- gnutls_handshake_set_private_extensions: Do not enable private cipher
suites that might not be supported by anything other than GNUTLS.
The GNUTLS 2.8.0 documentation notes that enabling these extensions
can cause interoperability problems.
- gnutls_set_default_priority: Explicitly disable OpenPGP certificates.
- gnutls_certificate_type_set_priority: Do not enable OpenPGP certificates.
The GNUTLS 2.8.0 documentation notes that OpenPGP certificate support
requires libgnutls-extra. Because libgnutls-extra 2.2.0 and later are
under GPLv3-or-later and thus not GPLv2 compatible, ELinks doesn't use
libgnutls-extra, so OpenPGP certificates didn't work anyway.
- gnutls_server_name_set: Do not tell the server the hostname from the URL.
This was supposed to let the server choose the appropriate certificate
for each name-based virtual host, but ELinks actually always sent just
"localhost", so it didn't work anyway. This will have to be revisited
when ELinks is changed to actually verify the subject name from the
server's certificate (ELinks bug 1024).
These changes should help ELinks negotiate SSL with bugzilla.novell.com.
[NEWS and commit message by me. --KON]
The configure script used to run libgnutls-config in order to find the
compiler and linker options needed for using GNUTLS, but GNUTLS 2.7
apparently doesn't ship that script any more. Use pkg-config instead.
GNUTLS 1.2.0 is the oldest version supported by ELinks, and that already
installs the gnutls.pc file required by pkg-config.
This commit also removes support for configure --with-gnutls=DIR.
The configure script used to look for libgnutls-config in DIR.
DIR thus had to be a directory where executable programs were installed,
and it's unlikely that gnutls.pc would be found there. So, any callers
that used this feature would have to be changed anyway, and they can as
well be changed to set the PKG_CONFIG_PATH environment variable instead.
Conflicts:
src/session/session.c: Kept the elinks-0.13 version.
Bug 1077 did not occur in elinks-0.13 because
setup_session here calls render_document_frames
directly and that sets ses->doc_view->vs.
The AsciiDoc 7.1.2 configuration files included in the ELinks
source tree apparently aren't compatible with AsciiDoc 8.4.4:
[ASCIIDOC] doc/elinks.1.xml
FAILED: [listdef-bulleted] missing section: [listtags-None]
make[1]: *** [elinks.1.xml] Error 1
Fix this by including asciidoc.py from AsciiDoc 7.1.2 as well.
The build system now doesn't care at all whether the user has
installed some version of AsciiDoc or not.
C99 6.7.4p3 and 6.7.4p6 set some constraints on what can be done in
inline functions and how they can be declared. In particular, any
function declared inline must also be defined in the same translation
unit. To comply with that, remove inline specifiers from function
declarations in header files when the functions are not also defined
in those header files.
Sun Studio 11 on Solaris 9 is stricter than C99 and does not allow
references to static identifiers in extern inline functions. Make the
configure script detect this and define NONSTATIC_INLINE accordingly
in config.h. Then use that in the definitions of all non-static
inline functions.
Document the restrictions and this scheme in doc/hacking.txt.
Check the return value of get_opt_rec on "document.browse.search.regex"
before dereferencing it. The option is not there if regular expression
support is disabled at build time.
This commit fixes a bug introduced in commit
b2d51c75ff0d6c52a4f6a2761801beb641cba3a2.
Check the return value of get_opt_rec on "document.browse.search.regex"
before dereferencing it. The option is not there if regular expression
support is disabled at build time.
This commit fixes a bug introduced in commit
b2d51c75ff0d6c52a4f6a2761801beb641cba3a2.
In src/session/task.c, if ses_goto() was going to ask the user to
confirm, it did:
task->session_task.target.frame = null_or_stracpy(target_frame);
It added the struct task to a memory_list, so the structure was freed
when the message box was closed. The target frame string was however
never freed. To fix this leak, add the target frame string to the
memory_list too.
Alternatively, this could have been fixed by making post_yes() and
post_no() free the string. It is however a bit better to use the
memory_list because msg_box() frees that even if it is unable to
display the message box.
Change test/imgmap2.html so it can be used for testing this too.
Debian Iceweasel 3.0.4 does not appear to support such external
client-side image maps. Well, that's one place where ELinks is
superior, I guess. There might be a security problem though if ELinks
were to let scripts of the referring page examine the links in the
image map.
When ELinks runs in an X11 terminal emulator (e.g. xterm), or in GNU
Screen, it tries to update the title of the window to match the title
of the current document. To do this, ELinks sends an "OSC 1 ; Pt BEL"
sequence to the terminal. Unfortunately, xterm expects the Pt string
to be in the ISO-8859-1 charset, making it impossible to display e.g.
Cyrillic characters. In xterm patch #210 (2006-03-12) however, there
is a menu item and a resource that can make xterm take the Pt string
in UTF-8 instead, allowing characters from all around the world.
The downside is that ELinks apparently cannot ask xterm whether the
setting is on or off; so add a terminal._template_.latin1_title option
to ELinks and let the user edit that instead.
Complete list of changes:
- Add the terminal._template_.latin1_title option. But do not add
that to the terminal options window because it's already rather
crowded there.
- In set_window_title(), take a new codepage argument. Use it to
decode the title into Unicode characters, and remove only actual
control characters. For example, CP437 has graphical characters in
the 0x80...0x9F range, so don't remove those, even though ISO-8859-1
has control characters in the same range. Likewise, don't
misinterpret single bytes of UTF-8 characters as control characters.
- In set_window_title(), do not truncate the title to the width of the
window. The font is likely to be different and proportional anyway.
But do truncate before 1024 bytes, an xterm limit.
- In struct itrm, add a title_codepage member to remember which
charset the master said it was going to use in the terminal window
title. Initialize title_codepage in handle_trm(), update it in
dispatch_special() if the master sends the new request
TERM_FN_TITLE_CODEPAGE, and use it in most set_window_title() calls;
but not in the one that sets $TERM as the title, because that string
was not received from the master and should consist of ASCII
characters only.
- In set_terminal_title(), convert the caller-provided title to
ISO-8859-1 or UTF-8 if appropriate, and report the codepage to the
slave with the new TERM_FN_TITLE_CODEPAGE request. The conversion
can run out of memory, so return a success/error flag, rather than
void. In display_window_title(), check this result and don't update
caches on error.
- Add a NEWS entry for all of this.
look_for_link() used to return 0 both when it found the closing </MAP>
tag, and when it hit the end of the file. In the first case, it also
added *menu to the memory_list; in the second case, it did not. The
caller get_image_map() supposedly distinguished between these cases by
checking whether pos >= eof, and freed *menu separately if so.
However, if the </MAP> was at the very end of the HTML file, so that
not even a newline followed it, then look_for_link() left pos == eof
even though it had found the </MAP> and added *menu to the memory_list.
This made get_image_map() misinterpret the result and mem_free(*menu)
even though *menu had already been freed as part of the memory_list;
thus the crash.
To fix this, make look_for_link() return -1 instead of 0 if it hits
EOF without finding the </MAP>. Then make get_image_map() check the
return value instead of comparing pos to eof. And add a test case,
although not an automated one.
Alternatively, look_for_link() could have been changed to decrement
pos between finding the </MAP> and returning 0. Then, the pos >= eof
comparison in get_image_map() would have been false. That scheme
would however have been a bit more difficult to understand and
maintain, I think.
Reported by Paul B. Mahol.
(cherry picked from commit a2404407ce)
Before this patch, if you first moved the cursor to link X with
move-cursor-up and similar actions, and then clicked link Y with the
mouse, ELinks would activate link X, i.e. not the one you clicked.
This happened because the NAVIGATE_CURSOR_ROUTING mode was left
enabled and made ELinks ignore the doc_view->vs->current_link
member that ELinks had updated according to the click.
Make ELinks return the session to NAVIGATE_LINKWISE mode, so that
the update takes effect.
Reported by Paul B. Mahol.
(cherry picked from commit 4086418069)
Except if they have external handlers.
When ELinks receives an event from a terminal, move that terminal to
the beginning of the global "terminals" list, so that the terminals
are always sorted according to the time of the most recent use. Note,
this affects the numbering of bookmark folders in session snapshots.
Add get_default_terminal(), which returns the most recently used
terminal that is still open. Use that in various places that
previously used terminals.prev or terminals.next. Four functions
fetch the size of the terminal for User-Agent headers, and
get_default_terminal() is not really right, but neither was the
original code; add TODO comments in those functions.
When the user chooses "Background and Notify", associate the download
with the terminal where the dialog box is. So any later messages will
then appear in that terminal, if it is still open. However, don't
change the terminal if the download has an external handler.
When a download gets some data, don't immediately check the associated
terminal. Instead, wait for the download to end. Then, if the
terminal of the download has been closed, use get_default_terminal()
instead. If there is no default terminal either, just skip any
message boxes.
Add copyright and licence notices, and a NEWS entry.
The data in the new versions is not entirely the same as what ELinks
used to have:
- Unicode/8859_1.cp: Adds control characters.
- Unicode/8859_2.cp: Adds control characters.
- Unicode/8859_4.cp: Adds some control characters that ELinks assumed
there already.
- Unicode/8859_7.cp: Adds three characters.
- Unicode/8859_15.cp: Adds control characters.
- Unicode/8859_16.cp: Adds control characters and swaps 0xA5 with 0xAB.
- Unicode/koi8_r.cp: Changes 0x95 and adds some control characters
that ELinks assumed there already.
- Unicode/macroman.cp: Changes 0xC6 and removes some control characters
that ELinks assumes there anyway.
Samba 3.2.0 switched to version 3 of the GNU General Public License,
which is not compatible with GPLv2 used in ELinks. Perhaps we can
eventually relicense ELinks to "GPL version 2 or later", or resolve
this in some other way. Until then, warn distributors of binaries
about the conflict.
ELinks attempted to display a message box on file_download.term, but
it had already closed that terminal and freed the struct terminal. To
fix this, reset file_download.term pointers to NULL when the terminal
is about to be destroyed. Also, assert in download_data_store() that
file_download.term is either NULL or in the global "terminals" list.
Reported by أحمد المحمودي.
(cherry picked from commit 6e2476ea4d)
The GNU Hurd has a bug that can make select() report an exception in a
pipe even though none has actually occurred. The typical result is
that ELinks closes the pipe through which it internally passes all
input events, such as keypresses. It then no longer reacts to what
the user is trying to do.
Work around the Hurd bug by making set_handlers() check whether the
file descriptor refers to a pipe, and if so, pretend the caller did
not provide any handler for exceptions. This is a minimal change that
avoids slowing down the select() loop itself and does not require
careful analysis of the callers to statically find out which file
descriptors might refer to pipes. The extra stat() calls may slow
ELinks down somewhat, but anyway it'll work better than it did without
the patch, and if the Hurd bug is ever fixed, we can remove the
workaround at that time.
Introduce static int interpreter_count in src/ecmascript/ecmascript.c.
Maintain interpreter_count in ecmascript_get_interpreter and
ecmascript_put_interpreter.
Introduce ecmascript_get_interpreter_count.
Display the number of ECMAScript interpreters that have been allocated
for documents in the Resources dialog box.
Separate the formatting of unparsed lines from ftp_process_dirlist()
to a new function ftp_add_unparsed_line(). Check for all possible
out-of-memory errors. Encode HTML metacharacters as entity references
and document how charsets are handled FTP directory listings.
Add a NEWS entry.
With Sun Studio 11 on Solaris 9, we get "cc: Warning: illegal option
-dynamic"; then, cc proceeds anyway, but the option can prevent the
linker from finding the libraries listed in -l operands. To detect
this, move the -rdynamic check in configure.in down to a place where
the libraries have already been added to $LDFLAGS. So if -rdynamic
interferes with the search for libraries, ELinks won't use it.
Merely moving the test would also change the location of -rdynamic in
$LDFLAGS. Counteract that by making the test add -rdynamic to the
beginning of $LDFLAGS, rather than to the end. This may make the test
more reliable on Solaris.
ELinks used to call the MD5 code in libgnutls-openssl, part of
GNUTLS-EXTRA, which was licensed under GNU GPL version 2 or later.
In GnuTLS 2.2.0 however, the license of GNUTLS-EXTRA has been changed
to GNU GPL version 3 or later. This is no longer compatible with
GNU GPL version 2 as used in the current ELinks, because GPLv2 clause
2. b) requires the whole work to be licensed under GPLv2, and GPLv3
does not allow that.
If anyone is still using a pre-2.2 GnuTLS, he or she can tweak
configure.in to check the version or just assume it's old enough.
There is not much reason to do so though, as including the MD5 code
in ELinks seems to cost only about 4 kilobytes on i686.
(cherry picked from commit 9ca0182ec6)
fsp_open_session() has a bug where it does not set errno if getaddrinfo fails.
Before the bug 1013 fix, this caused an assertion failure.
After the bug 1013 fix, this caused a "Success" error message.
Now it instead causes "FSP server not found".
Replace almost all uses of enum connection_state with struct
connection_status. This removes the assumption that errno values used
by the system are between 0 and 100000. The GNU Hurd uses values like
ENOENT = 0x40000002 and EMIG_SERVER_DIED = -308.
This commit is derived from my attachments 450 and 467 to bug 1013.
It seems GnuTLS is not as good at negotiating a supported protocol as
OpenSSL is. ELinks tries to work around that by retrying with a
different protocol if the SSL library reports an error. However,
ELinks must not automatically retry POST requests where some data may
have already reached the server; POST is not a safe method in HTTP.
So instead, collect the name of the TLS-incapable server in a blacklist
when ELinks e.g. loads an HTML form from it; the actual POST can then
immediately use the protocol that worked.
It's a bit ugly that src/network/socket.c now uses
protocol/http/blacklist.h. It might be better to move the blacklist
files out of the http directory, and perhaps merge them with the
BitTorrent blacklisting code.
Check in refresh_view() whether the tab is still current; if not, skip
the draw_doc() and draw_frames() calls because draw_current_link()
called within them asserts that the tab is current. However, do
always call print_screen_status(), because that handles non-current
tabs correctly too.
I think it was not yet possible to trigger the assertion failure with
setTimeout, because input.value modifications by ECMAScript do not
trigger a redraw (bug 1035).
In document.forms, each struct form has form_num and form_end members
that reserve a subrange of [0, INT_MAX] to that form. Previously,
multiple forms in the list could have form_end == INT_MAX and thus
overlap each other. Prevent that by adjusting form_end of each form
newly added to the list.
Revert 438f039bda,
"check_html_form_hierarchy: Old code was buggy.", which made
check_html_form_hierarchy attach controls to the wrong forms.
Instead, construct the dummy form ("for those Flying Dutchmans") at
form_num == 0 always before adding any real forms to the list.
This prevents the assertion failure by ensuring that every possible
form_control.position is covered by some form, if there are any forms.
Add a function assert_forms_list_ok, which checks that the set of
forms actually covers the [0, INT_MAX] range without overlapping,
as intended. Call that from check_html_form_hierarchy to detect
any corruption.
I have tested this code (before any cherry-picking) with:
- bug 613 attachment 210: didn't crash
- bug 714 attachment 471: didn't crash
- bug 961 attachment 382: didn't crash
- bug 698 attachment 239: all the submit buttons showed the right URLs
- bug 698 attachment 470: the submit button showed the right URL
(cherry picked from commit 386a5d517b)
init_js_window_object() copies the alert, open, and setTimeout methods
from the window object to the global object. My fix for bug 846 on
2006-12-10 incorrectly made the corresponding C functions refuse to
work if they were not called as methods of the window object.
Commit 0b99fa70ca "Bug 620: Reset form
fields to default values on reload" made render_document() decrement
vs->form_info_len to 0 while vs->form_info remained non-NULL.
copy_vs() then copied the whole structure with copy_struct and did not
change form_info because form_info_len was 0. Both view_state
structures had form_info pointing to the same memory block, causing a
segfault when destroy_vs() tried to free that block a second time.
Reported by أحمد المحمودي.
In document.forms, each struct form has form_num and form_end members
that reserve a subrange of [0, INT_MAX] to that form. Previously,
multiple forms in the list could have form_end == INT_MAX and thus
overlap each other. Prevent that by adjusting form_end of each form
newly added to the list.
Revert 438f039bda,
"check_html_form_hierarchy: Old code was buggy.", which made
check_html_form_hierarchy attach controls to the wrong forms.
Instead, construct the dummy form ("for those Flying Dutchmans") at
form_num == 0 always before adding any real forms to the list.
This prevents the assertion failure by ensuring that every possible
form_control.position is covered by some form, if there are any forms.
Add a function assert_forms_list_ok, which checks that the set of
forms actually covers the [0, INT_MAX] range without overlapping,
as intended. Call that from check_html_form_hierarchy to detect
any corruption.
I have tested this code (before any cherry-picking) with:
- bug 613 attachment 210: didn't crash
- bug 714 attachment 471: didn't crash
- bug 961 attachment 382: didn't crash
- bug 698 attachment 239: all the submit buttons showed the right URLs
- bug 698 attachment 470: the submit button showed the right URL
Conflicts:
NEWS
configure.in
The following files also conflicted, but they had not been manually
edited in the elinks-0.12 branch after the previous merge, so I just
kept the 0.13.GIT versions:
doc/man/man1/elinks.1.in
doc/man/man5/elinks.conf.5
doc/man/man5/elinkskeys.5
po/fr.po
po/pl.po
elinks.keymaps.main["/"] = null;
used to crash ELinks with a segfault in JS_ObjectIsFunction.
Fix that by recognizing JSVAL_NULL explicitly and treating it as "none".
Likewise, if keymap_get_property would return "none" to ECMAScript,
return JSVAL_NULL instead.
The SpiderMonkey scripting module handles the "pre-format-html" event
by constructing a JSObject for the struct cache_entry and then calling
elinks.preformat_html(cache_entry, view_state) if such a function
exists. The problem with this was that each such JSObject kept the
struct cache_entry locked until SpiderMonkey garbage-collected the
JSObject, even if the user had not defined an elinks.preformat_html
function and the JSObject was thus never needed at all. To work
around that, the SpiderMonkey scripting module ran a garbage
collection whenever the user told ELinks to flush caches.
Remove the SpiderMonkey scripting module's use of object_lock and
object_unlock on struct cache_entry, and instead make the pointers
weak so that ELinks can free the cache_entry whenever it wants even if
a JSObject is pointing to it. Each cache_entry now has a pointer back
to the JSObject; done_cache_entry calls smjs_detach_cache_entry_object,
which follows the pointer and detaches the cache_entry and the JSObject
from each other.
This commit does not yet remove the workaround mentioned above.
Because http://elinks.cz/release.html is made from this file,
I think we'll have to list both 0.11.4.GIT and 0.12pre1.GIT
even though it's a bit difficult to explain which fixes are
in which releases.
