diff options
Diffstat (limited to 'newmoon/debian/changelog')
-rw-r--r-- | newmoon/debian/changelog | 95 |
1 files changed, 67 insertions, 28 deletions
diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog index ad2863e..6f276dc 100644 --- a/newmoon/debian/changelog +++ b/newmoon/debian/changelog @@ -1,3 +1,42 @@ +newmoon (28.16.0-1+devuan) obs; urgency=low + + * This is a development and security update to the browser. + * Note for Linux users: With CentOS 6 going end-of-life, this + version will be the last for which we will be building 32-bit Linux + official binaries to download. While your distribution may choose to + continue offering 32-bit versions of the browser, built from source + by the maintainers, we won't be offering any further official 32-bit + Linux binaries on our website. Please check with your distribution's + package maintainers to know if further 32-bit support will be + available on your particular flavor of Linux. + - Aligned CSS tab-size with the specification and un-prefixed it. + - Updated Brotli library to 1.0.9. + - Updated JAR lib code. + - Optimized UI code, resulting in smaller downloads and less + space consumed on disk. + - Changed the default Firefox Compatibility version number to + 68.0 (since versions ending in .9 makes some frameworks unhappy, + refusing access to users) + - Cleaned up HPKP leftovers. + - Disabled the DOM filesystem API by default. + - Removed Phone Vibrator API. + - Fixed an issue where the software uninstaller would not remove + the program files it should. + - Fixed a devtools crash related to timeline snapshots. + - Fixed an issue in Skia that could cause unsafe memory access. + [DiD] + - Fixed several data race conditions. [DiD] + - Fixed an XSS vulnerability where scripts could be executed when + pasting data into on-line editors. + - Linux: Fixed an overflow issue in freetype. + - Security issues addressed: CVE-2020-26960, CVE-2020-26951, + CVE-2020-26956, CVE-2020-15999 and several others that do not have a + CVE designation. + - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4 + defense-in-depth, 3 rejected, 20 not applicable. + + -- Ben Stack <bgstack15@gmail.com> Wed, 25 Nov 2020 09:13:05 -0500 + newmoon (28.15.0-1+devuan) obs; urgency=low * This is a standard development and bugfix release. @@ -46,55 +85,55 @@ newmoon (28.13.0-4+devuan) obs; urgency=low newmoon (28.13.0-3+devuan) obs; urgency=medium - * This is a compatibility, bugfix and security update. Special thanks + * This is a compatibility, bugfix and security update. Special thanks to our new code contributors this cycle (you know who you are)! - - Updated the included site-specific user-agent overrides for a + - Updated the included site-specific user-agent overrides for a number of websites that need them. - - Rewritten the browser's padlock code to use more modern APIs and + - Rewritten the browser's padlock code to use more modern APIs and provide more accurate security status indication. - Now also with localized tooltips! - - Fixed a missing close button on the undo prompt after removing a + - Fixed a missing close button on the undo prompt after removing a thumbnail from the QuickDial new tab page. - - Fixed an issue with the alternative stylesheet menu in the + - Fixed an issue with the alternative stylesheet menu in the browser's UI not working. - - Implemented the use of intrinsic aspect ratios for images to + - Implemented the use of intrinsic aspect ratios for images to improve layout during load and page positioning. - - Added a preference to the use of node.getRootNode and disabled by + - Added a preference to the use of node.getRootNode and disabled by default. See implementation notes. - - Added CSS -webkit-appearance as an alias for -moz-appearance to - improve compatibility with websites that only try to use + - Added CSS -webkit-appearance as an alias for -moz-appearance to + improve compatibility with websites that only try to use Chrome-specific keywords to style standard form elements. - Updated the SQLite library to 3.33.0. - - Reinstated precise floating point precision model in JavaScript - for those alternate builders who foolishly try to use the inaccurate + - Reinstated precise floating point precision model in JavaScript + for those alternate builders who foolishly try to use the inaccurate "fast" model. - - Improved spec compliance of modular JavaScript use (ECMAScript + - Improved spec compliance of modular JavaScript use (ECMAScript modules). - - Changed media errors to be a more generic response, and added a - preference (media.sourceErrorDetails.enabled) to enable detailed error + - Changed media errors to be a more generic response, and added a + preference (media.sourceErrorDetails.enabled) to enable detailed error reporting of media errors for debugging purposes. - - Previously, detailed errors were provided by default which could + - Previously, detailed errors were provided by default which could lead to privacy issues. - Improved code stability of the AbortController implementation. - Fixed a race condition in the secure connection library (NSS). - - Security issues fixed: CVE-2020-15664, CVE-2020-15666, + - Security issues fixed: CVE-2020-15664, CVE-2020-15666, CVE-2020-15667, CVE-2020-15668 and CVE-2020-15669. - - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1 + - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 1 defense-in-depth, 1 rejected, 9 not applicable. * Implementation notes - - In 28.11.0 we introduced node.getRootNode because some websites - would fail with an error if this function was not present. - Unfortunately, this caused problems with other sites that (incorrectly) - assume Google WebComponents are available when this utility function is - present (feature detection gone wrong). While it is considered by some - to be part of the Google WebComponents implementation, it actually has - utility value outside of that use. Because of the problems caused, - we've added a preference and disabled it by default, fixing these kinds + - In 28.11.0 we introduced node.getRootNode because some websites + would fail with an error if this function was not present. + Unfortunately, this caused problems with other sites that (incorrectly) + assume Google WebComponents are available when this utility function is + present (feature detection gone wrong). While it is considered by some + to be part of the Google WebComponents implementation, it actually has + utility value outside of that use. Because of the problems caused, + we've added a preference and disabled it by default, fixing these kinds of websites. - - When needed, you can re-enable this function with + - When needed, you can re-enable this function with dom.getRootNode.enabled - - This should improve web compatibility by default yet still allow - users to enable this function for websites that use its utility but do + - This should improve web compatibility by default yet still allow + users to enable this function for websites that use its utility but do not use WebComponents. -- Ben Stack <bgstack15@gmail.com> Fri, 04 Sep 2020 19:50:02 -0400 |