Release Notes
Opera 9.64 is a recommended security and stability upgrade, incorporating the
Opera Presto 2.1.1 user agent engine. Opera highly recommends all users to
upgrade to Opera 9.64 to take advantage of these improvements.
Release date: 03.03.2009
Changes and improvements since Opera 9.63
Security
* Fixed an issue where specially crafted JPEG images could be used to execute
arbitrary code, as reported by Tavis Ormandy of the Google Security Team; see
our advisory: http://www.opera.com/support/kb/view/926/
* Fixed an issue where plug-ins could be used to allow cross domain scripting,
as reported by Adam Barth; details will be disclosed at a later date.
* Fixed a moderately severe issue; details will be disclosed at a later date.
* Added Untrusted Rootstore Capability:
* Opera downloads only the detailed information about untrusted (blacklisted)
certificates when they are encountered
* If download fails for certificate information in the list, Opera considers
any certificate matching the ID as untrusted
* Added version conditional fetching of certificate dependencies from an online
repository
* Fixed a problem downloading the CRL (Certificate Revocation List)
* Fixed a problem that could cause SSL to deadlock in one state, hanging the
connection
* Fixed a problem that could cause the incorrect calculation of Certificate IDs
* Implemented Extended Validation (EV) for cross-signed EV Root Certificates not
shipped by default
* Implemented preshipping of the Entrust 2048 CA (Certificate Authority)
* Implemented Root Certificate fetching from an online repository when an
intermediate matches a certificate in the repository
* Improved support for weak encryption when importing .p12 private certificates
* Prevented security information documents from being written to disk
Miscellaneous
* Fixed a problem which created separate feed notifications; Opera now groups
them together
* Fixed a problem with the backspace key event in the Flash plug-in
* Fixed a problem with inline find when no text was entered, and the Enter key
was pressed
* Fixed an instability error with the 64 bit Linux version
XXX: Please anyone update PLIST.solaris-sparc.
Opera 9.63 for Linux Changelog
Release Notes
Opera 9.63 is a recommended security and stability upgrade.
Opera 9.63 incorporates the Opera Presto 2.1.1 user agent engine.
Changes and improvements since Opera 9.62
User Interface
* Added opera:config > UserPrefs > DoubleclicktoCloseTab to close tabs by double-clicking on them
Mail, News, Chat
* Added a thread button in the mail toolbar
* Removed Label button from mail toolbar
* Reverted the Subject field back to its previous behavior where it is a text field and not a button
* Added shortcuts for follow (Ctrl/Cmd-D), ignore (Ctrl/Cmd-Shift-D) and go to thread (D)
Security
* Manipulating text input contents can allow execution of arbitrary code, as reported by Red XIII. See our advisory.
* HTML parsing flaw can cause Opera to execute arbitrary code, as reported by Alexios Fakos. See our advisory.
* Long hostnames in file: URLs can cause execution of arbitrary code, as reported by Vitaly McLain. see our advisory.
* Script injection in feed preview can reveal contents of unrelated news feeds, as reported by David Bloom. See our advisory.
* Built-in XSLT templates can allow cross-site scripting, as reported by Robert Swiecki of the Google Security Team. See our advisory.
* Fixed an issue that could reveal random data, as reported by Matthew of Hispasec Sistemas. Details will be disclosed at a later date.
* SVG images embedded using <img> tags can no longer execute Java or plugin content, suggested by Chris Evans.
* Opera now imports .p12 private certificates
Opera 9.62 for Linux Changelog
Release Notes
Opera 9.62 is a recommended security upgrade. Please see the Security section.
Opera 9.62 incorporates the Opera Presto 2.1.1 user agent engine.
Changes since Opera 9.61
Security
* Fixed an issue where History Search could be used to execute arbitrary code, as discovered by Aviv Raff; see our advisory
* The links panel no longer allows cross-site scripting; see our advisory
Opera 9.61 for Linux Changelog
Release Notes
Opera 9.61 is a recommended security upgrade. Please see the Security section.
Opera 9.61 incorporates the Opera Presto 2.1.1 user agent engine.
Changes since Opera 9.6
User Interface
* Fixed an issue with Opera Link which could generate duplicate bookmarks during the synchronization process
* The image toggle button on the status bar is now a normal button, and does not have a menu
Security
* Fixed an issue where History Search could be used to reveal browsing history, as reported by Roberto Suggi Liverani of Security-Assessment.com; see our advisory
* Fast Forward can no longer allow cross-site scripting, as reported by David Bloom; see our advisory
* Prevented news feed preview from revealing the contents of unrelated news feeds, as reported by David Bloom; see our advisory
Opera 9.6 for Linux Changelog
Release Notes
Opera 9.6 is a recommended security and stability upgrade. See the Security section.
A separate changelog listing changes since Opera 9.6 Beta 1 is available.
New and improved features in Opera 9.6
Opera Link
Custom search engines and typed history (typed history is only the history you explicitly type or select from the address bar) are now joining bookmarks, notes, personal bar and Speed Dial in Opera Link.
Opera Mail
Feed Preview
Now you can preview an RSS/Atom feed before subscribing.
Follow/Ignore threads and contacts
Follow and Ignore are new features for users that receive numerous messages. It makes it easier to dismiss unimportant messages and easier to recognise important messages.
* Activate this feature by selecting Follow/Ignore in the email context menu (or click the message subject header), then select either Follow Thread or Ignore Thread.
* Also, you can click the names in the From or To headers to enable the following or ignoring of contacts.
Go To Thread
You can now also use "Go to thread" which means that you can view only the messages from that thread. This is useful for those that employ flat view.
Low Bandwidth Mode
Low Bandwidth Mode is a setting on mail accounts that makes Opera Mail use as little bandwidth as possible.
* For IMAP (Internet Message Access Protocol): Opera will only synchronise new messages and it will not fetch message attachments unless requested
* For POP (Post Office Protocol): Opera will not fetch more than the first 100 lines of a message unless requested
Opera Scroll Marker
The new Opera Scroll Marker makes it easier to continue reading when you scroll through a Web page. At the end of the page it will indicate the previous position of the bottom of the screen so you can easily see where to continue reading.
Enable Opera Scroll Marker in the Preferences dialog box. Navigate to Tools > Preferences > Advanced > Browsing > Show scroll marker (check box).
* Check the box to enable Opera Scroll Marker
* Leave the box unchecked (default) to keep it disabled
Using the opera:config Preferences Editor opera:config#UserPrefs|EnableScrollMarker, you can also set Opera Scroll Marker to show every time you scroll less than a full page down or up. The options in the drop-down menu are:
* 0 ¡½ off
* 1 ¡½ show when reaching the bottom or top of the page
* 2 ¡½ always show when scrolling
Changes since Opera 9.52
User Interface
* Opera now remembers the bookmark panel position after restart
* Added a setting opera:config#UserPrefs|ShowBookmarksInAddressfieldAutocompletion to prevent bookmarks from showing in the Address field auto-completion drop-down
* When setting opera:config#TransferWindow|KeepEntriesDays to 0, Opera now removes the transfer history when restarting
* Sites using HTTP Auth are now saved in typed history
* Opera now stops loading pages with iframes when closing the page or pressing stop
* Page encoding in site preferences can now be reset to automatic
* Browsing Intranet sites now works after changing proxies in a running session
* Improvements to Opera Link include the synchronization of search engines and typed history
* Changed the default global history to 1000
* Added a new default speedial.ini
* Fixed sorting by progress in Transfers
* Fixed copying of multiple entries from the history manager
* Fixed a bug that could cause notes to be lost when using certain characters
* Fixed dataloss situation when note folders had more than one line in their name
* Fixed spurious highlighting when using the space character in inline find
* Fixed an issue that would prevent links in frames from being opened by the keyboard
Mail, News, Chat
* Added popular Chinese providers in mailproviders.xml
* Made all top-level access points (except All Messages) selectable
* Now copes better with broken POP servers that send empty UIDLs
* The "Large font" setting is now respected for subjects
* Cache files from feeds no longer show up in Transfers
* Feeds are now detected even when served as text/html
* Fixed the synchronization of removed labels for IMAP accounts
* Fixed an issue where the signatures wouldn't change if the default account signature ended with a space
* Fixed an issue where sent message bodies could disappear under certain circumstances
* Fixed DCC transfers in IRC
Display and Scripting
* Improved Acid3 support: The document property has been removed from iframe objects for compatibility with Gecko, WebKit, and the Acid3 test
* Added support for the caller property on functions: http://developer.mozilla.org/En/Core_JavaScript_1.5_Reference:Global_Objects:Function:caller
* Special characters are now displayed properly in the Address bar drop-down
* Opera Dragonfly element highlighting no longer stays on the page after closing the developer tools window
* Script focused elements are no longer highlighted
* Fixed saving of SVG when right clicking
* Fixed an issue where custom search engines would not get a favicon
Security
* Verisign and Comodo are now formally EV-enabled: see Yngve's blog post
* Fixed an issue where specially crafted addresses could execute arbitrary code, as reported by Chris of Matasano Security; see our advisory
* Java applets can no longer be used to read sensitive information, as reported by Nate McFeters; see our advisory
Miscellaneous
* Added the Opera Core version (currently "Presto/2.1.1") to the User Agent header
* Improved performance with large wand.dat files
* Fixed Fast Forward on Google search results pages
Unix-specific changes
* Upgrading Opera on Debian no longer resets default x-www-browser
* Fixed an issue where text with specified size suddenly disappears on Qt4 builds
Patch provided by Juan RP in PR pkg/39269.
Changes since Opera 9.51
User Interface
* Added several improvements to the icons and skin
* Added a bookmark path to autocompleted bookmarks in the address bar to better distinguish them from visited pages
* Added a Help button to Engine Init() Failed error message on start-up to inform users about a problem
Mail, News, Chat
* Fixed an issue where Mark all as read in Opera Mail would also mark as read some mails not visible in the current view
* Fixed the creation of the POP AOL/aim.com account
* Fixed a problem with POP accounts where message bodies were not downloaded
* Added work-arounds for problems with various POP servers
* Fixed mail appearance when Opera is installed in a folder with a # character in its name
* Fixed a problem that could occur when opening mail notification popups on a secondary monitor
* Fixed a problem connecting to online.no
o Note: Users experiencing problems with online.no should change their incoming server to use Plaintext authentication
* Fixed a problem updating signature when switching accounts
* Fixed a problem where UI would not update after unsubscribing an IMAP folder
* Fixed an issue where IRC would disconnect users without informing them
Display and Scripting
* Fixed an issue with history navigation: an iframe with document.write is not added to history anymore
* window.close() now functions after invoking a context menu - now also works in widgets
* Fixed a URL encoding issue: javascript: URLs
* Fixed an issue with lists not displaying correctly when text is rendering in RTL
* Fixed a problem where content blocker adds a generalized block rule when using the Details button
Security
* Sites can no longer change framed content on other sites: see our advisory
* Fixed an issue that could allow cross-site scripting, as reported by Chris Weber of Casaba Security: details will be disclosed at a later date
* Custom shortcuts no longer pass the wrong parameters to applications, as reported by Michael A. Puls II: see our advisory
* Prevented insecure pages from showing incorrect security information, as reported by Lars Kleinschmidt: see our advisory
* Feed links can no longer link to local files: see our advisory
* Feed subscription can no longer cause the wrong page address to be displayed: see our advisory
Miscellaneous
* Fixed a problem where Gmail would not load
* Fixed the opening of files in external applications when disk cache is off
* Fixed an issue with low quality on YouTube video previews
* Embedded YouTube videos should work more often now without having to reload
* Fixed RealPlayer on BBC
* Fixed a small memory leak in the BitTorrent code
* Fixed some translation errors
UNIX-specific changes
* Made the -geometry command line argument work even when Opera was previously maximized
* Added a Close Tab entry to the File menu
Changes since Opera 9.5
User Interface
* Fine-tuned the new Opera skin.
* Improved drag/drop of tabs.
* Fixed problems with search engines when upgrading from Opera 9.2x.
* Fixed a stability issue when printing or when in print preview.
* Added an option to toggle mouse flips in opera:config (User Prefs - Enable Mouse Flips).
* Textarea inputs now clear when no-cache is set.
* Saving of images is no longer recorded in transfers.
Mail/News
* Feeds now show the first time when you subscribe.
* Corrected a stability issue that could occur when clicking the drop-down to switch views.
* Adjusted thread expanding in Mail when receiving new messages.
* Corrected a problem where multiple views (access points) show for the same account.
Display and Scripting
* Corrected a stability issue with User JS.
* Style sheets now load when navigating in history.
* window.close() now functions after invoking a context menu and when closing Opera Dragonfly.
Security
* Fixed an issue where <canvas> functions could reveal data from random places in memory, as reported by Philip Taylor. See our advisory.
* Security status is now correctly set when navigating from HTTP to HTTPS.
* Corrected an issue related to OCSP and CRLs that would lower security.
o Note: This will take effect with the weekly update, or when checking manually for an update (Help > Check for Updates).
Miscellaneous
* Corrected a stability issue with Yahoo! Mail.
* TinyMCE 2.1.x editor now works properly.
* Printing of chat items has been improved.
* Reconnection of the IRC client has been adjusted and improved.
* Menus on deviantart.com now work properly.
* Eliminated unwanted line breaks in rich text editors.
UNIX-specific changes
* An Opera package for 64-bit Linux is now available.
* Corrected an issue that would prevent pages from closing on Qt4 builds.
* Improved the saving of changes to plugin configuration.
Changes Since Opera 9.27
User Interface
* Introduced Opera Link.
o Opera Link enables the synchronization of Bookmarks, Personal bar, Speed Dial and Notes with other instances of the browser via the menu option File > Synchronize Opera. See: Opera Link - Web Everywhere.
o The most recent Speed Dial entries will always be used during the Opera Link synchronization process.
* Added Quick Find, an improved full text history search tool. Quick Find searches for text inside pages previously visited, not just the title and address. It is available from:
o the address field
o the history panel
o opera:historysearch
* A redesigned Address bar drop-down is displayed when entering text in the Address bar:
o Improved the visual design.
o Includes excerpts from previously visited pages (Quick Find - see above).
o Added bookmark title and URL to the address bar auto-completion.
o Improved the panel selector dropdown.
o Added local file auto-completion.
* Re-enabled the Status bar by default and copied some UI elements from the View bar to Status bar; View bar is now disabled by default.
* Speed Dial:
o Changed default Speed Dial search engine from Yahoo to Ask.
o Added Undo capability for Speed Dial entries through Edit > Undo, and Ctrl+Z, which restores a cleared url entry.
* Added alternative tab-closing behaviors. The preferences now include the following options when closing a tab:
o Activate the last active tab (default).
o Activate the next tab.
o Activate first tab opened from current tab.
* "Open with" functionality added to web page context menu and Transfer panel/page.
* Content blocking improvements:
o Added site-specific toggling of content blocking.
o Double-clicking entries in the Details dialog now edits them.
o CSS and JS files matching blocked patterns are now also shown in the Details dialog.
* Added ability to save only the active window as a session (File > Sessions > Save This Session > Only save active window).
* Disabled dragging links/favicons to arbitrary toolbars (exceptions: Personal bar and opera: buttons); hold Shift or open the Tools > Appearances dialog to enable dragging.
* Wand feature will no longer block form submits, making it possible to see if login was successful before storing your login credentials.
* Introduced a new security notification scheme in the address field; see Security..
* New spatial navigation highlighting introduced, similar to the one used in Opera Mini 4 and the Wii browser.
* Added spatial navigation for client side image maps, Xlink references in SVG documents and elements with click event handlers that simulate links/buttons.
Customization
* Introduced a new default skin.
o A Home icon is now present by default.
o The New Tab icon has been moved to the right of the Tab order.
* Allow cascading dialog.ini files.
* Added .mini toolbar state (used in the Status bar) to make buttons and padding 80% of normal size.
Accessibility
* Experimental screen reader support:
o Added support for Microsoft Active Accessibility API (MSAA).
o Preliminary support for Window-Eyes, JAWS, NVDA, and OS X VoiceOver.
o Collaborated with GW Micro on improved compatibility with future releases of Window-Eyes.
o Added basic implementation of Accessible Rich Internet Applications (ARIA).
* Keyboard Shortcut improvements:
o Disabled most single-key shortcuts. To re-enable single-key shortcuts, go to Preferences > Advanced > Shortcuts > Enable single-key shortcuts.
o All keyboard navigation methods (spatial navigation, Ctrl/Cmd+Up/Down, inline find, etc.) should now work based on the same elements, which allows you to use spatial navigation after inline find, etc.
o Keyboard shortcuts using Ctrl/Cmd+Shift no longer always open in a background tab.
o "Save Draft" shortcut Ctrl+S removed due to the new autosaving of drafts.
o Shortcut Ctrl+Enter now sends a message, in addition to Ctrl+Shift+S.
o Shortcut Ctrl+O added for adding attachments in the compose window.
o Shortcut for "Duplicate Tab" has been removed.
o Shortcut for "Reopen Closed Tab" has been changed from Ctrl+Alt+Shift+Z to Ctrl+Shift+T.
o Further reference: Changes in Keyboard Shortcuts between Opera 9.27 and 9.50
* Spatial navigation improvements:
o Restore navigated element when moving in history.
Mail/News
New storage and indexing formats are introduced for Opera Mail. If you copy your Mail directory from an existing profile, you will be prompted to convert all accounts into the new format and re-index your messages. You will not be able to downgrade to a previous version of Opera after starting the conversion process.
Back-ends
* Opera Mail is now more secure, reliable and faster.
* Improved search results in Opera Mail when using Quick Find.
* Easier mail setup for well-known providers using the mailproviders.xml template.
* SMTP Authentication is enabled by default for new mail accounts.
* Performance improvements include reduced memory usage, reduced disk accesses, and reduced freezing when checking for new mail/feeds.
* Improved the moving and copying of messages on an IMAP account.
* Improved IMAP reliability, especially when fetching mail with multiple clients.
* Improved downloading mail from POP servers.
* When using "Leave messages on server", POP3 messages are permanently removed from the server when the Trash view is emptied (disable by setting "Permanent delete=0" for the relevant account in accounts.ini)
* Made "Send queued e-mail after checking e-mail" setting POP-specific.
* Improved handling of multipart messages and message attachments, including messages sent from Apple Mail.
* Messages in the selected IMAP sent folder are now shown in the Sent view.
User Interface
* Improved the Search and Filter property dialogs.
* "Move Spam to Trash" and "Empty Trash" are now limited to the active account(s).
* IMAP mailboxes that cannot be checked are greyed out.
* Improved the View > Encoding setting for messages.
* New notification system: each message will generate a notification, though one notification per account will appear if more than three messages are received.
* Changed the Mail panel, which replaces the status pane with account icons.
* Pressing F5 will check for new messages in the current view; useful for manually checking for new feeds.
* Replaced "Save as draft" button in the Compose window with a "Discard draft" button: drafts are auto-saved once text is entered in the message body.
* The Mail panel now indicates nested filters or mailboxes.
* Mail passwords are now stored in the Wand password database and displayed with ghost text instead of asterisks.
* Added an option to filter/search based only on message bodies.
* Improved spatial navigation of messages.
* Added Ctrl/Cmd+O shortcut to add attachments to messages.
* Improved the display of Japanese file names in Mail.
* Changed handling of Delete:
o Del Always moves to Trash bin.
o Shift+Del Now deletes completely without using the Trash bin.
* Several improvements to the Undo functionality:
o Undo after marking all as read works now.
o Undo now reverts marking as spam.
o Undo removing items from filter.
Import
* Added an Opera 7/8/9 importer and a recursive mbox importer.
* Made Netscape, Eudora, and Opera 5/6 import options available cross-platform.
* Improvements importing mail from Thunderbird and Outlook Express.
Chat
* Notifications can be limited to private messages rather than all channel activity (can be enabled in Preferences > Advanced > Notifications)
Feeds
* Improved feed download speed.
Display and Scripting
Rendering Engine
* Many performance, stability and memory improvements throughout the engine.
* Added support for the CSS3:
o overflow-x and overflow-y properties (demo)
o text-shadow property (demo)
o Selectors (demo)
o outline-offset property (demos)
o background-size property (only accessible via the custom -o-background-size property)
o currentColor color keyword
* Added support for the CSS2.1:
o white-space: pre-line value
* Added support for the:
o :-o-prefocus pseudo-class, which allows styling of form elements reached via spatial navigation.
o custom -o-language-string(n) property for use in User and Internal Stylesheets to allow localized strings in stylesheets.
o custom-o-table-baseline property, used to determine which row of an inline-table will be used as the baseline of the table.
+ The property accepts either an integer or inherit value, where the integer refers to the table row to use as the table's baseline.
+ -1 refers to the last row of the table and -n refers to the nth row from the bottom.
+ If the integer value is 0, the bottom margin edge of the table will be treated as the table's baseline.
+ The initial value is 1; this property only applies to inline-tables.
o label attribute of option elements
o min-width and max-width properties for elements styled with display: table-cell (such as td and th elements)
o color attribute for hr elements
o overflow in inline-table and inline-block elements, which fixes unclickable links and truncated content on Dell.com.
o display: table-column and table-column-group values on elements other than col and colgroup
* Improved support for the:
o CSS outline property
o @import, @media, @namespace, and @page at-rules
* rowspan=0 is now also supported in Quirks mode.
* :lang() selector now correctly matchs the full string.
* Disallowed use of percentage width values for the border-width property.
* Removed support for class selectors starting with a digit in Quirks mode.
* Improved the table layout algorithm.
* Major improvements to the shrink-wrapping algorithm.
* Updated tabindex attribute handling:
o Any element with a tabindex that is a positive number should be reachable by tabbing.
o Elements with a negative tabindex should never be reachable by tabbing.
* Improved redraw when reducing the width of td elements via DOM.
* Improved display of full-screen YouTube videos.
* Improved focusing of the message composition area on Gmail.
* Allow:
o Changing the background of input type=image elements.
o Inheritance of frameset encoding into frame documents, using the same restrictions as used for inline frames.
o Storing of original strings in HTML attributes for use by CSS selectors and the DOM.
* Enabled employing percentage height on blocks inside table cells.
* Corrected use of padding on table elements when setting the border-spacing property and using the separated-border model.
* Media queries are now dynamic, allowing them to update when the window size is changed not just when the page loads.
Acid3
* Zero bytes in encodeURIComponent and encodeURI are now handled correctly.
* Unicode escapes can no longer be used to put non-identifier characters into identifiers.
* getSVGDocument is now supported in an iframe.
* createDocumentType now throws an exception for malformed qualified name.
* NodeFilter no longer returns true => 1.
* HTMLTableRowElement.rowIndex and .sectionRowIndex are now defined for table rows created via DOM.
* HTMLButtonElement.type now defaults to "submit".
* Form control collection is now indexed by name when outside the main document tree.
* Improved Range.surroundContents().
* Changed insertNode to not collapse range.
* removeNamedItem() and removeNamedItemNS() will now throw a not-found error.
* NodeIterator now functions properly under dynamic changes.
* Date.UTC() now does proper 1900 year offsetting.
JavaScript/DOM
* The ECMAscript engine has been rewritten, which is now more flexible and uses less memory.
* Improved JavaScript performance.
* Improved process of calling abort() from readyState 2 or 3 in XHR.
* Various improvements to XPath.
* Added integration of Opera Dragonfly (alpha) web developer debugger to Tools > Advanced > Developer Tools.
* Added support for JavaScript 1.5 Getters and Setters.
* Added support for the DOM 3 Core:
o Node.isSameNode method
o Text.wholeText attribute and Text.replaceWholeText method
o Node.compareDocumentPosition method (used by Google Pages)
* Added support for the HTML5:
o {Document,Element}.getElementsByClassName method
o Navigator.onLine attribute and the Window.{online,offline} events
o Canvas.getImageData and Canvas.putImageData methods, including support for creating an ImageData object using the ImageData custom interface
o Canvas.transform, Canvas.setTransform, and Canvas.isPointInPath methods
o Element.tabindex attribute and the Element.{blur,focus} methods
* Added support for:
o Gecko DOM Range.comparePoint method (used by Google Pages)
o Microsoft XMLDocument class used for all XML documents (except SVG and XHTML) for cross-browser consistency.
+ The DOM 3 Load and Save Document.async attribute and Document.load method will no longer work in the Document class.
o document.moveFocus{left,right,up,down} methods for directing spatial navigation via JavaScript.
o start and stop methods of marquee elements
o CSSOM ElementLayout.{getClientRects,getBoundingClientRect} methods (demos)
o getClientRects and getBoundingClientRect
o CSS color and background-color properties for the ::selection pseudo-element
* em tag is now inserted instead of i tag when using italic execCommand parameter.
* Improved changing the font size of textarea elements via DOM.
* Fixed issue that caused non-breaking spaces to be inserted in textarea elements as seen at Gmail.
* Renamed LSLoadEvent.input attribute (was LSLoadEvent.filter).
* Adjustments made where mouse events had built-in effects before script event processing was finished.
o Cancelled mousedown should not move focus.
o Blur/focus events caused by mousedown event should be processed after, rather than before the mousedown event causing them.
* Stopped showing text nodes in script and style elements when using the Document.all collection.
* Trigger is now enabled for a onload event for images set to display:none.
* Adjusted canvas locking in the 2dgame context to allow updating when the canvas is locked and fixed the update function to actually work.
* Disabled Document.length, as it caused issues in the Apple.com CoverFlow demo.
* Removed the text attribute from the HTMLSelectElement collection.
* Date.getYear() now returns a full year when the year is > 1999 or < 1900 for cross-browser compatibility (despite breaking the JS spec).
* Removed IE-compatibility where Document.getElementById treated name and id attributes the same, which caused issues with jQuery.
* Events are no longer shared between the Window and Document objects.
* Date method with an out of range day parameter no longer becomes the current date.
* Multiple text nodes are no longer created when there is more than 32KB of data in the text node.
* Improved changing the type attribute of button elements.
* Setting the scrollTop attribute for textarea elements will now scroll the textarea content.
* Several adjustments made to Document.activeElement for consistency.
* XMLHttpRequest now resolves URLs according to the HTML base element.
* Event.keyCode now returns keyboard codes for punctuation keys in addition to alphanumeric keys, improving keyboard navigation at Gmail.
* scrollTop working on both the html and body element simultaneously now allows proper display of maps on theaa.com
* document.body.{clientHeight,clientWidth} and document.documentElement.{clientHeight,clientWidth} now return the correct values in Strict mode, which fixes issues with Novell GroupWise.
* Made event capturing more cross-browser compatible:
o It no longer captures load events if a listener is attached to the window and firing capture events at target.
o Attach listeners to the document object if you need to capture load events from within the document.
* input element created via the DOM when changing the type attribute no longer loses the value, which caused issues when editing del.icio.us bookmarks.
* References to undefined variables as a single statement now throws an error.
* scrollWidth and scrollHeight on the html element now return the size of the html element instead of the size of the document (viewport).
* onmouseout event now fires if an element's innerText changes while it is being hovered.
* Adjusted the return value of getComputedStyle and currentStyle.
* Attribute values in innerHTML are now encoded as required by HTML5.
* Added MathML support.
o See the article on Dev.Opera.
* Opera now cloaks document.all.
o See the discussion on Hallvord's blog.
* Web page performance is now improved with XMLHttpRequest (AJAX).
SVG
* Added partial SVG Tiny 1.2 support.
* Added support for using SVGs in img elements and the CSS background-image and list-style-image properties
* Added external reference support for SVGs.
* Use Opera to render SVGs embedded using the embed element, not just the object element.
* SVGs can now be used as the source for canvas drawImage and createPattern operations.
Rich Text Input
* Use line/paragraph breaking in rich text editor: Enter should insert block-break (new paragraph) and Shift+Enter should insert line-break (br element).
* Improved handling of inserted and removed elements.
Other
* Improved the SVG, DOM, WML, Web Forms 2.0, XPath, and XSLT implementations.
* Added support for UAX #14 Line Breaking Properties and UAX #29 Text Boundaries annexes.
* Added support for XSLT document() function.
* Enabled RTL support in text inputs (including Opera Mail) and form elements.
* Fixed issue where the HttpURLConnection Java object did not support getHeaderField and getHeaderFieldKey.
* Allow installation of certificates that generate warnings.
* Always obey server-set Expiry header.
Security
* Fixed an issue where certain characters could obscure the page address, as reported by Tony Thomas. See our advisory.
* Solved an issue where Images could be read cross-domain with canvas, as reported by Philip Taylor. See our advisory.
* Pages held in frames are no longer able to change the location of pages in unrelated frames on the parent page. See our advisory.
* Improved Fraud Protection now includes advanced malware prevention and upgraded phishing detection technologies. See article: Opera Fraud Protection.
* Added support for Extended Validation (EV) certificates.
* Added automatic downloading of trusted root certificates when required.
* Disabled SSL v2 and weak ciphers.
* Improvements made to certificate handling, the new certificate repository and the certificates UI.
* Introduced a new security notification scheme in the address field:
o black padlock with a check mark on green field for secure sites with Extended Validation
o black padlock without a check mark on yellow field for regular secure sites
o question mark on gray field for HTTPS sites with issues
o no notification for normal sites
o fraud warning on red field for blacklisted sites
* Opera now distinguishes between local servers on localhost, intranet servers, and remote servers on the Internet.
o Local servers can use remote resources, but not vice versa.
Miscellaneous
* Offline mode is improved.
* Redesigned Info panel: it now includes the page display mode, download date, META tags, links to stylesheets and JavaScript files, etc.
* Items in opera:cache no longer use file extensions.
* Added "Drag to scroll" (disabled by default) which allows scrolling by "grabbing" the page, much like on mobile phones with touch screens.
o This functionality is also available if you press and hold Ctrl+Alt and drag the page.
* opera:config will now function correctly when JavaScript is disabled.
* Added support for the BitTorrent peer exchange protocol, which is compatible with libtorrent and µTorrent.
* Reduced CPU usage when downloading torrents.
* Added support for JIS X 0212 in EUC-JP code set 3 and ISO-2022-JP.
* Added support for JIS-Roman output in ISO-2022-JP.
* Enabled auto-detection of ISO-2022-JP-1 support.
* Added zh-SG and zh-MO as known language codes and SG and MO as country codes for selecting Chinese variant.
* All mail and history searching now occurs in a separate processor thread.
* New search.ini.
UNIX-specific changes
* Thirty-four languages are now pre-installed in Opera 9.5.
* All packages are now fully localized.
* 64-bit FreeBSD and Linux builds are now available.
* QT4 Linux builds are now available, complete with support for native QT skins.
* Discontinued support for the SPARC Linux platform.
* Discontinued support for FreeBSD 4. Added New native FreeBSD 7 builds.
* Added support for windowless plug-ins.
* 32-bit plug-ins (like Flash Player) and 64-bit plug-ins now work out of the box in 64-bit Linux builds.
* Added support for GTK+ based plug-ins such as Gecko MediaPlayer, mplayerplug-in and recent Flash versions.
* Added support for GTK+ filechooser for better integration with the users' environment.
* Improved platform integration regarding external handlers and icons.
Security
* Fixed an issue where newsfeed prompts could cause Opera to execute
arbitrary code, as reported by Michal Zalewski. See our advisory.
http://www.opera.com/support/search/view/881/
* Solved an issue where resized canvas patterns could cause Opera to
execute arbitrary code, as reported by Michal Zalewski. See our
advisory. http://www.opera.com/support/search/view/882/
* Improved keyboard handling of password inputs, as reported by Trystan S.
Miscellaneous
* Fixed a BitTorrent transfer stability issue.
* Resolved stablity issues with the Acid 3 test.
* Additional stability fixes.
Changes Since Opera 9.25:
Security
--------
Fixed an issue where simulated text inputs could trick users into uploading
arbitrary files, as reported by Mozilla. See our advisory.
Image properties can no longer be used to execute scripts, as reported by
Max Leonov. See our advisory.
Fixed an issue where the representation of DOM attribute values could allow
cross site scripting, as reported by Arnaud.lb. See our advisory.
Miscellaneous
-------------
Fixed a stability issue found in Opera 9.0 to 9.25, when Opera connects
securely to Windows Server 2008 or other servers supporting the TLS
Certificate Status extension.
Additional stability fixes.
Changes in v9.25:
Security
* Fixed an issue where plug-ins could be used to allow cross domain
scripting, as reported by David Bloom. Details will be disclosed
at a later date.
* Fixed an issue with TLS certificates that could be used to execute
arbitrary code, as reported by Alexander Klink (Cynops GmbH).
Details will be disclosed at a later date.
* Rich text editing can no longer be used to allow cross domain
scripting, as reported by David Bloom. See our advisory.
* Prevented bitmaps from revealing random data from memory, as
reported by Gynvael Coldwind. Details will be disclosed at a
later date.
Miscellaneous
* Fixed a problem where malformed BMP files could cause Opera to
temporarily freeze.
For pkgsrc use, put back opera-distinfo target (to easily re-generate
checksums for supported platforms)
Changes Since Opera 9.23
Security
* Fixed an issue where external news readers and e-mail clients could be
used to execute arbitrary code, as reported by Michael A. Puls II.
See our advisory.
* Fixed an issue where scripts could overwrite functions on pages from
other domains. See the advisory. Issue reported to Opera by David Bloom.
This closes PR pkg/37185.
* Fixed four crash bugs found using Mozilla's jsfunfuzz tool.
* Fixed a stability issue with Speed Dial.
Security
* Fixed a JavaScript security issue discovered with Mozilla's
jsfunfuzz tool. See our advisory.
of an emulated operating system. Instead of proliferating things like
SUSE_VERSION_REQD, NETBSD_VERSION_REQD, SOLARIS_VERSION_REQD, etc., a
package can say:
EMUL_REQD= suse>=9.1 netbsd>=2.0 solaris>=10
all in one, succinct line.
depend upon to supply the Linux shared libraries already tell the user
this. The JDK packages also depend on the corresponding JRE package,
so they don't need to show the same message -- keep the message with
the JRE packages instead.
Linux kernel emulation <= 2.0.38. Also ensure that /lib is in
LD_LIBRARY_PATH so that the opera binary can find /lib/libpthread.so.0
in ${EMULDIR} and not NetBSD's /usr/lib/libpthread.so.0.
Bump the PKGREVISION to 1.
binary-only packages that require binary "emulation" on the native
operating system. Please see pkgsrc/mk/emulator/README for more
details.
* Teach the plist framework to automatically use any existing
PLIST.${EMUL_PLATFORM} as part of the default PLIST_SRC definition.
* Convert all of the binary-only packages in pkgsrc to use the
emulator framework. Most of them have been tested to install and
deinstall correctly. This involves the following cleanup actions:
* Remove use of custom PLIST code and use PLIST.${EMUL_PLATFORM}
more consistently.
* Simplify packages by using default INSTALL and DEINSTALL scripts
instead of custom INSTALL/DEINSTALL code.
* Remove "SUSE_COMPAT32" and "PKG_OPTIONS.suse" from pkgsrc.
Packages only need to state exactly which emulations they support,
and the framework handles any i386-on-x86_64 or sparc-on-sparc64
uses.
* Remove "USE_NATIVE_LINUX" from pkgsrc. The framework will
automatically detect when the package is installing on Linux.
Specific changes to packages include:
* Bump the PKGREVISIONs for all of the suse100* and suse91* packages
due to changes in the +INSTALL/+DEINSTALL scripts used in all
of the packages.
* Remove pkgsrc/emulators/suse_linux, which is unused by any
packages.
* cad/lc -- remove custom code to create the distinfo file for
all supported platforms; just use "emul-fetch" and "emul-distinfo"
instead.
* lang/Cg-compiler -- install the shared libraries under ${EMULDIR}
instead of ${PREFIX}/lib so that compiled programs will find
the shared libraries.
* mail/thunderbird-bin-nightly -- update to latest binary
distributions for supported platforms.
* multimedia/ns-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
* security/uvscan -- set LD_LIBRARY_PATH explicitly so that
it's not necessary to install library symlinks into
${EMULDIR}/usr/local/lib.
* www/firefox-bin-flash -- update Linux version to 9.0.48 as the
older version is no longer available for interactive fetch.
An issue when removing specially prepared torrent transfers was fixed.
A data leak issue when using canvas.createPattern was fixed.
An issue where data URIs could be used to display the wrong address in
the address bar was prevented.
The display of long domain names in auth dialogs was improved.
The Trustcenter class 3 G2 root certificate was added.
A problem with certificate import was fixed.
Toolbars can now use bold fonts again.
Tabs can be dragged between windows using the Windows panel again.
Several stability and performance fixes were made.
Shared memory is now disabled by default.
INSTALLATION_DIRS, as well as all occurrences of ${PREFIX}/man with
${PREFIX}/${PKGMANDIR}.
Fixes PR 35265, although I did not use the patch provided therein.
Changes:
This release of Opera introduces Fraud Protection.
Changes Since Opera 9.02
User interface
* Fixed handling of access keys on Web pages with frames.
* Mail, messaging, and newsfeeds
* Fixed an instability connected with delayed entry of the Master password.
* Deleting of newsfeeds in the panel now both unsubscribes and deletes.
Display and scripting
* Improved performance for elements with both :focus and :hover.
* Fixed an issue with opacity on links that have images nested within them.
Security
* New Fraud Protection feature (a phishing filter).
* Changed Wand data to a new format. The upgrade to this new format
is not reversible.
Miscellaneous
* Multiple stability issues solved, including crashes on Gmail and Google Maps.
* Changed the Mozilla User Agent string to include Firefox identification.
* Improved handling of Web site logins on slow connections.
* Cancellation of torrent downloads now functions as expected.
UNIX-specific changes
* Fixed smooth scrolling.
* Flash 9 beta support for Linux.
* Implemented support for Linux plug-ins on FreeBSD.
* When masking as Internet Explorer, the platform is masked as Windows XP.
* Fixed an issue where floating point numbers were treated as integers
on some Linux systems.
- fix badly out of date PLIST for solaris
- add missing response of 'n' to the install.sh script to avoid installing
some xpm's in /usr/share/....
Opera seems to build, install, package, and run ok on solaris 9/sparc now.
This release is a recommended security upgrade.
Changes since 8.51:
Display
* Fixed drop-down list problem affecting Bloglines subscription sorting.
Security
* Replaced expired certificates from TrustCenter.
* Solved status bar issue described in Secunia Advisory 17571.
* Implemented stricter handling of the Online Certificate Status Protocol (OCSP).
Miscellaneous
* Fixed problem with missing keypresses when switching between applications.
* Fixed GDI leak issue with favicons causing slowdowns and crashes.
* Fixed Gmail loading problem.
Changes since 8.01:
Security
* Solved download dialog spoofing issue described in Secunia Advisory SA15870
* Fixed image dragging issue described in Secunia Advisory SA15756
Miscellaneous
* Improved default handling of encodings in spelling checker.
* Multiple stability fixes.
* When an installed plug-in is available, use as default handler rather
than display download dialog.
* Improved support for XMLHttpRequest.
* Fixed download handling when closing originating page.
