summaryrefslogtreecommitdiff
path: root/palemoon/debian/changelog
diff options
context:
space:
mode:
Diffstat (limited to 'palemoon/debian/changelog')
-rw-r--r--palemoon/debian/changelog81
1 files changed, 68 insertions, 13 deletions
diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 192aad6..0d57595 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,58 @@
+palemoon (28.11.0-1+devuan) obs; urgency=medium
+
+ * This is a development, bugfix and security update.
+ - Changed storage format for certificates and passwords to SQLite.
+ - Added a preference (browser.tabs.insertAllAfterCurrent) to enable
+ always adding new tabs after the current tab, whether related or not.
+ - Changed the way Firefox extensions are displayed in the add-on
+ manager (provide a clear warning).
+ - Denied other types of add-ons that aren't explicitly targeting
+ Pale Moon's ID.
+ - Improved the browser's DPI-awareness to be per-monitor instead of
+ system-wide, on supported Windows operating systems.
+ - Updated bookmark backups code with the other half of what should
+ have been done way back when, so they work fully as-intended.
+ - Added a preference
+ (browser.bookmarks.editDialog.showForNewBookmarks) to enable
+ immediately showing the edit dialog for new bookmarks.
+ - If set to true, clicking the star in the address bar will pop
+ open the edit dialog immediately for changing details/sorting.
+ - Fixed the useragent string in native mode, and updated UA code to
+ properly respond to live changes to some preferences.
+ - Tidied up front-end browser JavaScript.
+ - Changed the way sources are compiled (on-going de-unification).
+ - Improved compatibility with gcc v10
+ - Removed support for the obsolete and unmaintained NVidia 3DVision
+ stereoscopic interface.
+ - Fixed some build issues in non-standard configurations.
+ - Fixed wrong positions when calculating the position for
+ position:absolute child inside a table.
+ - Aligned file name extension of saved url files with other
+ applications (lower case)
+ - Fixed building with --disable-webspeech (to disable speech
+ synthesis)
+ - Added global menubar support for GTK.
+ - Implemented node.getRootNode
+ - Implemented AbortController (Abort API)
+ - Improved the uninstaller to use elevation when prudent and
+ actually remove program files.
+ - Fixed a rare issue with editable page content.
+ - Fixed a crash related to ES module scripts.
+ - Aligned ES module scripting better with the current spec and
+ removed eager instantiation.
+ - Fixed a potential issue with the JPEG encoder. (CVE-2020-12422)
+ DiD
+ - Fixed a potential issue with AppCache manifests. DiD
+ - Fixed a potential crash in JavaScript date parsing.
+ - Fixed a problem with RSA key generation that would make it
+ potentially vulnerable to side-channel attacks. (CVE-2020-12402)
+ - Fixed a potential crash due to multithread race condition. DiD
+ - Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD
+ - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4
+ defense-in-depth, 10 not applicable.
+
+ -- Ben Stack <bgstack15@gmail.com> Tue, 14 Jul 2020 14:28:53 -0400
+
palemoon (28.10.0-1+devuan) obs; urgency=medium
* This is a development, bugfix and security update.
@@ -755,7 +810,7 @@ palemoon (28.1.0~repack-1) obs; urgency=medium
- Fixed toolbar styling in toolkit themes.
- Fixed viewing the source of a selection.
- * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and
+ * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and
recent Ubuntus where gcc-8 is default.
-- Steven Pusser <stevep@mxlinux.org> Mon, 17 Sep 2018 19:05:20 -0700
@@ -834,8 +889,8 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
- Prevented various location-based threats. DiD
- Fixed a potential vulnerability with plugins being redirected to different
origins (CVE-2018-12364).
- - Improved the security check for launching executable files
- (by association) on Windows from the browser. For users who have (most
+ - Improved the security check for launching executable files
+ (by association) on Windows from the browser. For users who have (most
likely accidentally) granted a system-wide waiver for opening these kinds
of files without being prompted, this permission has been reset.
- Fixed an issue with invalid qcms transforms (CVE-2018-12366).
@@ -852,13 +907,13 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium
* New upstream security update:
-
+
- Changes/fixes:
- - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to
- that report, the libopus maintainers state they don't believe remote
+ - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to
+ that report, the libopus maintainers state they don't believe remote
code execution was possible, so this was not a critical patch.
- Fixed an issue with task counting in JS GC.
- - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks
+ - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks
to Berk Cem Göksel for reporting).
-- Steven Pusser <stevep@mxlinux.org> Tue, 12 Jun 2018 11:12:06 -0700
@@ -871,18 +926,18 @@ palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium
- We changed the language strings for softblocked items so people will cry
less when we do our job.
- (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
- - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly
- rendering some Unicode characters, allowing for the file name to be
- spoofed. This could be used to obscure the file extension of potentially
+ - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly
+ rendering some Unicode characters, allowing for the file name to be
+ spoofed. This could be used to obscure the file extension of potentially
executable files from user view in the panel.
- (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a
buffer overflow and crash if it occurs.
- - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia
+ - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia
library resulting in possible out-of-bounds writes.
- (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
attributes during SVG animations with clip paths.
- - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
- conversion within JavaScript with extremely large amounts of data. This
+ - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string
+ conversion within JavaScript with extremely large amounts of data. This
vulnerability requires the use of a malicious or vulnerable extension in
order to occur.
- Fixed several stability issues (crashes) and memory safety hazards.
bgstack15