| tag | 1d3f4e1a7707c87798fb386757bfed30cf5809d1 | |
| object | 06c602c2c0f15b9509dc531d9c92f589f30b7caf | commit |
| author | Kalle Olavi Niemitalo <kon@iki.fi> | |
| Sun, 28 Oct 2012 12:59:33 +0000 (28 14:59 +0200) |
ELinks 0.12pre6
===============
This is the sixth prerelease for ELinks 0.12.
This release of ELinks is mostly licensed under version 2 of the GNU
General Public License. More permissive licences apply to some parts
of it; please see COPYING for the list.
Changes since ELinks 0.12pre5
-----------------------------
Security fix:
* bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP
Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen.
(ELinks 0.12pre1 was the first release that supported GSSAPI; earlier
releases are not vulnerable.)
Fixed crashes and hangs:
* critical bug 943: Don't let user JavaScripts call any methods of
``elinks.action'' in tabs that do not have the focus. If a tab was
closed with ``elinks.action.tab_close'' while it had pop-up windows,
ELinks could crash; as a precaution, don't allow other actions
either. (ELinks 0.12pre1 was the first release that supported
``elinks.action''.)
* critical bug 1083: Avoid an infinite loop when trying to decompress
malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3.
* Fix a possible crash or information disclosure on big-endian 64-bit
systems using HTTP Negotiate or GSS-Negotiate authentication.
Incompatibilities:
* Dropped support for SEE. (ELinks 0.12pre1 was the first release
that supported SEE.)
* Guile 2.0.0 (released on 2011-02-16) changed its license to
LGPLv3-or-later, which is not compatible with the GPLv2 that covers
ELinks. Also, Guile has deprecated many of the functions that
ELinks calls.
Other changes:
* major bug 764: Correctly initialize options on big-endian 64-bit
systems.
* bug 983: Give preference to the Content-Type specified in the HTTP
header over that specified via the HTML meta tag.
* bug 1084: Allow option names containing '+' and '*' in the option
manager.
* bug 1112: Map most numeric character references € ... Ÿ
to graphical characters also when the output charset is UTF-8.
(ELinks 0.12pre1 was the first release that supported UTF-8 as the
terminal charset, and ELinks 0.12pre5 was the first release that
supported UTF-8 as the dump charset.)
* minor bug 1113: Fix a small memory leak if a mailcap file is malformed.
* minor bug 1114: Decode SGML entities and NCRs only once in link/@title
and other attributes.
* build: Fix several warnings reported by GCC 4.7.1. Harmless at
runtime but could break the build if configured --enable-debug.
(This version does not fix all such warnings.)
Authors since ELinks 0.12pre5
-----------------------------
Kalle Olavi Niemitalo
Kamil Dudka
Laurent MONIN
Miciah Dashiel Butler Masters
Petr Baudis
Witold Filipczyk
Future work
-----------
There are no known regressions from ELinks 0.11.7.
However, there is one remaining bug scheduled for 0.12.0:
* Bug 771 - Infinite loop is not well handled
A whitelist option should be added so that the user can enable GSSAPI
credential delegation for specific servers. The plan is to implement
this in the master branch first and backport to elinks-0.12 later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlCNLDUACgkQHm9IGt60eMjZQgCg7wukHgPid9GsbWtIGUZeb9sj
vp8Ani7dyJfAJ0CMQ+nRArHGcNdXIZHU
=SDiN
-----END PGP SIGNATURE-----
===============
This is the sixth prerelease for ELinks 0.12.
This release of ELinks is mostly licensed under version 2 of the GNU
General Public License. More permissive licences apply to some parts
of it; please see COPYING for the list.
Changes since ELinks 0.12pre5
-----------------------------
Security fix:
* bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP
Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen.
(ELinks 0.12pre1 was the first release that supported GSSAPI; earlier
releases are not vulnerable.)
Fixed crashes and hangs:
* critical bug 943: Don't let user JavaScripts call any methods of
``elinks.action'' in tabs that do not have the focus. If a tab was
closed with ``elinks.action.tab_close'' while it had pop-up windows,
ELinks could crash; as a precaution, don't allow other actions
either. (ELinks 0.12pre1 was the first release that supported
``elinks.action''.)
* critical bug 1083: Avoid an infinite loop when trying to decompress
malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3.
* Fix a possible crash or information disclosure on big-endian 64-bit
systems using HTTP Negotiate or GSS-Negotiate authentication.
Incompatibilities:
* Dropped support for SEE. (ELinks 0.12pre1 was the first release
that supported SEE.)
* Guile 2.0.0 (released on 2011-02-16) changed its license to
LGPLv3-or-later, which is not compatible with the GPLv2 that covers
ELinks. Also, Guile has deprecated many of the functions that
ELinks calls.
Other changes:
* major bug 764: Correctly initialize options on big-endian 64-bit
systems.
* bug 983: Give preference to the Content-Type specified in the HTTP
header over that specified via the HTML meta tag.
* bug 1084: Allow option names containing '+' and '*' in the option
manager.
* bug 1112: Map most numeric character references € ... Ÿ
to graphical characters also when the output charset is UTF-8.
(ELinks 0.12pre1 was the first release that supported UTF-8 as the
terminal charset, and ELinks 0.12pre5 was the first release that
supported UTF-8 as the dump charset.)
* minor bug 1113: Fix a small memory leak if a mailcap file is malformed.
* minor bug 1114: Decode SGML entities and NCRs only once in link/@title
and other attributes.
* build: Fix several warnings reported by GCC 4.7.1. Harmless at
runtime but could break the build if configured --enable-debug.
(This version does not fix all such warnings.)
Authors since ELinks 0.12pre5
-----------------------------
Kalle Olavi Niemitalo
Kamil Dudka
Laurent MONIN
Miciah Dashiel Butler Masters
Petr Baudis
Witold Filipczyk
Future work
-----------
There are no known regressions from ELinks 0.11.7.
However, there is one remaining bug scheduled for 0.12.0:
* Bug 771 - Infinite loop is not well handled
A whitelist option should be added so that the user can enable GSSAPI
credential delegation for specific servers. The plan is to implement
this in the master branch first and backport to elinks-0.12 later.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iEYEABECAAYFAlCNLDUACgkQHm9IGt60eMjZQgCg7wukHgPid9GsbWtIGUZeb9sj
vp8Ani7dyJfAJ0CMQ+nRArHGcNdXIZHU
=SDiN
-----END PGP SIGNATURE-----