Security
* Fixed an issue where newsfeed prompts could cause Opera to execute
arbitrary code, as reported by Michal Zalewski. See our advisory.
http://www.opera.com/support/search/view/881/
* Solved an issue where resized canvas patterns could cause Opera to
execute arbitrary code, as reported by Michal Zalewski. See our
advisory. http://www.opera.com/support/search/view/882/
* Improved keyboard handling of password inputs, as reported by Trystan S.
Miscellaneous
* Fixed a BitTorrent transfer stability issue.
* Resolved stablity issues with the Acid 3 test.
* Additional stability fixes.
Changes Since Opera 9.25:
Security
--------
Fixed an issue where simulated text inputs could trick users into uploading
arbitrary files, as reported by Mozilla. See our advisory.
Image properties can no longer be used to execute scripts, as reported by
Max Leonov. See our advisory.
Fixed an issue where the representation of DOM attribute values could allow
cross site scripting, as reported by Arnaud.lb. See our advisory.
Miscellaneous
-------------
Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects
securely to Windows Server 2008 or other servers supporting the TLS
Certificate Status extension.
Additional stability fixes.
Changes in v9.25:
Security
* Fixed an issue where plug-ins could be used to allow cross domain
scripting, as reported by David Bloom. Details will be disclosed
at a later date.
* Fixed an issue with TLS certificates that could be used to execute
arbitrary code, as reported by Alexander Klink (Cynops GmbH).
Details will be disclosed at a later date.
* Rich text editing can no longer be used to allow cross domain
scripting, as reported by David Bloom. See our advisory.
* Prevented bitmaps from revealing random data from memory, as
reported by Gynvael Coldwind. Details will be disclosed at a
later date.
Miscellaneous
* Fixed a problem where malformed BMP files could cause Opera to
temporarily freeze.
For pkgsrc use, put back opera-distinfo target (to easily re-generate
checksums for supported platforms)
Changes Since Opera 9.23
Security
* Fixed an issue where external news readers and e-mail clients could be
used to execute arbitrary code, as reported by Michael A. Puls II.
See our advisory.
* Fixed an issue where scripts could overwrite functions on pages from
other domains. See the advisory. Issue reported to Opera by David Bloom.
This closes PR pkg/37185.
* Fixed four crash bugs found using Mozilla's jsfunfuzz tool.
* Fixed a stability issue with Speed Dial.
Security
* Fixed a JavaScript security issue discovered with Mozilla's
jsfunfuzz tool. See our advisory.
of an emulated operating system. Instead of proliferating things like
SUSE_VERSION_REQD, NETBSD_VERSION_REQD, SOLARIS_VERSION_REQD, etc., a
package can say:
EMUL_REQD= suse>=9.1 netbsd>=2.0 solaris>=10
all in one, succinct line.
depend upon to supply the Linux shared libraries already tell the user
this. The JDK packages also depend on the corresponding JRE package,
so they don't need to show the same message -- keep the message with
the JRE packages instead.
Linux kernel emulation <= 2.0.38. Also ensure that /lib is in
LD_LIBRARY_PATH so that the opera binary can find /lib/libpthread.so.0
in ${EMULDIR} and not NetBSD's /usr/lib/libpthread.so.0.
Bump the PKGREVISION to 1.
binary-only packages that require binary "emulation" on the native
operating system. Please see pkgsrc/mk/emulator/README for more
details.
* Teach the plist framework to automatically use any existing
PLIST.${EMUL_PLATFORM} as part of the default PLIST_SRC definition.
* Convert all of the binary-only packages in pkgsrc to use the
emulator framework. Most of them have been tested to install and
deinstall correctly. This involves the following cleanup actions:
* Remove use of custom PLIST code and use PLIST.${EMUL_PLATFORM}
more consistently.
* Simplify packages by using default INSTALL and DEINSTALL scripts
instead of custom INSTALL/DEINSTALL code.
* Remove "SUSE_COMPAT32" and "PKG_OPTIONS.suse" from pkgsrc.
Packages only need to state exactly which emulations they support,
and the framework handles any i386-on-x86_64 or sparc-on-sparc64
uses.
* Remove "USE_NATIVE_LINUX" from pkgsrc. The framework will
automatically detect when the package is installing on Linux.
Specific changes to packages include:
* Bump the PKGREVISIONs for all of the suse100* and suse91* packages
due to changes in the +INSTALL/+DEINSTALL scripts used in all
of the packages.
* Remove pkgsrc/emulators/suse_linux, which is unused by any
packages.
* cad/lc -- remove custom code to create the distinfo file for
all supported platforms; just use "emul-fetch" and "emul-distinfo"
instead.
* lang/Cg-compiler -- install the shared libraries under ${EMULDIR}
instead of ${PREFIX}/lib so that compiled programs will find
the shared libraries.
* mail/thunderbird-bin-nightly -- update to latest binary
distributions for supported platforms.
* multimedia/ns-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
* security/uvscan -- set LD_LIBRARY_PATH explicitly so that
it's not necessary to install library symlinks into
${EMULDIR}/usr/local/lib.
* www/firefox-bin-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
An issue when removing specially prepared torrent transfers was fixed.
A data leak issue when using canvas.createPattern was fixed.
An issue where data URIs could be used to display the wrong address in
the address bar was prevented.
The display of long domain names in auth dialogs was improved.
The Trustcenter class 3 G2 root certificate was added.
A problem with certificate import was fixed.
Toolbars can now use bold fonts again.
Tabs can be dragged between windows using the Windows panel again.
Several stability and performance fixes were made.
Shared memory is now disabled by default.
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
Changes:
This release of Opera introduces Fraud Protection.
Changes Since Opera 9.02
User interface
* Fixed handling of access keys on Web pages with frames.
* Mail, messaging, and newsfeeds
* Fixed an instability connected with delayed entry of the Master password.
* Deleting of newsfeeds in the panel now both unsubscribes and deletes.
Display and scripting
* Improved performance for elements with both :focus and :hover.
* Fixed an issue with opacity on links that have images nested within them.
Security
* New Fraud Protection feature (a phishing filter).
* Changed Wand data to a new format. The upgrade to this new format
is not reversible.
Miscellaneous
* Multiple stability issues solved, including crashes on Gmail and Google Maps.
* Changed the Mozilla User Agent string to include Firefox identification.
* Improved handling of Web site logins on slow connections.
* Cancellation of torrent downloads now functions as expected.
UNIX-specific changes
* Fixed smooth scrolling.
* Flash 9 beta support for Linux.
* Implemented support for Linux plug-ins on FreeBSD.
* When masking as Internet Explorer, the platform is masked as Windows XP.
* Fixed an issue where floating point numbers were treated as integers
on some Linux systems.
- fix badly out of date PLIST for solaris
- add missing response of 'n' to the install.sh script to avoid installing
some xpm's in /usr/share/....
Opera seems to build, install, package, and run ok on solaris 9/sparc now.
This release is a recommended security upgrade.
Changes since 8.51:
Display
* Fixed drop-down list problem affecting Bloglines subscription sorting.
Security
* Replaced expired certificates from TrustCenter.
* Solved status bar issue described in Secunia Advisory 17571.
* Implemented stricter handling of the Online Certificate Status Protocol (OCSP).
Miscellaneous
* Fixed problem with missing keypresses when switching between applications.
* Fixed GDI leak issue with favicons causing slowdowns and crashes.
* Fixed Gmail loading problem.
Changes since 8.01:
Security
* Solved download dialog spoofing issue described in Secunia Advisory SA15870
* Fixed image dragging issue described in Secunia Advisory SA15756
Miscellaneous
* Improved default handling of encodings in spelling checker.
* Multiple stability fixes.
* When an installed plug-in is available, use as default handler rather
than display download dialog.
* Improved support for XMLHttpRequest.
* Fixed download handling when closing originating page.
