From ee86074a964bcc13643cf1d693c0a384132db3f2 Mon Sep 17 00:00:00 2001 From: B Stack Date: Tue, 14 Jul 2020 14:41:31 -0400 Subject: pm 28.11.0-1 rc1, dpkg and rpm bring in 32-bit memory mod for rpm, to match dpkg, from https://forum.palemoon.org/viewtopic.php?f=37&t=24737&p=193746 --- palemoon/debian/changelog | 81 +++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 68 insertions(+), 13 deletions(-) (limited to 'palemoon/debian/changelog') diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog index 192aad6..0d57595 100644 --- a/palemoon/debian/changelog +++ b/palemoon/debian/changelog @@ -1,3 +1,58 @@ +palemoon (28.11.0-1+devuan) obs; urgency=medium + + * This is a development, bugfix and security update. + - Changed storage format for certificates and passwords to SQLite. + - Added a preference (browser.tabs.insertAllAfterCurrent) to enable + always adding new tabs after the current tab, whether related or not. + - Changed the way Firefox extensions are displayed in the add-on + manager (provide a clear warning). + - Denied other types of add-ons that aren't explicitly targeting + Pale Moon's ID. + - Improved the browser's DPI-awareness to be per-monitor instead of + system-wide, on supported Windows operating systems. + - Updated bookmark backups code with the other half of what should + have been done way back when, so they work fully as-intended. + - Added a preference + (browser.bookmarks.editDialog.showForNewBookmarks) to enable + immediately showing the edit dialog for new bookmarks. + - If set to true, clicking the star in the address bar will pop + open the edit dialog immediately for changing details/sorting. + - Fixed the useragent string in native mode, and updated UA code to + properly respond to live changes to some preferences. + - Tidied up front-end browser JavaScript. + - Changed the way sources are compiled (on-going de-unification). + - Improved compatibility with gcc v10 + - Removed support for the obsolete and unmaintained NVidia 3DVision + stereoscopic interface. + - Fixed some build issues in non-standard configurations. + - Fixed wrong positions when calculating the position for + position:absolute child inside a table. + - Aligned file name extension of saved url files with other + applications (lower case) + - Fixed building with --disable-webspeech (to disable speech + synthesis) + - Added global menubar support for GTK. + - Implemented node.getRootNode + - Implemented AbortController (Abort API) + - Improved the uninstaller to use elevation when prudent and + actually remove program files. + - Fixed a rare issue with editable page content. + - Fixed a crash related to ES module scripts. + - Aligned ES module scripting better with the current spec and + removed eager instantiation. + - Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) + DiD + - Fixed a potential issue with AppCache manifests. DiD + - Fixed a potential crash in JavaScript date parsing. + - Fixed a problem with RSA key generation that would make it + potentially vulnerable to side-channel attacks. (CVE-2020-12402) + - Fixed a potential crash due to multithread race condition. DiD + - Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD + - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 + defense-in-depth, 10 not applicable. + + -- Ben Stack Tue, 14 Jul 2020 14:28:53 -0400 + palemoon (28.10.0-1+devuan) obs; urgency=medium * This is a development, bugfix and security update. @@ -755,7 +810,7 @@ palemoon (28.1.0~repack-1) obs; urgency=medium - Fixed toolbar styling in toolkit themes. - Fixed viewing the source of a selection. - * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and + * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and recent Ubuntus where gcc-8 is default. -- Steven Pusser Mon, 17 Sep 2018 19:05:20 -0700 @@ -834,8 +889,8 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium - Prevented various location-based threats. DiD - Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364). - - Improved the security check for launching executable files - (by association) on Windows from the browser. For users who have (most + - Improved the security check for launching executable files + (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset. - Fixed an issue with invalid qcms transforms (CVE-2018-12366). @@ -852,13 +907,13 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium * New upstream security update: - + - Changes/fixes: - - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to - that report, the libopus maintainers state they don't believe remote + - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to + that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch. - Fixed an issue with task counting in JS GC. - - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks + - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting). -- Steven Pusser Tue, 12 Jun 2018 11:12:06 -0700 @@ -871,18 +926,18 @@ palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium - We changed the language strings for softblocked items so people will cry less when we do our job. - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. - - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly - rendering some Unicode characters, allowing for the file name to be - spoofed. This could be used to obscure the file extension of potentially + - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly + rendering some Unicode characters, allowing for the file name to be + spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel. - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs. - - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia + - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes. - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths. - - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string - conversion within JavaScript with extremely large amounts of data. This + - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string + conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur. - Fixed several stability issues (crashes) and memory safety hazards. -- cgit