SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for w3m-0.5.3.git20161120-206.23.x86_64.rpm :

* Thu Nov 24 2016 Thomas.BlumeAATTsuse.com- update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) dropped patches: w3m-fix-build-with-imlib2-1.4.6.patch w3m-scheme.patch w3mman-formatting.patch w3m-parallel-make.patch w3m-gc7.diff w3m-openssl.patch w3m-closedir.patch w3m-fh-def.patch w3m-ssl-verify.patch w3m-parsetagx-crash.patch w3m-tempdir-override.patch w3m-0.5.1-no-ASCII-equivalents-by-default.patch w3m-uninitialized.patch w3m-inline-image.patch w3m-0.4.1-textarea-segfault.dif ported patches: w3m-disable-cookie-special-domain-check.patch to 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch w3m-0.4.1-session-mgmt.dif to 0001-implements-simple-session-management.patch w3m-history-crossdev.patch to 0001-handle-EXDEV-during-history-file-rename.patch w3mman-formatting.patch to 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch
* Fri Jun 24 2016 fweissAATTsuse.com- w3mman-formatting.patch: w3mman now doesn\'t show invalid characters anymore (bsc#950800)
* Wed Jun 22 2016 maxAATTsuse.com- Add w3m-scheme.patch to fix a segfault when doing a https request to an unresolvable host (bsc#950468).
* Mon Mar 02 2015 mlinAATTsuse.com- Add w3m-fix-build-with-imlib2-1.4.6.patch: fix build with imlib2 1.4.6, the patch is from Debian. See http://sourceforge.net/p/w3m/patches/70/
* Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE support
* Wed Mar 12 2014 schwabAATTlinux-m68k.org- w3m-parallel-make.patch: More dependency fixes for parallel build
* Tue Aug 20 2013 schwabAATTsuse.de- w3m-parallel-make.patch: Fix missing dependency for parallel build
* Fri Jun 21 2013 crrodriguezAATTopensuse.org- attempting to download a large file will end in total fail on 32bit archs, use LFS_CFLAGS to fix that problem.
* Thu Mar 21 2013 jengelhAATTinai.de- Make w3m compile with gc 7.x (adds w3m-gc7.diff), and also use the system libgc.
* Mon Nov 12 2012 crrodriguezAATTopensuse.org- Due to the \"CRIME attack\" (CVE-2012-4929) HTTPS clients that negotiate TLS-level compression can be abused for MITM attacks. (w3m-openssl.patch)- Use SSL_MODE_RELEASE_BUFFERS if available .
* Fri Sep 28 2012 cfarrellAATTsuse.com- license update: ISC w3m permissive license much more akin to ISC (spdx.org/licenses/ISC) than to either BSD or MIT
* Thu Sep 27 2012 crrodriguezAATTopensuse.org- Build with OPENSSL_NO_SSL_INTERN, poor\'s man visibility to avoid ABI breaks between different openssl version.- Also define _GNU_SOURCE to allow some extra optimizations with recent GCC versions.
* Fri Mar 23 2012 maxAATTsuse.com- Removed w3m-helppaths.patch, because it broke interactive help (bnc#747560). It was a leftover that should have been removed as part of the May 2011 package overhaul.
* Tue Aug 30 2011 crrodriguezAATTopensuse.org- Fix build error: redefinition of \'struct file_handle\'
* Sat Jul 30 2011 crrodriguezAATTopensuse.org- Use ncursesw6 instead of old ncurses5
* Fri May 20 2011 maxAATTnovell.com- Overhaul the package- Add license files and other stuff from the doc subcdir (bnc#666935).
* Tue Jan 18 2011 maxAATTnovell.com- Version 0.5.3:
* security fix - fix vulnerabilities indicated by bugs.debian.org. - suppress sending Referer, if https:// -> http://
* new features - adapt w3mimg to native windows on MS Windows. - support xterm-incompatible terminals without gpm. - add \"xhtml\" to default guess. - introduce option pseudo_inlines. - add option to avoid \"wrong number of dots\" error in cookies.
* other bug fixes - fix \"important\" bugs from bugs.debian.org - preserve spaces in multibyte context. - fix proxy authentication.
* Tue Jun 15 2010 maxAATTsuse.de- Fix handling of embedded nul characters in certificate subjects. (bnc#609451, CVE-2010-2074).- Turn on certificate verification by default.
* Thu Dec 31 2009 jengelhAATTmedozas.de- enable parallel build
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Mon Sep 07 2009 maxAATTsuse.de- Added w3m-closedir.patch to fix a directory descriptor leak in loadLocalDir (bnc#531675).
* Mon Aug 03 2009 jansimon.moellerAATTopensuse.org- small patch for gc to work with qemu-arm on the workers
  
ICM