From ee86074a964bcc13643cf1d693c0a384132db3f2 Mon Sep 17 00:00:00 2001 From: B Stack Date: Tue, 14 Jul 2020 14:41:31 -0400 Subject: pm 28.11.0-1 rc1, dpkg and rpm bring in 32-bit memory mod for rpm, to match dpkg, from https://forum.palemoon.org/viewtopic.php?f=37&t=24737&p=193746 --- palemoon/debian/changelog | 81 ++++++++++++++++++++++++----- palemoon/debian/control | 6 +-- palemoon/debian/palemoon_devuan.dsc | 4 +- palemoon/debian/patches/fix_arm_FTBFS.patch | 78 +++++++++++++++++++++++++++ palemoon/debian/patches/series | 1 + palemoon/debian/rules | 1 + palemoon/palemoon-mozconfig | 2 +- palemoon/palemoon.spec | 7 ++- 8 files changed, 157 insertions(+), 23 deletions(-) create mode 100644 palemoon/debian/patches/fix_arm_FTBFS.patch (limited to 'palemoon') diff --git a/palemoon/debian/changelog b/palemoon/debian/changelog index 192aad6..0d57595 100644 --- a/palemoon/debian/changelog +++ b/palemoon/debian/changelog @@ -1,3 +1,58 @@ +palemoon (28.11.0-1+devuan) obs; urgency=medium + + * This is a development, bugfix and security update. + - Changed storage format for certificates and passwords to SQLite. + - Added a preference (browser.tabs.insertAllAfterCurrent) to enable + always adding new tabs after the current tab, whether related or not. + - Changed the way Firefox extensions are displayed in the add-on + manager (provide a clear warning). + - Denied other types of add-ons that aren't explicitly targeting + Pale Moon's ID. + - Improved the browser's DPI-awareness to be per-monitor instead of + system-wide, on supported Windows operating systems. + - Updated bookmark backups code with the other half of what should + have been done way back when, so they work fully as-intended. + - Added a preference + (browser.bookmarks.editDialog.showForNewBookmarks) to enable + immediately showing the edit dialog for new bookmarks. + - If set to true, clicking the star in the address bar will pop + open the edit dialog immediately for changing details/sorting. + - Fixed the useragent string in native mode, and updated UA code to + properly respond to live changes to some preferences. + - Tidied up front-end browser JavaScript. + - Changed the way sources are compiled (on-going de-unification). + - Improved compatibility with gcc v10 + - Removed support for the obsolete and unmaintained NVidia 3DVision + stereoscopic interface. + - Fixed some build issues in non-standard configurations. + - Fixed wrong positions when calculating the position for + position:absolute child inside a table. + - Aligned file name extension of saved url files with other + applications (lower case) + - Fixed building with --disable-webspeech (to disable speech + synthesis) + - Added global menubar support for GTK. + - Implemented node.getRootNode + - Implemented AbortController (Abort API) + - Improved the uninstaller to use elevation when prudent and + actually remove program files. + - Fixed a rare issue with editable page content. + - Fixed a crash related to ES module scripts. + - Aligned ES module scripting better with the current spec and + removed eager instantiation. + - Fixed a potential issue with the JPEG encoder. (CVE-2020-12422) + DiD + - Fixed a potential issue with AppCache manifests. DiD + - Fixed a potential crash in JavaScript date parsing. + - Fixed a problem with RSA key generation that would make it + potentially vulnerable to side-channel attacks. (CVE-2020-12402) + - Fixed a potential crash due to multithread race condition. DiD + - Fixed a correctness issue in URL handling. (CVE-2020-12418) DiD + - Unified XUL Platform Mozilla Security Patch Summary: 2 fixed, 4 + defense-in-depth, 10 not applicable. + + -- Ben Stack Tue, 14 Jul 2020 14:28:53 -0400 + palemoon (28.10.0-1+devuan) obs; urgency=medium * This is a development, bugfix and security update. @@ -755,7 +810,7 @@ palemoon (28.1.0~repack-1) obs; urgency=medium - Fixed toolbar styling in toolkit themes. - Fixed viewing the source of a selection. - * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and + * Now has full support for gcc-8, so stop forcing gcc-7 build on Buster and recent Ubuntus where gcc-8 is default. -- Steven Pusser Mon, 17 Sep 2018 19:05:20 -0700 @@ -834,8 +889,8 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium - Prevented various location-based threats. DiD - Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364). - - Improved the security check for launching executable files - (by association) on Windows from the browser. For users who have (most + - Improved the security check for launching executable files + (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds of files without being prompted, this permission has been reset. - Fixed an issue with invalid qcms transforms (CVE-2018-12366). @@ -852,13 +907,13 @@ palemoon (27.9.4~repack-1~mx17+1) mx; urgency=medium palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium * New upstream security update: - + - Changes/fixes: - - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to - that report, the libopus maintainers state they don't believe remote + - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to + that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch. - Fixed an issue with task counting in JS GC. - - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks + - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting). -- Steven Pusser Tue, 12 Jun 2018 11:12:06 -0700 @@ -871,18 +926,18 @@ palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium - We changed the language strings for softblocked items so people will cry less when we do our job. - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. - - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly - rendering some Unicode characters, allowing for the file name to be - spoofed. This could be used to obscure the file extension of potentially + - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly + rendering some Unicode characters, allowing for the file name to be + spoofed. This could be used to obscure the file extension of potentially executable files from user view in the panel. - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a buffer overflow and crash if it occurs. - - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia + - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia library resulting in possible out-of-bounds writes. - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating attributes during SVG animations with clip paths. - - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string - conversion within JavaScript with extremely large amounts of data. This + - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string + conversion within JavaScript with extremely large amounts of data. This vulnerability requires the use of a malicious or vulnerable extension in order to occur. - Fixed several stability issues (crashes) and memory safety hazards. diff --git a/palemoon/debian/control b/palemoon/debian/control index e9fa32b..e532400 100644 --- a/palemoon/debian/control +++ b/palemoon/debian/control @@ -8,21 +8,17 @@ Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), - libfontconfig-dev, libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, - lsb-release, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip, - zlib1g-dev, -# libfontconfig-dev only added for Debian OBS which is choking as of 2020-04 on libfontconfig-dev | libfontconfig1-dev for deps: libgtk-3-dev, libpango1.0-dev, libcairo2-dev, libxft-dev Standards-Version: 3.9.6 Homepage: http://www.palemoon.org/ @@ -30,7 +26,7 @@ Package: palemoon Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, libavcodec54 | libavcodec-extra54 |libavcodec55 | libavcodec-extra55 | libavcodec56 | libavcodec-extra56 | libavcodec57 | libavcodec-extra57 | libavcodec58 | libavcodec-extra58 | libavcodec-ffmpeg56 | libavcodec-ffmpeg-extra56 -Provides: x-www-browser +Provides: gnome-www-browser, www-browser, x-www-browser Conflicts: palemoon-nonsse2 Replaces: palemoon-nonsse2 Description: Firefox-based, efficient and easy to use web browser diff --git a/palemoon/debian/palemoon_devuan.dsc b/palemoon/debian/palemoon_devuan.dsc index 3e314ec..e373faf 100644 --- a/palemoon/debian/palemoon_devuan.dsc +++ b/palemoon/debian/palemoon_devuan.dsc @@ -2,11 +2,11 @@ Format: 3.0 (quilt) Source: palemoon Binary: palemoon Architecture: any -Version: 28.10.0-1+devuan +Version: 28.11.0-1+devuan Maintainer: B Stack Homepage: http://www.palemoon.org/ Standards-Version: 4.1.4 -Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, lsb-release, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip, zlib1g-dev, libfontconfig-dev +Build-Depends: debhelper (>= 12), autoconf2.13, libasound2-dev, libdbus-glib-1-dev (>= 0.60), libgconf2-dev (>= 1.2.1), libgtk2.0-dev (>= 2.14), libssl-dev, libx11-xcb-dev, libxt-dev, mesa-common-dev, pkg-config, python (>= 2.7), unzip, yasm (>= 1.1), zip Package-List: palemoon deb web optional arch=any Files: diff --git a/palemoon/debian/patches/fix_arm_FTBFS.patch b/palemoon/debian/patches/fix_arm_FTBFS.patch new file mode 100644 index 0000000..a8b1582 --- /dev/null +++ b/palemoon/debian/patches/fix_arm_FTBFS.patch @@ -0,0 +1,78 @@ +Description: Fix build failure on armhf arch +Author: Steven Pusser +Last-Update: 2020-06-09 + +--- palemoon-28.10.0.orig/platform/js/src/wasm/WasmBaselineCompile.cpp ++++ palemoon-28.10.0/platform/js/src/wasm/WasmBaselineCompile.cpp +@@ -3391,7 +3391,7 @@ class BaseCompiler + #ifdef JS_CODEGEN_ARM + void + loadI32(MemoryAccessDesc access, bool isSigned, RegI32 ptr, Register rt) { +- if (access.byteSize() > 1 && IsUnaligned(ins->access())) { ++ if (access.byteSize() > 1 && IsUnaligned(access)) { + masm.add32(HeapReg, ptr.reg); + SecondScratchRegisterScope scratch(*this); + masm.emitUnalignedLoad(isSigned, access.byteSize(), ptr.reg, scratch, rt, 0); +@@ -3405,7 +3405,7 @@ class BaseCompiler + + void + storeI32(MemoryAccessDesc access, RegI32 ptr, Register rt) { +- if (access.byteSize() > 1 && IsUnaligned(ins->access())) { ++ if (access.byteSize() > 1 && IsUnaligned(access)) { + masm.add32(HeapReg, ptr.reg); + masm.emitUnalignedStore(access.byteSize(), ptr.reg, rt, 0); + } else { +@@ -3419,7 +3419,7 @@ class BaseCompiler + + void + loadI64(MemoryAccessDesc access, RegI32 ptr, RegI64 dest) { +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + masm.add32(HeapReg, ptr.reg); + SecondScratchRegisterScope scratch(*this); + masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, dest.reg.low, +@@ -3440,7 +3440,7 @@ class BaseCompiler + + void + storeI64(MemoryAccessDesc access, RegI32 ptr, RegI64 src) { +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + masm.add32(HeapReg, ptr.reg); + masm.emitUnalignedStore(ByteSize(4), ptr.reg, src.reg.low, 0); + masm.emitUnalignedStore(ByteSize(4), ptr.reg, src.reg.high, 4); +@@ -3459,7 +3459,7 @@ class BaseCompiler + void + loadF32(MemoryAccessDesc access, RegI32 ptr, RegF32 dest, RegI32 tmp1) { + masm.add32(HeapReg, ptr.reg); +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + SecondScratchRegisterScope scratch(*this); + masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp1.reg, 0); + masm.ma_vxfer(tmp1.reg, dest.reg); +@@ -3473,7 +3473,7 @@ class BaseCompiler + void + storeF32(MemoryAccessDesc access, RegI32 ptr, RegF32 src, RegI32 tmp1) { + masm.add32(HeapReg, ptr.reg); +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + masm.ma_vxfer(src.reg, tmp1.reg); + masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp1.reg, 0); + } else { +@@ -3486,7 +3486,7 @@ class BaseCompiler + void + loadF64(MemoryAccessDesc access, RegI32 ptr, RegF64 dest, RegI32 tmp1, RegI32 tmp2) { + masm.add32(HeapReg, ptr.reg); +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + SecondScratchRegisterScope scratch(*this); + masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp1.reg, 0); + masm.emitUnalignedLoad(IsSigned(false), ByteSize(4), ptr.reg, scratch, tmp2.reg, 4); +@@ -3501,7 +3501,7 @@ class BaseCompiler + void + storeF64(MemoryAccessDesc access, RegI32 ptr, RegF64 src, RegI32 tmp1, RegI32 tmp2) { + masm.add32(HeapReg, ptr.reg); +- if (IsUnaligned(ins->access())) { ++ if (IsUnaligned(access)) { + masm.ma_vxfer(src.reg, tmp1.reg, tmp2.reg); + masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp1.reg, 0); + masm.emitUnalignedStore(ByteSize(4), ptr.reg, tmp2.reg, 4); diff --git a/palemoon/debian/patches/series b/palemoon/debian/patches/series index 054d3bf..0a417be 100644 --- a/palemoon/debian/patches/series +++ b/palemoon/debian/patches/series @@ -1,3 +1,4 @@ small-icons.patch bgstack15-palemoon.patch pm-devuan.patch +fix_arm_FTBFS.patch diff --git a/palemoon/debian/rules b/palemoon/debian/rules index 5705c90..d970f5e 100755 --- a/palemoon/debian/rules +++ b/palemoon/debian/rules @@ -4,6 +4,7 @@ export SHELL=/bin/bash ## borrowed from stevepusser's logic ## Build with gcc-8 on Buster (beowulf/ceres) +## If you enable this, then d/control needs lsb-release as a build dependency. #distrelease := $(shell lsb_release -cs) #ifeq ($(distrelease),$(filter $(distrelease),buster beowulf/ceres)) #export CC=gcc-8 diff --git a/palemoon/palemoon-mozconfig b/palemoon/palemoon-mozconfig index 3a3c1de..e377731 100644 --- a/palemoon/palemoon-mozconfig +++ b/palemoon/palemoon-mozconfig @@ -2,7 +2,7 @@ mk_add_options AUTOCLOBBER=1 mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/pmbuild ac_add_options --enable-application=palemoon -ac_add_options --enable-optimize="-O2" +ac_add_options --enable-optimize="-O2 -Wl,--no-keep-memory -Wl,--reduce-memory-overhead" ac_add_options --enable-official-branding ac_add_options --enable-official-vendor diff --git a/palemoon/palemoon.spec b/palemoon/palemoon.spec index b130f4c..b9c7454 100644 --- a/palemoon/palemoon.spec +++ b/palemoon/palemoon.spec @@ -5,7 +5,7 @@ %global stackrpms_custom 1 # derive from inside the full source tree or from notes at https://github.com/MoonchildProductions/Pale-Moon/releases # git submodule | awk -v "name=platform" '$2 == name {gsub("-","",$1); print $1}' -%global submodule_platform_tag RELBASE_20200603 +%global submodule_platform_tag RELBASE_20200712 # additional repos to get python27 and devtoolset-7 # for el6 and el7: Software Collection;, for x86_64 only @@ -42,7 +42,7 @@ Name: palemoon-stackrpms Name: palemoon %endif Summary: Pale Moon web browser -Version: 28.10.0 +Version: 28.11.0 Release: 1 Group: Networking/Web @@ -285,6 +285,9 @@ update-mime-database -n ${_datadir}/mime 1>/dev/null 2>&1 & : %doc AUTHORS LICENSE %changelog +* Tue Jul 14 2020 B Stack - 28.11.0-1 +- update version + * Fri Jun 05 2020 B Stack - 28.10.0-1 - update version -- cgit