diff options
author | B Stack <bgstack15@gmail.com> | 2020-08-11 17:18:36 +0000 |
---|---|---|
committer | B Stack <bgstack15@gmail.com> | 2020-08-11 17:18:36 +0000 |
commit | 468abbdcbabff7327280b8bff8fc9a9cd3c92aa6 (patch) | |
tree | b8c10af04d17e9ec2085a39eae760e2ab55efa4b /palemoon/debian | |
parent | Merge branch 'ublock-bump' into 'master' (diff) | |
parent | add python dep alteration for debian unstable (diff) | |
download | stackrpms-468abbdcbabff7327280b8bff8fc9a9cd3c92aa6.tar.gz stackrpms-468abbdcbabff7327280b8bff8fc9a9cd3c92aa6.tar.bz2 stackrpms-468abbdcbabff7327280b8bff8fc9a9cd3c92aa6.zip |
Merge branch 'palemoon-bump' into 'master'
Palemoon 28.12.0
See merge request bgstack15/stackrpms!178
Diffstat (limited to 'palemoon/debian')
-rw-r--r-- | palemoon/debian/changelog | 54 | ||||
-rw-r--r-- | palemoon/debian/control | 2 | ||||
-rw-r--r-- | palemoon/debian/palemoon_devuan.dsc | 4 |
3 files changed, 57 insertions, 3 deletions
diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog index 0d57595..56054f4 100644 --- a/palemoon/debian/changelog +++ b/palemoon/debian/changelog @@ -1,3 +1,57 @@ +palemoon (28.12.0-1+devuan) obs; urgency=medium + + * This is a development, bugfix and security update. + - Added controls for WASM to the browser's preferences, and enabled + by default. + - Enabled various arbitrarily-disabled CSS functions. + - Added the use of basic path descriptors (i.e. polygon) to css + clip paths. + - Implemented multithreaded request signal handling for the Abort + API. Please see implementation notes below. + - Updated the included US-English dictionary, adding approximately + 2500 additional words. + - Removed the DOM battery API. This was already disabled for + privacy reasons for a long while. + - Fixed an erroneous warning displayed on toolkit-only add-ons like + supplied dictionaries. + - Fixed an issue with the sessionstore tab load preference. + - Improved the generation of the names of downloaded files to + prevent confusion. (CVE-2020-15658) + - Fixed a code issue with base64 encoding of data. + - Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656) + DiD + - Fixed a spec compliance issue with regards to the cross-origin + loading of scripts. (CVE-2020-15652) + - Improved the loading of a system DLL on Windows, preventing + low-risk hijacking potential. (CVE-2020-15657) See implementation notes. + - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 + defense-in-depth, 15 not applicable. + * Implementation notes + - In 28.11.0, we introduced the Abort API as new code. The + implementation of it still had an issue where especially web workers + would not always see the availability of abort signals on fetch + requests while AbortSignal was implemented in the browser. This + effectively made some websites (especially those using a particular + polyfill for the Abort API that would detect the need to polyfill by + way of Request.signal) throw errors that were fine before. We offered + users a workaround by temporarily disabling the AbortController in the + browser by way of a preference (dom.abortController.enabled). + - v28.12.0 fixes the multi-threaded handling of signals, which + should solve these problems. As such, the workaround is no longer + needed and upon upgrade the preference will be reset to enable + AbortControllers again. + - DLL-hijacking on Windows would only be possible if a malicious + actor already either gained administrative access to the program's + installation folder or otherwise have unrestricted access to the + program folder (by having it installed in local application folders + inside the user's profile space or other insecure program locations). + In that case the system is already compromised and any executable can + be replaced, so having dll loading hijacked would be the least of your + concerns (i.e. the main program .exe could also be replaced/infected in + that case). + + -- Ben Stack <bgstack15@gmail.com> Wed, 05 Aug 2020 14:43:18 -0400 + palemoon (28.11.0-1+devuan) obs; urgency=medium * This is a development, bugfix and security update. diff --git a/palemoon/debian/control b/palemoon/debian/control index 862f239..ccb8064 100644 --- a/palemoon/debian/control +++ b/palemoon/debian/control @@ -16,7 +16,7 @@ Build-Depends: debhelper (>= 12), lsb-release, mesa-common-dev, pkg-config, - python (>= 2.7), + python2 (>= 2.7.18-2~) | python (>= 2.7), unzip, yasm (>= 1.1), zip, diff --git a/palemoon/debian/palemoon_devuan.dsc b/palemoon/debian/palemoon_devuan.dsc index 40684b0..f1fd278 100644 --- a/palemoon/debian/palemoon_devuan.dsc +++ b/palemoon/debian/palemoon_devuan.dsc @@ -2,11 +2,11 @@ Format: 3.0 (quilt) Source: palemoon Binary: palemoon Architecture: any -Version: 28.11.0-1+devuan +Version: 28.12.0-1+devuan Maintainer: B Stack <bgstack15@gmail.com> Homepage: http://www.palemoon.org/ Standards-Version: 4.1.4 -Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip +Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python2 (>= 2.7.18-2~) | python (>= 2.7), unzip, yasm (>= 1.1), zip Package-List: palemoon deb web optional arch=any Files: |