summaryrefslogtreecommitdiff
path: root/palemoon
diff options
context:
space:
mode:
Diffstat (limited to 'palemoon')
-rw-r--r--palemoon/debian/changelog54
-rw-r--r--palemoon/debian/control2
-rw-r--r--palemoon/debian/palemoon_devuan.dsc4
-rw-r--r--palemoon/palemoon.spec7
4 files changed, 62 insertions, 5 deletions
diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
index 0d57595..56054f4 100644
--- a/palemoon/debian/changelog
+++ b/palemoon/debian/changelog
@@ -1,3 +1,57 @@
+palemoon (28.12.0-1+devuan) obs; urgency=medium
+
+ * This is a development, bugfix and security update.
+ - Added controls for WASM to the browser's preferences, and enabled
+ by default.
+ - Enabled various arbitrarily-disabled CSS functions.
+ - Added the use of basic path descriptors (i.e. polygon) to css
+ clip paths.
+ - Implemented multithreaded request signal handling for the Abort
+ API. Please see implementation notes below.
+ - Updated the included US-English dictionary, adding approximately
+ 2500 additional words.
+ - Removed the DOM battery API. This was already disabled for
+ privacy reasons for a long while.
+ - Fixed an erroneous warning displayed on toolkit-only add-ons like
+ supplied dictionaries.
+ - Fixed an issue with the sessionstore tab load preference.
+ - Improved the generation of the names of downloaded files to
+ prevent confusion. (CVE-2020-15658)
+ - Fixed a code issue with base64 encoding of data.
+ - Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656)
+ DiD
+ - Fixed a spec compliance issue with regards to the cross-origin
+ loading of scripts. (CVE-2020-15652)
+ - Improved the loading of a system DLL on Windows, preventing
+ low-risk hijacking potential. (CVE-2020-15657) See implementation notes.
+ - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2
+ defense-in-depth, 15 not applicable.
+ * Implementation notes
+ - In 28.11.0, we introduced the Abort API as new code. The
+ implementation of it still had an issue where especially web workers
+ would not always see the availability of abort signals on fetch
+ requests while AbortSignal was implemented in the browser. This
+ effectively made some websites (especially those using a particular
+ polyfill for the Abort API that would detect the need to polyfill by
+ way of Request.signal) throw errors that were fine before. We offered
+ users a workaround by temporarily disabling the AbortController in the
+ browser by way of a preference (dom.abortController.enabled).
+ - v28.12.0 fixes the multi-threaded handling of signals, which
+ should solve these problems. As such, the workaround is no longer
+ needed and upon upgrade the preference will be reset to enable
+ AbortControllers again.
+ - DLL-hijacking on Windows would only be possible if a malicious
+ actor already either gained administrative access to the program's
+ installation folder or otherwise have unrestricted access to the
+ program folder (by having it installed in local application folders
+ inside the user's profile space or other insecure program locations).
+ In that case the system is already compromised and any executable can
+ be replaced, so having dll loading hijacked would be the least of your
+ concerns (i.e. the main program .exe could also be replaced/infected in
+ that case).
+
+ -- Ben Stack <bgstack15@gmail.com> Wed, 05 Aug 2020 14:43:18 -0400
+
palemoon (28.11.0-1+devuan) obs; urgency=medium
* This is a development, bugfix and security update.
diff --git a/palemoon/debian/control b/palemoon/debian/control
index 862f239..ccb8064 100644
--- a/palemoon/debian/control
+++ b/palemoon/debian/control
@@ -16,7 +16,7 @@ Build-Depends: debhelper (>= 12),
lsb-release,
mesa-common-dev,
pkg-config,
- python (>= 2.7),
+ python2 (>= 2.7.18-2~) | python (>= 2.7),
unzip,
yasm (>= 1.1),
zip,
diff --git a/palemoon/debian/palemoon_devuan.dsc b/palemoon/debian/palemoon_devuan.dsc
index 40684b0..f1fd278 100644
--- a/palemoon/debian/palemoon_devuan.dsc
+++ b/palemoon/debian/palemoon_devuan.dsc
@@ -2,11 +2,11 @@ Format: 3.0 (quilt)
Source: palemoon
Binary: palemoon
Architecture: any
-Version: 28.11.0-1+devuan
+Version: 28.12.0-1+devuan
Maintainer: B Stack <bgstack15@gmail.com>
Homepage: http://www.palemoon.org/
Standards-Version: 4.1.4
-Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip
+Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python2 (>= 2.7.18-2~) | python (>= 2.7), unzip, yasm (>= 1.1), zip
Package-List:
palemoon deb web optional arch=any
Files:
diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec
index b9c7454..87dac14 100644
--- a/palemoon/palemoon.spec
+++ b/palemoon/palemoon.spec
@@ -5,7 +5,7 @@
%global stackrpms_custom 1
# derive from inside the full source tree or from notes at https://github.com/MoonchildProductions/Pale-Moon/releases
# git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}'
-%global submodule_platform_tag RELBASE_20200712
+%global submodule_platform_tag RELBASE_20200730
# additional repos to get python27 and devtoolset-7
# for el6 and el7: Software Collection;, for x86_64 only
@@ -42,7 +42,7 @@ Name: palemoon-stackrpms
Name: palemoon
%endif
Summary: Pale Moon web browser
-Version: 28.11.0
+Version: 28.12.0
Release: 1
Group: Networking/Web
@@ -285,6 +285,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & :
%doc AUTHORS LICENSE
%changelog
+* Wed Aug 05 2020 B Stack <bgstack15@gmail.com> - 28.12.0-1
+- update version
+
* Tue Jul 14 2020 B Stack <bgstack15@gmail.com> - 28.11.0-1
- update version
bgstack15