summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--newmoon/_service2
-rw-r--r--newmoon/debian/changelog156
-rw-r--r--newmoon/debian/newmoon+devuan.dsc2
-rw-r--r--newmoon/newmoon.spec7
4 files changed, 122 insertions, 45 deletions
diff --git a/newmoon/_service b/newmoon/_service
index 56c278b..325e811 100644
--- a/newmoon/_service
+++ b/newmoon/_service
@@ -14,7 +14,7 @@
<service name="tar_scm">
<param name="scm">git</param>
<param name="url">https://repo.palemoon.org/MoonchildProductions/Pale-Moon.git</param>
- <param name="revision">31.3.1_Release</param>
+ <param name="revision">31.4.0_Release</param>
<param name="version">_none_</param>
<param name="submodules">enable</param>
</service>
diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog
index d5aea84..1b3b7ee 100644
--- a/newmoon/debian/changelog
+++ b/newmoon/debian/changelog
@@ -1,45 +1,119 @@
+newmoon (31.4.0-1) obs; urgency=medium
+
+ * Upstream updates
+ * Added support for the JPEG-XL image format.
+ * Implemented regular expressions lookaround/lookbehind.
+ * Aligned CORS header parsing with the updated spec. See implementation
+ notes.
+ * We no longer fire keypress events for non-printable keys. See
+ implementation notes.
+ * Added support for MacOS 13 "Ventura" in the platform, primarily
+ benefitting White Star.
+ * Fixed potentially problematic thread locking code on *nix platforms.
+ * Fixed some small issues in the display and operation of the Web
+ Developer tools.
+ * Removed unused but performance-impacting panning and tab animation
+ measuring code. (telemetry leftovers)
+ * Improved code for SunOS builds.
+ * Updated Internationalization data for time zones.
+ * Fixed a buffer overflow for Mac builds.
+ * Security issues addressed: CVE-2022-45411 and potential issues
+ without a CVE number.
+ * UXP Mozilla security patch summary: 2 fixed, 1 DiD, 1 deferred, 25
+ not applicable.
+
+ -- B. Stack <bgstack15@gmail.com> Tue, 22 Nov 2022 10:03:10 -0500
+
newmoon (31.3.1-1) obs; urgency=medium
- * No release notes from upstream
+ * Upstream updates
+ * Added detection suport for the newly-released MacOS 13 (Ventura).
+ * Fixed a potential heap Use-After-Free risk in Expat. (CVE-2022-40674)
+ DiD
+ * Fixed potentially undefined behavior in our thread locking code. DiD
+ * Fixed a potentially exploitable crash in the refresh driver.
+ * Fixed potentially undefined behavior when base-64 decoding. DiD
+ * Implemented a texture size cap for WebGL to prevent potential issues
+ with some graphics drivers. DiD
+ * Updated site-specific overrides to address issues with ZoHo.
+ * UXP Mozilla security patch summary: 1 fixed, 2 DiD, 6 not applicable.
-- B. Stack <bgstack15@gmail.com> Tue, 01 Nov 2022 14:09:10 -0400
+newmoon (31.3.0-1) UNRELEASED; urgency=low
+
+ * Upstream updates
+ * Implemented .at(index) JavaScript method on built-in indexables
+ (Array, String, TypedArray).
+ * Implemented the use of EventSource in workers.
+ * Enabled the sending of the Origin: header by default on same-origin
+ requests.
+ * Changed how Pale Moon is built. We are now using Visual Studio 2022
+ on Windows, and have made build system changes to reduce build times
+ and pressure on the linker on all platforms.
+ * Changed how Pale Moon handles standalone wave audio files (.wav). See
+ implementation notes.
+ * Improved string normalization.
+ * Updated the handling of CSS "supports" to now accept unparenthesized
+ strings (spec update).
+ * Updated the handling of flex containers in web pages for web
+ compatibility.
+ * Fixed various issues when building for Mac OS X.
+ * Fixed various C++ standard conformance issues in the source code.
+ * Fixed several issues building on SunOS and Linux with various
+ configurations and gcc versions.
+ * Fixed an issue with regular expressions' dotAll syntax and usage. See
+ implementation notes.
+ * Switched custom hash map to std::unordered_map where prudent.
+ * Cleaned up and updated IPC thread locking code.
+ * Removed spacing for accessibility focus rings in form controls to
+ align styling of them with expected metrics.
+ * Removed the unnecessary control module for building with non-standard
+ configurations of the platform.
+ * Removed the -moz prefix from min-content and max-content CSS keywords
+ where it was still in use.
+ * Security fixes: CVE-2022-40956 and CVE-2022-40958.
+ * UXP Mozilla security patch summary: 2 fixed, 11 not applicable.
+
+
+ -- B. Stack <bgstack15@gmail.com> Tue, 01 Nov 2022 14:09:09 -0400
+
newmoon (31.2.0-1) obs; urgency=medium
* Changes/fixes:
* Implemented CSS white-space: break-spaces for web compatibility.
* Implemented Intl.RelativeTimeFormat for web compatibility.
- * Implemented "Origin header CSRF mitigation". This is still disabled
+ * Implemented "Origin header CSRF mitigation". This is still disabled
by default to investigate potential issues with CloudFlare-backed sites.
* Implemented support for async generator methods in JavaScript.
- * Added preliminary support for building on Apple Silicon like M1/M2
+ * Added preliminary support for building on Apple Silicon like M1/M2
SoC.
* Added support for building with Visual Studio 2022.
* Improved the handling of CSS "sticky" elements in tables.
* Improved stack size limits on all platforms. See implementation notes.
- * Updated function.toString handling to align with the updated
+ * Updated function.toString handling to align with the updated
JavaScript spec. This should improve web compatibility.
- * Updated Unicode support to Unicode v11, and updated the ICU library
+ * Updated Unicode support to Unicode v11, and updated the ICU library
accordingly. Building without ICU is no longer supported.
- * Updated many in-tree third-party libraries to pick up various
+ * Updated many in-tree third-party libraries to pick up various
performance and stability improvements.
- * Updated site-specific user-agent overrides to work around issues with
+ * Updated site-specific user-agent overrides to work around issues with
Google fonts, Citi bank (again!) and MeWe.
- * Removed some leftover (and unused) telemetry code in the platform and
+ * Removed some leftover (and unused) telemetry code in the platform and
front-end.
* Fixed an issue with VP9 video playback on Windows on some systems.
- * Fixed an issue with the add-ons manager not properly handling empty
+ * Fixed an issue with the add-ons manager not properly handling empty
update URLs.
- * Fixed a major performance regression on *nix based systems due to
+ * Fixed a major performance regression on *nix based systems due to
incorrect thread handling.
* Fixed volume handling when building with the sndio audio back-end.
- * Pale Moon no longer applies content security policies to documents
- that are explicitly loaded as data documents or to images. See
+ * Pale Moon no longer applies content security policies to documents
+ that are explicitly loaded as data documents or to images. See
implementation notes.
- * Cleaned up some unnecessary code from the source tree for unused
- build back-ends, Firefox marketplace "apps", and the rather ridiculous
+ * Cleaned up some unnecessary code from the source tree for unused
+ build back-ends, Firefox marketplace "apps", and the rather ridiculous
moz://a protocol handler.
- * Updated NSS to 3.52.8 to pick up several defense-in-depth security
+ * Updated NSS to 3.52.8 to pick up several defense-in-depth security
fixes.
* UXP Mozilla security patch summary: 3 DiD, 12 not applicable.
@@ -48,18 +122,18 @@ newmoon (31.2.0-1) obs; urgency=medium
newmoon (31.1.1-1) obs; urgency=medium
* Changes/fixes:
- * Updated the list of blocked external protocol handlers to combat
+ * Updated the list of blocked external protocol handlers to combat
abuse of OS-supplied services on Windows.
- * Fixed a potential issue with revoked site certificates when
+ * Fixed a potential issue with revoked site certificates when
connecting through a proxy.
* Updated NSS to 3.52.7 to pick up some security fixes.
- * Updated site-specific user agent overrides to work around bad
+ * Updated site-specific user agent overrides to work around bad
sniffing practices of dropbox and vimeo.
- * Security issues addressed: CVE-2022-34478, CVE-2022-34476,
- CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473
- DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE
+ * Security issues addressed: CVE-2022-34478, CVE-2022-34476,
+ CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473
+ DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE
number.
- * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11
+ * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11
not applicable.
-- B. Stack <bgstack15@gmail.com> Mon, 11 Jul 2022 11:34:11 -0400
@@ -67,41 +141,41 @@ newmoon (31.1.1-1) obs; urgency=medium
newmoon (31.1.0-1) UNRELEASED; urgency=medium
* Changes/fixes:
- * Added Mojeek as an additional search engine in the browser. See
+ * Added Mojeek as an additional search engine in the browser. See
implementation notes.
- * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for
+ * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for
web compatibility.
* Fixed various crash scenarios in XPCOM.
- * Fixed an important stability and performance issue related to
+ * Fixed an important stability and performance issue related to
hardware acceleration.
- * Fixed a long-standing issue where overly-long address bar tooltips
- wouldn't break into multiple lines but instead cut off on the right
+ * Fixed a long-standing issue where overly-long address bar tooltips
+ wouldn't break into multiple lines but instead cut off on the right
side.
- * Fixed a long-standing issue where dynamic datalist updates for
+ * Fixed a long-standing issue where dynamic datalist updates for
<select> and similar elements wouldn't properly update the option list.
* Disabled broken links to MDN articles in developer tools.
- * Updated media support to include support for libavcodec 59/FFmpeg 5.0
+ * Updated media support to include support for libavcodec 59/FFmpeg 5.0
for MP4 playback on Linux (thanks, Travis!)
- * Enabled the date picker for <input type=date>. See implementation
+ * Enabled the date picker for <input type=date>. See implementation
notes.
* Re-enabled the use of FIPS mode for NSS. See implementation notes.
- * Improved memory handling and memory safety in the JavaScript engine,
+ * Improved memory handling and memory safety in the JavaScript engine,
further reducing current and future crash scenarios.
* Improved memory handling in the graphics subsystem of Goanna.
* Updated FFvpx to v4.2.7
- * Slightly reduced strictness of media checking for improved
- compatibility with questionable "gif" video encoders used on major
+ * Slightly reduced strictness of media checking for improved
+ compatibility with questionable "gif" video encoders used on major
websites.
- * Cleaned up the way file pickers (file open/save/save as dialogs) are
+ * Cleaned up the way file pickers (file open/save/save as dialogs) are
handled on Windows.
- * Restored the gMultiProcessBrowser property of the browser for Firefox
+ * Restored the gMultiProcessBrowser property of the browser for Firefox
extension compatibility. See implementation notes.
- * Improved the way data is transferred to and from canvases to prevent
+ * Improved the way data is transferred to and from canvases to prevent
memory safety issues.
* Updated NSS to 3.52.6 to address security issues.
- * Reduced blocking severity for some extensions that were marked hard
+ * Reduced blocking severity for some extensions that were marked hard
blockers for GRE (but aren't for UXP).
- * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other
+ * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other
security issues that do not have a CVE number.
* UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable.
@@ -168,13 +242,13 @@ newmoon (29.4.4-1+devuan) obs; urgency=medium
* Fixed an issue in JavaScript serialization. DiD
* Fixed a potential out-of-bounds issue in IndexedDB. DiD
* Fixed a potential issue in widget data handling code. DiD
- * Fixed potentially exploitable crashes in handling truncated/corrupt
+ * Fixed potentially exploitable crashes in handling truncated/corrupt
media files or streams.
* Fixed an issue in the DOM FileReader code.
* Updated NSS to 3.52.3 to address a security issue.
- * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741,
+ * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741,
CVE-2021-4140, CVE-2022-22746, CVE-2022-22744 and CVE-2022-22747.
- * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD,
+ * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD,
17 not applicable.
-- B. Stack <bgstack15@gmail.com> Thu, 20 Jan 2022 14:02:40 -0500
diff --git a/newmoon/debian/newmoon+devuan.dsc b/newmoon/debian/newmoon+devuan.dsc
index 2302d5e..6bee354 100644
--- a/newmoon/debian/newmoon+devuan.dsc
+++ b/newmoon/debian/newmoon+devuan.dsc
@@ -2,7 +2,7 @@ Format: 3.0 (quilt)
Source: newmoon
Binary: newmoon
Architecture: any
-Version: 31.2.0-1+devuan
+Version: 31.4.0-1+devuan
Maintainer: B. Stack <bgstack15@gmail.com>
Homepage: http://www.palemoon.org/
Standards-Version: 4.1.4
diff --git a/newmoon/newmoon.spec b/newmoon/newmoon.spec
index 9865547..969cd1b 100644
--- a/newmoon/newmoon.spec
+++ b/newmoon/newmoon.spec
@@ -4,7 +4,7 @@
%global stackrpms_custom 1
# derive from inside the source tree or from https://repo.palemoon.org/MoonchildProductions/Pale-Moon/releases
# git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}'
-%global submodule_platform_tag RB_20221101
+%global submodule_platform_tag RB_20221122
%global badname palemoon
%global git_commit db5ee3c1968212742b4ed8b9883069ea7b03f0e1
%global tarballdir pale-moon
@@ -44,7 +44,7 @@ Name: newmoon
Name: newmoon
%endif
Summary: Newmoon web browser
-Version: 31.3.1
+Version: 31.4.0
Release: 1
Group: Networking/Web
@@ -300,6 +300,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
%doc AUTHORS LICENSE
%changelog
+* Tue Nov 22 2022 B. Stack <bgstack15@gmail.com> - 31.4.0-1
+- update version
+
* Tue Nov 11 2022 B. Stack <bgstack15@gmail.com> - 31.3.1-1
- update version
bgstack15