From 015a4995d2546f8eef970b627b4a08c48bfe7015 Mon Sep 17 00:00:00 2001 From: B Stack Date: Fri, 26 Jul 2019 20:44:38 +0000 Subject: palemoon 28.6.1 --- palemoon/debian/changelog | 20 ++++++++++++++++++++ palemoon/palemoon-stackrpms.spec | 7 +++++-- palemoon/palemoon.spec | 7 +++++-- 3 files changed, 30 insertions(+), 4 deletions(-) (limited to 'palemoon') diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog index 93955bf..47b544c 100644 --- a/palemoon/debian/changelog +++ b/palemoon/debian/changelog @@ -1,3 +1,23 @@ +palemoon (28.6.1-1+devuan) manual; urgency=low + + * From releasenotes.shtml: This is security and bugfix update. + - Improved handling of FTP resource loading (allow save-as and cater to some FTP-based browsing). + - Added a preference (security.block_ftp_subresources) to allow users to completely bypass the blocking of FTP subresources if required for their environment, if the improvements made in this release do not suffice. + - Added blocking of authentication-locked cross-origin image subresources by default to prevent spurious auth prompts. + - A preference (network.auth.subresource-http-img-XO-auth) was added to allow users to bypass this blocking if required for their environment. + - Changed the behavior of file: URIs to treat each URI as a unique origin. This prevents cross-file access from scripting. + - A preference (security.fileuri.unique_origin) was added to allow users to relax this restriction if required for their environment. + - Implemented a revised version of http2PushedStream to address some thread safety issues. + - Aligned browser behavior with mainstream regarding inner window behavior when domain is manipulated. + - Backed out a 28.5.* patch for causing multiple issues in the UI and web content. + - Updated NSS to 3.41.2 (custom) to pick up several upstream fixes. + - Fixed a type confusion issue in JavaScript Arrays. (DiD) + - Added a fix for cross-thread access of Necko. (DiD) + - Added a port safety check for Alternative Services. + - Implemented fixes for applicable security issues: CVE-2019-11719, CVE-2019-11711, CVE-2019-11715, CVE-2019-11717, CVE-2019-11714 (DiD), CVE-2019-11729 (DiD), CVE-2019-11727 (DiD), CVE-2019-11730 (DiD), CVE-2019-11713 (DiD) and several networking and memory-safety hazards that do not have CVE numbers. + + -- B Stack Thu, 25 Jul 2019 13:03:15 -0400 + palemoon (28.6.0.1-1+devuan) manual; urgency=low * From releasenotes.shtml: This is an out-of-band update to fix some pressing issues with the latest release. diff --git a/palemoon/palemoon-stackrpms.spec b/palemoon/palemoon-stackrpms.spec index b7bf404..06322ca 100644 --- a/palemoon/palemoon-stackrpms.spec +++ b/palemoon/palemoon-stackrpms.spec @@ -40,8 +40,8 @@ Summary: Pale Moon web browser with stackrpms prefs Name: palemoon Summary: Pale Moon web browser %endif -Version: 28.6.0.1 -Release: 2 +Version: 28.6.1 +Release: 1 Group: Networking/Web License: MPLv2.0 @@ -281,6 +281,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & : %doc AUTHORS LICENSE %changelog +* Thu Jul 25 2019 B Stack - 28.6.1-1 +- update version + * Mon Jul 8 2019 B Stack - 28.6.0.1-2 - remove custom patches for stock build diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec index e7a7526..4f2f857 100644 --- a/palemoon/palemoon.spec +++ b/palemoon/palemoon.spec @@ -40,8 +40,8 @@ Summary: Pale Moon web browser with stackrpms prefs Name: palemoon Summary: Pale Moon web browser %endif -Version: 28.6.0.1 -Release: 2 +Version: 28.6.1 +Release: 1 Group: Networking/Web License: MPLv2.0 @@ -281,6 +281,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & : %doc AUTHORS LICENSE %changelog +* Thu Jul 25 2019 B Stack - 28.6.1-1 +- update version + * Mon Jul 8 2019 B Stack - 28.6.0.1-2 - remove custom patches for stock build -- cgit