ELinks 0.12pre6 =============== This is the sixth prerelease for ELinks 0.12.
This release of ELinks is mostly licensed under version 2 of the GNU General Public License. More permissive licences apply to some parts of it; please see COPYING for the list. Changes since ELinks 0.12pre5 ----------------------------- Security fix: * bug 1124, CVE-2012-4545: Do not delegate GSSAPI credentials in HTTP Negotiate or GSS-Negotiate authentication. Reported by Marko Myllynen. (ELinks 0.12pre1 was the first release that supported GSSAPI; earlier releases are not vulnerable.) Fixed crashes and hangs: * critical bug 943: Don't let user JavaScripts call any methods of ``elinks.action'' in tabs that do not have the focus. If a tab was closed with ``elinks.action.tab_close'' while it had pop-up windows, ELinks could crash; as a precaution, don't allow other actions either. (ELinks 0.12pre1 was the first release that supported ``elinks.action''.) * critical bug 1083: Avoid an infinite loop when trying to decompress malformed data. Caused by the bug 1068 fix in ELinks 0.12pre3. * Fix a possible crash or information disclosure on big-endian 64-bit systems using HTTP Negotiate or GSS-Negotiate authentication. Incompatibilities: * Dropped support for SEE. (ELinks 0.12pre1 was the first release that supported SEE.) * Guile 2.0.0 (released on 2011-02-16) changed its license to LGPLv3-or-later, which is not compatible with the GPLv2 that covers ELinks. Also, Guile has deprecated many of the functions that ELinks calls. Other changes: * major bug 764: Correctly initialize options on big-endian 64-bit systems. * bug 983: Give preference to the Content-Type specified in the HTTP header over that specified via the HTML meta tag. * bug 1084: Allow option names containing '+' and '*' in the option manager. * bug 1112: Map most numeric character references € ... Ÿ to graphical characters also when the output charset is UTF-8. (ELinks 0.12pre1 was the first release that supported UTF-8 as the terminal charset, and ELinks 0.12pre5 was the first release that supported UTF-8 as the dump charset.) * minor bug 1113: Fix a small memory leak if a mailcap file is malformed. * minor bug 1114: Decode SGML entities and NCRs only once in link/@title and other attributes. * build: Fix several warnings reported by GCC 4.7.1. Harmless at runtime but could break the build if configured --enable-debug. (This version does not fix all such warnings.) Authors since ELinks 0.12pre5 ----------------------------- Kalle Olavi Niemitalo Kamil Dudka Laurent MONIN Miciah Dashiel Butler Masters Petr Baudis Witold Filipczyk Future work ----------- There are no known regressions from ELinks 0.11.7. However, there is one remaining bug scheduled for 0.12.0: * Bug 771 - Infinite loop is not well handled A whitelist option should be added so that the user can enable GSSAPI credential delegation for specific servers. The plan is to implement this in the master branch first and backport to elinks-0.12 later. _______________________________________________ elinks-users mailing list elinks-users@linuxfromscratch.org http://linuxfromscratch.org/mailman/listinfo/elinks-users