SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for w3m-inline-image-0.5.3+git20230121-slfo.1.2.2.x86_64.rpm :

* Tue Jul 25 2023 Thomas Blume - CVE-2023-38253: out-of-bounds read in growbuf_to_Str() at w3m/indep.c (bsc#1213323)- CVE-2023-38252 out-of-bounds read in Strnew_size() at w3m/Str.c (bsc#1213324)- add 0001-Fix-OOB-access-due-to-multiple-backspaces.patch
* Fri Apr 28 2023 Muhammad Akbar Yanuar Mantari - update to version 0.5.3+git20230121- add 0001-Update-German-message-catalogue.patch- dropped patches: 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch 0001-implements-simple-session-management.patch 0001-handle-EXDEV-during-history-file-rename.patch 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch 0001-Fix-warning-for-unused-variable-without-USE_M17N.patch 0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch
* Tue Jan 10 2023 Thomas Blume - CVE-2022-38223 Out-of-bounds write in checkType located in etc.c (bsc#1202684) - add: 0002-Fix-m17n-backspace-handling-causes-out-of-bounds-wri.patch 0001-Fix-warning-for-unused-variable-without-USE_M17N.patch
* Thu Jan 25 2018 Thomas.BlumeAATTsuse.com- add git ChangeLog to /usr/share/doc/w3m/- update to version 0.5.3+git20180125 addressed security issue: CVE-2018-6196: w3m: an infinite recursion flaw in HTMLlineproc0 because the feed_table_block_tag function in table.c does not prevent a negative indent value allows for (bsc#1077559) CVE-2018-6197: w3m: NULL pointer dereference flaw in formUpdateBuffer in form.c (bsc#1077568) CVE-2018-6198: w3m: does not properly handle temporary files when the ~/.w3m directory is unwritable, which allows a local attacker to craft a symlink attack to overwrite arbitrary files (bsc#1077572) other changes, bugfixes see: /usr/share/doc/w3m/ChangeLog
* Thu Nov 24 2016 Thomas.BlumeAATTsuse.com- update to debian git version (bsc#1011293) addressed security issues: CVE-2016-9621: w3m: global-buffer-overflow write (bsc#1012020) CVE-2016-9622: w3m: null deref (bsc#1012021) CVE-2016-9623: w3m: null deref (bsc#1012022) CVE-2016-9624: w3m: near-null deref (bsc#1012023) CVE-2016-9625: w3m: stack overflow (bsc#1012024) CVE-2016-9626: w3m: stack overflow (bsc#1012025) CVE-2016-9627: w3m: heap overflow read + deref (bsc#1012026) CVE-2016-9628: w3m: null deref (bsc#1012027) CVE-2016-9629: w3m: null deref (bsc#1012028) CVE-2016-9630: w3m: global-buffer-overflow read (bsc#1012029) CVE-2016-9631: w3m: null deref (bsc#1012030) CVE-2016-9632: w3m: global-buffer-overflow read (bsc#1012031) CVE-2016-9633: w3m: OOM (bsc#1012032) CVE-2016-9434: w3m: null deref (bsc#1011283) CVE-2016-9435: w3m: use uninit value (bsc#1011284) CVE-2016-9436: w3m: use uninit value (bsc#1011285) CVE-2016-9437: w3m: write to rodata (bsc#1011286) CVE-2016-9438: w3m: null deref (bsc#1011287) CVE-2016-9439: w3m: stack overflow (bsc#1011288) CVE-2016-9440: w3m: near-null deref (bsc#1011289) CVE-2016-9441: w3m: near-null deref (bsc#1011290) CVE-2016-9442: w3m: potential heap buffer corruption (bsc#1011291) CVE-2016-9443: w3m: null deref (bsc#1011292) dropped patches: w3m-fix-build-with-imlib2-1.4.6.patch w3m-scheme.patch w3mman-formatting.patch w3m-parallel-make.patch w3m-gc7.diff w3m-openssl.patch w3m-closedir.patch w3m-fh-def.patch w3m-ssl-verify.patch w3m-parsetagx-crash.patch w3m-tempdir-override.patch w3m-0.5.1-no-ASCII-equivalents-by-default.patch w3m-uninitialized.patch w3m-inline-image.patch w3m-0.4.1-textarea-segfault.dif ported patches: w3m-disable-cookie-special-domain-check.patch to 0001-allow-to-configure-the-accept-option-for-bad-cookies.patch w3m-0.4.1-session-mgmt.dif to 0001-implements-simple-session-management.patch w3m-history-crossdev.patch to 0001-handle-EXDEV-during-history-file-rename.patch w3mman-formatting.patch to 0001-w3mman-don-t-show-invalid-characters-bsc-950800.patch
* Fri Jun 24 2016 fweissAATTsuse.com- w3mman-formatting.patch: w3mman now doesn\'t show invalid characters anymore (bsc#950800)
* Wed Jun 22 2016 maxAATTsuse.com- Add w3m-scheme.patch to fix a segfault when doing a https request to an unresolvable host (bsc#950468).
* Mon Mar 02 2015 mlinAATTsuse.com- Add w3m-fix-build-with-imlib2-1.4.6.patch: fix build with imlib2 1.4.6, the patch is from Debian. See http://sourceforge.net/p/w3m/patches/70/
* Sun Dec 21 2014 meissnerAATTsuse.com- build with PIE support
* Wed Mar 12 2014 schwabAATTlinux-m68k.org- w3m-parallel-make.patch: More dependency fixes for parallel build
* Tue Aug 20 2013 schwabAATTsuse.de- w3m-parallel-make.patch: Fix missing dependency for parallel build
* Fri Jun 21 2013 crrodriguezAATTopensuse.org- attempting to download a large file will end in total fail on 32bit archs, use LFS_CFLAGS to fix that problem.
* Thu Mar 21 2013 jengelhAATTinai.de- Make w3m compile with gc 7.x (adds w3m-gc7.diff), and also use the system libgc.
* Mon Nov 12 2012 crrodriguezAATTopensuse.org- Due to the \"CRIME attack\" (CVE-2012-4929) HTTPS clients that negotiate TLS-level compression can be abused for MITM attacks. (w3m-openssl.patch)- Use SSL_MODE_RELEASE_BUFFERS if available .
* Fri Sep 28 2012 cfarrellAATTsuse.com- license update: ISC w3m permissive license much more akin to ISC (spdx.org/licenses/ISC) than to either BSD or MIT
* Thu Sep 27 2012 crrodriguezAATTopensuse.org- Build with OPENSSL_NO_SSL_INTERN, poor\'s man visibility to avoid ABI breaks between different openssl version.- Also define _GNU_SOURCE to allow some extra optimizations with recent GCC versions.
* Fri Mar 23 2012 maxAATTsuse.com- Removed w3m-helppaths.patch, because it broke interactive help (bnc#747560). It was a leftover that should have been removed as part of the May 2011 package overhaul.
* Tue Aug 30 2011 crrodriguezAATTopensuse.org- Fix build error: redefinition of \'struct file_handle\'
* Sat Jul 30 2011 crrodriguezAATTopensuse.org- Use ncursesw6 instead of old ncurses5
* Fri May 20 2011 maxAATTnovell.com- Overhaul the package- Add license files and other stuff from the doc subcdir (bnc#666935).
* Tue Jan 18 2011 maxAATTnovell.com- Version 0.5.3:
* security fix - fix vulnerabilities indicated by bugs.debian.org. - suppress sending Referer, if https:// -> http://
* new features - adapt w3mimg to native windows on MS Windows. - support xterm-incompatible terminals without gpm. - add \"xhtml\" to default guess. - introduce option pseudo_inlines. - add option to avoid \"wrong number of dots\" error in cookies.
* other bug fixes - fix \"important\" bugs from bugs.debian.org - preserve spaces in multibyte context. - fix proxy authentication.
* Tue Jun 15 2010 maxAATTsuse.de- Fix handling of embedded nul characters in certificate subjects. (bnc#609451, CVE-2010-2074).- Turn on certificate verification by default.
* Thu Dec 31 2009 jengelhAATTmedozas.de- enable parallel build
* Tue Nov 03 2009 cooloAATTnovell.com- updated patches to apply with fuzz=0
* Mon Sep 07 2009 maxAATTsuse.de- Added w3m-closedir.patch to fix a directory descriptor leak in loadLocalDir (bnc#531675).
* Mon Aug 03 2009 jansimon.moellerAATTopensuse.org- small patch for gc to work with qemu-arm on the workers
* Fri Nov 14 2008 maxAATTsuse.de- Re-added the private copy of gc, so that we don\'t need to provide generic L3 for the gc package, which is not used by anything else in the distribution.- Disable unneeded thread support in gc to fix build on ppc64.
* Tue Oct 28 2008 maxAATTsuse.de- Removed unneeded explicit build dependencies- w3m-inline-image needs imlib2-loaders.- Use system-supplied gc library.
* Mon Feb 25 2008 crrodriguezAATTsuse.de- use find_lang macro
* Wed Sep 05 2007 olhAATTsuse.de- use expandPath to expand ~ in TMPDIR (306745)
* Tue Aug 14 2007 olhAATTsuse.de- handle EXDEV during history file rename()
* Sat Aug 11 2007 olhAATTsuse.de- fix crash in parse_tag() during every start use TMPDIR, TMP or TEMP enviroment variables fix a few harmless uninitialized variables
* Fri Jun 01 2007 maxAATTsuse.de- New version: 0.5.2:
* fix format string vulnerability.
* support gtk2 with w3m-img.
* new option for LiveHTTPHeaders-like logs.
* new option to fontify , , , and so on.
* avoid errors in \"configure\" and \"make\".
* \'\
\' handling in attributes\' values of HTML tags.- Enabled console mouse support via gpm.
* Sun Apr 01 2007 roAATTsuse.de- added ncurses-devel to buildreq
* Fri Feb 16 2007 odAATTsuse.de- change the default for the option \"Use ASCII equivalents to display entities\" from YES to NO. (#247397)
* Thu Jan 04 2007 maxAATTsuse.de- Fixed a format string problem that led to a crash. (#230775, CVE-2006-6772)- Made sure everything gets compiled with RPM_OPT_FLAGS.- Enabled inline images on frame buffer consoles.
* Sat Mar 18 2006 odAATTsuse.de- fixes for w3m-0.4.1-session-mgmt.dif: - longer session names: increase filename length for session files from 30 to 249 - fix buffer-overrun in several strncat() - report errors other than ENOENT when opening session and history files
* Wed Jan 25 2006 mlsAATTsuse.de- converted neededforbuild to BuildRequires
* Wed Apr 27 2005 roAATTsuse.de- remove boehm-gc from nfb (dropped)- use private copy of gc6.4
* Fri Aug 13 2004 mmjAATTsuse.de- Don\'t --enable-messagel10n since it breaks w3m and makes every- thing Japanese [#43750]
* Mon May 03 2004 mmjAATTsuse.de- Update to 0.5.1
* Tue Apr 13 2004 mmjAATTsuse.de- Update to 0.5 which merges the -m17 part, and also adds auto{make,conf} support.- Use %_lib
* Mon Mar 22 2004 mmjAATTsuse.de- Fix illegal prefetch instructions on intel 64-bit platform [#36352]
* Tue Feb 17 2004 kukukAATTsuse.de- Remove s390x ulimit hack (does not work as normal user)
* Tue Feb 03 2004 mmjAATTsuse.de- Compile with -fno-strict-aliasing
* Sat Jan 10 2004 adrianAATTsuse.de- add %defattr
* Fri Oct 10 2003 odAATTsuse.de- added new option \"-session=\" which implements simple session management
* Mon Aug 18 2003 uliAATTsuse.de- replaced Boehm GC with a more recent version that works on s390x, ppc64 (obsoletes w3m-0.3.1-x86_64.dif)
* Fri Jul 25 2003 poemlAATTsuse.de- switch to w3m-m17n sources (w3m-0.4.1-m17n-20030308) for its UTF-8 support, and no longer build the extra w3mj binary- get rid of -m17n suffix- add patch by Bjoern Jacke to automatically follow locale- install the cgi\'s in /usr/lib/w3m/cgi-bin
* Thu Jul 24 2003 poemlAATTsuse.de- update to 0.4.1 - tab browsing
* rc: open_tab_blank, close_tab_back
* func: CLOSE_TAB, NEW_TAB, NEXT_TAB, PREV_TAB,
* func: TAB_GOTO, TAB_GOTO_RELATIVE
* func: TAB_LEFT, TAB_LINK, TAB_MENU, TAB_RIGHT
* func: CLOSE_TAB_MOUSE, MENU_MOUSE, MOVE_MOUSE, TAB_MOUSE
* rc: open_tab_dl_list
* func: DOWNLOAD_LIST - wheel scrolling
* rc: relative_wheel_scroll
* rc: relative_wheel_scroll_ratio
* rc: fixed_wheel_scroll_count - https proxy
* env: https_proxy
* rc: https_proxy - form filling
* pre_form: ~/.w3m/pre_form
* rc: pre_form_file: pre_form configuration file - building
* separate auxbindir and libdir (local-CGI, file:///$LIB/)
* configure: -auxbindir - misc
* options: -show-option
* 2 stroke keybinding
* rc: use_proxy
* rc: preserve_timestamp
* rc: fold_line
* local cookie: passed via file named $LOCAL_COOKIE or posted not in url query
* URL data: support
* URL news:, nntp: newsgroup support
* rc: nntpserver, nntpmode, max_news
* rc: graphic_char
* func: REDO, UNDO
* func: LIST, LIST_MENU, MOVE_LIST_MENU
* func: ACCESSKEY, LINK_MENU
* rc: display_ins_del
* func: MULTIMAP
* options: -N
* func: NEXT, PREV
* rc: image_map_list
* rc: decode_url
* func: RESHAPE
* func: SEARCH can take arg
* rc: disable_secret_security_check (for windows?) - w3m-0.2.1-ia64.dif seems obsolete - re-diff textarea-segfault.dif, it seems still needed - package some of the new Bonus cgi\'s
* Fri Jun 13 2003 kukukAATTsuse.de- Add missing directories to filelist
* Mon Feb 24 2003 poemlAATTsuse.de- add fix for segfault that can occur when editing a textarea field with vi, and returning to w3m (it seems to happen if the terminal is not writable, as when using w3m after \'su - some_user\') [#17597]
* Wed Jan 15 2003 adrianAATTsuse.de- do not package files from sub package also into main package (no more X11 dependency on main package)- package also man pages
* Thu Dec 05 2002 poemlAATTsuse.de- update to 0.3.2.2
* security fix: html_quote for img alt attributes
* security fix: html_quote for frame contents
* backport from w3m 0.3.2+cvs - fix segmentation fault by large complex table. [w3m-dev 03371][w3m-dev 03438]
* Mon Nov 04 2002 poemlAATTsuse.de- update to 0.3.2 (which has framebuffer console image support, but we don\'t build it because the permissions of /dev/fb
* can only be set globally)- w3mimgsize ceased to exist- add w3mman, a pretty handy man page browser
* Thu Aug 15 2002 schwabAATTsuse.de- Fix compilation on ia64.
* Wed Aug 07 2002 poemlAATTsuse.de- fixed for s390x - set ulimit -v unlimited otherwise the mktable helper segfaults- apply lib64 patch on all architectures
* Tue Jul 16 2002 poemlAATTsuse.de- define konqueror instead of mozilla as default external browser- no path needed for external helpers
* Mon Jul 15 2002 poemlAATTsuse.de- update to version 0.3.1.- cookie handling: don\'t treat toplevel domains with 2 letters different from ones with 3 letters (\"special domain check\"), by don\'t allowing domain= values with 2 periods in a Set-Cookie header (why should a cookie from .ebay.de be invalid, while the same cookie from .ebay.com is not?)- allow to configure the \"accept\" option for bad cookies- define mozilla instead of netscape as default external browser- show configuration in build log- don\'t explicitely -I/usr/include, avoid nasty compiler warnings- use RPM_OPT_FLAGS
* Sun Jul 07 2002 schwabAATTsuse.de- Update to version 0.3.
* Tue May 28 2002 roAATTsuse.de- first hack to work on x86_64
* Tue May 21 2002 poemlAATTsuse.de- fix wrong configuration which broke HTML text area editing (editor was set to -O) (#16260)
* Thu May 16 2002 poemlAATTsuse.de- split off a w3m-inline-image subpackage to avoid the main package RPM dependency on X stuff
* Sat Feb 02 2002 poemlAATTsuse.de- update to 0.2.5:
* RFC2617: HTTP Digest authentication
* rc: default_url=0(empty) 1(current URL) 2(link URL)
* GOTO_RELATIVE (M-u)
* highlight for incremental search
* support migemo (romaji search)
* use w3mmail.cgi for mailto: URL
* support external URI loader
* support -dump_extra ftp://
* new regex implementation- update inline image patch to w3m-0.2.5-img-2.2.patch.bz2- add WWW-Authenticate.dif (makes w3m recognize WWW-Authenticate: token in lower case)
* Thu Jan 31 2002 roAATTsuse.de- changed neededforbuild to
* Thu Jan 24 2002 poemlAATTsuse.de- update to 0.2.4- use updated inline image patch w3m-0.2.4-img-1.18.patch.gz
* Wed Nov 28 2001 mfabianAATTsuse.de- add patch for inline images (tweaked to work with w3m-0.2.2-inu-1.1 by , originally from http://www2u.biglobe.ne.jp/~hsaka/w3m/patch/)
* Fri Nov 23 2001 poemlAATTsuse.de- update to w3m-0.2.2-inu-1.1. This time, the included gc is new enough (6.1alpha2), so we don\'t need to supply another one.
* Mon Nov 12 2001 schwabAATTsuse.de- Fix for ia64.
* Wed Oct 31 2001 poemlAATTsuse.de- update to w3m-0.2.1-inu-1.5. This includes almost all patches posted to w3m-dev ML and w3m-dev-en ML in Oct. For details, see: http://mi.med.tohoku.ac.jp/~satodai/w3m/inu/200110/index.en.html
* Tue Oct 30 2001 poemlAATTsuse.de- update to latest version: w3m-0.2.1-inu-1.4 [w3m-dev-en 00596] (it is semi-official, but all developers use that one)- drop all patches since they are now included- w3m ships with current gc now, but update to gc6.0alpha9 which has some s390 patches
* Tue Aug 28 2001 poemlAATTsuse.de- add w3m-0.2.1-javascript-hide.dif from author to hide javascript statements even if they are inside table tags- apply forgotten relURL patch
* Thu Jun 28 2001 poemlAATTsuse.de- security fix: w3m-0.2.1-mimehead-buf.dif to prevent possible buffer overflow when parsing malformed URLs- add patch that allows key mappings with a count- spec file cleanup
* Wed Apr 04 2001 poemlAATTsuse.de- add patch to help with pages containing javascript
* Wed Apr 04 2001 poemlAATTsuse.de- update to w3m-0.2.1- as before, use a newer gc on ia64 and sparc- fix include path for gc on ia64 and sparc- undefine INET6 on sparc: struct sockaddr_storage seems to have no member ss_family- fix double declaration of CMT_SSL_FORBID_METHOD- add patch for problems caused by misunderstanding of relative URLs- fix Version tag (was a macro)
* Sun Feb 18 2001 poemlAATTsuse.de- update to 0.1.11-pre (which is actually more stable than 0.1.10)- apply massive kokb23 patch collection- add patch for lynx-like pauth option- drop norman.patch- add newer gc (6.0alpha6) for ia64 and sparc that works with glibc-2.2.1- update autoconf and libtool on these archs
* Wed Jan 31 2001 poemlAATTsuse.de- add a version 5.1 of gc (Boehm-Weiser garbage collector) which is patched for ia64 ( http://www.cs.berkeley.edu/projects/ titanium/src/titaniumc/runtime/gc/ ). don\'t use GC_push_other_roots() for some reason -> gc-5.1.patch
* Tue Jan 09 2001 poemlAATTsuse.de- removed duplicate man page in %{_defaultdocdir}/w3m/doc/
* Wed Dec 20 2000 poemlAATTsuse.de- add web_browser to Provides (in sync with lynx and links)
* Mon Dec 18 2000 poemlAATTsuse.de- merged w3m and w3m_ssl- added openssl to neededforbuild- bzipped sources
* Wed Dec 06 2000 poemlAATTsuse.de- added japanese binary
* Fri Oct 13 2000 poemlAATTsuse.de- update to 0.1.10- patch for perl path no longer necessary (now done by ./configure)- fix missing ifdef JP_CHARSET- readjust spec file to new option in ./configure- compile with lynx-like key binding
* Sat Sep 09 2000 bjackeAATTsuse.de- added Excludes with w3m_ssl
* Mon May 15 2000 kukukAATTsuse.de- Update to 0.1.9 (works on SPARC)- Use /bin/vi for 7.0- Fix defines on SPARC- Fix spec file- Add installed scripts to filelist
* Sun Feb 13 2000 mgeAATTsuse.de- update to 0.1.6- group tag
* Tue Oct 26 1999 mgeAATTsuse.de- initial SuSE-RPM
  
ICM