fix crash in an empty file-extensions menu
* critical bug 715: fix null pointer crash caused by malformed proxy
  setting
* critical: fix SMJS null pointer crash on exit
* critical bug 880 in experimental Python scripting: fix null pointer
  crash with -no-home
* major Gentoo bug 121247: fix segfaults in Ruby user scripting
* major bug 908: don't write to freed memory when the user pushes a
  radio button
* major bug 937, CVE-2007-5034: don't send the entire HTTPS request to
  a CONNECT proxy
* bug 899, Debian bug 403139: recognize >2GB files in FTP directory
  listing, if off_t is large enough
* bug 942: encode/decode file names in FTP URLs, so they can contain
  spaces
* bug 741: don't recognize HTML comments inside STYLE elements
* bug 769: fix MD5 computation/formatting in HTTP digest
  authentication
* fix POST to local CGI
* remove a garbage character from the end of the authentication prompt
* bugs 872, 886: editing or deleting cookies in the cookie manager
  should cause a save
* secure file saving: restore umask after *all* failure conditions
* decode the fragment identifier extracted from the URI when looking
  it up
* bug 768 in experimental Python scripting: link with e.g. -lpython2.4
  rather than -lpython
* minor bugs 830, 831: changes in parsing of -remote arguments
* minor Debian bug 313696 and other translation updates
* enhancement 24: fix searching past unselectable elements in menus
* enhancement: recognize function keys and backspace/delete on FreeBSD
* enhancement 772: recognize Shift-Tab on XTerm
* enhancement: place cursor on listbox rather than button, to help
  screen readers
* enhancements in text wrapping
* enhancement 767: recognize URL in META Refresh even without "URL="
* enhancement 396: search for "<html>" if the server doesn't specify a
  Content-Type

ELinks 0.11.2:
--------------

Released on 2006-11-19.

* critical bug 841, CVE-2006-5925: prevent enabling the SMB protocol
* critical bug 786: fix crash when following a link in frames
* print off_t with custom OFF_T_FORMAT instead of PRId64
* build: Minix3 compatibility

ELinks 0.11.1:
--------------

Released on 2006-01-29.

* work around null pointer crashes in HTTP digest authentication
* fix assertion failure with document.plain.display_links and
  uppercase URIs
* fix Gopher crashes
* enhancement 630: native FSP protocol support (replaces CGI program
  in contrib/cgi/)
* SMJS user scripting: check for hooks.js before trying to load it
* SMJS user scripting: the elinks.preformat_html hook gets a second
  argument: a view_state object with .uri and .plain properties
* bug 921 in Lua scripting: fix current_document_formatted
* if given "a?b" in the command line, try to guess whether the
  question mark is part of the file name or indicates a query part
* updated character entity list from unicode.org
* build: use asciidoc -unsafe for AsciiDoc 7.0.4 compatibility
* build bug 738: fix "/config.charset" error triggered by building in
  the source directory

ELinks 0.11.0 (Elated):
-----------------------

Released on 2006-01-01.

* SSL support via GNUTLS now requires 1.2 or higher
* support for Lua 4.x was dropped, we only support Lua 5.x now
* Python scripting back-end (experimental)
* Spidermonkey based ECMAScript scripting back-end (experimental)
* 88 colors support
* default URI-rewrite rule, used when no other rules match but the string that
  was entered in the Go to URL box does not resemble a URI
* support prefixes for add-bookmark-link, document-info, goto-url-current-link,
  history-move-back, and history-move-forward
* BitTorrent protocol (experimental)
* FSP protocol via a CGI script (see contrib/cgi/README.FSP) (experimental)
* enhancement 694: sysmouse support on the BSD console
* new GNU make based build system (aclocal from automake is still required)
* move from CVS to GIT

ELinks 0.10.6:
--------------

Released on 2005-09-15.

* external editor is configurable at run-time

ELinks 0.10.4:
--------------

Released on 2005-04-06.

* explicit keyboard accelerators were defined for buttons in dialogue boxes and
  are now highlighted

ELinks 0.10.2:
--------------

Released on 2005-01-30.

* Ruby scripting back-end (experimental)
* Debian package files (apt-get install devscripts && debuild -uc -us)

ELinks 0.10.0 (Thelma):
-----------------------

Released on 2004-12-24.

* licensed under GPLv2 only
* simple CSS
* simple JavaScript/ECMAScript support by the SpiderMonkey Mozilla JS engine
* plain-text mark-up (_^Hx to underline, x^Hx to embolden)
* HTML source high-lighting using DOM implementation
* multiple URIs on the command line
* tabs moving (press Alt-'>' or Alt-'<')
* periodic snapshotting of all tabs in all terminals
* exmode CLI support (press ':' followed by action and args) (experimental)
* cursor routing (aka w3m-style navigation)
* modal text-input form-fields editing (enabled by default)
* manual cookies creating and editing
* incremental searching (press '#/')
* Perl scripting back-end (experimental)
* build-time configurability and feature documentation through features.conf
* Mozilla-compatible -remote option (http://www.mozilla.org/unix/remote.html[])
* support for specifying IP family as protocol postfix (e.g. http4 or ftp6)
* internationalized domain names via libidn (RFC 3490)
* data URI protocol (RFC 2397)
* gopher protocol (RFC 1436)
* NNTP protocol (RFC 977 and RFC 2980) (experimental)
* build system fine-tuned to use automake conditionals
* -localhost option to block connections to remote hosts
* -verbose option to control messages printed at startup
* -default-keys command line option to ignore user-defined keybindings
* -confdir option renamed to -config-dir
* -conffile option renamed to -config-file
* enhanced documentation

ELinks 0.9.2:
-------------

Released on 2004-09-24.

* directional links navigation
* 'unset' configuration directive, which can be used, e.g., to delete default
  MIME type settings or external protocol handlers.

ELinks 0.9.1:
-------------

Released on 2004-01-23.

* support <object> tags by displaying a link to the data
* add beginning-of-buffer and end-of-buffer actions for text fields
* automatic session saving/restoring support (disabled by default)
* add-bookmark-tabs (bookmark all tabs) option and menu item
* fold successive blank lines when displaying a plain-text document
  (disabled by default; use the option document.plain.compress_empty_lines)
* 'fresh' color for any tab that has not been selected
  since its document was loaded

ELinks 0.9.0 (Skyrider):
------------------------

Released on 2003-12-24.

* used gettext for internationalization
* support for background document colors
* tabs support
* new MIME subsystem adding mimetypes files support
* local CGI support
* Guile scripting extensions
* HTML meta refresh
* forms history
* 256 colors support
* regex searches
* cookies manager, cache manager and download manager
* document marks support
* displaying URIs in plain documents as links
* SMB protocol support (requires smbclient)
* builtin user prefixes support (enter 'gg' or 'gg:elinks' to the goto dialog)
* HTTPS proxy support
* typeahead link searching (press '#')

ELinks 0.4.0 (Iceberg):
-----------------------

Released on 2002-12-24.

* merged HTTP_AUTH
* basic proxy auth support
* cookies parser rewritten
* support for tabindex,accesskey,title attribute
* FTP support dramatically improved: bugfixes, interoperability fixes, passive
  mode support, ...
* global history support (+vlink support)
* make some modules (cookies,bookmarks,globhist,..) optional at compile time
* secure saving support (see secure_save option desc. if you're doing weird
  things with your links files like symlinking or nonstandart permissions!!!)
* support for utf8 i/o
* mouse wheel support
* portability enhancements
* performance enhancements
* file/http gzip/bzip2 decompression support
* downloads resuming support
* mailcap support
* hierarchic bookmarks support, XBEL bookmarks support
* source layout was dramatically reorganized
* relocated ELinks configuration files, changed format (if you are upgrading
  from Links or older ELinks version, read INSTALL file to see how to convert
  your old config files!!!)
* options are now in tree hierarchy and are configurable generically
* keybindings can be configured from the user interface
* colorful user interface
* tiny useless LED-like indicators support
* GNUTLS support parallel to the OpenSSL support (fixes some license issues)
* extensive memory debugging support

ELinks 0.3.0:
-------------

Released on 2002-03-02.

* unhistory
* external textarea editor
* DNS rewrite - we handle multi RR per host correctly
* IPv6 support
* rewritten options handling
* bookmarks filtering (aka bookmarks search)
* bookmarks resaving (save on the disk after every change)
* added possibility to change default colors settings

Links 0.96-pb3:
---------------

Released on 2001-10-26.

* secured cookies file creation
* support for title attribute of img tag
* Catalan translation
* Romanian translation
* changing of User-Agent string sent to webserver
* <listing> tag support

Links 0.96-pb2:
---------------

Released on 2001-10-06.

* cookies expiration, saving and resaving
* do NOT strip everything after ? in form action
* http referrer, true http referrer
* limited textarea external editor support
* partial fix of &#13;
* enhanced manual page
* fixed multi-level HTTP moved when using -dump/-source
* fixed keybindings