palemoon 28.6.1

3 files changed, 30 insertions, 4 deletions

diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 93955bf..47b544c 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,23 @@
+palemoon (28.6.1-1+devuan) manual; urgency=low
+
+  * From releasenotes.shtml: This is security and bugfix update.
+    - Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing).
+    - Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice.
+    - Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts.
+    - A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment.
+    - Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting.
+    - A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment.
+    - Implemented a revised version of http2PushedStream to address some thread safety issues.
+    - Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated.
+    - Backed out a 28.5.* patch for causing multiple issues in the UI and web content.
+    - Updated NSS to 3.41.2 (custom) to pick up several upstream fixes.
+    - Fixed a type confusion issue in JavaScript Arrays. (DiD)
+    - Added a fix for cross-thread access of Necko. (DiD)
+    - Added a port safety check for Alternative Services.
+    - Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers.
+
+ -- B Stack <bgstack15@gmail.com>  Thu, 25 Jul 2019 13:03:15 -0400
+
 palemoon (28.6.0.1-1+devuan) manual; urgency=low
 
   * From releasenotes.shtml: This is an out-of-band update to fix some pressing issues with the latest release.
diff --git a/palemoon/palemoon-stackrpms.spec b/palemoon/palemoon-stackrpms.spec
index b7bf404..06322ca 100644
--- a/palemoon/palemoon-stackrpms.spec
+++ b/palemoon/palemoon-stackrpms.spec
@@ -40,8 +40,8 @@ Summary:	Pale Moon web browser with stackrpms prefs
 Name:    palemoon
 Summary:	Pale Moon web browser
 %endif
-Version:	28.6.0.1
-Release:	2
+Version:	28.6.1
+Release:	1
 
 Group:	Networking/Web
 License:	MPLv2.0
@@ -281,6 +281,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
 %doc AUTHORS LICENSE
 
 %changelog
+* Thu Jul 25 2019 B Stack <bgstack15@gmail.com> - 28.6.1-1
+- update version
+
 * Mon Jul  8 2019 B Stack <bgstack15@gmail.com> - 28.6.0.1-2
 - remove custom patches for stock build
 
diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec
index e7a7526..4f2f857 100644
--- a/palemoon/palemoon.spec
+++ b/palemoon/palemoon.spec
@@ -40,8 +40,8 @@ Summary:	Pale Moon web browser with stackrpms prefs
 Name:    palemoon
 Summary:	Pale Moon web browser
 %endif
-Version:	28.6.0.1
-Release:	2
+Version:	28.6.1
+Release:	1
 
 Group:	Networking/Web
 License:	MPLv2.0
@@ -281,6 +281,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
 %doc AUTHORS LICENSE
 
 %changelog
+* Thu Jul 25 2019 B Stack <bgstack15@gmail.com> - 28.6.1-1
+- update version
+
 * Mon Jul  8 2019 B Stack <bgstack15@gmail.com> - 28.6.0.1-2
 - remove custom patches for stock build