summaryrefslogtreecommitdiff
path: root/newmoon/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'newmoon/debian/changelog')
-rw-r--r--newmoon/debian/changelog95
1 files changed, 67 insertions, 28 deletions
diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog
index ad2863e..6f276dc 100644
--- a/newmoon/debian/changelog
+++ b/newmoon/debian/changelog
@@ -1,3 +1,42 @@
+newmoon (28.16.0-1+devuan) obs; urgency=low
+
+ * This is a development and security update to the browser.
+ * Note for Linux users: With CentOS 6 going end-of-life, this
+ version will be the last for which we will be building 32-bit Linux
+ official binaries to download. While your distribution may choose to
+ continue offering 32-bit versions of the browser, built from source
+ by the maintainers, we won't be offering any further official 32-bit
+ Linux binaries on our website. Please check with your distribution's
+ package maintainers to know if further 32-bit support will be
+ available on your particular flavor of Linux.
+ - Aligned CSS tab-size with the specification and un-prefixed it.
+ - Updated Brotli library to 1.0.9.
+ - Updated JAR lib code.
+ - Optimized UI code, resulting in smaller downloads and less
+ space consumed on disk.
+ - Changed the default Firefox Compatibility version number to
+ 68.0 (since versions ending in .9 makes some frameworks unhappy,
+ refusing access to users)
+ - Cleaned up HPKP leftovers.
+ - Disabled the DOM filesystem API by default.
+ - Removed Phone Vibrator API.
+ - Fixed an issue where the software uninstaller would not remove
+ the program files it should.
+ - Fixed a devtools crash related to timeline snapshots.
+ - Fixed an issue in Skia that could cause unsafe memory access.
+ [DiD]
+ - Fixed several data race conditions. [DiD]
+ - Fixed an XSS vulnerability where scripts could be executed when
+ pasting data into on-line editors.
+ - Linux: Fixed an overflow issue in freetype.
+ - Security issues addressed: CVE-2020-26960, CVE-2020-26951,
+ CVE-2020-26956, CVE-2020-15999 and several others that do not have a
+ CVE designation.
+ - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4
+ defense-in-depth, 3 rejected, 20 not applicable.
+
+ -- Ben Stack <bgstack15@gmail.com> Wed, 25 Nov 2020 09:13:05 -0500
+
newmoon (28.15.0-1+devuan) obs; urgency=low
* This is a standard development and bugfix release.
@@ -46,55 +85,55 @@ newmoon (28.13.0-4+devuan) obs; urgency=low
newmoon (28.13.0-3+devuan) obs; urgency=medium
- * This is a compatibility, bugfix and security update. Special thanks
+ * This is a compatibility, bugfix and security update. Special thanks
to our new code contributors this cycle (you know who you are)!
- - Updated the included site-specific user-agent overrides for a
+ - Updated the included site-specific user-agent overrides for a
number of websites that need them.
- - Rewritten the browser's padlock code to use more modern APIs and
+ - Rewritten the browser's padlock code to use more modern APIs and
provide more accurate security status indication.
- Now also with localized tooltips!
- - Fixed a missing close button on the undo prompt after removing a
+ - Fixed a missing close button on the undo prompt after removing a
thumbnail from the QuickDial new tab page.
- - Fixed an issue with the alternative stylesheet menu in the
+ - Fixed an issue with the alternative stylesheet menu in the
browser's UI not working.
- - Implemented the use of intrinsic aspect ratios for images to
+ - Implemented the use of intrinsic aspect ratios for images to
improve layout during load and page positioning.
- - Added a preference to the use of node.getRootNode and disabled by
+ - Added a preference to the use of node.getRootNode and disabled by
default. See implementation notes.
- - Added CSS -webkit-appearance as an alias for -moz-appearance to
- improve compatibility with websites that only try to use
+ - Added CSS -webkit-appearance as an alias for -moz-appearance to
+ improve compatibility with websites that only try to use
Chrome-specific keywords to style standard form elements.
- Updated the SQLite library to 3.33.0.
- - Reinstated precise floating point precision model in JavaScript
- for those alternate builders who foolishly try to use the inaccurate
+ - Reinstated precise floating point precision model in JavaScript
+ for those alternate builders who foolishly try to use the inaccurate
"fast" model.
- - Improved spec compliance of modular JavaScript use (ECMAScript
+ - Improved spec compliance of modular JavaScript use (ECMAScript
modules).
- - Changed media errors to be a more generic response, and added a
- preference (media.sourceErrorDetails.enabled) to enable detailed error
+ - Changed media errors to be a more generic response, and added a
+ preference (media.sourceErrorDetails.enabled) to enable detailed error
reporting of media errors for debugging purposes.
- - Previously, detailed errors were provided by default which could
+ - Previously, detailed errors were provided by default which could
lead to privacy issues.
- Improved code stability of the AbortController implementation.
- Fixed a race condition in the secure connection library (NSS).
- - Security issues fixed: CVE-2020-15664, CVE-2020-15666,
+ - Security issues fixed: CVE-2020-15664, CVE-2020-15666,
CVE-2020-15667, CVE-2020-15668 and CVE-2020-15669.
- - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1
+ - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1
defense-in-depth, 1 rejected, 9 not applicable.
* Implementation notes
- - In 28.11.0 we introduced node.getRootNode because some websites
- would fail with an error if this function was not present.
- Unfortunately, this caused problems with other sites that (incorrectly)
- assume Google WebComponents are available when this utility function is
- present (feature detection gone wrong). While it is considered by some
- to be part of the Google WebComponents implementation, it actually has
- utility value outside of that use. Because of the problems caused,
- we've added a preference and disabled it by default, fixing these kinds
+ - In 28.11.0 we introduced node.getRootNode because some websites
+ would fail with an error if this function was not present.
+ Unfortunately, this caused problems with other sites that (incorrectly)
+ assume Google WebComponents are available when this utility function is
+ present (feature detection gone wrong). While it is considered by some
+ to be part of the Google WebComponents implementation, it actually has
+ utility value outside of that use. Because of the problems caused,
+ we've added a preference and disabled it by default, fixing these kinds
of websites.
- - When needed, you can re-enable this function with
+ - When needed, you can re-enable this function with
dom.getRootNode.enabled
- - This should improve web compatibility by default yet still allow
- users to enable this function for websites that use its utility but do
+ - This should improve web compatibility by default yet still allow
+ users to enable this function for websites that use its utility but do
not use WebComponents.
-- Ben Stack <bgstack15@gmail.com> Fri, 04 Sep 2020 19:50:02 -0400
bgstack15