From 5bf076fa8606ecf6cc3cd1669a6b8056e2fd08cb Mon Sep 17 00:00:00 2001 From: B Stack Date: Tue, 2 Mar 2021 21:59:57 -0500 Subject: nm 29.1.0 rc1 --- palemoon/debian/changelog | 116 ++++++++++++++++++++++++++++++++-------------- 1 file changed, 80 insertions(+), 36 deletions(-) (limited to 'palemoon/debian/changelog') diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog index 86923f6..479f469 100644 --- a/palemoon/debian/changelog +++ b/palemoon/debian/changelog @@ -1,3 +1,47 @@ +palemoon (29.1.0-1+devuan) obs; urgency=medium + + * New features: + - Language packs for the following newly-supported languages: + Arabic (ar), Chinese Traditional (zh-TW), Croatian (hr), Danish (da), + Finnish (fi), Galician (gl), Indonesian (id), Icelandic (is), Japanese + (ja), Romanian (ro), Serbian (cyrillic) (sr), Slovenian (sl), Thai (th) + - Implemented String.prototype.replaceAll(). + - Implemented JSON superset proposal. + - Implemented well-formed JSON stringify. + - Implemented numeric separators in JavaScript. + * Changes/fixes: + - Updated timezone data to 2021a. + - Updated the wording and inclusion of more select license blocks + in about:license. + - Updated some site-specific user-agent overrides for web + compatibility. + - Updated the lz4 library for performance and security updates. + - Improved performance of JSON stringify. + - Further improved support for building on FreeBSD. + - Fixed a regression where changes to useragent compatibility + required a restart to take effect. + - Fixed a regression where AES-GCM in WebCrypto ("subtle" crypto + API) wasn't working. + - This could make certain login procedures fail to work. + - Fixed a full browser deadlock when page scripting would flood + browsing history with rapid location state changes. + - Disabled AV1 codec use by default again since our implementation + has significant streaming issues (particularly audio) that needs + further work. + - Added required interaction with file/folder open dialog boxes on + html file input elements on some operating systems to avoid malicious + content tricking users into uploading sensitive files unintentionally + (related to CVE-2021-23956). + - Added a font sanity check to avoid triggering a potential + vulnerability on unpatched Windows operating systems (related to + CVE-2021-24093). + - Security issues addressed: CVE-2021-23974, CVE-2021-23973 and + several memory safety hazards that don't have CVE numbers. + - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 2 + DiD, 19 not applicable. + + -- B. Stack Tue, 02 Mar 2021 21:53:23 -0500 + palemoon (29.0.1-1+devuan) obs; urgency=medium * Changes/fixes: @@ -113,7 +157,7 @@ palemoon (28.17.0-1+devuan) obs; urgency=low may choose to take any specific action manually, instead of trying to execute it as a program or through an associated program. - -- Ben Stack Fri, 18 Dec 2020 13:52:12 -0500 + -- B. Stack Fri, 18 Dec 2020 13:52:12 -0500 palemoon (28.16.0-1+devuan) obs; urgency=low @@ -152,7 +196,7 @@ palemoon (28.16.0-1+devuan) obs; urgency=low - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 4 defense-in-depth, 3 rejected, 20 not applicable. - -- Ben Stack Wed, 25 Nov 2020 09:13:05 -0500 + -- B. Stack Wed, 25 Nov 2020 09:13:05 -0500 palemoon (28.15.0-1+devuan) obs; urgency=low @@ -165,20 +209,20 @@ palemoon (28.15.0-1+devuan) obs; urgency=low - Security issues fixed: CVE-2020-15680 (VG-VD-20-115) and several memory safety hazards. - Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 2 defense-in-depth, 12 not applicable. - -- Ben Stack Tue, 27 Oct 2020 20:05:31 -0400 + -- B. Stack Tue, 27 Oct 2020 20:05:31 -0400 palemoon (28.14.2-1+devuan) obs; urgency=low * Fixed some additional crashes caused by the ResizeObserver API. This should take care of all crashes that have been attributed to this new code. * Fixed erroneous parsing of CSS percentages as number values. - -- Ben Stack Sat, 03 Oct 2020 13:18:40 -0400 + -- B. Stack Sat, 03 Oct 2020 13:18:40 -0400 palemoon (28.14.1-1+devuan) UNRELEASED; urgency=low * This update addresses an intermittent crash in the newly-implemented ResizeObserver API (introduced in 28.14.0) occurring on a number of high-profile and often-used websites. - -- Ben Stack Sat, 03 Oct 2020 13:18:30 -0400 + -- B. Stack Sat, 03 Oct 2020 13:18:30 -0400 palemoon (28.14.0-1+devuan) UNRELEASED; urgency=low @@ -204,13 +248,13 @@ palemoon (28.14.0-1+devuan) UNRELEASED; urgency=low * Security issues fixed: CVE-2020-15676 and CVE-2020-15677 * Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 1 defense-in-depth, 7 not applicable. - -- Ben Stack Sat, 03 Oct 2020 13:18:20 -0400 + -- B. Stack Sat, 03 Oct 2020 13:18:20 -0400 palemoon (28.13.0-4+devuan) obs; urgency=low * Import xfce-helper/palemoon.desktop from stevep@mxlinux.org release - -- Ben Stack Wed, 09 Sep 2020 14:43:04 -0400 + -- B. Stack Wed, 09 Sep 2020 14:43:04 -0400 palemoon (28.13.0-3+devuan) obs; urgency=medium @@ -265,7 +309,7 @@ palemoon (28.13.0-3+devuan) obs; urgency=medium users to enable this function for websites that use its utility but do not use WebComponents. - -- Ben Stack Fri, 04 Sep 2020 19:50:02 -0400 + -- B. Stack Fri, 04 Sep 2020 19:50:02 -0400 palemoon (28.12.0-1+devuan) obs; urgency=medium @@ -319,7 +363,7 @@ palemoon (28.12.0-1+devuan) obs; urgency=medium concerns (i.e. the main program .exe could also be replaced/infected in that case). - -- Ben Stack Wed, 05 Aug 2020 14:43:18 -0400 + -- B. Stack Wed, 05 Aug 2020 14:43:18 -0400 palemoon (28.11.0-1+devuan) obs; urgency=medium @@ -374,7 +418,7 @@ palemoon (28.11.0-1+devuan) obs; urgency=medium - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 defense-in-depth, 10 not applicable. - -- Ben Stack Tue, 14 Jul 2020 14:28:53 -0400 + -- B. Stack Tue, 14 Jul 2020 14:28:53 -0400 palemoon (28.10.0-1+devuan) obs; urgency=medium @@ -406,7 +450,7 @@ palemoon (28.10.0-1+devuan) obs; urgency=medium - Unified XUL Platform Mozilla Security Patch Summary: 1 fixed, 1 - defense-in-depth, 8 not applicable. - -- Ben Stack Fri, 05 Jun 2020 09:15:04 -0400 + -- B. Stack Fri, 05 Jun 2020 09:15:04 -0400 palemoon (28.9.3-1+devuan) obs; urgency=medium @@ -418,13 +462,13 @@ palemoon (28.9.3-1+devuan) obs; urgency=medium - Improved memory safety in the XUL window destructor. DiD - Unified XUL Platform Mozilla Security Patch Summary: 3 fixed, 3 Defense-in-depth, 16 not applicable. - -- Ben Stack Fri, 08 May 2020 10:39:55 -0400 + -- B. Stack Fri, 08 May 2020 10:39:55 -0400 palemoon (28.9.2-2+devuan) obs; urgency=medium * testing OBS build optimization and removing animation from about dialog - -- Ben Stack Tue, 06 May 2020 15:08:46 -0400 + -- B. Stack Tue, 06 May 2020 15:08:46 -0400 palemoon (28.9.2-1+devuan) obs; urgency=medium @@ -435,7 +479,7 @@ palemoon (28.9.2-1+devuan) obs; urgency=medium - To enable this, set `browser.urlbar.decodeURLsOnCopy` to true in about:config - Fixed several application crashes (thanks, Fysac!) - -- Ben Stack Thu, 30 Apr 2020 10:11:14 -0400 + -- B. Stack Thu, 30 Apr 2020 10:11:14 -0400 palemoon (28.9.1-1+devuan) obs; urgency=medium @@ -450,7 +494,7 @@ palemoon (28.9.1-1+devuan) obs; urgency=medium - Fixed an issue with handling functions with rest parameters. DiD - Unified XUL Platform Mozilla Security Patch Summary: 2 Defense-in-depth, 14 not applicable. - -- Ben Stack Fri, 10 Apr 2020 13:58:30 -0400 + -- B. Stack Fri, 10 Apr 2020 13:58:30 -0400 palemoon (28.9.0.2-1+devuan) obs; urgency=medium @@ -459,13 +503,13 @@ palemoon (28.9.0.2-1+devuan) obs; urgency=medium - Fixed an issue with cache behavior where some users would have trouble having their windows and tabs restored in "soft refresh" mode (see v28.9.0 release notes). - To solve this, we reverted to the previous (pull from cache) mode for now while we investigate the cause. - -- Ben Stack Thu, 26 Mar 2020 07:50:02 -0400 + -- B. Stack Thu, 26 Mar 2020 07:50:02 -0400 palemoon (28.9.0.1-1+devuan) UNRELEASED; urgency=medium * From releasenotes.shtml: This is a small update to address a breaking issue with user-agent override strings, causing problems on certain websites for a number of our users. - -- Ben Stack Thu, 26 Mar 2020 06:50:02 -0400 + -- B. Stack Thu, 26 Mar 2020 06:50:02 -0400 palemoon (28.9.0-1+devuan) UNRELEASED; urgency=medium @@ -520,7 +564,7 @@ palemoon (28.9.0-1+devuan) UNRELEASED; urgency=medium - Updated our sctp library code with several upstream fixes. - Unified XUL Platform Mozilla Security Patch Summary: 4 fixed, 3 already mitigated, 1 rejected, 11 not applicable. - -- Ben Stack Thu, 26 Mar 2020 05:50:02 -0400 + -- B. Stack Thu, 26 Mar 2020 05:50:02 -0400 palemoon (28.8.4-1+devuan) obs; urgency=low @@ -528,7 +572,7 @@ palemoon (28.8.4-1+devuan) obs; urgency=low - Implemented optional catch binding (ES2019). - Fixed a hazardous crash related to module scripting (CVE-2020-9545). - -- Ben Stack Mon, 02 Mar 2020 16:37:14 -0500 + -- B. Stack Mon, 02 Mar 2020 16:37:14 -0500 palemoon (28.8.3-1+devuan) obs; urgency=medium @@ -541,14 +585,14 @@ palemoon (28.8.3-1+devuan) obs; urgency=medium - Fixed an issue in the html parser after using HTML5 template tags, allowing JavaScript parsing and execution when it should not be allowed, risking XSS vulnerabilities on sites relying on correct operation of the browser. (CVE-2020-6798) - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 2 DiD, 10 not applicable. - -- Ben Stack Wed, 18 Feb 2020 11:06:28 -0500 + -- B. Stack Wed, 18 Feb 2020 11:06:28 -0500 palemoon (28.8.2.1-1+devuan) obs; urgency=medium * From releasenotes.shtml: This is a small bugfix and compatibility update. - This is a minor release in response to YouTube deprecating their old web UI. This change will enable the new YouTube UI by default. - -- Ben Stack Wed, 05 Feb 2020 08:08:06 -0500 + -- B. Stack Wed, 05 Feb 2020 08:08:06 -0500 palemoon (28.8.2-1+devuan) obs; urgency=medium @@ -557,7 +601,7 @@ palemoon (28.8.2-1+devuan) obs; urgency=medium - Fixed an issue where FTP servers would hang the browser if they were not sending answers according to the protocol specification. - Added a workaround for GitHub trying to enforce more Google-isms (which we don't support at this time) to browsers that identify as "Firefox-alike". - -- Ben Stack Tue, 28 Jan 2020 16:50:56 -0500 + -- B. Stack Tue, 28 Jan 2020 16:50:56 -0500 palemoon (28.8.1-1+devuan) obs; urgency=medium @@ -570,7 +614,7 @@ palemoon (28.8.1-1+devuan) obs; urgency=medium - Fixed an issue with the JavaScript JIT compiler that could lead to exploitable crashes. (CVE-2019-17026) actively exploited - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 7 DiD, 12 not applicable. - -- B Stack Mon, 13 Jan 2020 10:24:21 -0500 + -- B. Stack Mon, 13 Jan 2020 10:24:21 -0500 palemoon (28.8.0-1+devuan) obs; urgency=medium @@ -624,7 +668,7 @@ palemoon (28.8.0-1+devuan) obs; urgency=medium - Updated NSS to 3.41.4 to address CVE-2019-11756 and CVE-2019-11745. - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 8 DiD, 16 not applicable. - -- B Stack Wed, 11 Dec 2019 08:06:45 -0500 + -- B. Stack Wed, 11 Dec 2019 08:06:45 -0500 palemoon (28.7.2-1+devuan) obs; urgency=medium @@ -644,7 +688,7 @@ palemoon (28.7.2-1+devuan) obs; urgency=medium - Sec bug fixes: CVE-2019-15903, CVE-2019-11757, CVE-2019-11763 and several potentially exploitable crashes and memory safety hazards that don't have a CVE number. - Unified XUL Platform Mozilla Security Patch Summary: 6 fixed, 6 DiD, 1 rejected, 24 not applicable. - -- B Stack Tue, 29 Oct 2019 16:44:47 -0400 + -- B. Stack Tue, 29 Oct 2019 16:44:47 -0400 palemoon (28.7.1-1+devuan) obs; urgency=medium @@ -656,7 +700,7 @@ palemoon (28.7.1-1+devuan) obs; urgency=medium - Fixed security issues: CVE-2019-11744, CVE-2019-11752, CVE-2019-11737, CVE-2019-11746, CVE-2019-11750, CVE-2019-11747 and CVE-2019-11738. - Unified XUL Platform Mozilla Security Patch Summary: 7 fixed, 1 DiD, 1 already covered, 22 not applicable. - -- B Stack Wed, 04 Sep 2019 08:23:21 -0400 + -- B. Stack Wed, 04 Sep 2019 08:23:21 -0400 palemoon (28.7.0-1+devuan) obs; urgency=medium @@ -704,13 +748,13 @@ palemoon (28.7.0-1+devuan) obs; urgency=medium - Removed the Financial Times' polyfill user-agent override since they updated their detection to work with Pale Moon. - -- B Stack Wed, 04 Sep 2019 08:23:21 -0400 + -- B. Stack Wed, 04 Sep 2019 08:23:21 -0400 palemoon (28.6.1-3+devuan) obs; urgency=medium * Specify gcc-8 on debian buster which is the upstream for beowulf/ceres. - -- B Stack Thu, 25 Jul 2019 13:03:15 -0400 + -- B. Stack Thu, 25 Jul 2019 13:03:15 -0400 palemoon (28.6.1-2+devuan) obs; urgency=medium @@ -737,7 +781,7 @@ palemoon (28.6.1-1+devuan) manual; urgency=low - Added a port safety check for Alternative Services. - Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers. - -- B Stack Thu, 25 Jul 2019 13:03:15 -0400 + -- B. Stack Thu, 25 Jul 2019 13:03:15 -0400 palemoon (28.6.0.1-1+devuan) manual; urgency=low @@ -748,7 +792,7 @@ palemoon (28.6.0.1-1+devuan) manual; urgency=low - Updated the WhatsApp Web site-specific user-agent override to respond to Google refusing access based on the old string. - Updated the branding for the portable launcher. - -- B Stack Fri, 5 Jul 2019 16:29:51 -0500 + -- B. Stack Fri, 5 Jul 2019 16:29:51 -0500 palemoon (28.6.0-1+devuan) manual; urgency=low @@ -797,7 +841,7 @@ palemoon (28.6.0-1+devuan) manual; urgency=low - Fixed a build issue with Gnu-CC on PPC64. - Fixed browser.link.open_newwindow functionality. - -- B Stack Tue, 2 Jul 2019 11:31:51 -0400 + -- B. Stack Tue, 2 Jul 2019 11:31:51 -0400 palemoon (28.5.2-1+devuan) manual; urgency=low @@ -819,7 +863,7 @@ palemoon (28.5.2-1+devuan) manual; urgency=low - Applicable security issues fixed: CVE-2019-7317, CVE-2019-11701, CVE-2019-11698, CVE-2019-9817 (DiD), CVE-2019-11700, CVE-2019-11696, CVE-2019-11693, and several potentially exploitable crashes and memory safety hazards that do not have a CVE number assigned to them. - Fixed issues with image/texture allocation incorrectly being marked as insecure. - -- B Stack Tue, 4 Jun 2019 22:22:10 -0400 + -- B. Stack Tue, 4 Jun 2019 22:22:10 -0400 palemoon (28.5.0-1+devuan) manual; urgency=low @@ -873,7 +917,7 @@ palemoon (28.5.0-1+devuan) manual; urgency=low - Fixed several memory safety hazards and crashes. - Windows binaries are now code-signed again (including the setup program for the installer). - -- B Stack Tue, 30 Apr 2019 08:36:47 -0500 + -- B. Stack Tue, 30 Apr 2019 08:36:47 -0500 palemoon (28.4.1-1devuan) manual; urgency=low @@ -889,7 +933,7 @@ palemoon (28.4.1-1devuan) manual; urgency=low - Fixed several memory safety hazards and crashes. - Binaries are now code-signed again (including the setup program for the installer). - -- B Stack Fri, 29 Mar 2019 14:42:19 -0500 + -- B. Stack Fri, 29 Mar 2019 14:42:19 -0500 palemoon (28.4.0-1devuan) manual; urgency=low @@ -917,13 +961,13 @@ palemoon (28.4.0-1devuan) manual; urgency=low - Fixed several potentially-exploitable memory safety hazards and crashes. (DiD) - Fixed a possible data race when performing compacting GC. - -- B Stack Wed, 20 Feb 2019 16:42:43 -0500 + -- B. Stack Wed, 20 Feb 2019 16:42:43 -0500 palemoon (28.3.1-1devuan) manual; urgency=medium * Initial build for devuan - -- B Stack Wed, 23 Jan 2019 13:11:18 -0500 + -- B. Stack Wed, 23 Jan 2019 13:11:18 -0500 palemoon (28.3.0+repack-1) obs; urgency=medium -- cgit