---- Version 8.13.9 - 2017-04-21 ----
Fix bad handling of the 4th parameter of %%tuplets
(reported by Reinier Maliepaard)
Execute the format file in '-F' when '-H'
(reported by Richard Robinson)
Add %%ss-pref (stylesheet prefix) as a replacement of %%abcm2ps
Fix bad colors of lyrics and chord indications when last voice has a color
(reported by Jean-Luc Fargere)
2017-04-21 Richard Russon <rich@flatcap.org>
* Features
- add lua scripting
- add command-line batch mode
- index_format: add support of %K
* Bug Fixes
- attachment/pager: Use mailcap for test/* except plain
- Fix uncollapse_new in pager
- fix garbage in chdir prompt due to unescaped string
- Fix inbox-first functionality when using mutt_pretty_mailbox
- add full neomutt version to log startup
- fix bug in uncolor for notmuch tag
- fix broken from_chars behaviour
* Coverity defects
- strfcpy
- add variable - function arg could be NULL/invalid
- add variable - failed function leads to invalid variable
- add variable - Context could become NULL
- add variable - alloc/strdup could return NULL
- add variable - route through code leads to invalid variable
- remove variable test
- test functions
- tidy switches
- unused variables
- refactor only
- check for buffer underruns
- fix leaks
- minor fixes
- bug: add missing break
- bug: don't pass large object by value
- fix: use correct buffer size
- shadow variables
- 0 -> NULL
* Docs
- many minor updates
- sync translations
- delete trailing whitespace
- indent the docbook manual
- use w3m as default for generating UTF8 manual.txt
* Website
- many minor updates
- fix broken links
- add to list of useful programs
- test automatic html checker
- remove trailing whitespace
- add irc description
- update issue labels (dev)
- new page: closed discussions
- new page: making neomutt (dev)
* Build
- drop obsolete m4 scripts
- don't look for lua libs unless asked for
- workaround slang warnings
- lower the gettext requirement 0.18 -> 0.17
- add keymap_alldefs.h to BUILT_SOURCES
- fix make dist distcheck
- Remove -Iimap from CFLAGS and include imap/imap.h explicitly
- mx: fix conditional builds
- Make iconv mandatory (no more --disable-iconv)
- refactor: Split out BUFFER-handling functions
* Tidy
- drop control characters from the source
- drop vim modelines
- delete trailing whitespace
- mark all local functions as static
- delete unused functions
- replace FOREVER with while (true)
- drop #if HAVE_CONFIG_H
- use #ifdef for potentially missing symbols
- remove #if 0 code blocks
- drop commented out source
- IMAP auth functions are stored by pointer cannot be static
- force OPS to be rebuilt after a reconfigure
- be specific about void functions
- expand a few more alloc macros
- add argument names to function prototypes
- drop local copy of regex code
- rearrange code to avoid forward declarations
- limit the scope of some functions
- give the compress functions a unique name
- use snake_case for function names
- add missing newlines to mutt_debug
- remove generated files from repo
- look for translations in all files
- fix arguments to printf-style functions
- license text
- unify include-guards
- tidy makefiles
- initialise pointers
- make strcmp-like functions clearer
- unify sizeof usage
- remove forward declarations
- remove ()s from return
- rename files hyphen to underscore
- remove unused macros
- use SEEK_SET, SEEK_CUR, SEEK_END
- remove constant code
- fix typos and grammar in the comments
- Switch to using an external gettext runtime
- apply clang-format to the source code
- boolify returns of 84 functions
- boolify lots of struct members
- boolify some function parameters
* Upstream
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configure.ac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix (un)sidebar_whitelist to expand paths
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- Add $ssl_verify_partial_chains option for OpenSSL
- Move the OpenSSL partial chain support check inside configureac
- Don't allow storing duplicate certs for OpenSSL interactive prompt
- Prevent skipped certs from showing a second time
- OpenSSL: Don't offer (a)ccept always choice for hostname mismatches
- Add SNI support for OpenSSL
- Add SNI support for GnuTLS
- Add shortcuts for IMAP and POP mailboxes in the file browser
- Updated French translation
- Change OpenSSL to use SHA-256 for cert comparison
- Fix conststrings type mismatches
- Pass envlist to filter children too
- Fix mutt_envlist_set() for the case that envlist is null
- Fix setenv overwriting to not truncate the envlist
- Fix mutt_refresh() pausing during macro events
- Add a menu stack to track current and past menus
- Change CurrentMenu to be controlled by the menu stack
- Set refresh when popping the menu stack
- Remove redraw parameter from crypt send_menus
- Don't full redraw the index when handling a command from the pager
- Fix (un)sidebar_whitelist to expand paths
- Filter other directional markers that corrupt the screen
- Remove the OPTFORCEREDRAW options
- Remove SidebarNeedsRedraw
- Change reflow_windows() to set full redraw
- Create R_MENU redraw option
- Remove refresh parameter from mutt_enter_fname()
- Remove redraw flag setting after mutt_endwin()
- Change km_dokey() to pass SigWinch on for the MENU_EDITOR
- Separate out the compose menu redrawing
- Separate out the index menu redrawing
- Prepare for pager redraw separation
- Separate out the pager menu redrawing
- Don't create query menu until after initial prompt
- Silence imap progress messages for pipe-message
- Ensure mutt stays in endwin during calls to pipe_msg()
- Fix memleak when attaching files
- automatic post-release commit for mutt-181
- Added tag mutt-1-8-1-rel for changeset f44974c10990
- mutt-181 signed
- Add ifdefs around new mutt_resize_screen calls
- Add multiline and sigwinch handling to mutt_multi_choice
- Set pager's REDRAW_SIGWINCH when reflowing windows
- Add multiline and sigwinch handling to mutt_yesorno
- Change the sort prompt to use (s)ort style prompts
- Handle the pager sort prompt inside the pager
- Fix GPG_TTY to be added to envlist
- automatic post-release commit for mutt-182
Changes:
version 2017.04.26
Core
* Introduce --keep-fragments for keeping fragments of fragmented download
on disk after download is finished
* [YoutubeDL] Fix output template for missing timestamp (#12796)
* [socks] Handle cases where credentials are required but missing
* [extractor/common] Improve HLS extraction (#12211)
- Extract m3u8 parsing to separate method
- Improve rendition groups extraction
- Build stream name according stream GROUP-ID
- Ignore reference to AUDIO group without URI when stream has no CODECS
- Use float for scaled tbr in _parse_m3u8_formats
* [utils] Add support for TTML styles in dfxp2srt
* [downloader/hls] No need to download keys for fragments that have been
already downloaded
* [downloader/fragment] Improve fragment downloading
- Resume immediately
- Don't concatenate fragments and decrypt them on every resume
- Optimize disk storage usage, don't store intermediate fragments on disk
- Store bookkeeping download state file
+ [extractor/common] Add support for multiple getters in try_get
+ [extractor/common] Add support for video of WebPage context in _json_ld
(#12778)
+ [extractor/common] Relax JWPlayer regular expression and remove
duplicate URLs (#12768)
Extractors
* [iqiyi] Fix extraction of Yule videos
* [vidio] Improve extraction and sort formats
+ [brightcove] Match only video elements with data-video-id attribute
* [iqiyi] Fix playlist detection (#12504)
- [azubu] Remove extractor (#12813)
* [porn91] Fix extraction (#12814)
* [vidzi] Fix extraction (#12793)
+ [amp] Extract error message (#12795)
+ [xfileshare] Add support for gorillavid.com and daclips.com (#12776)
* [instagram] Fix extraction (#12777)
+ [generic] Support Brightcove videos in <iframe> (#12482)
+ [brightcove] Support URLs with bcpid instead of playerID (#12482)
* [brightcove] Fix _extract_url (#12782)
+ [odnoklassniki] Extract HLS formats
version 2017.04.17
Extractors
* [limelight] Improve extraction LimelightEmbeddedPlayerFlash media embeds and
add support for channel and channelList embeds
* [generic] Extract multiple Limelight embeds (#12761)
+ [itv] Extract series metadata
* [itv] Fix RTMP formats downloading (#12759)
* [itv] Use native HLS downloader by default
+ [go90] Extract subtitles (#12752)
+ [go90] Extract series metadata (#12752)
version 2017.04.16
Core
* [YoutubeDL] Apply expand_path after output template substitution
+ [YoutubeDL] Propagate overridden meta fields to extraction results of type
url (#11163)
Extractors
+ [generic] Extract RSS entries as url_transparent (#11163)
+ [streamango] Add support for streamango.com (#12643)
+ [wsj:article] Add support for articles (#12558)
* [brightcove] Relax video tag embeds extraction and validate ambiguous embeds'
URLs (#9163, #12005, #12178, #12480)
+ [udemy] Add support for react rendition (#12744)
version 2017.04.15
Extractors
* [youku] Fix fileid extraction (#12741, #12743)
version 2017.04.14
Core
+ [downloader/hls] Add basic support for EXT-X-BYTERANGE tag (#10955)
+ [adobepass] Improve Comcast and Verison login code (#10803)
+ [adobepass] Add support for Verizon (#10803)
Extractors
+ [aenetworks] Add support for specials (#12723)
+ [hbo] Extract HLS formats
+ [go90] Add support for go90.com (#10127)
+ [tv2hu] Add support for tv2.hu (#10509)
+ [generic] Exclude URLs with xml ext from valid video URLs (#10768, #11654)
* [youtube] Improve HLS formats extraction
* [afreecatv] Fix extraction for videos with different key layout (#12718)
- [youtube] Remove explicit preference for audio-only and video-only formats in
order not to break sorting when new formats appear
* [canalplus] Bypass geo restriction
version 2017.04.11
Extractors
* [afreecatv] Fix extraction (#12706)
+ [generic] Add support for <object> YouTube embeds (#12637)
* [bbccouk] Treat bitrate as audio+video bitrate in media selector
+ [bbccouk] Skip unrecognized formats in media selector (#12701)
+ [bbccouk] Add support for https protocol in media selector (#12701)
* [curiositystream] Fix extraction (#12638)
* [adn] Update subtitle decryption key
* [chaturbate] Fix extraction (#12665, #12688, #12690)
Mozilla Firefox is a free, open-source and cross-platform web browser
for Windows, Linux, MacOS X and many other operating systems.
It is fast and easy to use, and offers many advantages over other web
browsers, such as tabbed browsing and the ability to block pop-up
windows.
Firefox also offers excellent bookmark and history management, and it
can be extended by developers using industry standards such as XML,
CSS, JavaScript, C++, etc. Many extensions are available.
Changelog:
New
Improved graphics stability for Windows users with the addition of compositor process separation (Quantum Compositor)
Two new 'compact' themes available in Firefox, dark and light, based on the Firefox Developer Edition theme
Lightweight themes are now applied in private browsing windows
Reader Mode now displays estimated reading time for the page
Windows 7+ users on 64-bit OS can select 32-bit or 64-bit versions in the stub installer
Fixed
Various security fixes
Changed
Updated the design of site permission requests to make them harder to miss and easier to understand
Windows XP and Vista are no longer supported. XP and Vista users running Firefox 52 will continue to receive security updates on Firefox ESR 52.
32-bit Mac OS X is no longer supported. 32-bit Mac OS X users can switch to Firefox ESR 52 to continue receiving security updates.
Updates for Mac OS X are smaller in size compared to updates for Firefox 52
New visual design for audio and video controls
Ended Firefox Linux support for processors older than Pentium 4 and AMD Opteron
The last few characters of shortened tab titles fade out instead of being replaced by ellipses to keep more of the title visible
Security fixes:
#CVE-2017-5433: Use-after-free in SMIL animation functions
#CVE-2017-5435: Use-after-free during transaction processing in the editor
#CVE-2017-5436: Out-of-bounds write with malicious font in Graphite 2
#CVE-2017-5461: Out-of-bounds write in Base64 encoding in NSS
#CVE-2017-5459: Buffer overflow in WebGL
#CVE-2017-5466: Origin confusion when reloading isolated data:text/html URL
#CVE-2017-5434: Use-after-free during focus handling
#CVE-2017-5432: Use-after-free in text input selection
#CVE-2017-5460: Use-after-free in frame selection
#CVE-2017-5438: Use-after-free in nsAutoPtr during XSLT processing
#CVE-2017-5439: Use-after-free in nsTArray Length() during XSLT processing
#CVE-2017-5440: Use-after-free in txExecutionState destructor during XSLT processing
#CVE-2017-5441: Use-after-free with selection during scroll events
#CVE-2017-5442: Use-after-free during style changes
#CVE-2017-5464: Memory corruption with accessibility and DOM manipulation
#CVE-2017-5443: Out-of-bounds write during BinHex decoding
#CVE-2017-5444: Buffer overflow while parsing application/http-index-format content
#CVE-2017-5446: Out-of-bounds read when HTTP/2 DATA frames are sent with incorrect data
#CVE-2017-5447: Out-of-bounds read during glyph processing
#CVE-2017-5465: Out-of-bounds read in ConvolvePixel
#CVE-2017-5448: Out-of-bounds write in ClearKeyDecryptor
#CVE-2017-5437: Vulnerabilities in Libevent library
#CVE-2017-5454: Sandbox escape allowing file system read access through file picker
#CVE-2017-5455: Sandbox escape through internal feed reader APIs
#CVE-2017-5456: Sandbox escape allowing local file system access
#CVE-2017-5469: Potential Buffer overflow in flex-generated code
#CVE-2017-5445: Uninitialized values used while parsing application/http-index-format content
#CVE-2017-5449: Crash during bidirectional unicode manipulation with animation
#CVE-2017-5450: Addressbar spoofing using javascript: URI on Firefox for Android
#CVE-2017-5451: Addressbar spoofing with onblur event
#CVE-2017-5462: DRBG flaw in NSS
#CVE-2017-5463: Addressbar spoofing through reader view on Firefox for Android
#CVE-2017-5467: Memory corruption when drawing Skia content
#CVE-2017-5452: Addressbar spoofing during scrolling with editable content on Firefox for Android
#CVE-2017-5453: HTML injection into RSS Reader feed preview page through TITLE element
#CVE-2017-5458: Drag and drop of javascript: URLs can allow for self-XSS
#CVE-2017-5468: Incorrect ownership model for Private Browsing information
#CVE-2017-5430: Memory safety bugs fixed in Firefox 53 and Firefox ESR 52.1
#CVE-2017-5429: Memory safety bugs fixed in Firefox 53, Firefox ESR 45.9, and Firefox ESR 52.1
Changelog:
The NSS team has released Network Security Services (NSS) 3.30.2,
which is a patch release to update the list of root CA certificates.
Below is a summary of the changes.
Please refer to the full release notes for additional details,
including the SHA256 fingerprints of the changed CA certificates.
Notable Changes:
* The following CA certificates were Removed
- O = Japanese Government, OU = ApplicationCA
- CN = WellsSecure Public Root Certificate Authority
- CN = TÜRKTRUST Elektronik Sertifika Hizmet Sağlayıcısı H6
- CN = Microsec e-Szigno Root
* The following CA certificates were Added
- CN = D-TRUST Root CA 3 2013
- CN = TUBITAK Kamu SM SSL Kok Sertifikasi - Surum 1
* The version number of the updated root CA list has been set to 2.14
(Bug 1350859)
* Domain name constraints for one of the new CAs have been added to the
NSS code (Bug 1349705)
This is a regularly scheduled stable release.
Resolved issues since v0.14.26:
#219: Devices can now have a list of allowed subnets (advanced config)
#234: The transfer rate units can now be changed by clicking on the value
#1819: UI text explaining "Introducer" is improved
#2267: Advanced config editor can now edit lists of things
#2519: Directories created for new folders now obey the user umask setting (on Unixes)
#4053: Incoming index updates are consistency checked better
TagRunPath = 0 may cause client code such as cmSystemTools::RemoveRPath
to misbehave.
Define DT_RUNPATH to the expected value (29) instead.
bump pkgrevision
Significant changes since 1.2.0:
* A new -v option instructs scrypt to print the key derivation parameters
it has selected.
* A new --version option prints the version number of the scrypt utility.
* A new -P option make scrypt read the passphrase from standard input; this
is designed for scripts which pipe a passphrase in from elsewhere.
* A new -f option makes 'scrypt dec' ignore the amount of memory or CPU time
it thinks decrypting a file will take, and proceed anyway; this may be useful
in cases where scrypt's estimation is wrong.
* The '-M maxmem' option now accepts "humanized" inputs, e.g., "-M 1GB".
There are also a variety of less visible changes: Performance improvements
in the SHA256 routines, minor bug and compiler warning fixes, the addition
of a test suite, and some minor code reorganization.
Use -Wno-return-type to silence compiler errors on clang 4.0.
patch function prototype to fix error in prototype with GCC 4.5.3:
error: prototype for 'Void CMotionVector::setToZero(<type error>)'
Successfully tested clang 4.0, GCC 5.4, GCC 4.5.3.
