NEWS entry for newlines in hidden fields

[elinks/kon.git] / NEWS

Release info
============

You can see the complete list of recent changes, bugfixes and new features
in the http://repo.or.cz/w/elinks.git[gitweb interface]. See the ChangeLog
file for details.

ELinks 0.12pre2.GIT now:
------------------------

To be released as 0.12pre3, 0.12rc1, or even 0.12.0.  This branch also
includes the changes listed under ``ELinks 0.11.5.GIT'' below.

* Preserve newlines in hidden input fields, and submit them as CRLF.
  Previously, they could turn into spaces or disappear entirely.
* Perl scripts can use modules that dynamically load C libraries, like
  XML::LibXML::SAX does.
* enhancement: Updated ISO 8859-7, ISO 8859-16, KOI8-R, and MacRoman.

ELinks 0.12pre2:
----------------

Released on 2008-09-21.  This release also included the changes listed
under ``ELinks 0.11.5'' below.

* bug 954, enhancement 952: Keep track of ECMAScript form and input
  objects instead of constructing new ones on every access.  When the
  corresponding ELinks internal objects are destroyed, detach the
  ECMAScript objects from them, to prevent crashes.  (Bug 954 was
  first added in ELinks 0.11.4, and the bug 620 fix in ELinks 0.12pre1
  made crashes more likely.)
* critical bug 1029 in user SMJS: Prefer JS_CallFunctionValue over
  JS_CallFunction, which can crash if given a closure.
* critical bug 1031: Use the same JSRuntime for both user SMJS and
  scripts on web pages, to work around SpiderMonkey bug 378918.
* bug 1013: Don't assume errno values are between 0 and 100000.
* bug 1022: Add connection.ssl.trusted_ca_file setting for GnuTLS.
  Before this, ELinks did not trust any certificate authorities when
  it used GnuTLS, so certificate verification always failed if you
  enabled it at connection.ssl.cert_verify.
* bug 1040: Blacklist servers that don't support TLS.  This reduces
  SSL errors especially in HTTP POST requests using GnuTLS.
* bugs 1007, 1041: Display unrecognized lines in FTP directory
  listings, instead of annoying the user with error messages.
* Hurd bug 22861: Work around select() falsely reporting exceptions
  in pipes.
* minor bug 951: SpiderMonkey scripting objects used to prevent ELinks
  from removing files from the memory cache.
* build bug 1044: Check whether -rdynamic works with libraries.
  With Sun Studio 11 on Solaris 9, it reportedly doesn't.

Bugs that should be removed from NEWS before the 0.12.0 release:

* critical: Fix crash after a tab was opened during reload.  This was
  triggered by the bug 620 fix in ELinks 0.12pre1.
* critical bug 1018: Avoid an assertion failure when selecting a value
  from a pop-up menu for an input field in a tab that is no longer
  current, e.g. because another tab was opened with elinks -remote.
  This bug was first released in ELinks 0.12pre1.
* major bug 1026 in user SMJS: Protect the callback of elinks.load_uri
  from the garbage collector.  The elinks.load_uri method was added in
  ELinks 0.12pre1.
* bug 955: Reset buttons no longer run FORM/@onsubmit, and
  ``harmless'' buttons no longer submit the form.  ELinks 0.12pre1
  was the first release that had these bugs.
* bug 1033: Fix memory leak in ECMAScript window.open.  ELinks 0.12pre1
  was the first release that had this bug.
* bug 1034: ``Content-Encoding: deflate'' allows a zlib header as
  specified in RFC 2616.
* Global ECMAScript functions alert, open, and setTimeout again work
  with SEE.  ELinks 0.12pre1 was the first release that supported SEE
  at all.
* build bug 1045: Fix ``void function cannot return value'' in
  never_for_this_site() of src/formhist/formhist.c.  ELinks 0.12pre1
  was the first release that had this bug.

ELinks 0.12pre1:
----------------

Released on 2008-07-01.  This release also included the changes listed
under ``ELinks 0.11.4'' below.

Notable new features:

* enhancement 822: UTF-8 as terminal charset, not merely UTF-8 I/O
  of a unibyte codepage as in previous versions.  Double-cell (aka
  fullwidth) and supplementary characters work too, but combining
  characters and right-to-left text do not.  The only multibyte
  charset ELinks can decode is still UTF-8, so if the server outputs
  e.g. Shift-JIS, you'd better recode with a proxy.  See more notes
  in features.conf.
* enhancement 844: SMB protocol using libsmbclient.  This replaces
  the smbclient-based code that was disabled in ELinks 0.11.2.
  Unfortunately, Samba 3.2.0 and later seem GPLv2 incompatible.

Incompatibilities:

* ECMAScript support is now disabled by default.  It has known
  bugs 548 and 771 with which malicious web pages can hang ELinks,
  and its security goals are undocumented.  If you must enable
  ECMAScript support, it would be prudent to restrict the ELinks
  process with a sandbox of some kind.
* ECMAScript support no longer works with SpiderMonkey versions
  earlier than JS1.5 RC3a.
* Gzip decompression support now requires zlib 1.2.0.2 or later.
* bugs 871, 752: The numbering of terminal.*.colors no longer depends
  on config options.  This change makes elinks.conf portable between
  different configurations but unfortunately not between this and
  previous versions.
* Changed Python goto_url_hook(current) to goto_url_hook(new).  The
  hook can call the new function elinks.current_url() if desired.
  The Python scripting back-end is much more featureful than in
  previous releases, but it is still considered experimental.
* Guile scripting reads hooks.scm rather than internal-hooks.scm.
  (It still reads user-hooks.scm, too.)

Miscellaneous:

* critical bug 723: fix dangling pointer crash when following a link
  in a frame
* critical bug 756: ``assertion (cached)->object.refcount >= 0 failed''
  after HTTP proxy was changed
* critical bug 869: long mailcap entry buffer overflow (non-security)
  when downloading
* tabs opened by -remote now go behind existing dialogs
* major bug 534, enhancement 517: fix HTTP gzip and bzip2
  decompression, and add deflate and LZMA (requires LZMA Utils)
* major bug 503: various fixes in parsing and updating of elinks.conf
* Debian bug 257762: turn terminal transparency off by default
* bug 770: when the user chooses to resume an HTTP download, abort the
  automatically started one and start a new one with the right range
* bug 724: better parsing of escape sequences and control
  sequences from the terminal
* bug 948: fix wrong UTF-8 output after the charset menu was used
* bug 816: convert entity references in input/@value only once
* bug 916: if a mailcap entry has no %s, provide the file as stdin
* bug 744: don't change ``//'' to ``/'' in URIs
* bug 766: speed up CSS
* bug 355: add documents displayed via ``What to do'' dialog to the
  global history
* encode and decode filenames in FSP URLs
* don't use a busy cache entry if it has expired or should be
  reloaded.  See elinks-users mail from 28 Oct 2005.
* several accesskey fixes
* in Lua: don't write to the string returned by lua_tostring
* minor bug 972: preserve the background color and underlining in
  spaces when justifying
* minor bug 284: render closing bracket for HTML element SUB in the
  same line; don't let it fall to the next
* minor: show quote characters for HTML element Q, rather than italics
* trivial bug 387: treat &#013; inside <pre>...</pre> as a newline
* trivial bug 930: refresh status bar when key prefix is eaten
* trivial bug 776: ``elinks -remote http://elinks.cz/'' no longer clears
  the screen
* enhancement 790: If-Modified-Since and If-None-Match
* enhancement: HTTP negotiate-auth using GSSAPI
* enhancement: FSP progress indicator and password prompt
* enhancement: autocreate directories needed to download a file
* enhancement: ``Add server'' button in the cookie manager
* enhancement 887: ``Save'' in the cookie manager now saves cookies
  even if unmodified
* enhancement 145: internal clipboard support
* enhancement: new main actions move-cursor-line-start,
  move-link-down-line, move-link-left-line, move-link-right-line,
  move-link-up-line
* enhancement: new edit actions kill-word-back, move-backward-word,
  move-forward-word
* enhancements 687, 688: options ui.tabs.top, ui.show_menu_bar_always
* enhancement: highlight links as one enters link prefixes
* enhancement: backspace backs out the last digit of the prefix
* enhancement: in text type-ahead searching, don't follow current link
  on enter
* enhancement: add support for parsing space separated CSS class
  attribute values
* enhancement: make meta refresh content attribute parsing more tolerant
* enhancement: recognize meta http-equiv="cache-control" even if no
  refresh
* enhancement: mouse wheel support over GPM (contrib/gpm-wheel.patch),
  and on BSD via moused -z 4
* enhancement: 24-bit truecolor mode
* enhancement 622: -dump-color-mode
* enhancement 994: treat only termios.c_cc[VERASE] as "Backspace"
* enhancement: support Ctrl+Alt+letter key combinations
* enhancement 381: reduce memory consumption of codepages and some
  other arrays
* enhancement in user SMJS: new properties/functions elinks.action,
  elinks.execute, elinks.globhist, elinks.load_uri, elinks.vs

Build system and compile-time errors (ignore if you don't build ELinks):

* serious Debian bug 464384: fix warnings in alignof, ssl_connect, and
  printing of off_t values
* bug 725: fix version checking for Ruby in 'configure'
* enhancement: if make -k was used and a sub-Make fails, build the
  rest before propagating
* enhancement: make uninstall
* experimental enhancements: --with-python=DIRECTORY, --with-gc=DIRECTORY
* experimental enhancement: Win32 port (build with MinGW MSYS)

Changes in the experimental ECMAScript support:

* disabled by default, as mentioned under ``Incompatibilities'' above
* execute event-handler scripts as function bodies, so ``return''
  statements work as intended
* fix error ``forms.namedItem is not a function''
* enhancement: SEE ECMAScript backend, an alternative to SpiderMonkey
* enhancement: handling onsubmit
* workaround: window.open remembers the last few URLs and doesn't
  reopen them when incremental rendering reruns the onload script
* enhancement: better handling of form.action assignments
* enhancement: form[x] looks up controls also by 'id', not only 'name'
* enhancement: added document.location.href, input.selectedIndex,
  window.setTimeout, window.status

Changes in the experimental NNTP client:

* HTML escape header field values
* Add support for handling RFC2047 encoded words
* Improve listing of articles for groups

Changes in the experimental SGML/DOM implementation:

* enhancement: minimalistic RSS renderer
* enhancement: source highlighting also recognizes
  application/xhtml+xml and application/docbook+xml.  It doesn't yet
  support arbitrary XML though.
* enhancement: make it possible to use more CSS properties with the
  source highlighting
* enhancement: handle <base href=""> for HTML source rendering
* enhancement: add support for scanning comment endings such as
  '--!>' correctly
* enhancement: incremental parsing
* and more.

ELinks 0.11.5.GIT now:
----------------------

To be released as 0.11.6.

* critical bug 1053: fix crash if a download finishes after ELinks has
  closed the terminal from which the download was started
* major bug 1004: ignore locales when comparing HTML element names and
  similar strings, so e.g. ``title'' matches ``TITLE'' even in the
  Turkish locale

ELinks 0.11.5:
--------------

Released on 2008-09-21.

* critical bug 1027 in user SMJS: make elinks.keymaps treat null and
  "none" as equivalent actions, avoiding a segfault
* critical bug 1030: an assertion used to fail in the search dialog
  on systems that lack a usable <regex.h>
* major bug 503: various fixes in parsing and updating of elinks.conf
* bug 698: Attach controls to the intended form even if it is
  incorrectly nested in a table.  (Was broken in 0.11.4.)
* build bug 1021: fixed uninitialized variable in http_got_header
* build: don't use libgnutls-openssl, which is no longer GPLv2
  compatible in GnuTLS 2.2.0

ELinks 0.11.4:
--------------

Released on 2008-06-20.

* critical bug 755: fix crashes due to dangling pointers to struct
  form_state
* critical bugs 613, 714, 961: ``assertion list_empty(form_controls)
  failed''
* critical bug 945: don't crash if a Lua script calls e.g. error(nil)
* critical bug 1003: don't crash if a smart URI rewrite template gets
  too few parameters
* critical bug 1016: avoid JSFunctionSpec for better compatibility
  across versions of SpiderMonkey
* critical bugs 674, 956: don't reuse pointers to SpiderMonkey objects
  that may have been collected as garbage.  This fix causes bug 954.
* CVE-2007-2027: check if the program path contains "src/" before
  using ../po files
* important Debian bug 380347: prevent a buffer overflow in entity_cache
  and a possible subsequent crash
* major bug 788: don't read STRLEN n_a, which isn't initialized by
  POPpx of Perl v5.8.8 and later
* fix query parsing in file: URIs for local CGI (was broken in 0.11.3)
* bug 691: don't look up bogus IPv4 addresses based on characters of a
  hostname
* bug 712: GnuTLS works on https://www-s.uiuc.edu/[]
* fix active and passive FTP over IPv6
* bug 938: elinks -remote no longer needs a controlling tty
* bug 939: fix FSP directory listing (some compiler options left it empty)
* bug 978: Python's webbrowser.open_new_tab(URL) works since now
* bug 1012: compile with -fno-strict-overflow or -fwrapv if available
* bug 1014: fix incompatible pointer type in Perl_sys_init3 call
* minor bug 54, Debian bug 338402: don't force the terminal to 8 bits
  with no parity, and don't disable XON/XOFF flow control either
* minor bug 951 in user SMJS: garbage-collect SMJS objects on 'File ->
  Flush all caches' to work around their holding cache entries busy
* minor bug 396: never show empty filename in the what-to-do dialog
* minor bug 461: ensure contrast in blank areas, to keep the cursor visible
* minor bug 928: properly display no-break spaces in a UTF-8 document
  if the terminal uses some other charset
* minor bug 987: English spelling and grammar corrections
* minor bug 1000: preserve any query and fragment when converting a
  file name to a file:// URL
* minor: don't assume sizeof(int)==4 in bittorrent
* trivial bug 947: document.html.wrap_nbsp also affects text in tables
* trivial bug 997: fix unlikely stack corruption in active FTP
* build bug 1002: fix ``comparison is always true due to limited range
  of data type'' warning on PowerPC and s390
* build bug 950: fix ``config/install-sh: No such file or directory''
  on SunOS
* build bug 936: fix errors about undefined off_t (autoheader
  incompatibility)
* build bug 959: test in configure whether -lX11 works
* build: update SpiderMonkey configure check Debian compatibility
* build: use $(CPPFLAGS) rather than $(AM_CFLAGS)
* build: disable GCC 4.2 warning about builtin_modules
* build: move debian/ to contrib/debian/
* minor build bug 989: AsciiDoc 8.2.2 compatibility
* minor build bug 960: fix errors in loadmsgcat.c if mmap() exists but
  munmap() doesn't

ELinks 0.11.3:
--------------

Released on 2007-04-15.

* critical bugs 846, 870: fix crashes in web ECMAScripts and SMJS user
  scripting
* critical bug 927: fix null pointer crash if META Refresh is in a
  table cell
* critical bug 941: fix assertion failure or memory corruption if FTP
  server responds to PASV with status 200
* critical bug 729 in experimental BitTorrent: fix crashes with
  various bogus BitTorrent URLs
* critical bug 868: fix segfault in check_timers
* critical bugs 897, 919: fix crashes on operating systems lacking
  mremap()
* critical: fix null pointer crash if XBEL bookmark has no title
* critical bug 760: fix crash when moving bookmarks out of a folder
* critical: fix crash in an empty file-extensions menu
* critical bug 715: fix null pointer crash caused by malformed proxy
  setting
* critical: fix SMJS null pointer crash on exit
* critical bug 880 in experimental Python scripting: fix null pointer
  crash with -no-home
* major Gentoo bug 121247: fix segfaults in Ruby user scripting
* major bug 908: don't write to freed memory when the user pushes a
  radio button
* major bug 937, CVE-2007-5034: don't send the entire HTTPS request to
  a CONNECT proxy
* bug 899, Debian bug 403139: recognize >2GB files in FTP directory
  listing, if off_t is large enough
* bug 942: encode/decode file names in FTP URLs, so they can contain
  spaces
* bug 741: don't recognize HTML comments inside STYLE elements
* bug 769: fix MD5 computation/formatting in HTTP digest
  authentication
* fix POST to local CGI
* remove a garbage character from the end of the authentication prompt
* bugs 872, 886: editing or deleting cookies in the cookie manager
  should cause a save
* secure file saving: restore umask after *all* failure conditions
* decode the fragment identifier extracted from the URI when looking
  it up
* bug 768 in experimental Python scripting: link with e.g. -lpython2.4
  rather than -lpython
* minor bugs 830, 831: changes in parsing of -remote arguments
* minor Debian bug 313696 and other translation updates
* enhancement 24: fix searching past unselectable elements in menus
* enhancement: recognize function keys and backspace/delete on FreeBSD
* enhancement 772: recognize Shift-Tab on XTerm
* enhancement: place cursor on listbox rather than button, to help
  screen readers
* enhancements in text wrapping
* enhancement 767: recognize URL in META Refresh even without "URL="
* enhancement 396: search for "<html>" if the server doesn't specify a
  Content-Type

ELinks 0.11.2:
--------------

Released on 2006-11-19.

* critical bug 841, CVE-2006-5925: prevent enabling the SMB protocol
* critical bug 786: fix crash when following a link in frames
* print off_t with custom OFF_T_FORMAT instead of PRId64
* build: Minix3 compatibility

ELinks 0.11.1:
--------------

Released on 2006-01-29.

* work around null pointer crashes in HTTP digest authentication
* fix assertion failure with document.plain.display_links and
  uppercase URIs
* fix Gopher crashes
* enhancement 630: native FSP protocol support (replaces CGI program
  in contrib/cgi/)
* SMJS user scripting: check for hooks.js before trying to load it
* SMJS user scripting: the elinks.preformat_html hook gets a second
  argument: a view_state object with .uri and .plain properties
* bug 921 in Lua scripting: fix current_document_formatted
* if given "a?b" in the command line, try to guess whether the
  question mark is part of the file name or indicates a query part
* updated character entity list from unicode.org
* build: use asciidoc -unsafe for AsciiDoc 7.0.4 compatibility
* build bug 738: fix "/config.charset" error triggered by building in
  the source directory

ELinks 0.11.0 (Elated):
-----------------------

Released on 2006-01-01.

* SSL support via GNUTLS now requires 1.2 or higher
* support for Lua 4.x was dropped, we only support Lua 5.x now
* Python scripting back-end (experimental)
* Spidermonkey based ECMAScript scripting back-end (experimental)
* 88 colors support
* default URI-rewrite rule, used when no other rules match but the string that
  was entered in the Go to URL box does not resemble a URI
* support prefixes for add-bookmark-link, document-info, goto-url-current-link,
  history-move-back, and history-move-forward
* BitTorrent protocol (experimental)
* FSP protocol via a CGI script (see contrib/cgi/README.FSP) (experimental)
* enhancement 694: sysmouse support on the BSD console
* new GNU make based build system (aclocal from automake is still required)
* move from CVS to GIT

ELinks 0.10.6:
--------------

Released on 2005-09-15.

* external editor is configurable at run-time

ELinks 0.10.4:
--------------

Released on 2005-04-06.

* explicit keyboard accelerators were defined for buttons in dialogue boxes and
  are now highlighted

ELinks 0.10.2:
--------------

Released on 2005-01-30.

* Ruby scripting back-end (experimental)
* Debian package files (apt-get install devscripts && debuild -uc -us)

ELinks 0.10.0 (Thelma):
-----------------------

Released on 2004-12-24.

* licensed under GPLv2 only
* simple CSS
* simple JavaScript/ECMAScript support by the SpiderMonkey Mozilla JS engine
* plain-text mark-up (_^Hx to underline, x^Hx to embolden)
* HTML source high-lighting using DOM implementation
* multiple URIs on the command line
* tabs moving (press Alt-'>' or Alt-'<')
* periodic snapshotting of all tabs in all terminals
* exmode CLI support (press ':' followed by action and args) (experimental)
* cursor routing (aka w3m-style navigation)
* modal text-input form-fields editing (enabled by default)
* manual cookies creating and editing
* incremental searching (press '#/')
* Perl scripting back-end (experimental)
* build-time configurability and feature documentation through features.conf
* Mozilla-compatible -remote option (http://www.mozilla.org/unix/remote.html[])
* support for specifying IP family as protocol postfix (e.g. http4 or ftp6)
* internationalized domain names via libidn (RFC 3490)
* data URI protocol (RFC 2397)
* gopher protocol (RFC 1436)
* NNTP protocol (RFC 977 and RFC 2980) (experimental)
* build system fine-tuned to use automake conditionals
* -localhost option to block connections to remote hosts
* -verbose option to control messages printed at startup
* -default-keys command line option to ignore user-defined keybindings
* -confdir option renamed to -config-dir
* -conffile option renamed to -config-file
* enhanced documentation

ELinks 0.9.2:
-------------

Released on 2004-09-24.

* directional links navigation
* 'unset' configuration directive, which can be used, e.g., to delete default
  MIME type settings or external protocol handlers.

ELinks 0.9.1:
-------------

Released on 2004-01-23.

* support <object> tags by displaying a link to the data
* add beginning-of-buffer and end-of-buffer actions for text fields
* automatic session saving/restoring support (disabled by default)
* add-bookmark-tabs (bookmark all tabs) option and menu item
* fold successive blank lines when displaying a plain-text document
  (disabled by default; use the option document.plain.compress_empty_lines)
* 'fresh' color for any tab that has not been selected
  since its document was loaded

ELinks 0.9.0 (Skyrider):
------------------------

Released on 2003-12-24.

* used gettext for internationalization
* support for background document colors
* tabs support
* new MIME subsystem adding mimetypes files support
* local CGI support
* Guile scripting extensions
* HTML meta refresh
* forms history
* 256 colors support
* regex searches
* cookies manager, cache manager and download manager
* document marks support
* displaying URIs in plain documents as links
* SMB protocol support (requires smbclient)
* builtin user prefixes support (enter 'gg' or 'gg:elinks' to the goto dialog)
* HTTPS proxy support
* typeahead link searching (press '#')

ELinks 0.4.0 (Iceberg):
-----------------------

Released on 2002-12-24.

* merged HTTP_AUTH
* basic proxy auth support
* cookies parser rewritten
* support for tabindex,accesskey,title attribute
* FTP support dramatically improved: bugfixes, interoperability fixes, passive
  mode support, ...
* global history support (+vlink support)
* make some modules (cookies,bookmarks,globhist,..) optional at compile time
* secure saving support (see secure_save option desc. if you're doing weird
  things with your links files like symlinking or nonstandart permissions!!!)
* support for utf8 i/o
* mouse wheel support
* portability enhancements
* performance enhancements
* file/http gzip/bzip2 decompression support
* downloads resuming support
* mailcap support
* hierarchic bookmarks support, XBEL bookmarks support
* source layout was dramatically reorganized
* relocated ELinks configuration files, changed format (if you are upgrading
  from Links or older ELinks version, read INSTALL file to see how to convert
  your old config files!!!)
* options are now in tree hierarchy and are configurable generically
* keybindings can be configured from the user interface
* colorful user interface
* tiny useless LED-like indicators support
* GNUTLS support parallel to the OpenSSL support (fixes some license issues)
* extensive memory debugging support

ELinks 0.3.0:
-------------

Released on 2002-03-02.

* unhistory
* external textarea editor
* DNS rewrite - we handle multi RR per host correctly
* IPv6 support
* rewritten options handling
* bookmarks filtering (aka bookmarks search)
* bookmarks resaving (save on the disk after every change)
* added possibility to change default colors settings

Links 0.96-pb3:
---------------

Released on 2001-10-26.

* secured cookies file creation
* support for title attribute of img tag
* Catalan translation
* Romanian translation
* changing of User-Agent string sent to webserver
* <listing> tag support

Links 0.96-pb2:
---------------

Released on 2001-10-06.

* cookies expiration, saving and resaving
* do NOT strip everything after ? in form action
* http referrer, true http referrer
* limited textarea external editor support
* partial fix of &#13;
* enhanced manual page
* fixed multi-level HTTP moved when using -dump/-source
* fixed keybindings