From f2c987d757e86c9575138cb550e7ee99b7f6efcb Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Thu, 8 Feb 2024 22:47:26 -0500 Subject: nm 33.0.0 rc1 --- newmoon/debian/changelog | 72 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) (limited to 'newmoon/debian/changelog') diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog index 7918cc9..cb52d58 100644 --- a/newmoon/debian/changelog +++ b/newmoon/debian/changelog @@ -1,3 +1,75 @@ +newmoon (33.0.0-1+stackrpms) obs; urgency=medium + + * Upstream updates + * Implemented a restricted version of the asynchronous clipboard API + (navigator.clipboard). This API is restricted to writing only for + obvious security considerations. It supports both plaintext and the + standard DataTransfer methods. We did not implement the reinvented + wheel concept of ClipboardItem objects. + * Implemented support for SHA-2 (SHA-256/SHA-512/etc.) signatures for + OCSP stapled responses. + * Implemented an option (Found in Preferences -> Content -> Media tab + (new this version)) to restrict DOM full-screen mode to the existing + browser window. + * Implemented several options in a new preferences tab (Preference -> + Privacy -> Tracking) to allow users to more easily control several + privacy-impacting features, namely poisoning of canvas data (to prevent + fingerprinting), and enabling of Performance observers (a developer + feature) that some websites rely on for their operation. + * Implemented PromiseRejectionEvent. Although this is rarely actually + used, some common JS libraries (you know who you are!) use it as a + feature level canary and start loading (broken!) Promise shims if it is + not found, causing compatibility issues and broken websites due to the + shims. + * Fixes: + * Aligned microtasks and Promises scheduling with the current spec and + expected behavior. + * We now no longer send click events to top levels of the document + hierarchy when using non-primary buttons (use auxclick, instead, to + capture these events). + * Greatly improved the performance of box shadows. + * Greatly improved the performance of file/data uploads over HTTP/2 + (most of the secure websites out there). + * Fixed several issues related to focus and content selection. + * Fixed issues with the use of focus-within caused by unexpected + processing of DOM events. + * Fixed an issue with CSP not behaving as-expected when using + importScripts(), and fixed a number of additional CSP-related issues. + * Fixed a web compatibility issue with CORS preflights not sending the + original request's referrer policy or referrer header. + * Fixed a spec compliance issue with StructuredClone. + * Fixed a crash due to clamping code introduced for SetInterval and + SetTimeout timers. + * Fixed crashes when dynamic imports are canceled (e.g. by navigation). + * Other changes: + * Changed to now have its .files property be writable + following a spec change and recommendation. + * We are now requiring and building against the C++17 language standard. + * Updated the in-tree ffvpx lib to 6.0. + * Added a preference to allow users to completely disable reporting of + CSP errors to webmasters. Using this is strongly discouraged as it will + provide essential troubleshooting information to webmasters setting up + CSP, and does not pose a privacy issue, but for those who really want + it, it can now be fully disabled. The preference is + security.csp.reporting.enabled. + * Updated the IntersectionObserver interface to now also accept + documents for the observer root instead of only HTML elements. + * Cleaned up various bits of code surrounding GMP, memory allocation, + system libraries, vestigial Android code, freetype2 and developer tools. + * Improved efficiency of handling D3D textures. + * Added initial and experimental Mac PowerPC and Big Endian support. + * Changed the behavior of hung scripts. We now automatically terminate + them instead of presenting the user with a dialog box (which may or may + not show in a reasonable time if the browser is too busy trying to + process the hung script). If you prefer the old behavior, uncheck the + box "Automatically stop non-responsive scripts" in Preferences -> + Content -> General + * Security issues addressed: CVE-2024-0746, CVE-2024-0741, + CVE-2024-0743 DiD, CVE-2024-0750 DiD, and CVE-2024-0753. + * UXP Mozilla security patch summary: 3 fixed, 2 DiD, 12 not applicable. + + -- B. Stack Thu, 08 Feb 2024 22:46:46 -0500 + newmoon (32.5.2-1+stackrpms) obs; urgency=medium * Bugfix and security update: -- cgit