pm 28.12.0 rc1 dpkg and rpm

3 files changed, 60 insertions, 3 deletions

diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 0d57595..56054f4 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,57 @@
+palemoon (28.12.0-1+devuan) obs; urgency=medium
+
+  * This is a development, bugfix and security update.
+    - Added controls for WASM to the browser's preferences, and enabled 
+      by default.
+    - Enabled various arbitrarily-disabled CSS functions.
+    - Added the use of basic path descriptors (i.e. polygon) to css 
+      clip paths.
+    - Implemented multithreaded request signal handling for the Abort 
+      API. Please see implementation notes below.
+    - Updated the included US-English dictionary, adding approximately 
+      2500 additional words.
+    - Removed the DOM battery API. This was already disabled for 
+      privacy reasons for a long while.
+    - Fixed an erroneous warning displayed on toolkit-only add-ons like 
+      supplied dictionaries.
+    - Fixed an issue with the sessionstore tab load preference.
+    - Improved the generation of the names of downloaded files to 
+      prevent confusion. (CVE-2020-15658)
+    - Fixed a code issue with base64 encoding of data.
+    - Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656) 
+      DiD
+    - Fixed a spec compliance issue with regards to the cross-origin 
+      loading of scripts. (CVE-2020-15652)
+    - Improved the loading of a system DLL on Windows, preventing 
+      low-risk hijacking potential. (CVE-2020-15657) See implementation notes.
+    - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 
+      defense-in-depth, 15 not applicable.
+  * Implementation notes
+    - In 28.11.0, we introduced the Abort API as new code. The 
+      implementation of it still had an issue where especially web workers 
+      would not always see the availability of abort signals on fetch 
+      requests while AbortSignal was implemented in the browser. This 
+      effectively made some websites (especially those using a particular 
+      polyfill for the Abort API that would detect the need to polyfill by 
+      way of Request.signal) throw errors that were fine before. We offered 
+      users a workaround by temporarily disabling the AbortController in the 
+      browser by way of a preference (dom.abortController.enabled).
+    - v28.12.0 fixes the multi-threaded handling of signals, which 
+      should solve these problems. As such, the workaround is no longer 
+      needed and upon upgrade the preference will be reset to enable 
+      AbortControllers again.
+    - DLL-hijacking on Windows would only be possible if a malicious 
+      actor already either gained administrative access to the program's 
+      installation folder or otherwise have unrestricted access to the 
+      program folder (by having it installed in local application folders 
+      inside the user's profile space or other insecure program locations). 
+      In that case the system is already compromised and any executable can 
+      be replaced, so having dll loading hijacked would be the least of your 
+      concerns (i.e. the main program .exe could also be replaced/infected in 
+      that case).
+
+ -- Ben Stack <bgstack15@gmail.com>  Wed, 05 Aug 2020 14:43:18 -0400
+
 palemoon (28.11.0-1+devuan) obs; urgency=medium
 
   * This is a development, bugfix and security update.
diff --git a/palemoon/debian/palemoon_devuan.dsc b/palemoon/debian/palemoon_devuan.dsc
index 40684b0..f99dba4 100644
--- a/palemoon/debian/palemoon_devuan.dsc
+++ b/palemoon/debian/palemoon_devuan.dsc
@@ -2,7 +2,7 @@ Format: 3.0 (quilt)
 Source: palemoon
 Binary: palemoon
 Architecture: any
-Version: 28.11.0-1+devuan
+Version: 28.12.0-1+devuan
 Maintainer: B Stack <bgstack15@gmail.com>
 Homepage: http://www.palemoon.org/
 Standards-Version: 4.1.4
diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec
index b9c7454..87dac14 100644
--- a/palemoon/palemoon.spec
+++ b/palemoon/palemoon.spec
@@ -5,7 +5,7 @@
 %global stackrpms_custom 1
 # derive from inside the full source tree or from notes at https://github.com/MoonchildProductions/Pale-Moon/releases
 # git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}'
-%global submodule_platform_tag RELBASE_20200712
+%global submodule_platform_tag RELBASE_20200730
 
 # additional repos to get python27 and devtoolset-7
 # for el6 and el7: Software Collection;, for x86_64 only
@@ -42,7 +42,7 @@ Name:		palemoon-stackrpms
 Name:    palemoon
 %endif
 Summary:	Pale Moon web browser
-Version:	28.11.0
+Version:	28.12.0
 Release:	1
 
 Group:	Networking/Web
@@ -285,6 +285,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
 %doc AUTHORS LICENSE
 
 %changelog
+* Wed Aug 05 2020 B Stack <bgstack15@gmail.com> - 28.12.0-1
+- update version
+
 * Tue Jul 14 2020 B Stack <bgstack15@gmail.com> - 28.11.0-1
 - update version