1 files changed, 68 insertions, 13 deletions
diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 192aad6..0d57595 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,58 @@
+palemoon (28.11.0-1+devuan) obs; urgency=medium
+
+  * This is a development, bugfix and security update.
+    - Changed storage format for certificates and passwords to SQLite.
+    - Added a preference (browser.tabs.insertAllAfterCurrent) to enable
+      always adding new tabs after the current tab, whether related or not.
+    - Changed the way Firefox extensions are displayed in the add-on
+      manager (provide a clear warning).
+    - Denied other types of add-ons that aren't explicitly targeting
+      Pale Moon's ID.
+    - Improved the browser's DPI-awareness to be per-monitor instead of
+      system-wide, on supported Windows operating systems.
+    - Updated bookmark backups code with the other half of what should
+      have been done way back when, so they work fully as-intended.
+    - Added a preference
+      (browser.bookmarks.editDialog.showForNewBookmarks) to enable
+      immediately showing the edit dialog for new bookmarks.
+    - If set to true, clicking the star in the address bar will pop
+      open the edit dialog immediately for changing details/sorting.
+    - Fixed the useragent string in native mode, and updated UA code to
+      properly respond to live changes to some preferences.
+    - Tidied up front-end browser JavaScript.
+    - Changed the way sources are compiled (on-going de-unification).
+    - Improved compatibility with gcc v10
+    - Removed support for the obsolete and unmaintained NVidia 3DVision
+      stereoscopic interface.
+    - Fixed some build issues in non-standard configurations.
+    - Fixed wrong positions when calculating the position for
+      position:absolute child inside a table.
+    - Aligned file name extension of saved url files with other
+      applications (lower case)
+    - Fixed building with --disable-webspeech (to disable speech
+      synthesis)
+    - Added global menubar support for GTK.
+    - Implemented node.getRootNode
+    - Implemented AbortController (Abort API)
+    - Improved the uninstaller to use elevation when prudent and
+      actually remove program files.
+    - Fixed a rare issue with editable page content.
+    - Fixed a crash related to ES module scripts.
+    - Aligned ES module scripting better with the current spec and
+      removed eager instantiation.
+    - Fixed a potential issue with the JPEG encoder. (CVE-2020-12422)
+      DiD
+    - Fixed a potential issue with AppCache manifests. DiD
+    - Fixed a potential crash in JavaScript date parsing.
+    - Fixed a problem with RSA key generation that would make it
+      potentially vulnerable to side-channel attacks. (CVE-2020-12402)
+    - Fixed a potential crash due to multithread race condition. DiD
+    - Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
+    - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4
+      defense-in-depth, 10 not applicable.
+
+ -- Ben Stack <bgstack15@gmail.com>  Tue, 14 Jul 2020 14:28:53 -0400
+
 palemoon (28.10.0-1+devuan) obs; urgency=medium
 
   * This is a development, bugfix and security update.
@@ -755,7 +810,7 @@ palemoon (28.1.0~repack-1) obs; urgency=medium
     - Fixed toolbar styling in toolkit themes.
     - Fixed viewing the source of a selection.
 
-  * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and 
+  * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and
     recent Ubuntus where gcc-8 is default.
 
  -- Steven Pusser <stevep@mxlinux.org>  Mon, 17 Sep 2018 19:05:20 -0700
@@ -834,8 +889,8 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
     - Prevented various location-based threats. DiD
     - Fixed a potential vulnerability with plugins being redirected to different
       origins (CVE-2018-12364).
-    - Improved the security check for launching executable files 
-      (by association) on Windows from the browser. For users who have (most 
+    - Improved the security check for launching executable files
+      (by association) on Windows from the browser. For users who have (most
       likely accidentally) granted a system-wide waiver for opening these kinds
       of files without being prompted, this permission has been reset.
     - Fixed an issue with invalid qcms transforms (CVE-2018-12366).
@@ -852,13 +907,13 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
 palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium
 
   * New upstream security update:
-  
+
     - Changes/fixes:
-      - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to 
-        that report, the libopus maintainers state they don't believe remote 
+      - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to
+        that report, the libopus maintainers state they don't believe remote
         code execution was possible, so this was not a critical patch.
       - Fixed an issue with task counting in JS GC.
-      - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks 
+      - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks
         to Berk Cem Göksel for reporting).
 
  -- Steven Pusser <stevep@mxlinux.org>  Tue, 12 Jun 2018 11:12:06 -0700
@@ -871,18 +926,18 @@ palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium
       - We changed the language strings for softblocked items so people will cry
         less when we do our job.
       - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
-      - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly 
-        rendering some Unicode characters, allowing for the file name to be 
-        spoofed. This could be used to obscure the file extension of potentially 
+      - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly
+        rendering some Unicode characters, allowing for the file name to be
+        spoofed. This could be used to obscure the file extension of potentially
         executable files from user view in the panel.
       - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a
         buffer overflow and crash if it occurs.
-      - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia 
+      - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia
         library resulting in possible out-of-bounds writes.
       - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
         attributes during SVG animations with clip paths.
-      - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string 
-        conversion within JavaScript with extremely large amounts of data. This 
+      - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
+        conversion within JavaScript with extremely large amounts of data. This
         vulnerability requires the use of a malicious or vulnerable extension in
         order to occur.
       - Fixed several stability issues (crashes) and memory safety hazards.