nm 31.4.0 rc1

1 files changed, 115 insertions, 41 deletions

diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog
index d5aea84..1b3b7ee 100644
--- a/newmoon/debian/changelog
+++ b/newmoon/debian/changelog
@@ -1,45 +1,119 @@
+newmoon (31.4.0-1) obs; urgency=medium
+
+  * Upstream updates
+    * Added support for the JPEG-XL image format.
+    * Implemented regular expressions lookaround/lookbehind.
+    * Aligned CORS header parsing with the updated spec. See implementation
+      notes.
+    * We no longer fire keypress events for non-printable keys. See
+      implementation notes.
+    * Added support for MacOS 13 "Ventura" in the platform, primarily
+      benefitting White Star.
+    * Fixed potentially problematic thread locking code on *nix platforms.
+    * Fixed some small issues in the display and operation of the Web
+      Developer tools.
+    * Removed unused but performance-impacting panning and tab animation
+      measuring code. (telemetry leftovers)
+    * Improved code for SunOS builds.
+    * Updated Internationalization data for time zones.
+    * Fixed a buffer overflow for Mac builds.
+    * Security issues addressed: CVE-2022-45411 and potential issues
+      without a CVE number.
+    * UXP Mozilla security patch summary: 2 fixed, 1 DiD, 1 deferred, 25
+      not applicable.
+
+ -- B. Stack <bgstack15@gmail.com>  Tue, 22 Nov 2022 10:03:10 -0500
+
 newmoon (31.3.1-1) obs; urgency=medium
 
-  * No release notes from upstream
+  * Upstream updates
+    * Added detection suport for the newly-released MacOS 13 (Ventura).
+    * Fixed a potential heap Use-After-Free risk in Expat. (CVE-2022-40674)
+      DiD
+    * Fixed potentially undefined behavior in our thread locking code. DiD
+    * Fixed a potentially exploitable crash in the refresh driver.
+    * Fixed potentially undefined behavior when base-64 decoding. DiD
+    * Implemented a texture size cap for WebGL to prevent potential issues
+      with some graphics drivers. DiD
+    * Updated site-specific overrides to address issues with ZoHo.
+    * UXP Mozilla security patch summary: 1 fixed, 2 DiD, 6 not applicable.
 
  -- B. Stack <bgstack15@gmail.com>  Tue, 01 Nov 2022 14:09:10 -0400
 
+newmoon (31.3.0-1) UNRELEASED; urgency=low
+
+  * Upstream updates
+    * Implemented .at(index) JavaScript method on built-in indexables
+      (Array, String, TypedArray).
+    * Implemented the use of EventSource in workers.
+    * Enabled the sending of the Origin: header by default on same-origin
+      requests.
+    * Changed how Pale Moon is built. We are now using Visual Studio 2022
+      on Windows, and have made build system changes to reduce build times
+      and pressure on the linker on all platforms.
+    * Changed how Pale Moon handles standalone wave audio files (.wav). See
+      implementation notes.
+    * Improved string normalization.
+    * Updated the handling of CSS "supports" to now accept unparenthesized
+      strings (spec update).
+    * Updated the handling of flex containers in web pages for web
+      compatibility.
+    * Fixed various issues when building for Mac OS X.
+    * Fixed various C++ standard conformance issues in the source code.
+    * Fixed several issues building on SunOS and Linux with various
+      configurations and gcc versions.
+    * Fixed an issue with regular expressions' dotAll syntax and usage. See
+      implementation notes.
+    * Switched custom hash map to std::unordered_map where prudent.
+    * Cleaned up and updated IPC thread locking code.
+    * Removed spacing for accessibility focus rings in form controls to
+      align styling of them with expected metrics.
+    * Removed the unnecessary control module for building with non-standard
+      configurations of the platform.
+    * Removed the -moz prefix from min-content and max-content CSS keywords
+      where it was still in use.
+    * Security fixes: CVE-2022-40956 and CVE-2022-40958.
+    * UXP Mozilla security patch summary: 2 fixed, 11 not applicable.
+
+
+ -- B. Stack <bgstack15@gmail.com>  Tue, 01 Nov 2022 14:09:09 -0400
+
 newmoon (31.2.0-1) obs; urgency=medium
 
   * Changes/fixes:
     * Implemented CSS white-space: break-spaces for web compatibility.
     * Implemented Intl.RelativeTimeFormat for web compatibility.
-    * Implemented "Origin header CSRF mitigation". This is still disabled 
+    * Implemented "Origin header CSRF mitigation". This is still disabled
       by default to investigate potential issues with CloudFlare-backed sites.
     * Implemented support for async generator methods in JavaScript.
-    * Added preliminary support for building on Apple Silicon like M1/M2 
+    * Added preliminary support for building on Apple Silicon like M1/M2
       SoC.
     * Added support for building with Visual Studio 2022.
     * Improved the handling of CSS "sticky" elements in tables.
     * Improved stack size limits on all platforms. See implementation notes.
-    * Updated function.toString handling to align with the updated 
+    * Updated function.toString handling to align with the updated
       JavaScript spec. This should improve web compatibility.
-    * Updated Unicode support to Unicode v11, and updated the ICU library 
+    * Updated Unicode support to Unicode v11, and updated the ICU library
       accordingly. Building without ICU is no longer supported.
-    * Updated many in-tree third-party libraries to pick up various 
+    * Updated many in-tree third-party libraries to pick up various
       performance and stability improvements.
-    * Updated site-specific user-agent overrides to work around issues with 
+    * Updated site-specific user-agent overrides to work around issues with
       Google fonts, Citi bank (again!) and MeWe.
-    * Removed some leftover (and unused) telemetry code in the platform and 
+    * Removed some leftover (and unused) telemetry code in the platform and
       front-end.
     * Fixed an issue with VP9 video playback on Windows on some systems.
-    * Fixed an issue with the add-ons manager not properly handling empty 
+    * Fixed an issue with the add-ons manager not properly handling empty
       update URLs.
-    * Fixed a major performance regression on *nix based systems due to 
+    * Fixed a major performance regression on *nix based systems due to
       incorrect thread handling.
     * Fixed volume handling when building with the sndio audio back-end.
-    * Pale Moon no longer applies content security policies to documents 
-      that are explicitly loaded as data documents or to images. See 
+    * Pale Moon no longer applies content security policies to documents
+      that are explicitly loaded as data documents or to images. See
       implementation notes.
-    * Cleaned up some unnecessary code from the source tree for unused 
-      build back-ends, Firefox marketplace "apps", and the rather ridiculous 
+    * Cleaned up some unnecessary code from the source tree for unused
+      build back-ends, Firefox marketplace "apps", and the rather ridiculous
       moz://a protocol handler.
-    * Updated NSS to 3.52.8 to pick up several defense-in-depth security 
+    * Updated NSS to 3.52.8 to pick up several defense-in-depth security
       fixes.
     * UXP Mozilla security patch summary: 3 DiD, 12 not applicable.
 
@@ -48,18 +122,18 @@ newmoon (31.2.0-1) obs; urgency=medium
 newmoon (31.1.1-1) obs; urgency=medium
 
   * Changes/fixes:
-    * Updated the list of blocked external protocol handlers to combat 
+    * Updated the list of blocked external protocol handlers to combat
       abuse of OS-supplied services on Windows.
-    * Fixed a potential issue with revoked site certificates when 
+    * Fixed a potential issue with revoked site certificates when
       connecting through a proxy.
     * Updated NSS to 3.52.7 to pick up some security fixes.
-    * Updated site-specific user agent overrides to work around bad 
+    * Updated site-specific user agent overrides to work around bad
       sniffing practices of dropbox and vimeo.
-    * Security issues addressed: CVE-2022-34478, CVE-2022-34476, 
-      CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473 
-      DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE 
+    * Security issues addressed: CVE-2022-34478, CVE-2022-34476,
+      CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473
+      DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE
       number.
-    * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11 
+    * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11
       not applicable.
 
  -- B. Stack <bgstack15@gmail.com>  Mon, 11 Jul 2022 11:34:11 -0400
@@ -67,41 +141,41 @@ newmoon (31.1.1-1) obs; urgency=medium
 newmoon (31.1.0-1) UNRELEASED; urgency=medium
 
   * Changes/fixes:
-    * Added Mojeek as an additional search engine in the browser. See 
+    * Added Mojeek as an additional search engine in the browser. See
       implementation notes.
-    * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for 
+    * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for
       web compatibility.
     * Fixed various crash scenarios in XPCOM.
-    * Fixed an important stability and performance issue related to 
+    * Fixed an important stability and performance issue related to
       hardware acceleration.
-    * Fixed a long-standing issue where overly-long address bar tooltips 
-      wouldn't break into multiple lines but instead cut off on the right 
+    * Fixed a long-standing issue where overly-long address bar tooltips
+      wouldn't break into multiple lines but instead cut off on the right
       side.
-    * Fixed a long-standing issue where dynamic datalist updates for 
+    * Fixed a long-standing issue where dynamic datalist updates for
       <select> and similar elements wouldn't properly update the option list.
     * Disabled broken links to MDN articles in developer tools.
-    * Updated media support to include support for libavcodec 59/FFmpeg 5.0 
+    * Updated media support to include support for libavcodec 59/FFmpeg 5.0
       for MP4 playback on Linux (thanks, Travis!)
-    * Enabled the date picker for <input type=date>. See implementation 
+    * Enabled the date picker for <input type=date>. See implementation
       notes.
     * Re-enabled the use of FIPS mode for NSS. See implementation notes.
-    * Improved memory handling and memory safety in the JavaScript engine, 
+    * Improved memory handling and memory safety in the JavaScript engine,
       further reducing current and future crash scenarios.
     * Improved memory handling in the graphics subsystem of Goanna.
     * Updated FFvpx to v4.2.7
-    * Slightly reduced strictness of media checking for improved 
-      compatibility with questionable "gif" video encoders used on major 
+    * Slightly reduced strictness of media checking for improved
+      compatibility with questionable "gif" video encoders used on major
       websites.
-    * Cleaned up the way file pickers (file open/save/save as dialogs) are 
+    * Cleaned up the way file pickers (file open/save/save as dialogs) are
       handled on Windows.
-    * Restored the gMultiProcessBrowser property of the browser for Firefox 
+    * Restored the gMultiProcessBrowser property of the browser for Firefox
       extension compatibility. See implementation notes.
-    * Improved the way data is transferred to and from canvases to prevent 
+    * Improved the way data is transferred to and from canvases to prevent
       memory safety issues.
     * Updated NSS to 3.52.6 to address security issues.
-    * Reduced blocking severity for some extensions that were marked hard 
+    * Reduced blocking severity for some extensions that were marked hard
       blockers for GRE (but aren't for UXP).
-    * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other 
+    * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other
       security issues that do not have a CVE number.
     * UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.
 
@@ -168,13 +242,13 @@ newmoon (29.4.4-1+devuan) obs; urgency=medium
     * Fixed an issue in JavaScript serialization. DiD
     * Fixed a potential out-of-bounds issue in IndexedDB. DiD
     * Fixed a potential issue in widget data handling code. DiD
-    * Fixed potentially exploitable crashes in handling truncated/corrupt 
+    * Fixed potentially exploitable crashes in handling truncated/corrupt
       media files or streams.
     * Fixed an issue in the DOM FileReader code.
     * Updated NSS to 3.52.3 to address a security issue.
-    * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741, 
+    * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741,
       CVE-2021-4140, CVE-2022-22746, CVE-2022-22744 and CVE-2022-22747.
-    * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD, 
+    * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD,
       17 not applicable.
 
  -- B. Stack <bgstack15@gmail.com>  Thu, 20 Jan 2022 14:02:40 -0500