1 files changed, 72 insertions, 0 deletions

diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog
index 7918cc9..cb52d58 100644
--- a/newmoon/debian/changelog
+++ b/newmoon/debian/changelog
@@ -1,3 +1,75 @@
+newmoon (33.0.0-1+stackrpms) obs; urgency=medium
+
+  * Upstream updates
+    * Implemented a restricted version of the asynchronous clipboard API
+      (navigator.clipboard). This API is restricted to writing only for
+      obvious security considerations. It supports both plaintext and the
+      standard DataTransfer methods. We did not implement the reinvented
+      wheel concept of ClipboardItem objects.
+    * Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for
+      OCSP stapled responses.
+    * Implemented an option (Found in Preferences -> Content -> Media tab
+      (new this version)) to restrict DOM full-screen mode to the existing
+      browser window.
+    * Implemented several options in a new preferences tab (Preference ->
+      Privacy -> Tracking) to allow users to more easily control several
+      privacy-impacting features, namely poisoning of canvas data (to prevent
+      fingerprinting), and enabling of Performance observers (a developer
+      feature) that some websites rely on for their operation.
+    * Implemented PromiseRejectionEvent. Although this is rarely actually
+      used, some common JS libraries (you know who you are!) use it as a
+      feature level canary and start loading (broken!) Promise shims if it is
+      not found, causing compatibility issues and broken websites due to the
+      shims.
+  * Fixes:
+    * Aligned microtasks and Promises scheduling with the current spec and
+      expected behavior.
+    * We now no longer send click events to top levels of the document
+      hierarchy when using non-primary buttons (use auxclick, instead, to
+      capture these events).
+    * Greatly improved the performance of box shadows.
+    * Greatly improved the performance of file/data uploads over HTTP/2
+      (most of the secure websites out there).
+    * Fixed several issues related to focus and content selection.
+    * Fixed issues with the use of focus-within caused by unexpected
+      processing of DOM events.
+    * Fixed an issue with CSP not behaving as-expected when using
+      importScripts(), and fixed a number of additional CSP-related issues.
+    * Fixed a web compatibility issue with CORS preflights not sending the
+      original request's referrer policy or referrer header.
+    * Fixed a spec compliance issue with StructuredClone.
+    * Fixed a crash due to clamping code introduced for SetInterval and
+      SetTimeout timers.
+    * Fixed crashes when dynamic imports are canceled (e.g. by navigation).
+  * Other changes:
+    * Changed <input type=file> to now have its .files property be writable
+      following a spec change and recommendation.
+    * We are now requiring and building against the C++17 language standard.
+    * Updated the in-tree ffvpx lib to 6.0.
+    * Added a preference to allow users to completely disable reporting of
+      CSP errors to webmasters. Using this is strongly discouraged as it will
+      provide essential troubleshooting information to webmasters setting up
+      CSP, and does not pose a privacy issue, but for those who really want
+      it, it can now be fully disabled. The preference is
+      security.csp.reporting.enabled.
+    * Updated the IntersectionObserver interface to now also accept
+      documents for the observer root instead of only HTML elements.
+    * Cleaned up various bits of code surrounding GMP, memory allocation,
+      system libraries, vestigial Android code, freetype2 and developer tools.
+    * Improved efficiency of handling D3D textures.
+    * Added initial and experimental Mac PowerPC and Big Endian support.
+    * Changed the behavior of hung scripts. We now automatically terminate
+      them instead of presenting the user with a dialog box (which may or may
+      not show in a reasonable time if the browser is too busy trying to
+      process the hung script). If you prefer the old behavior, uncheck the
+      box "Automatically stop non-responsive scripts" in Preferences ->
+      Content -> General
+    * Security issues addressed: CVE-2024-0746, CVE-2024-0741,
+      CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753.
+    * UXP Mozilla security patch summary: 3 fixed, 2 DiD, 12 not applicable.
+
+ -- B. Stack <bgstack15@gmail.com>  Thu, 08 Feb 2024 22:46:46 -0500
+
 newmoon (32.5.2-1+stackrpms) obs; urgency=medium
 
   * Bugfix and security update: