From 15c7d5d782952088bc79cb1f4494f4aef9c780eb Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Tue, 22 Nov 2022 10:06:26 -0500 Subject: nm 31.4.0 rc1 --- newmoon/_service | 2 +- newmoon/debian/changelog | 156 ++++++++++++++++++++++++++++---------- newmoon/debian/newmoon+devuan.dsc | 2 +- newmoon/newmoon.spec | 7 +- 4 files changed, 122 insertions(+), 45 deletions(-) (limited to 'newmoon') diff --git a/newmoon/_service b/newmoon/_service index 56c278b..325e811 100644 --- a/newmoon/_service +++ b/newmoon/_service @@ -14,7 +14,7 @@ git https://repo.palemoon.org/MoonchildProductions/Pale-Moon.git - 31.3.1_Release + 31.4.0_Release _none_ enable diff --git a/newmoon/debian/changelog b/newmoon/debian/changelog index d5aea84..1b3b7ee 100644 --- a/newmoon/debian/changelog +++ b/newmoon/debian/changelog @@ -1,45 +1,119 @@ +newmoon (31.4.0-1) obs; urgency=medium + + * Upstream updates + * Added support for the JPEG-XL image format. + * Implemented regular expressions lookaround/lookbehind. + * Aligned CORS header parsing with the updated spec. See implementation + notes. + * We no longer fire keypress events for non-printable keys. See + implementation notes. + * Added support for MacOS 13 "Ventura" in the platform, primarily + benefitting White Star. + * Fixed potentially problematic thread locking code on *nix platforms. + * Fixed some small issues in the display and operation of the Web + Developer tools. + * Removed unused but performance-impacting panning and tab animation + measuring code. (telemetry leftovers) + * Improved code for SunOS builds. + * Updated Internationalization data for time zones. + * Fixed a buffer overflow for Mac builds. + * Security issues addressed: CVE-2022-45411 and potential issues + without a CVE number. + * UXP Mozilla security patch summary: 2 fixed, 1 DiD, 1 deferred, 25 + not applicable. + + -- B. Stack Tue, 22 Nov 2022 10:03:10 -0500 + newmoon (31.3.1-1) obs; urgency=medium - * No release notes from upstream + * Upstream updates + * Added detection suport for the newly-released MacOS 13 (Ventura). + * Fixed a potential heap Use-After-Free risk in Expat. (CVE-2022-40674) + DiD + * Fixed potentially undefined behavior in our thread locking code. DiD + * Fixed a potentially exploitable crash in the refresh driver. + * Fixed potentially undefined behavior when base-64 decoding. DiD + * Implemented a texture size cap for WebGL to prevent potential issues + with some graphics drivers. DiD + * Updated site-specific overrides to address issues with ZoHo. + * UXP Mozilla security patch summary: 1 fixed, 2 DiD, 6 not applicable. -- B. Stack Tue, 01 Nov 2022 14:09:10 -0400 +newmoon (31.3.0-1) UNRELEASED; urgency=low + + * Upstream updates + * Implemented .at(index) JavaScript method on built-in indexables + (Array, String, TypedArray). + * Implemented the use of EventSource in workers. + * Enabled the sending of the Origin: header by default on same-origin + requests. + * Changed how Pale Moon is built. We are now using Visual Studio 2022 + on Windows, and have made build system changes to reduce build times + and pressure on the linker on all platforms. + * Changed how Pale Moon handles standalone wave audio files (.wav). See + implementation notes. + * Improved string normalization. + * Updated the handling of CSS "supports" to now accept unparenthesized + strings (spec update). + * Updated the handling of flex containers in web pages for web + compatibility. + * Fixed various issues when building for Mac OS X. + * Fixed various C++ standard conformance issues in the source code. + * Fixed several issues building on SunOS and Linux with various + configurations and gcc versions. + * Fixed an issue with regular expressions' dotAll syntax and usage. See + implementation notes. + * Switched custom hash map to std::unordered_map where prudent. + * Cleaned up and updated IPC thread locking code. + * Removed spacing for accessibility focus rings in form controls to + align styling of them with expected metrics. + * Removed the unnecessary control module for building with non-standard + configurations of the platform. + * Removed the -moz prefix from min-content and max-content CSS keywords + where it was still in use. + * Security fixes: CVE-2022-40956 and CVE-2022-40958. + * UXP Mozilla security patch summary: 2 fixed, 11 not applicable. + + + -- B. Stack Tue, 01 Nov 2022 14:09:09 -0400 + newmoon (31.2.0-1) obs; urgency=medium * Changes/fixes: * Implemented CSS white-space: break-spaces for web compatibility. * Implemented Intl.RelativeTimeFormat for web compatibility. - * Implemented "Origin header CSRF mitigation". This is still disabled + * Implemented "Origin header CSRF mitigation". This is still disabled by default to investigate potential issues with CloudFlare-backed sites. * Implemented support for async generator methods in JavaScript. - * Added preliminary support for building on Apple Silicon like M1/M2 + * Added preliminary support for building on Apple Silicon like M1/M2 SoC. * Added support for building with Visual Studio 2022. * Improved the handling of CSS "sticky" elements in tables. * Improved stack size limits on all platforms. See implementation notes. - * Updated function.toString handling to align with the updated + * Updated function.toString handling to align with the updated JavaScript spec. This should improve web compatibility. - * Updated Unicode support to Unicode v11, and updated the ICU library + * Updated Unicode support to Unicode v11, and updated the ICU library accordingly. Building without ICU is no longer supported. - * Updated many in-tree third-party libraries to pick up various + * Updated many in-tree third-party libraries to pick up various performance and stability improvements. - * Updated site-specific user-agent overrides to work around issues with + * Updated site-specific user-agent overrides to work around issues with Google fonts, Citi bank (again!) and MeWe. - * Removed some leftover (and unused) telemetry code in the platform and + * Removed some leftover (and unused) telemetry code in the platform and front-end. * Fixed an issue with VP9 video playback on Windows on some systems. - * Fixed an issue with the add-ons manager not properly handling empty + * Fixed an issue with the add-ons manager not properly handling empty update URLs. - * Fixed a major performance regression on *nix based systems due to + * Fixed a major performance regression on *nix based systems due to incorrect thread handling. * Fixed volume handling when building with the sndio audio back-end. - * Pale Moon no longer applies content security policies to documents - that are explicitly loaded as data documents or to images. See + * Pale Moon no longer applies content security policies to documents + that are explicitly loaded as data documents or to images. See implementation notes. - * Cleaned up some unnecessary code from the source tree for unused - build back-ends, Firefox marketplace "apps", and the rather ridiculous + * Cleaned up some unnecessary code from the source tree for unused + build back-ends, Firefox marketplace "apps", and the rather ridiculous moz://a protocol handler. - * Updated NSS to 3.52.8 to pick up several defense-in-depth security + * Updated NSS to 3.52.8 to pick up several defense-in-depth security fixes. * UXP Mozilla security patch summary: 3 DiD, 12 not applicable. @@ -48,18 +122,18 @@ newmoon (31.2.0-1) obs; urgency=medium newmoon (31.1.1-1) obs; urgency=medium * Changes/fixes: - * Updated the list of blocked external protocol handlers to combat + * Updated the list of blocked external protocol handlers to combat abuse of OS-supplied services on Windows. - * Fixed a potential issue with revoked site certificates when + * Fixed a potential issue with revoked site certificates when connecting through a proxy. * Updated NSS to 3.52.7 to pick up some security fixes. - * Updated site-specific user agent overrides to work around bad + * Updated site-specific user agent overrides to work around bad sniffing practices of dropbox and vimeo. - * Security issues addressed: CVE-2022-34478, CVE-2022-34476, - CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473 - DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE + * Security issues addressed: CVE-2022-34478, CVE-2022-34476, + CVE-2022-34480 DiD, CVE-2022-34472, CVE-2022-34475 DiD, CVE-2022-34473 + DiD, CVE-2022-34481 and a memory safety issue that doesn't have a CVE number. - * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11 + * UXP Mozilla security patch summary: 4 fixed, 4 DiD, 2 rejected, 11 not applicable. -- B. Stack Mon, 11 Jul 2022 11:34:11 -0400 @@ -67,41 +141,41 @@ newmoon (31.1.1-1) obs; urgency=medium newmoon (31.1.0-1) UNRELEASED; urgency=medium * Changes/fixes: - * Added Mojeek as an additional search engine in the browser. See + * Added Mojeek as an additional search engine in the browser. See implementation notes. - * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for + * Implemented "nullish coalescing operator" (thanks, FranklinDM!) for web compatibility. * Fixed various crash scenarios in XPCOM. - * Fixed an important stability and performance issue related to + * Fixed an important stability and performance issue related to hardware acceleration. - * Fixed a long-standing issue where overly-long address bar tooltips - wouldn't break into multiple lines but instead cut off on the right + * Fixed a long-standing issue where overly-long address bar tooltips + wouldn't break into multiple lines but instead cut off on the right side. - * Fixed a long-standing issue where dynamic datalist updates for + * Fixed a long-standing issue where dynamic datalist updates for . See implementation + * Enabled the date picker for . See implementation notes. * Re-enabled the use of FIPS mode for NSS. See implementation notes. - * Improved memory handling and memory safety in the JavaScript engine, + * Improved memory handling and memory safety in the JavaScript engine, further reducing current and future crash scenarios. * Improved memory handling in the graphics subsystem of Goanna. * Updated FFvpx to v4.2.7 - * Slightly reduced strictness of media checking for improved - compatibility with questionable "gif" video encoders used on major + * Slightly reduced strictness of media checking for improved + compatibility with questionable "gif" video encoders used on major websites. - * Cleaned up the way file pickers (file open/save/save as dialogs) are + * Cleaned up the way file pickers (file open/save/save as dialogs) are handled on Windows. - * Restored the gMultiProcessBrowser property of the browser for Firefox + * Restored the gMultiProcessBrowser property of the browser for Firefox extension compatibility. See implementation notes. - * Improved the way data is transferred to and from canvases to prevent + * Improved the way data is transferred to and from canvases to prevent memory safety issues. * Updated NSS to 3.52.6 to address security issues. - * Reduced blocking severity for some extensions that were marked hard + * Reduced blocking severity for some extensions that were marked hard blockers for GRE (but aren't for UXP). - * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other + * Security issues addressed: CVE-2022-31739, CVE-2022-31741, and other security issues that do not have a CVE number. * UXP Mozilla security patch summary: 2 fixed, 1 DiD, 26 not applicable. @@ -168,13 +242,13 @@ newmoon (29.4.4-1+devuan) obs; urgency=medium * Fixed an issue in JavaScript serialization. DiD * Fixed a potential out-of-bounds issue in IndexedDB. DiD * Fixed a potential issue in widget data handling code. DiD - * Fixed potentially exploitable crashes in handling truncated/corrupt + * Fixed potentially exploitable crashes in handling truncated/corrupt media files or streams. * Fixed an issue in the DOM FileReader code. * Updated NSS to 3.52.3 to address a security issue. - * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741, + * Fixed the following security issues: CVE-2022-22736, CVE-2022-22741, CVE-2021-4140, CVE-2022-22746, CVE-2022-22744 and CVE-2022-22747. - * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD, + * Unified XUL Platform Mozilla Security Patch Summary: 8 fixed, 4 DiD, 17 not applicable. -- B. Stack Thu, 20 Jan 2022 14:02:40 -0500 diff --git a/newmoon/debian/newmoon+devuan.dsc b/newmoon/debian/newmoon+devuan.dsc index 2302d5e..6bee354 100644 --- a/newmoon/debian/newmoon+devuan.dsc +++ b/newmoon/debian/newmoon+devuan.dsc @@ -2,7 +2,7 @@ Format: 3.0 (quilt) Source: newmoon Binary: newmoon Architecture: any -Version: 31.2.0-1+devuan +Version: 31.4.0-1+devuan Maintainer: B. Stack Homepage: http://www.palemoon.org/ Standards-Version: 4.1.4 diff --git a/newmoon/newmoon.spec b/newmoon/newmoon.spec index 9865547..969cd1b 100644 --- a/newmoon/newmoon.spec +++ b/newmoon/newmoon.spec @@ -4,7 +4,7 @@ %global stackrpms_custom 1 # derive from inside the source tree or from https://repo.palemoon.org/MoonchildProductions/Pale-Moon/releases # git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}' -%global submodule_platform_tag RB_20221101 +%global submodule_platform_tag RB_20221122 %global badname palemoon %global git_commit db5ee3c1968212742b4ed8b9883069ea7b03f0e1 %global tarballdir pale-moon @@ -44,7 +44,7 @@ Name: newmoon Name: newmoon %endif Summary: Newmoon web browser -Version: 31.3.1 +Version: 31.4.0 Release: 1 Group: Networking/Web @@ -300,6 +300,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & : %doc AUTHORS LICENSE %changelog +* Tue Nov 22 2022 B. Stack - 31.4.0-1 +- update version + * Tue Nov 11 2022 B. Stack - 31.3.1-1 - update version -- cgit