From 01a9822e17e555568a7f3a8b5b5ad50d5599489f Mon Sep 17 00:00:00 2001
From: B Stack <bgstack15@gmail.com>
Date: Sat, 26 Jan 2019 15:31:03 +0000
Subject: Palemoon dpkg for devuan

---
 palemoon/debian/changelog | 1544 +++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 1544 insertions(+)
 create mode 100644 palemoon/debian/changelog

(limited to 'palemoon/debian/changelog')

diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog
new file mode 100644
index 0000000..6866558
--- /dev/null
+++ b/palemoon/debian/changelog
@@ -0,0 +1,1544 @@
+palemoon (28.3.0-devuan) obs; urgency=medium
+
+  * Initial build for devuan
+
+ -- B Stack <bgstack15@gmail.com>  Wed, 23 Jan 2019 13:11:18 -0500
+
+palemoon (28.3.0+repack-1) obs; urgency=medium
+
+  * Import new 28.3.0 major development and bugfix release:
+    - Added AV1 support for MP4/MSE videos. Please note that this is a reference
+      library implementation and the upstream decoding lib currently has poor
+      performance for higher resolutions (720p+). This is disabled by default;
+      use the about:config preference media.av1.enabled to enable this codec.
+    - Changed the API used for video playback with FFmpeg 58+. This should solve
+      performance issues (dropped frames) with VP8 and VP9.
+    - Redesigned the main toolbar icons as SVG images to make them HiDPI
+      compliant.
+    - Fixed the sync notification (infobar) icon.
+    - Fixed a potential cycle collector resource leak.
+    - Added icons and controls to tabs to indicate if sound is playing the tab
+      and if so, allowing the user to mute it with a click. This is a native
+      implementation of the API in use in Basilisk and performs the same
+      function as the "expose noisy tabs" extension, although the extension may
+      still be preferred by some for e.g. skinning capabilities. The feature may
+      be disabled with browser.tabs.showAudioPlayingIcon.
+    - Removed support for VR hardware.
+    - Fixed out-of-bounds sizes for CSS calculation strings.
+    - Removed the DirectShow component since it is no longer necessary.
+    - Removed Firefox Accounts integration, phase 1:
+      - Changed the Sync client to the one from Tycho.
+      - Made Sync optional at build time.
+    - Stopped trying to cater to addons.mozilla.org since they no longer offer
+        anything useful to Pale Moon after the Great XUL Extension Purge™.
+    - Added an option to process favicons for optimal sized display and removing
+      animations. Enable this with browser.chrome.favicons.process
+    - Fixed an incorrect preference reference in feed reader.
+    - Fixed an issue with lazy frame construction on display:contents elements.
+      This should solve e.g. the use of mathjax in comments on stackoverflow.
+    - Media code improvements and cleanup (ongoing).
+    - Updated the DropBox useragent override to solve login issues.
+    - Fixed potential crashes due to shutdown observers in VTT and font
+      lists. DiD
+    - Enabled some mistakingly-disabled optimizations in the JS JIT compiler.
+    - Fixed several potential crashes in JS. DiD
+    - Fixed several potential crashes in WebCrypto. DiD
+    - Fixed a potential crash in JS Range Analysis. DiD
+    - Fixed a potential crash in the layout engine due to combo boxes. DiD
+    - Fixed a potential shutdown crash in non-standard environments related to
+      2D Canvas. DiD
+    - Fixed a potential overflow in the PNG writer. DiD
+    - Fixed a potential double-free in the MAR signing utility. DiD
+    - Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).
+    - Updated NSPR to v4.20.
+    - Updated NSS to 3.41, providing (among other things) full compatibility with
+      the final version of TLS 1.3 on websites.
+    - Updated location.protocol to the latest spec.
+    - Updated Intersection Observers to the latest spec and enabled them
+      by default.
+    - Updated the SQLite lib to 3.26.0.
+    - Fixed errors about the login manager's recipeManager not being
+      available (yet).
+    - Switched status bar download arrow to SVG.
+    - Fixed a crash in IntersectionObservers.
+    - Fixed initialization of the Search service from browser code to avoid
+      synchronous init.
+    - Added logging of performance warnings to devtools consoles.
+    - Fixed favicons in taskbar tab preview listings.
+    - Blocked Comodo IS dll < version 6.3 to prevent startup crashes.
+    - Fixed issues in the HTML form submit observer module.
+    - Limited resolving depth of CSS variables to a sane maximum (fixes
+      cras.sh issue).
+    - Removed Mozilla's proprietary constructor on WebAudio's AudioContext,
+      aligning it with the standard specification.
+    - Exposed the previously hidden preference in about:config for page thumbnail
+      generation (some people prefer this for local privacy).
+    - Aligned Element.ScrollIntoView with the DOM specification. This improves,
+      among other things, compatibility with the React framework.
+
+  * Totally revise debian/copyright to conform to Debian Policy.
+  * Install copies of MPL-1.1 and MPL-2 licenses in docs.
+  * Change versioning to "+repack" now that the OBS supports it.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 15 Jan 2019 12:11:18 -0800
+
+palemoon (28.2.2~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream minor security and stablility release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 05 Dec 2018 12:23:18 -0800
+
+palemoon (28.2.1~repack-1~mx17+1) mx; urgency=medium
+
+  * New release; addresses issues with history and bookmarks.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sun, 18 Nov 2018 11:54:00 -0800
+
+palemoon (28.2.0~repack-1) obs; urgency=medium
+
+  * Import new 28.2.0 major development and bugfix release:
+    - Fixed a major performance issue with web workers.
+    - Fixed a rare crash on local networks with HTTP basic auth and unsupported
+      cipher suites.
+    - Fixed a performance/timer issue when leaving the browser idle.
+    - Fixed an issue causing an empty dialog when launching executable files
+      from the browser.
+    - Fixed an issue preventing making entries to disallow sites to store data
+      for off-line use.
+    - Removed code to prevent extensions with binary components.
+    - Fixed an issue with common dialogs being sized incorrectly for their
+      content.
+    - Fixed an issue with event handling on the tab bar that would cause
+      frustrating behavior when trying to open/close tabs in rapid succession.
+    - Switched default behavior for scrolling when a context or pop-up menu is
+      open to allow scrolling, like in v27. This also affects scrolling in very
+      long menus, e.g. bookmarks.
+    - Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
+    - Re-enabled the use and parsing of ICC v4 color profiles.
+    - Removed telemetry code from the caching subsystem.
+    - Improved full-screen detection for suppressing status messages.
+    - Made all arguments passed to Init*Event() optional except the first for
+      parity with other browsers.
+    - Cleaned up some internal installer code.
+    - Fixed making caret width configurable when dealing with CJK characters
+      (regression).
+    - Fixed drawing of table borders consistently when zooming a page
+      (regression).
+    - Exposed the "Save download location per site" pref in about:config.
+    - Improved media handling (ongoing).
+    - Added experimental support for AV1 in WebM videos (disabled by default).
+    - Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g.
+      YouTube) will not (yet) play.
+    - Removed the (defunct and incomplete) in-browser translation code.
+    - Fixed an issue with CSS Grid layouts unnecessarily shrinking element
+      blocks.
+    - Fixed notification settings menu entry (opes about:permissions with
+      relevant data now).
+    - Fixed the launching of an undesirable background content process for
+      capturing page thumbnails.
+    - Fixed a focus issue in the bookmark properties dialog.
+    - Changed the setting for reporting CSS errors to the console to false by
+      default, to prevent unnecessary performance loss for recording this data.
+    - Added control mechanisms for Opportunistic Encryption (both for
+      alternative services and upgrade-insecure-requests) in preferences,
+      and disabled this by default due to potential security and privacy issues
+      with this transitional technology.
+    - Updated the default reported Firefox version in Firefox Compatibility Mode
+      to prevent "too old Firefox" complaints on websites.
+    - Updated libnestegg, ffvpx, reader view components and several other
+      modules from upstream.
+    - Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix
+      for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398,
+      CVE-2018-12392, several Skia bugs, and several crashes and memory safety
+      hazards that do not have a CVE number.
+
+  * debian/mozconfig: enable AV1 decoding.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 12 Nov 2018 09:38:43 -0800
+
+palemoon (28.1.0~repack-1) obs; urgency=medium
+
+  * New upstream release:
+
+    - Updated NSS to 3.38, removed TLS 1.3 draft version check since it's
+      considered final.
+    - Reinstated RC4 as an optional encryption cypher for non-standard
+      environments (e.g. old routing/peripheral networked hardware on LAN). RC4
+      and 3DES are marked weak and disabled, and will never be used in the first
+      handshake with a site, only as last-ditch fallback when specifically
+      enabled (meaning they won't show up on ssllabs' test, for example).
+    - Removed Telemetry accumulation calls, automatic timers and stopwatches.
+      This removes a very noticeable performance sink for all operations on all
+      platforms.
+    - Fixed many occurrences of discouraged types of memory access for primarily
+      GCC 8 compatibility. This improves overall code security as a
+      defense-in-depth measure.
+    - Re-implemented the pref-controlled custom background color for
+      standalone images.
+    - Updated session history handling for internal pages. about:logopage is no
+      longer stored in history, and you can choose to store the QuickDial page in
+      history by setting the pref browser.newtabpage.add_to_session_history to
+      true. This is disabled by default (meaning you can't use the "Back" button
+      to go back to the QuickDial page) as a defense-in-depth security measure.
+    - Added ui.menu.allow_content_scroll to control whether content can be
+      scrolled if a context menu is open.
+    - Fixed incorrect code removal in ipc.
+    - Removed support for TLS session caches in TLSServerSocket.
+    - Added support for local-ref as SVG xlink:href values.
+    - Changed the find bar to be a browser-global toolbar again (like in Pale
+      Moon 27) instead of per-tab. For people who prefer search terms to be
+      saved on a per-tab basis (like with the per-tab findbar previously), this
+      is possible by setting findbar.termPerTab to true. This resolves a number
+      of issues, including styling with lightweight themes not applying to the
+      find bar, and status pop-ups overlapping the find bar.
+    - Ported all relevant security fixes from Mozilla's Gecko/62 release,
+      including CVE-2018-12377 and CVE-2018-12379.
+    - Restored part of the searchplugin API that was removed by Mozilla, so
+      extensions can provide and save edits to installed search engines.
+    - Improved the speed of restoring browsing sessions upon startup.
+    - Fixed the "Restore previous session" button sometimes being missing from
+      about:home, while a restorable session would be present.
+    - Fixed tab previews in the Windows taskbar (if enabled).
+    - Fixed the setting of the new tab page being "My Home Page" so it'll pick up
+      subsequent changes to the home page URL automatically.
+    - Removed the Firefox Accounts migrator from Sync.
+    - Fixed an issue with the enabled state of number controls if appearances
+      changed.
+    - Stopped building ffvpx on 32-bit platforms (except Windows) to use the
+      (faster) system-installed lib instead.
+    - Re-added a horizontal scroll action option for mouse wheel. (regression)
+    - Fixed handling of content language if the locale is changed.
+    - Fixed document navigation with the F6 key.
+    - Fixed toolbar styling in toolkit themes.
+    - Fixed viewing the source of a selection.
+
+  * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and 
+    recent Ubuntus where gcc-8 is default.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 17 Sep 2018 19:05:20 -0700
+
+palemoon (28.0.1~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream release.
+    - Backed out a Mozilla upstream patch causing issues with IPC and texture
+      allocation for the compositor.
+    - Backed out a Mozilla upstream patch causing issues with Javascript memory
+      buffer allocation.
+  * debian/mozconfig: add an option to tune for the number of parallel build
+    threads.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 31 Aug 2018 17:26:11 -0700
+
+palemoon (28.0.0~repack-3) obs; urgency=medium
+
+  * Add libavcodec-ffmpeg56 and libavcodec-ffmpeg-extra56 D for Ubuntu 16.04.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sat, 18 Aug 2018 11:19:45 -0700
+
+palemoon (28.0.0~repack-2) obs; urgency=medium
+
+  * Add alternative libavcodec-extraXX dependencies.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 16 Aug 2018 18:15:14 -0700
+
+palemoon (28.0.0~repack-1) obs; urgency=medium
+
+  * Import final 28.0.0 release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 15 Aug 2018 11:55:12 -0700
+
+palemoon (28.0.0~rc1~repack-2) obs; urgency=medium
+
+  * Depend on a version of libavcodec instead of ffmpeg.
+  * For Buster, build on gcc-7, just to be safe. Restore the lsb-release distro
+    detection setup to rules to enable this, and add the new build-depends. This
+    should no longer be required in 28.1.0.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 14 Aug 2018 12:13:31 -0700
+
+palemoon (28.0.0~rc1~repack-1) obs; urgency=medium
+
+  * New upstream release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sun, 12 Aug 2018 13:28:16 -0700
+
+palemoon (28.0.0~b5~repack-1) obs; urgency=medium
+
+  * Import new beta release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 01 Aug 2018 14:41:07 -0700
+
+palemoon (28.0~b4~repack-1mx17+1) mx; urgency=medium
+
+  * New beta release.
+  * Build with native gcc releases, remove lsb-release as build-depend since it's
+    no longer needed to check for the distrelease.
+  * Add libgconf2-dev and libx11-xcb-dev to build-depends.
+  * Add command to dh_auto_clean override to remove pyc files somehow generated
+    by dh_clean.
+  * Add new options to debian/mozconfig.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sat, 28 Jul 2018 15:06:18 -0700
+
+palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium
+
+  * Import new upstream 27.9.4 release.
+    - Updated the useragent for addons.mozilla.org to work around their "Only
+      with Firefox" discrimination preventing users from downloading themes, old
+      versions of extensions, and other files with Pale Moon.
+    - Restricted web access to the moz-icon:// scheme that could potentially be
+      abused to infringe the user's privacy.
+    - Prevented various location-based threats. DiD
+    - Fixed a potential vulnerability with plugins being redirected to different
+      origins (CVE-2018-12364).
+    - Improved the security check for launching executable files 
+      (by association) on Windows from the browser. For users who have (most 
+      likely accidentally) granted a system-wide waiver for opening these kinds
+      of files without being prompted, this permission has been reset.
+    - Fixed an issue with invalid qcms transforms (CVE-2018-12366).
+    - Fixed a buffer overflow using the computed size of canvas elements
+      (CVE-2018-12359).
+    - Fixed a use-after-free when using focus() (CVE-2018-12360).
+    - Added some sanity checks on nsMozIconURI. DiD
+    - Fixed an issue in the case the preferences file in the profile would not be
+      writable (e.g. temporary permission issues due to backup, virus scanning or
+      similar external processes).
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 11 Jul 2018 13:59:46 -0700
+
+palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream security update:
+  
+    - Changes/fixes:
+      - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to 
+        that report, the libopus maintainers state they don't believe remote 
+        code execution was possible, so this was not a critical patch.
+      - Fixed an issue with task counting in JS GC.
+      - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks 
+        to Berk Cem Göksel for reporting).
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 12 Jun 2018 11:12:06 -0700
+
+palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream security and stability update:
+
+    - Changes/fixes:
+      - We changed the language strings for softblocked items so people will cry
+        less when we do our job.
+      - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10.
+      - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly 
+        rendering some Unicode characters, allowing for the file name to be 
+        spoofed. This could be used to obscure the file extension of potentially 
+        executable files from user view in the panel.
+      - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a
+        buffer overflow and crash if it occurs.
+      - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia 
+        library resulting in possible out-of-bounds writes.
+      - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating
+        attributes during SVG animations with clip paths.
+      - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string 
+        conversion within JavaScript with extremely large amounts of data. This 
+        vulnerability requires the use of a malicious or vulnerable extension in
+        order to occur.
+      - Fixed several stability issues (crashes) and memory safety hazards.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 21 May 2018 11:43:14 -0700
+
+palemoon (27.9.1~repack-1) obs; urgency=medium
+
+  * New upstream maintenance update:
+    - Removed the unused/incomplete places protocol handler.
+    - Worked around an issue with MSE media without a Track ID. This should help
+      with the playability of some live streams.
+    - Ported across jemalloc improvements from UXP.
+    - Ported across cairo mutex improvements from UXP.
+    - Added support for FFmpeg 4.0/libavcodec 58.
+    - Added a fix for Windows 10's "isAlpha()" not being what one would expect
+      in v1803.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 07 May 2018 15:07:33 -0700
+
+palemoon (27.9.0~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream release:
+    - Fixed a number of spec compliance issues in our media subsystem.
+    - Added a trailing slash to referrers when policy is set to fix some web
+      compatibility issues.
+    - Fixed the property order in Object.getOwnPropertyNames(string) and others
+      for web compatibility.
+    - Updated RegExp(RegExp object, flags) to the ES6 standard specification.
+    - Changed the embedded font from the no longer free EmojiOne to the
+      open-licensed Twemoji (with additional fixes). This also further extends
+      unicode support to Unicode 10 emoji(s). Please note that as a result, color
+      emoji(s) will look different than before.
+    - Adjusted some things in our memory allocator code to provide, among other
+      things, better allocation alignment on Windows.
+    - Made the attempt to migrate people from the old sync server domain name to
+      the current one more aggressive. We will be retiring the old
+      pmsync.palemoon.net Sync server address shortly to remove the need for us
+      to maintain a security certificate for it; this preference migration should
+      automatically put everyone on the correct server address when upgrading.
+    - Made reading of the sessionstore synchronous, to speed up startup and
+      prevent the homepage from being loaded when restoring a session.
+    - Added a fix to switch to the correct window/tab when a web notification
+      is clicked.
+    - Changed the placeholder text to not include "Search" when all search
+      functions from the address bar are disabled.
+    - Enabled the use of Skia for canvas on Linux and OSX.
+    - Worked around a potential cause for some non-standard bitmapped fonts
+      ending up with incorrect line heights (I'm looking at you, Noto fonts!).
+    - Added a workaround for incorrectly-encoded JPEG-XR images with planar
+      alpha. Ultimately, the jxrlib reference implementation should be fixed to
+      encode according to spec.
+    - Aligned XCTO:nosniff allowed script MIME types with the updated spec.
+    - Improved the logic for storing vector images in the surface cache.
+    - Fixed character set handling for XMLHttpRequests.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 17 Apr 2018 10:14:19 -0700
+
+palemoon (27.8.3~repack-1) obs; urgency=medium
+
+  * New upstream bugfix update:
+    - This is a small update to solve a pervasive crash in responsive web
+      layouts.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 29 Mar 2018 12:48:14 -0700
+
+palemoon (27.8.2~repack-1) obs; urgency=medium
+
+  * New upstream security update:
+    - Privacy fix: prevented update checks for the default theme.
+    - Added a user-agent override for Dropbox to improve compatibility with
+      their service.
+    - Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
+    - Disabled the Mac OSX Nano allocator. DiD
+    - Fixed (CVE-2018-5129) OOB Write.
+    - Updated the lz4 library to 1.8.0 to solve potential issues. DiD
+    - Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
+    - Fixed several memory safety an synchronicity hazards.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 22 Mar 2018 10:31:24 -0700
+
+palemoon (27.8.1~repack-1) obs; urgency=medium
+
+  * New upstream release:
+    - Backed out the NSPR/NSS update from 27.8.0 for causing crashes, general
+      operational instability and handshake issues.
+    - Disabled TLS 1.3 draft support by default, because with the NSS backout we
+      only support an older draft right now that is no longer current and may
+      cause connectivity issues. You can manually re-enable it at your own risk
+      in about:config by setting security.tls.version.max to 4.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 06 Mar 2018 12:04:10 -0800
+
+palemoon (27.8.0~repack-1) obs; urgency=medium
+
+  * New upstream release:
+    - Added support for emojis on Windows systems that have relatively poor
+      support for them with standard font sets by including our own font
+      (EmojiOne based for now).
+    - Added a setting in preferences to select the use of tab previews with
+      Ctrl+Tab.
+    - Added Eyedropper menu entry to the AppMenu.
+    - Added a preference to control whether the text cursor (caret) should be
+      thicker when dealing with CJK characters or not (default = yes).
+    - Added URL fix-ups for schemes (mis-typed "ttp://" etc.).
+    - Added support for ES6 "Symbol species".
+    - Updated our TLS 1.3 support to the latest (probably final) draft.
+    - Fixed gap inconsistency in the tabstrip.
+    - Fixed a number of browser crashes.
+    - Fixed a crash with the exponentiation operator "**"
+    - Set the performance timer granularity to 1 ms.
+    - Updated the kiss-fft library to our forked 1.4.0 version.
+    - Disabled a potentially problematic optimization on Win 8+ with high
+      contrast themes in use.
+    - Removed the notification bar when in full screen to prevent unwanted
+      visible screen elements.
+    - Removed unmaintained and insecure WebRTC code - building with WebRTC
+      enabled is no longer an option.
+    - Removed redundant checks for "Vista or later" since that is all we support.
+    - Added display of the http status to raw request displays.
+    - Added a workaround for cloned videos not retaining their muted state.
+    - Added a temporary workaround to avoid crashes on trackless media.
+    - Removed some superfluous ellipses from menu labels.
+    - Fixed undesired shrinking of line heights as a result of setting minimum
+      font size in preferences.
+    - Fixed some issues with setting the new tab preference (regression).
+
+  * Add support for building on Debian Buster on gcc-4.9.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 02 Mar 2018 17:38:20 -0800
+
+palemoon (27.7.2~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream release:
+    - Changed the X-Content-Type-Options: nosniff behavior to only check
+      "success" class server responses, for web compatibility reasons.
+    - Changed the perfomance timer resolution once more to a granularity of
+      1 ms, after evaluating more potential ways of abusing Spectre. This
+      takes the most cautious approach possible lacking more information
+      (because apparently NDAs have been signed over this between mainstream
+      players), follows Safari's lead, and should make it not just infeasible
+      but downright impossible to use these timers for nefarious purposes in
+      this context.
+    - Improved the debug-only startup cache wrapper to prevent a rare crash.
+    - Fixed a crash in the XML parser.
+    - Added a check for integer overflow in AesTask::DoCrypto()
+      (CVE-2018-5122) DiD
+    - Fixed a potential race condition in the browser cache.
+    - Fixed a crash in HTML media elements (CVE-2018-5102)
+    - Fixed a crash in XHR using workers.
+    - Fixed a crash with some uncommon FTP operations.
+    - Fixed a potential race condition in the JAR library.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 01 Feb 2018 13:48:26 -0800
+
+palemoon (27.7.1~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream release:
+    - Added support for Array.prototype[@@unscopables].
+      Unfortunately, the addition of Javascript's ES6 Unscopables in 27.7.0 was
+      incomplete, which caused a number of websites (e.g. Chase on-line banking,
+      some Russian government sites) to display blank or not complete loading
+      after updating to that version of the browser. This update should fix the
+      problem by adding the missing part of the feature.
+    - Fixed an issue with the default theme causing tab borders to be drawn too
+      thick at higher settings for visual element scaling (125/150%) in Windows.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 18 Jan 2018 10:03:02 -0800
+
+palemoon (27.7.0~repack-1~mx17+1) mx; urgency=medium
+
+  * New upstream release:
+    - Reorganized access to preferences (moved to the Tools menu on Linux, and
+      renamed from "Options" to "Preferences" on Windows).
+    - Renamed "Restart with add-ons disabled" to "Restart in Safe Mode" to
+      better reflect what it does.
+    - Worked around an issue with some improperly-encoded PNG files not decoding
+      after our libpng update.
+    - Fixed an issue on Mac builds not properly populating the application menu.
+    - Added "My home page" as an option for new tabs.
+    - Added an option to disable the 4th and 5th mouse buttons (Windows).
+    - (mouse.button4.enabled and mouse.button5.enabled, respectively)
+    - Improved the resetting of non-default profiles.
+    - Fixed an issue with details/summary having the incorrect height if floated,
+      breaking layouts.
+    - Implemented support for flex/columnset contents inside buttons to align
+      its behavior with other browsers.
+    - (this should fix layout issues with Twitch's new web interface)
+    - Made several more improvements to the details/summary tags to align them
+      with the current spec and fix several bugs.
+    - Fixed an issue where CSS clone operations would draw a border.
+    - Changed the way fractional border widths are rounded to provide more
+      natural behavior.
+    - Fixed an issue where number inputs would incorrectly be flagged as
+      read-only.
+    - Added assets for tile display in the Windows start panel.
+    - Finished sync infra swapover by adding a one-time pref migration for
+      server used.
+    - Improved WebAudio API: Return the connected audio node from
+      AudioNode.connect()
+    - Added support for a default playback start position in media elements.
+    - Fixed an assert in cubeb-alsa code (Linux).
+    - Added support for media cue-change events (e.g. subtitles).
+    - Updated SQLite to 3.21.0.
+    - Fixed a crash when trying to use the platform embedded.
+    - Fixed devtools (gcli) screenshots on vertical-text pages.
+    - Fixed devtools copy as cURL for POST requests.
+    - Improved the HTML editor component (several bugfixes).
+    - Added support for ES7's exponentiation a ** b operator.
+    - Fixed an issue with arrow functions incorrectly creating an arguments
+      binding.
+    - Added Javascript's ES6 unscopables.
+    Security/privacy fixes:
+    - Disabled automatic filling in of log-in details by default to prevent
+      potential risks of credentials being abused (e.g. for tracking) or stolen.
+    - Added a preference (in the category security) to easily enable or disable
+      automatic filling in of log-in data.
+    - Removed the sending of referrers when opening a link in a new
+      private window.
+    - Added an option to disable the page visibility Web API
+      (dom.visibilityAPI.enabled), allowing users to prevent pages from knowing
+      whether they are being actively displayed to the user or not.
+    - Removed the "ask every time" policy for cookies. For granular control,
+      please use any of the excellent available extensions to regulate cookie use
+      on a per-site or per-url basis.
+    - Added support for X-Content-Type-Options: nosniff (for scripts).
+    - Changed the resolution of performance timers to a level where any future
+      potential abuse for hardware-timing attacks becomes impractical.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 16 Jan 2018 12:02:55 -0800
+
+palemoon (27.6.2~repack-1) obs; urgency=medium
+
+  * Minor security and bugfix release:
+    - Implemented the concept of so-called "cookie-averse document objects",
+      which is a security&privacy measure that blocks certain web content from
+      setting cookies. This mitigates cookie-injection, which might help against
+      "hidden" cookie tracking.
+    - Mitigated some domain name spoofing through IDN by using dotless-i and
+      dotless-j with accents. (CVE-2017-7832)
+    - Pale Moon will display these kinds of spoofed domains in punycode now in
+      the actual address bar. Please note that the identity panel will always be
+      able to help you on secure sites when IDNs are in use to notice potential
+      spoofing, as opposed to relying on detection algorithms in the URL itself.
+      As such, some other issues like CVE-2017-7833 are already mitigated by us.
+    - Fixed an issue with mixed-content blocking. (CVE-2017-7835)
+    - Added an extra check for the correct signature data type on certificates.
+    - Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840)
+    - Fixed several crashes and memory safety hazards.
+  * Bump debhelper build-depend to >= 9.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 29 Nov 2017 12:31:22 -0800
+
+palemoon (27.6.1~repack-1mx15+1) mx; urgency=medium
+
+  * Minor bugfix release:
+    - Fixed a regression with new windows (opening two windows from the
+      command-line or file association, focus issues on new windows, not
+      loading the home page in a new window, etc.)
+    - Aligned XHR with the currect spec to allow withCredentials.
+    - Fixed an input element focus issue within handlers.
+    - Fixed the processing of all-padding HTTP/2 frames to prevent rare
+      HTTP/2 hangups.
+    - Updated CitiBank override to work around their login issues.
+    - Updated Netflix override to a community-supplied one that seems to
+      satisfy their arbitrary restrictions better.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 20 Nov 2017 15:52:34 -0800
+
+palemoon (27.6.0~repack-1) obs; urgency=medium
+
+  * Major development update; changes can be viewed at
+    https://github.com/MoonchildProductions/Pale-Moon/releases.
+  * debian/mozconfig: add vectorization flags for distreleases that support it.
+    Those that don't get the mozconfig without the flags.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 08 Nov 2017 11:10:24 -0800
+
+palemoon (27.5.1~repack-1) obs; urgency=medium
+
+  * Minor bugfix release:
+    - Changed the default Windows 10 styling when no accent color is applied to
+      black-on-white.
+    - Changed the theme styling on Windows 10 when the system window frame is
+      used (menu bar enabled) to use the window manager background directly,
+      preventing visual lag updating the window color when it changes.
+    - Updated user agent overrides for DropBox, YouTube and Yahoo to work around
+      user agent sniffing issues.
+    - Fixed a crash in the media subsystem.
+    - Fixed a regression where video playback hardware acceleration was disabled
+      incorrectly on some systems.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 13 Oct 2017 15:15:01 -0700
+
+palemoon (27.5.0~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream major release, changes can be viewed at
+    https://github.com/MoonchildProductions/Pale-Moon/releases.
+  * Disable updater and installer in mozconfig.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Tue, 26 Sep 2017 18:32:35 -0700
+
+palemoon (27.4.2~repack-1) obs; urgency=medium
+
+  * New upstream bugfix release:
+    - Fixed a number of crashes.
+    - Enabled the opt-in debugging feature to log SSL keys to a file in all
+      builds.
+    - Added a fix for TLS 1.3 handshakes causing a browser hangup.
+    - Handshakes should be considerably faster now and no longer stall in the
+      wrong circumstances.
+    - Updated NSPR to 4.15.
+    - Updated NSS to 3.31.1.
+    - Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783)
+    - Fixed an issue where (cross domain) iframes could break
+      scope (CVE-2017-7787)
+    - Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804)
+    - Fixed an issue with elliptic curve addition in mixed Jacobian-affine
+      coordinates (CVE-2017-7781)
+    - Fixed a UAF in nsImageLoadingContent (CVE-2017-7784)
+    - Fixed a UAF in WebSockets (CVE-2017-7800)
+    - Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD
+      (accessibility is disabled)
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 23 Aug 2017 15:50:07 -0700
+
+palemoon (27.4.1~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream bugfix release:
+    - Fixed an issue where MSE media playback would not use hardware
+      acceleration when it could, causing choppy playback and high CPU usage.
+    - Fixed ES6 iterator chains to be spec-compliant.
+    - Fixed ES6 vector append calls and some related memory leaks.
+    - Added a workaround to reduce the chances of a rare crash occurring.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 04 Aug 2017 18:22:19 -0700
+
+palemoon (27.4.0~repack-2) obs; urgency=medium
+
+  * debian/mozconfig: drop deprecated "--disable-gstreamer" option.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 12 Jul 2017 13:25:27 -0700
+
+palemoon (27.4.0~repack-1) obs; urgency=medium
+
+  * New upstream release--the github 27.4.0 was not a real release:
+    Changes/fixes:
+    - Completely re-worked the Media Source Extensions code to make it spec
+      compliant, and asynchronous as per specification for MSE with MP4. This
+      should fix playback problems on YouTube, Twitch, Vimeo and other sites
+      that previously had some issues. A massive thank you to Travis for his
+      tireless work on making this happen!
+      Please note that MSE+WebM (disabled by default) is not using this new code
+      yet (planned for the next release), and as such there is a temporary set
+      of things to keep in mind if you don't use default settings:
+        If you have previously enabled MSE+WebM, this setting will be reset when
+        you update to avoid conflicting settings with the updated MSE code.
+        We've added an extra setting in Options to disable the updated MSE code
+        (asynchronous use) in case you need to use WebM or are otherwise having
+        issues with the updated code (please let us know in that case).
+        Once again, the MSE+WebM and Asynchronous MSE use are currently mutually
+        exclusive. You can have one or the other, not both, until we sort out
+        the code for WebM. To enable MSE+WebM you will first have to disable
+        Asynchronouse MSE in settings (otherwise the WebM setting will be greyed
+        out and disabled).
+    - Added a control in options/preferences for HSTS and HPKP usage.
+    - Changed HTML bookmark exports to write CRLF line endings to the file on
+      Windows.
+    - Leveraged multi-core rendering for libVPX (VP8/VP9 WebM decoding).
+    - Fixed some issues accessing DeviantArt (useragent-sniffing).
+    - Aligned CSS text-align with the spec.
+    - Added a recovery module for browser initialization issues (e.g. when using
+      a wrong language pack).
+    - Fixed spurious console errors for XHR requests with certain http response
+      codes.
+    - Enabled v-sync aligned refresh for a smoother scrolling experience.
+    - Removed support for CSS XP-theme media queries.
+    - Improved console error reporting.
+    - Fixed resetting toolbars and controls from the safe mode dialog.
+    - Fixed bookmark recovery option from the safe mode dialog.
+    - Fixed innerText getters for display:none elements.
+    - Fixed a GL buffer crash that might occur with certain combinations of
+      drivers and hardware.
+    - Added some more details to about:support.
+    - Fixed a potential crash when the last audio device is removed during
+      playback.
+    - Fixed a crash on about:support when windowless browsers are created.
+    - Updated <select> elements to blank if the actively set value doesn't match
+      any of the options.
+    - Updated the interpretation of 2-digit years in date formats to match other
+      browsers:
+     - 0-49 = 2000-2049, 50-99 = 1950-1999.
+    - Added "q" units to CSS (quarter of a millimeter).
+    - Added .origin property to blobs.
+    - Fixed several minor layout issues.
+    - Fixed disabled HTML elements not producing the proper JS events.
+    - Implemented web content handler blacklist according to the spec, allowing
+      more than feeds to be registered.
+    - Fixed a spec compliance issue with execCommand() on HTML elements.
+    - Fixed a problem with table borders being drawn uneven or being omitted
+      when zooming the page.
+    - Added devtools "filter URLs" option in the network panel.
+    - Added visual sorting options to the Network inspector.
+    - Added importing of login data from Chrome profiles on Windows (Chrome
+      has to be closed first).
+    - Added importing of tags from bookmark export files (HTML format).
+    - Updated usage of SourceMap headers with the updated spec (SourceMap
+      header, keeping X-SourceMap as a fallback).
+    - Fixed several cases of wrongly-used negations in JS modules.
+    - Added the auxclick mouse event.
+    - Added a control to not autoplay video unless it is in view
+     (media.block-play-until-visible).
+    - Updated the Graphite font library to 1.3.10.
+    - Updated how image and media elements respond to window size changes
+      (responsive design).
+    - Added parsing and use of rotation meta data in video.
+    - Fixed several crashes in a number of modules.
+    - Fixed performance regression for scaling large vector images (e.g. MSIE
+      Chalkboard test) \o/
+    - Fixed some issues with notification icons.
+    - Fixed some internal errors with live bookmarks.
+    - Updated SQLite to 3.19.3.
+    - Fixed several reported issues with devtools (cli-cookies, cli help,
+      copying cURL, inspecting SVGs, element size calculations, etc.)
+    - Fixed an issue where a server response was allowed to override add-ons'
+      specified version ranges even for add-ons that have strict compatibility
+      (e.g. themes, language packs).
+
+    Security fixes:
+
+    - Removed preloading of HPKP hosts and enabled HPKP header enforcement.
+    - Added support for TLS 1.3, the up-next secure connection protocol.
+    - Fixed an issue with TLS 1.3 not supporting renegotiation by design.
+    - Relaxed some restrictions for CSP to temporarily work around web
+      compatibility issues with the CSP-3 deprecated `child-src` directive.
+    - Updated NSS to 3.28.5.1-PM to address some security issues.
+    - Updated the installer selfextractor module to address unsafe loading of
+      libraries.
+    - Changed the way certain resources are included to reduce effectiveness of
+      some common fingerprinting techniques. (e.g. browserleaks.org)
+    - Fixed a regression in the display of security information in the page info
+      dialog for insecure content.
+    - Fixed two potential issues with allocating memory for video. DiD
+    - Fixed a potential issue with the network prediction algorithm. DiD
+    - Restricted the use of Aspirational scripts in IDNs to prevent domain
+      spoofing, in anticipation of the UAX#31 update making this official.
+    - Prevented a Mac font specific issue that could be abused for domain
+      spoofing (CVE-2017-7763)
+    - Fixed several potentially exploitable crashes. (CVE-2017-7751)
+      (CVE-2017-7757) and some that do not have a CVE designation.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 12 Jul 2017 10:54:26 -0700
+
+palemoon (27.3.0~repack-1) obs; urgency=medium
+
+  * New upstream release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sat, 29 Apr 2017 19:50:41 -0700
+
+palemoon (27.2.1~repack-1) obs; urgency=medium
+
+  * New upstream release:
+
+    - Changes/Fixes:
+      - Fixed an issue with planar alpha handling (transparency) when drawing
+        JXR images.
+      - Fixed a crash related to a change JavaScript array handling introduced
+        in 27.2.0. This became apparent with the pentadactyl extension, but
+        could happen in other situations as well.
+      - Fixed a crash when opening ridiculously large images with HQ scaling
+        enabled (default). Pale Moon will now only apply HQ scaling for images
+        within reasonable limits (64 Mpix or smaller). Images larger than that
+        may not display properly when zooming in, or may not display at all,
+        even scaled down (e.g. >256 Mpix large) and show a "broken image"
+        placeholder instead; please use dedicated image viewer applications for
+        those kinds of images; it is outside the scope of a web browser to
+        handle such large images.
+      - Changed the way URL hashes are handled, and will no longer %-decode
+        anchor hash identifiers by default. Note that this is against RFC 3986,
+        which states that any part of the URL scheme that isn't data should be
+        decoded. This is required for web compatibility because several sites
+        use hash links to pass actual data to web applications (Please don't do
+        this! Hashes are part of the URL address, should only consist of "safe"
+        characters, and aren't suited to pass arbitrary data) and the most
+        common browsers no longer follow the RFC in that respect. If you want
+        RFC compliance, switch dom.url.getters_decode_hash to true.
+      - Restored 2 RSA Camellia cipher suites that were missing:
+        TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA.
+      - Fixed an issue with custom toolbars getting deleted during upgrade
+        from 27.0/27.1 to 27.2
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 29 Mar 2017 12:27:06 -0700
+
+palemoon (27.2.0~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream release:
+
+    - Changes/Fixes:
+      - Updated the ICU lib to 58.2 to fix a number of issues.
+      - Added proper control for the user for offline storage for web
+        applications.
+      - Added a check to prevent auto-filled URLs from copying the auto-filled
+        selection to clipboard/primary.
+      - Added the feature to pass a URL to open in a private window from the
+        command-line.
+      - Improved the display of the downloads indicator on the button in
+        bright-text situations.
+      - DOM storage now honors the "3rd party cookie" setting in that it will
+        not allow 3rd party data to be stored if 3rd party cookies are
+        disallowed.
+      - Allowed toolbar button badges to be properly styled.
+      - Updated the hunspell spellchecking library to 1.6.0 to fix a number
+        of issues.
+      - Fixed desktop notifications being off-screen if fired in rapid
+        succession.
+      - Added Element.insertAdjacentElement and Element.insertAdjacentText
+        DOM functions.
+      - Added support for JPEG-XR images. This makes Pale Moon have the broadest
+        support for image formats of all web browsers. (enabled by default; you
+        can disable this with media.jxr.enabled).
+      - Completely removed the use of GStreamer on Linux.
+      - Added support for Element.innerText.
+      - Custom toolbars should now properly remember their state.
+      - Fixed some more playback issues with MP4/MSE videos. Please be aware
+        that we are still working on further improving MSE video handling.
+      - Changed media processing to reduce dangerous processing asynchronicity.
+        This should also make media elements and playback more responsive.
+      - Fixed a useragent string regression always displaying the minor Goanna
+        version as .0
+      - Updated NSPR to 4.13.1.
+      - Updated NSS to 3.28.3-RTM.
+      - Fixed unrestricted icon sizes in PMkit buttons.
+      - Fixed unresponsive buttons on support page when not building
+        the updater.
+      - Fixed the use of "View image" and "Save image as" on extremely
+        large images.
+      - Changed the way "View Image" and "Save image as" work on canvas
+        elements.
+      - Made checking for dangerously large resolution PNG images smarter. It
+        will now accept larger "strip"-aspect ratio images while reducing
+        unsupported large image resolutions. This will e.g. fix Gmail's "emoji"
+        window that uses a ridiculously long but very narrow single image to
+        store all the emoticon pictures.
+      - Converted several hard-coded URLs to preferences.
+      - Updated the google.com override so it would not cripple services based
+        on UA sniffing.
+      - Added Inner and Outer Window ID administration.
+      - Fixed the add-on discovery pane detection.
+      - Added support for canvas ellipse.
+      - Improved drawing of certain MathML elements at problematic zoom levels.
+      - No longer building gamepad support.
+      - Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues.
+      - Fixed a number of crashes (layout, plugins, uncommon navigation,
+        bad URLs).
+      - Aligned SVG specular filters with the spec.
+
+    - Security/privacy changes:
+      - Added support for 256-bit AES-GCM encryption.
+      - Added support for ChaCha20-Poly1305 encryption.
+      - Removed support for Camellia-GCM since nobody seems interested in it.
+        (Camellia in 128/256-bit CBC block mode is still fully supported).
+      - Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils.
+      - Improved status handling of secure sites to be less sensitive to
+        "insecure" items that are local.
+      - Fixed print preview hijacking. (CVE-2017-5421)
+      - Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416)
+      - Fixed potential cross-origin content-stealing through a timing
+        attack. (CVE-2017-5407)
+      - Fixed a denial-of-service problem with view-source. (CVE-2017-5422)
+      - Fixed crash in directional controls. (CVE-2017-5413)
+      - Fixed a perceived problem with chrome manifests. (CVE-2017-5427)
+      - Fixed the use of an uninitialized value. (CVE-2017-5405)
+      - Fixed a buffer overflow. (CVE-2017-5412)
+      - Fixed a UAF situation. (CVE-2017-5403)
+      - Fixed a potential spoofing issue with the address bar. (CVE-2017-5417)
+      - Fixed a potential issue in libvpx. (CVE-2017-5402) DiD
+      - Fixed a potential issue with HTTP auth. (CVE-2017-5418)
+      - Fixed several memory safety hazards and potentially exploitable crashes.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sun, 19 Mar 2017 12:49:24 -0700
+
+palemoon (27.1.2~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream release:
+    -adds workaround for potential deadlocks happening in media elements.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 03 Mar 2017 13:45:54 -0800
+
+palemoon (27.1.1~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream release:
+    - Implemented a fix in media handling to prevent crashes with concurrent
+      videos and/or rapidly starting/stopping video playback in the browser.
+    - Fixed the way the Adobe Flash plugin is detected to prevent confusion with
+      other plugins that identify themselves as "Flash" (e.g. VLC).
+    - Windows: Solved stability issues caused by the release build process,
+      resulting in unexpected behavior (e.g. hangups).
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 22 Feb 2017 13:52:07 -0800
+
+palemoon (27.1.0~repack-1) obs; urgency=medium
+
+  * New major upstream release:
+    - Reworked the media back-end completely (thanks Travis!) to use FFmpeg
+      (including support for FFmpeg v3 and MP3 playback) and our own MP4 parser,
+      and no longer relying on gstreamer on Linux, as well as adding some
+      improvements on Windows for media parsing and playing.
+    - On Linux, Apple .mov files of the correct type will also be played through
+      FFmpeg now, for those rare occasions where they are still in use,
+      considering there is no Quicktime plug-in available on that operating
+      system.
+    - Restored the classic about:config styling.
+    - Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails.
+    - Improved cross-compartment wrapper handling when managing a large number
+      of tabs (fixes a performance regression with v27).
+    - Changed the way audio and video synchronization is calculated to account
+      for (slow) device latency, preventing things from getting out of sync on,
+      e.g. BlueTooth-connected speakers.
+    - Changed the way scripts are handled when they are stopped from the
+      "unresponsive script" dialog, to prevent browser lockup. We will now stop
+      all scripts in the affected compartment in one go.
+    - Fixed several errors in the devtools.
+    - Fixed a nasty crash caused by cross-origin referrers.
+    - Added HTML5-spec clipboard handling for content (cut&copy only -- paste
+      is not allowed for security reasons).
+    - Made multiple changes to the toolkit jetpack modules to cater to PMkit
+      extensions. This should make running SDK-based extensions as PMkit
+      extensions fairly simple for extension developers.
+    - Fixed a css layout issue: make max-width affect contributions to intrinsic
+      min-width.
+    - Implemented several updates to the permissions manager. Among others,
+      improved the permissions manager (about:permissions) with a more complete
+      set of permissions for pages.
+    - Removed otherwise unused Metro browser platform/widget code.
+    - Removed support for non-standard/deprecated let blocks and expressions.
+    - Made the use of let as a keyword versionless and ES6 compliant.
+    - Made the privacy category in preferences a tabbed setup to better fit the
+      current options.
+    - Fixed a regression preventing certain MP4 video files from playing.
+    - Fixed a regression where seeking in media files would halt playback/jump
+      to the end of the stream.
+    - Fixed a crash caused by certain downloadable fonts with DirectWrite
+      in use.
+     -Improved downloads-button indicator legibility on some combinations of
+      Windows versions and system theme colors.
+    - Changed the Facebook user-agent override to be our native one, based on
+      reports from users that it is (finally) working acceptably.
+    - Fixed site-specific useragents being ignored if a global override is
+      defined.
+
+    Security/privacy changes:
+
+    - Changed CORS handling to allow data: sources, assuming they are
+      same-origin. This should fix the infamous "Facebook endless reload" issue
+      and may make some other sites that assume this particular (unspecified)
+      CORS behavior happy with Pale Moon.
+    - Reinstated the network.stricttransportsecurity.enabled preference so
+      people who choose privacy over HSTS can do so again.
+    - Added, In HSTS "off" state, prevention of HSTS site status from being
+      written to disk.
+    - Updated the IDN blacklist with more extended unicode characters that
+      "look very similar to" normal ASCII characters, to prevent spoofing of
+      well-known domains. If blacklisted characters are found, the IDN domain
+      name will be displayed in its punycode form. (CVE-2017-5383 and similar)
+    - Fixed an exploitable crash when using MP4 video. (CVE-2017-5396)
+    - Fixed an exploitable crash in XSL parsing. (CVE-2017-5376)
+    - Fixed a potential security issue when exporting certificates with
+      specially-crafted credentials. (CVE-2017-5381)
+    - Fixed a potential use-after-free situation in frame selection.
+      (CVE-2017-5380) DiD
+    - Fixed a leak of window details through the Ion compiler in certain
+      situations.
+    - Fixed the potential for an exploitable crash involving Javascript GC. DiD
+    - Fixed a potential overflow situation in (non-released) WebRTC code. DiD
+    - Fixed a potentially unsafe situation in websockets. DiD
+    - Fixed several memory and other safety hazards (BMO bugs 1318766, 1325877,
+      1328834 DiD, 1288561 DiD, 1322420 DiD, 1293327 DiD, 1322315, 1325344,
+      1285960).
+  * debian/mozconfig:
+    - add "ac_add_options --disable-necko-wifi" and "--disable-gstreamer"..
+    - drop "ac_add_options --enable-jemalloc-lib".
+  * debian/control:
+    - remove all gstreamer dependencies and build-deps.
+    - ffmepg | libav-tools added to Depends.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 09 Feb 2017 13:53:41 -0800
+
+palemoon (27.0.3~repack-3) stable; urgency=medium
+
+  * debian rules and control: add some code and alternative depends to force
+    building on gcc-4.9 on releases that default to gcc 5 or 6.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 25 Jan 2017 10:19:25 -0800
+
+palemoon (27.0.3~repack-2) stable; urgency=medium
+
+  * debian/mozconfig: reenable the dev tools.
+  * debian/rules: don't install duplicate /usr/lib/palemoon/palemoon-bin file.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Thu, 29 Dec 2016 12:05:29 -0800
+
+palemoon (27.0.3~repack-1) stable; urgency=medium
+
+  * New upstream bugfix and security release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Mon, 19 Dec 2016 20:05:49 -0800
+
+palemoon (27.0.2~repack-1mx15+1) mx; urgency=medium
+
+  * New upstream bugfix release.
+    -fixed crash in SVG renderer related to CVE-2016-9079 (defense in depth)
+    -Firefox compatibility mode is default in useragent string.
+  * Drop debian/menu, deprecated with the use of desktop file.
+  * Drop use of debian/palemoon.xpm, link takes care of that in pixmaps.
+  * Install much better palemoon.desktop from source instead of from debian
+    folder.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Fri, 02 Dec 2016 17:39:30 -0800
+
+palemoon (27.0.1~repack-3mx15+1) mx; urgency=medium
+
+  * Revise debian/mozconfig to remove deprecated configs and add sse2
+    optimization.
+  * debian/rules: add override to help shlibdeps find libs on some releases.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Wed, 30 Nov 2016 16:42:03 -0800
+
+palemoon (27.0.1~repack-2mx15+1) mx; urgency=medium
+
+  * debian/mozconfig: drop the "1.0" from the gstreamer flag.
+  * debian/install: don't install anything from /integration; part of default
+    install now.
+  * debian/compat: bump compat level to 9.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sun, 27 Nov 2016 13:50:54 -0800
+
+palemoon (27.0.1~repack-1) mx; urgency=medium
+
+  * New upstream release.
+
+ -- Steven Pusser <stevep@mxlinux.org>  Sat, 26 Nov 2016 10:09:18 -0800
+
+palemoon (26.5.0~repack-1mx150+1) mx; urgency=medium
+
+  * Repackaged for MX 15.
+
+ -- Mike Elstad (v3g4n) <maintainer@mepiscommunity.org>  Thu, 29 Sep 2016 18:22:24 -0500
+
+palemoon (26.5.0~repack-1) obs; urgency=medium
+
+  * New upstream release:
+    Fixes/Changes:
+    - Implemented a breaking CSP (content security policy) spec change; when a
+      page with CSP is loaded over http, Pale Moon now interprets CSP directives
+      to also include https versions of the hosts listed in CSP if a scheme
+      (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is
+      more restrictive and doesn't allow this cross-protocol access, but is in
+      line with CSP 2 where this is allowed.
+    - Fixed an issue with the XML parser where it would sometimes end up in an
+      unknown state and throw an error (e.g. when specific networking errors
+      would occur).
+    - Improved the performance of canvas poisoning by explicitly
+      parallelizing it.
+
+    Security fixes:
+    - Fixed a potentially exploitable crash related to text writing direction.
+      (CVE-2016-5280)
+    - Made checking for invalid PNG files more strict. Pale Moon will now reject
+      more PNG files that have corrupted/invalid data that could otherwise lead
+      to potential security issues.
+    - Changed the way paletted image frames are allocated so the space is
+      cleared before it's used. DiD
+    - Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo. DiD
+    - Fixed several memory safety errors.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 28 Sep 2016 11:44:18 -0700
+
+palemoon (26.4.1~repack-1) obs; urgency=medium
+
+  * New upstream release:
+    Changes/fixes:
+    - Fixed a crash in the XSS filter.
+    - Slightly changed the address bar shading on secure sites to be more subtle
+      and easily-blended.
+    - Fixed the occurrence of "null" titles in bookmarks dragged from special
+     folders.
+    - Fixed an error initializing the browser due to trying to restore
+      scratchpad data from a stored session when having switched from a version
+      with devtools to a version without devtools, and the previous version had
+      scratchpad data saved.
+    - Fixed some minor issues in scratchpad and gcli devtools.
+
+    Security fixes:
+    - Updated the HSTS preload list to a much more updated source list, and
+      performing our own checks on validity from now on to have the list be as
+      accurate as possible.
+    - Disabled Triple-DES cipher suites by default (mitigating SWEET32).
+
+  * Add a "~repack" to the versioning because we have to repack the source.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 23 Sep 2016 17:07:58 -0700
+
+palemoon (26.4.0-1mx150+1) mx; urgency=medium
+
+  * New upstream release:
+    - Removed Google Search as a bundled search provider. If desired, you can
+      manually install it (or other search engines) after the update by following
+      the steps in the Manage Search Engines topic.
+    - Fixed the URL API to allow "stringification" of the object per
+      specification. This should make a number of websites happy.
+    - Added the ES6 string .includes() function in addition to the pre-existing
+      .contains() function for  checking if a string contains another string.
+      The .contains() function is retained for compatibility with web and
+      extension scripts that adhere to the ES6 pre-release specification up to
+      and including RC3.
+    - Fixed the calculation of standalone SVG embeds width and height, which
+      should solve some reported issues with html5 graphs being displayed
+      incorrectly.
+    - Linux: improved memory allocation.
+    - Updated the graphite font library to 1.3.9.
+    - Added a blocking rule for F-Secure's 64-bit deepguard library to prevent
+      crashes.
+    - Updated the SQLite library to 3.13.0.
+    - Download= properties of links are now honored from the context menu
+      "Save" option.
+    - Fixed a crash in the XSS filter.
+    - Fixed a crash in the DOM error module.
+    - Worked around a crash on Linux
+    - Linux: Improved optimization and GCC6 compatibility (Note: compiling with
+      GCC 6 is still not recommended and it may or may not work, depending on
+      your environment)
+
+    Security fixes:
+    - (CVE-2016-5251)Potential URL spoofing in the address bar.
+    - (CVE-2016-0718) Context-dependent crash in expat 2.1.0.
+    - (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered.
+    - Fixed potentially exploitable crash in the array splice implementation.
+    - Fixed potentially exploitable crash caused by badly formatted ICO files.
+    - (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 19 Aug 2016 13:08:56 -0700
+
+palemoon (26.3.3-1mx150+1) mx; urgency=medium
+
+  * New upstream release:
+    - Fixed an additional issue found that could cause menu text on Windows 10
+      to be white-on-white (and therefore unreadable).
+    - Fixed an issue with news feeds not showing up when embedded in web pages.
+    - Removed recently-added parsing of the child-src content security policy
+      directive, after some web compatibility issues with it came to light, as
+      well as it becoming clear that the CSP spec will see it removed in favor
+      of the previous directive for embedded content. This should fix some
+      intermittent issues people have reported on e.g. the main google.com page
+      and phpMyAdmin installations.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 01 Jul 2016 12:50:32 -0700
+
+palemoon (26.3.2-1mx150+1) mx; urgency=medium
+
+  * New upstream release:
+    - 26.3.2 (2016-06-27) - Windows only
+      This release only has pertinent changes for Windows. Other operating
+      systems do not need this update.
+      Changes/fixes:
+
+     -Fixed a rare issue where the browser would not initialize properly
+      (missing bookmarks and menu entries) if certain Windows registry values
+      were missing (Windows 8 only).
+     -Fixed an issue on Windows 10 where the classic menu bar would become
+      unreadable (white on white).
+     -Portable only: Switched to non-compressed binaries to prevent issues with
+      antivirus packages, to prevent issues with browser run-time operation, and
+      to simplify code signing.
+
+    - 26.3.1 (2016-06-25)
+      Changes/fixes:
+
+     -Fixed an issue with new tab button theming on dark toolbars.
+     -Reverted the useragent identification of Firefox compatibility mode to
+      38.9 to avoid  WOFF2 font issues for sites that don't use proper font
+      deployment as recommended by the W3C.
+     -Added a site-specific override for Google fonts to make sure it always
+      works even if not using Firefox compatibility mode. (workaround pending
+      for a proper solution on Google's side)
+     -Adjusted the "dark color" detection routine to switch text to white at
+      higher relative contrast levels. This will more closely match Windows 10's
+      "flip point" for different accent colors and is within the recommended
+      range determined by the WCAG.
+
+    - 26.3.0 (2016-06-21)
+      Changes/fixes:
+
+     -Added detection for dark system themes on Windows 10 and re-worked Windows
+      10 specific theming to better integrate into the OS and provide more
+      clarity.
+     -HTML5 media controls have been reworked to a horizontal volume control on
+      all media, including HTML5 audio that was previously without an
+      element-control for volume.
+     -Default HTML5 media volume preference added as media.default_volume --
+      fractional, default 1.0 (=100%).
+     -String.prototype.match() and .replace() are now fully spec compliant.
+     -NSPR and NSS now correctly no longer enforce IA32 architecture
+      compatibility, getting the advantage of SSE2 like the rest of the code.
+     -Worked around crashes in the XSS filter when navigating back in history
+      due to document fragments.
+     -Instated a hard minimum of 10,000 places entries regardless of free disk
+      space and total memory to prevent undesired expiration of history. That is
+      around 16MB for an average entry size, which should be sane enough even on
+      low-memory machines.
+     -Fixed a typo in networking code introduced in 26.2.2 that would cause
+      issues on some sites due to adding extra forward slashes to the URL.
+
+    - Security fixes:
+
+     -Fixed a number of memory safety hazards and potentially exploitable
+      crashes.
+     -Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class
+     -Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL.
+     -Fixed a memory overrun error in the VP8 encoder. DiD
+     -Fixed non-threadsafe re-use of pixman images to prevent potential race
+      conditions. DiD
+     -Fixed CVE-2016-2825 Partial Same Origin Policy violation
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Mon, 27 Jun 2016 10:51:22 -0700
+
+palemoon (26.2.2-1mx150+1) mx; urgency=medium
+
+  * New upstream bugfix and security release:
+
+    - CSS classes prefixed with "--" no longer stop parsing of the selectors.
+    - Several crash fixes.
+    - Made GC suppression more aggressive to prevent issues when actually out
+      of memory.
+    - Fixed a memory safety hazard in jpeg decoding.
+    - Fixed a potentially exploitable crash when using bi-directional text.
+    - Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things.
+  * Add Suggested packages gstreamer1.0-libav, gstreamer1.0-plugins-good,
+    gstreamer1.0-plugins-bad, gstreamer1.0-plugins-ugly to provide the most
+    comprehensive HTML 5 media playback.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Tue, 10 May 2016 18:26:54 -0700
+
+palemoon (26.2.1-2) mx; urgency=medium
+
+  * Switch to gstreamer 1.0 build-deps.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Sat, 09 Apr 2016 10:58:13 -0700
+
+palemoon (26.2.1-1) mx; urgency=medium
+
+  * New upstream release.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 08 Apr 2016 20:50:19 -0700
+
+palemoon (26.1.1-1mx150+1) mx; urgency=medium
+
+  * Repackaged for MX 15.
+
+ -- Mike Purtell <mandbx@sbcglobal.net>  Sat, 27 Feb 2016 19:41:04 -0800
+
+palemoon (26.1.0-1mx150+1) mx; urgency=medium
+
+  * New security, web compatibility, and bugfix release.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 17 Feb 2016 10:18:12 -0800
+
+palemoon (26.0.3-1mx150+1) mx; urgency=medium
+
+  * Repackaged for MX 15.
+
+ -- Mike Purtell <mandbx@sbcglobal.net>  Sat, 06 Feb 2016 18:02:47 -0800
+
+palemoon (26.0.2-1mx150+1) mx; urgency=medium
+
+  * Repackaged for MX 15.
+
+ -- Mike Purtell <mandbx@sbcglobal.net>  Thu, 04 Feb 2016 19:31:53 -0800
+
+palemoon (26.0.2-1mcr120+1) mepis; urgency=medium
+
+  * New security and bugfix release.
+  * Install extensions directly from /integration folder in source, remove
+    debian/distribution.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Thu, 04 Feb 2016 14:02:54 -0800
+
+palemoon (26.0.0-1mcr120+2) mepis; urgency=medium
+
+  * Install addons from debian/distribution, taken from Pale Moon tarball.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Mon, 01 Feb 2016 08:08:54 -0800
+
+palemoon (26.0.0-1mcr120+1) mepis; urgency=medium
+
+  * Add libpulse-dev to build-depends to prevent FTBFS.
+  * Add Suggests: gstreamer0.10-ffmpeg to debian/control file.
+  * Add Mozilla Public License 2.0 to debian/copyright.
+  * debian/mozconfig: use -O2 optimization and remove the jmalloc option,
+    and match what results from about:buildconfig from the official binary.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Tue, 26 Jan 2016 15:43:43 -0800
+
+palemoon (25.8.1-2mcr120+1) mepis; urgency=medium
+
+  * Drop mozconfig.patch; use debian/mozconfig instead.
+  * Refresh debian/copyright.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Sun, 06 Dec 2015 13:08:26 -0800
+
+palemoon (25.8.1-1mcr120+1) mepis; urgency=medium
+
+  * A small update to address two important issues:
+    - Fix for a crash that could occur at random since the update to 25.8.0.
+    - Fix for CSP (Content Security Policy) to be more lenient towards the
+      incorrect passing of full URLs with all sorts of parameters in the CSP
+      header, leading to misinterpretation of the header and incorrectly
+      blocking the loading of content.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Mon, 30 Nov 2015 10:20:18 -0800
+
+palemoon (25.8.0-1mcr120+1) mepis; urgency=medium
+
+  * New bugfix and maintenance release:
+     Fixes/changes:
+     - Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded
+       videos.
+     - Updated the JPEG decoder library to 1.4.0.
+     - Fixed and cleaned up XPCOM timer thread code to avoid intermittent
+       issues with events not firing (especially after stand-by).
+     - Updated overrides to work around issues with Facebook and Netflix.
+     - Fixed an issue where too-old system-supplied NSPR and/or NSS libraries
+       would be accepted for use.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 18 Nov 2015 11:52:32 -0800
+
+palemoon (25.7.3-1mcr120+1) mepis; urgency=medium
+
+  * New bugfix and maintenance release:
+    - usability update needed due to the fact that Mozilla has shut down their key
+      exchange (J-PAKE) server along with the old Sync servers.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 14 Oct 2015 19:40:39 -0700
+
+palemoon (25.7.2-1mcr120+1) mepis; urgency=medium
+
+  * New bugfix and maintenance release:
+    - Fixed a critical hang caused by recursive reloads that might happen in
+      iframes if its hash changed.
+    - Fixed a critical hang caused by lazy-loading of stylesheets through a
+      specific web programming technique as advocated by Google's PageSpeed.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Mon, 05 Oct 2015 15:19:18 -0700
+
+palemoon (25.7.1-1mcr120+1) mepis; urgency=medium
+
+  * New bugfix and maintenance release:
+
+     Fixes/changes:
+
+    - Code cleanup: Removed the majority of remaining telemetry code (including
+      the data reporting back-end and health report) to prevent a few issues
+      with partially removed code in earlier versions.
+    - Fixed a crash due to handling of bogus URIs passed to CSS style filters
+      (e.g. whatsapp's web interface).
+    - Permitted spec-breaking syntax in Regex character classes, allowing
+      ranges that would be permitted per the grammar rules in the spec but not
+      necessarily following the syntax rules. This impacts a good number of
+      (also higher profile) sites that use invalid ranges in regular
+      expressions (e.g. Cisco's networking academy site, Yahoo Fantasy
+      Football).
+    - Fixed a crash due to the newly introduced WASAPI handling of audio
+      channel mapping that doesn't like actual surround hardware setups (e.g.
+      playing a video with quadraphonic audio on a 4-speaker setup).
+    - Fixed an issue where site-specific dictionary selections would be written
+      to content preferences without the user's action, potentially overwriting
+      or clearing a previously-chosen dictionary.
+    - Added support for drag and drop of local files from sources which use
+      text/uri-lists. (Some Linux flavors/file managers)
+    - Updated libnestegg to the most current version.
+    - Fixed an issue where setting the location to an empty string could cause
+      a reload loop.
+
+      Security fixes:
+
+    - Changed the jemalloc poison address to something that is not a NOP-slide.
+      DiD
+    - Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521)
+    - Fixed a buffer overflow/crash hazard in the
+      VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE
+      (CVE-2015-7179)
+    - Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function
+      (CVE-2015-7175)
+    - Fixed a stack buffer overread hazard in the ICC v4 profile parser
+      (CVE-2015-4504)
+    - Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day
+      vulnerability (ZDI-CAN-3176) (CVE-2015-4509)
+    - Fixed a potentially exploitable crash in nsXBLService::GetBinding
+    - Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy
+      (CVE-2015-7174)
+    - Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength
+      (CVE-2015-4522)
+    - Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers
+      (CVE-2015-4511)
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 30 Sep 2015 12:11:14 -0700
+
+palemoon (25.7.0-1mcr120+1) mepis; urgency=medium
+
+  * New bugfix and maintenance release:
+    - Code cleanup: Removed the (otherwise unused) visual event tracer code.
+    - Code cleanup: Removed reflow performance tracing code (telemetry).
+    - Fixed a key JavaScript bug where defining properties on an object would
+      wipe the object.
+    - This seems to be a common issue with "modern" libraries that use "define"
+      instead of "change" and expecting the other properties on the object to be
+      retained, resulting in "x is undefined" errors all over the place if the
+      object is wiped.
+    - This aligns the behavior with ES6's "Validate and apply property
+      descriptor" pseudo-function.
+    - Updated the SQLite library to 3.8.11.1.
+    - Added support for the element.matches() Web API function.
+    - Added support for BASE tag parsing in source view. Previously, when
+      viewing the source of a document, clickable links would be incorrect if a
+      base path was specified in the document with this tag.
+    - Fixed an issue with running timers after the computer would have been put
+      to sleep with the browser opened.
+
+     Security fixes:
+
+    - Added protection against potential bugs where our SVG mPositions is out of
+      sync with the characters in the DOM. DiD
+    - Fixed use-after-free vulnerability in XMLHttpRequest::Open()
+      (CVE-2015-4492)
+    - Fixed use-after-free vulnerability in the StyleAnimationValue class
+      (CVE-2015-4488)
+    - Fixed crash or memory corruption in nsTArray (CVE-2015-4489)
+    - Fixed crash or memory corruption in nsTSubstring::ReplacePrep
+      (CVE-2015-4487)
+    - Fixed potential escalation of privileges or crash (out-of-bounds write)
+      via a crafted name in MARs (x64 only) -(CVE-2015-4482)
+    - Fixed an issue that would allow man-in-the-middle attackers to bypass a
+      mixed-content protection mechanism via a feed: URL in a POST request.
+      (CVE-2015-4483)
+  * Added blurb to postinst script.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Wed, 26 Aug 2015 14:50:58 -0700
+
+palemoon (25.6.0-1mcr120+1) mepis; urgency=medium
+
+  * New upstream release.
+  * Add debian README.7z-source to explain how to use the .7z source archive.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 31 Jul 2015 16:40:45 -0700
+
+palemoon (25.5.0-1mx150+1) mx; urgency=medium
+
+  * Rebuild for MX 15.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 26 Jun 2015 14:43:57 -0700
+
+palemoon (25.5.0-1mcr120+1) mepis; urgency=medium
+
+  * New upstream release.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Thu, 11 Jun 2015 14:53:31 -0700
+
+palemoon (25.4.1-1mcr120+1) mepis; urgency=low
+
+  * Bugfix release, rebuild for MEPIS 12.0.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Fri, 01 May 2015 12:47:55 -0700
+
+palemoon (25.3.1-0mcr120+1) mepis; urgency=low
+
+  * Rebuild for MEPIS 12.0.
+  * debian/rules: compress deb packages with xz.
+
+ -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org>  Thu, 26 Mar 2015 11:23:26 -0700
+
+palemoon (25.3.1-0~precise1) precise; urgency=low
+
+  * New upstream release
+
+ -- Marián Kadaňka <marian.kadanka@openmailbox.org>  Wed, 25 Mar 2015 20:46:17 +0100
+
+palemoon (25.3.0-0~trusty1) trusty; urgency=low
+
+  * New upstream release
+
+ -- Marián Kadaňka <marian.kadanka@openmailbox.org>  Sat, 14 Mar 2015 12:12:57 +0100
+
+palemoon (25.2.1-0~trusty1) trusty; urgency=low
+
+  * New upstream release
+
+ -- Marián Kadaňka <marian.kadanka@openmailbox.org>  Sun, 01 Feb 2015 16:18:52 +0100
+
+palemoon (24.5.0-0~precise1) precise; urgency=low
+
+  * Initial packaging
+
+ -- Marián Kadaňka <marian.kadanka@openmailbox.org>  Mon, 12 May 2014 20:42:01 +0200
-- 
cgit