summaryrefslogtreecommitdiff
path: root/newmoon/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'newmoon/debian/changelog')
-rw-r--r--newmoon/debian/changelog72
1 files changed, 72 insertions, 0 deletions
diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog
index 7918cc9..cb52d58 100644
--- a/newmoon/debian/changelog
+++ b/newmoon/debian/changelog
@@ -1,3 +1,75 @@
+newmoon (33.0.0-1+stackrpms) obs; urgency=medium
+
+ * Upstream updates
+ * Implemented a restricted version of the asynchronous clipboard API
+ (navigator.clipboard). This API is restricted to writing only for
+ obvious security considerations. It supports both plaintext and the
+ standard DataTransfer methods. We did not implement the reinvented
+ wheel concept of ClipboardItem objects.
+ * Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for
+ OCSP stapled responses.
+ * Implemented an option (Found in Preferences -> Content -> Media tab
+ (new this version)) to restrict DOM full-screen mode to the existing
+ browser window.
+ * Implemented several options in a new preferences tab (Preference ->
+ Privacy -> Tracking) to allow users to more easily control several
+ privacy-impacting features, namely poisoning of canvas data (to prevent
+ fingerprinting), and enabling of Performance observers (a developer
+ feature) that some websites rely on for their operation.
+ * Implemented PromiseRejectionEvent. Although this is rarely actually
+ used, some common JS libraries (you know who you are!) use it as a
+ feature level canary and start loading (broken!) Promise shims if it is
+ not found, causing compatibility issues and broken websites due to the
+ shims.
+ * Fixes:
+ * Aligned microtasks and Promises scheduling with the current spec and
+ expected behavior.
+ * We now no longer send click events to top levels of the document
+ hierarchy when using non-primary buttons (use auxclick, instead, to
+ capture these events).
+ * Greatly improved the performance of box shadows.
+ * Greatly improved the performance of file/data uploads over HTTP/2
+ (most of the secure websites out there).
+ * Fixed several issues related to focus and content selection.
+ * Fixed issues with the use of focus-within caused by unexpected
+ processing of DOM events.
+ * Fixed an issue with CSP not behaving as-expected when using
+ importScripts(), and fixed a number of additional CSP-related issues.
+ * Fixed a web compatibility issue with CORS preflights not sending the
+ original request's referrer policy or referrer header.
+ * Fixed a spec compliance issue with StructuredClone.
+ * Fixed a crash due to clamping code introduced for SetInterval and
+ SetTimeout timers.
+ * Fixed crashes when dynamic imports are canceled (e.g. by navigation).
+ * Other changes:
+ * Changed <input type=file> to now have its .files property be writable
+ following a spec change and recommendation.
+ * We are now requiring and building against the C++17 language standard.
+ * Updated the in-tree ffvpx lib to 6.0.
+ * Added a preference to allow users to completely disable reporting of
+ CSP errors to webmasters. Using this is strongly discouraged as it will
+ provide essential troubleshooting information to webmasters setting up
+ CSP, and does not pose a privacy issue, but for those who really want
+ it, it can now be fully disabled. The preference is
+ security.csp.reporting.enabled.
+ * Updated the IntersectionObserver interface to now also accept
+ documents for the observer root instead of only HTML elements.
+ * Cleaned up various bits of code surrounding GMP, memory allocation,
+ system libraries, vestigial Android code, freetype2 and developer tools.
+ * Improved efficiency of handling D3D textures.
+ * Added initial and experimental Mac PowerPC and Big Endian support.
+ * Changed the behavior of hung scripts. We now automatically terminate
+ them instead of presenting the user with a dialog box (which may or may
+ not show in a reasonable time if the browser is too busy trying to
+ process the hung script). If you prefer the old behavior, uncheck the
+ box "Automatically stop non-responsive scripts" in Preferences ->
+ Content -> General
+ * Security issues addressed: CVE-2024-0746, CVE-2024-0741,
+ CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
+ * UXP Mozilla security patch summary: 3 fixed, 2 DiD, 12 not applicable.
+
+ -- B. Stack <bgstack15@gmail.com> Thu, 08 Feb 2024 22:46:46 -0500
+
newmoon (32.5.2-1+stackrpms) obs; urgency=medium
* Bugfix and security update:
bgstack15