This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 97558c014162f322a706af16d43b9f3e4604832d Author: Mihai Moldovan <ionic@ionic.de> Date: Mon May 28 03:31:20 2018 +0200 debian: add directory based on Steven Pusser's palemoon_27.9.2~repack-1 version. --- debian/README.7z-source | 12 + debian/changelog | 1222 +++++++++++++++++++++++++++++++++++++ debian/compat | 1 + debian/control | 46 ++ debian/copyright | 571 +++++++++++++++++ debian/install | 1 + debian/mozconfig | 19 + debian/palemoon.links | 6 + debian/palemoon.lintian-overrides | 3 + debian/palemoon.postinst | 11 + debian/palemoon.prerm | 8 + debian/rules | 46 ++ debian/source/format | 1 + debian/source/include-binaries | 10 + 14 files changed, 1957 insertions(+) diff --git a/debian/README.7z-source b/debian/README.7z-source new file mode 100644 index 0000000..c916e90 --- /dev/null +++ b/debian/README.7z-source @@ -0,0 +1,12 @@ +If you obtain the source in a 7z archive, it does not support Linux permissions. +In order to compile it, and create a source tarball, extract the archive, run + +chmod -R 777 <extracted-source-directory> + +and then recompress the source into an approved Debian tarball format. + +Make sure to add a "~repack" to the versioning and the orig tarball to label it +as repacked. + +Currently the tar.gz tarballs from the github releases don't require this, but +a tar.xz repack will save considerable bandwidth. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..cff607f --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1222 @@ +palemoon (27.9.2~repack-1) obs; urgency=medium + + * New upstream security and stability update: + + - Changes/fixes: + - We changed the language strings for softblocked items so people will cry + less when we do our job. + - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. + - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly + rendering some Unicode characters, allowing for the file name to be + spoofed. This could be used to obscure the file extension of potentially + executable files from user view in the panel. + - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a + buffer overflow and crash if it occurs. + - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia + library resulting in possible out-of-bounds writes. + - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating + attributes during SVG animations with clip paths. + - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string + conversion within JavaScript with extremely large amounts of data. This + vulnerability requires the use of a malicious or vulnerable extension in + order to occur. + - Fixed several stability issues (crashes) and memory safety hazards. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 21 May 2018 11:43:14 -0700 + +palemoon (27.9.1~repack-1) obs; urgency=medium + + * New upstream maintenance update: + - Removed the unused/incomplete places protocol handler. + - Worked around an issue with MSE media without a Track ID. This should help + with the playability of some live streams. + - Ported across jemalloc improvements from UXP. + - Ported across cairo mutex improvements from UXP. + - Added support for FFmpeg 4.0/libavcodec 58. + - Added a fix for Windows 10's "isAlpha()" not being what one would expect + in v1803. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 07 May 2018 15:07:33 -0700 + +palemoon (27.9.0~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Fixed a number of spec compliance issues in our media subsystem. + - Added a trailing slash to referrers when policy is set to fix some web + compatibility issues. + - Fixed the property order in Object.getOwnPropertyNames(string) and others + for web compatibility. + - Updated RegExp(RegExp object, flags) to the ES6 standard specification. + - Changed the embedded font from the no longer free EmojiOne to the + open-licensed Twemoji (with additional fixes). This also further extends + unicode support to Unicode 10 emoji(s). Please note that as a result, color + emoji(s) will look different than before. + - Adjusted some things in our memory allocator code to provide, among other + things, better allocation alignment on Windows. + - Made the attempt to migrate people from the old sync server domain name to + the current one more aggressive. We will be retiring the old + pmsync.palemoon.net Sync server address shortly to remove the need for us + to maintain a security certificate for it; this preference migration should + automatically put everyone on the correct server address when upgrading. + - Made reading of the sessionstore synchronous, to speed up startup and + prevent the homepage from being loaded when restoring a session. + - Added a fix to switch to the correct window/tab when a web notification + is clicked. + - Changed the placeholder text to not include "Search" when all search + functions from the address bar are disabled. + - Enabled the use of Skia for canvas on Linux and OSX. + - Worked around a potential cause for some non-standard bitmapped fonts + ending up with incorrect line heights (I'm looking at you, Noto fonts!). + - Added a workaround for incorrectly-encoded JPEG-XR images with planar + alpha. Ultimately, the jxrlib reference implementation should be fixed to + encode according to spec. + - Aligned XCTO:nosniff allowed script MIME types with the updated spec. + - Improved the logic for storing vector images in the surface cache. + - Fixed character set handling for XMLHttpRequests. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 17 Apr 2018 10:14:19 -0700 + +palemoon (27.8.3~repack-1) obs; urgency=medium + + * New upstream bugfix update: + - This is a small update to solve a pervasive crash in responsive web + layouts. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 29 Mar 2018 12:48:14 -0700 + +palemoon (27.8.2~repack-1) obs; urgency=medium + + * New upstream security update: + - Privacy fix: prevented update checks for the default theme. + - Added a user-agent override for Dropbox to improve compatibility with + their service. + - Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD + - Disabled the Mac OSX Nano allocator. DiD + - Fixed (CVE-2018-5129) OOB Write. + - Updated the lz4 library to 1.8.0 to solve potential issues. DiD + - Fixed (CVE-2018-5137) Path traversal on chrome:// URLs + - Fixed several memory safety an synchronicity hazards. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 22 Mar 2018 10:31:24 -0700 + +palemoon (27.8.1~repack-1) obs; urgency=medium + + * New upstream release: + - Backed out the NSPR/NSS update from 27.8.0 for causing crashes, general + operational instability and handshake issues. + - Disabled TLS 1.3 draft support by default, because with the NSS backout we + only support an older draft right now that is no longer current and may + cause connectivity issues. You can manually re-enable it at your own risk + in about:config by setting security.tls.version.max to 4. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 06 Mar 2018 12:04:10 -0800 + +palemoon (27.8.0~repack-1) obs; urgency=medium + + * New upstream release: + - Added support for emojis on Windows systems that have relatively poor + support for them with standard font sets by including our own font + (EmojiOne based for now). + - Added a setting in preferences to select the use of tab previews with + Ctrl+Tab. + - Added Eyedropper menu entry to the AppMenu. + - Added a preference to control whether the text cursor (caret) should be + thicker when dealing with CJK characters or not (default = yes). + - Added URL fix-ups for schemes (mis-typed "ttp://" etc.). + - Added support for ES6 "Symbol species". + - Updated our TLS 1.3 support to the latest (probably final) draft. + - Fixed gap inconsistency in the tabstrip. + - Fixed a number of browser crashes. + - Fixed a crash with the exponentiation operator "**" + - Set the performance timer granularity to 1 ms. + - Updated the kiss-fft library to our forked 1.4.0 version. + - Disabled a potentially problematic optimization on Win 8+ with high + contrast themes in use. + - Removed the notification bar when in full screen to prevent unwanted + visible screen elements. + - Removed unmaintained and insecure WebRTC code - building with WebRTC + enabled is no longer an option. + - Removed redundant checks for "Vista or later" since that is all we support. + - Added display of the http status to raw request displays. + - Added a workaround for cloned videos not retaining their muted state. + - Added a temporary workaround to avoid crashes on trackless media. + - Removed some superfluous ellipses from menu labels. + - Fixed undesired shrinking of line heights as a result of setting minimum + font size in preferences. + - Fixed some issues with setting the new tab preference (regression). + + * Add support for building on Debian Buster on gcc-4.9. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 02 Mar 2018 17:38:20 -0800 + +palemoon (27.7.2~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Changed the X-Content-Type-Options: nosniff behavior to only check + "success" class server responses, for web compatibility reasons. + - Changed the perfomance timer resolution once more to a granularity of + 1 ms, after evaluating more potential ways of abusing Spectre. This + takes the most cautious approach possible lacking more information + (because apparently NDAs have been signed over this between mainstream + players), follows Safari's lead, and should make it not just infeasible + but downright impossible to use these timers for nefarious purposes in + this context. + - Improved the debug-only startup cache wrapper to prevent a rare crash. + - Fixed a crash in the XML parser. + - Added a check for integer overflow in AesTask::DoCrypto() + (CVE-2018-5122) DiD + - Fixed a potential race condition in the browser cache. + - Fixed a crash in HTML media elements (CVE-2018-5102) + - Fixed a crash in XHR using workers. + - Fixed a crash with some uncommon FTP operations. + - Fixed a potential race condition in the JAR library. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 01 Feb 2018 13:48:26 -0800 + +palemoon (27.7.1~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Added support for Array.prototype[@@unscopables]. + Unfortunately, the addition of Javascript's ES6 Unscopables in 27.7.0 was + incomplete, which caused a number of websites (e.g. Chase on-line banking, + some Russian government sites) to display blank or not complete loading + after updating to that version of the browser. This update should fix the + problem by adding the missing part of the feature. + - Fixed an issue with the default theme causing tab borders to be drawn too + thick at higher settings for visual element scaling (125/150%) in Windows. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 18 Jan 2018 10:03:02 -0800 + +palemoon (27.7.0~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Reorganized access to preferences (moved to the Tools menu on Linux, and + renamed from "Options" to "Preferences" on Windows). + - Renamed "Restart with add-ons disabled" to "Restart in Safe Mode" to + better reflect what it does. + - Worked around an issue with some improperly-encoded PNG files not decoding + after our libpng update. + - Fixed an issue on Mac builds not properly populating the application menu. + - Added "My home page" as an option for new tabs. + - Added an option to disable the 4th and 5th mouse buttons (Windows). + - (mouse.button4.enabled and mouse.button5.enabled, respectively) + - Improved the resetting of non-default profiles. + - Fixed an issue with details/summary having the incorrect height if floated, + breaking layouts. + - Implemented support for flex/columnset contents inside buttons to align + its behavior with other browsers. + - (this should fix layout issues with Twitch's new web interface) + - Made several more improvements to the details/summary tags to align them + with the current spec and fix several bugs. + - Fixed an issue where CSS clone operations would draw a border. + - Changed the way fractional border widths are rounded to provide more + natural behavior. + - Fixed an issue where number inputs would incorrectly be flagged as + read-only. + - Added assets for tile display in the Windows start panel. + - Finished sync infra swapover by adding a one-time pref migration for + server used. + - Improved WebAudio API: Return the connected audio node from + AudioNode.connect() + - Added support for a default playback start position in media elements. + - Fixed an assert in cubeb-alsa code (Linux). + - Added support for media cue-change events (e.g. subtitles). + - Updated SQLite to 3.21.0. + - Fixed a crash when trying to use the platform embedded. + - Fixed devtools (gcli) screenshots on vertical-text pages. + - Fixed devtools copy as cURL for POST requests. + - Improved the HTML editor component (several bugfixes). + - Added support for ES7's exponentiation a ** b operator. + - Fixed an issue with arrow functions incorrectly creating an arguments + binding. + - Added Javascript's ES6 unscopables. + Security/privacy fixes: + - Disabled automatic filling in of log-in details by default to prevent + potential risks of credentials being abused (e.g. for tracking) or stolen. + - Added a preference (in the category security) to easily enable or disable + automatic filling in of log-in data. + - Removed the sending of referrers when opening a link in a new + private window. + - Added an option to disable the page visibility Web API + (dom.visibilityAPI.enabled), allowing users to prevent pages from knowing + whether they are being actively displayed to the user or not. + - Removed the "ask every time" policy for cookies. For granular control, + please use any of the excellent available extensions to regulate cookie use + on a per-site or per-url basis. + - Added support for X-Content-Type-Options: nosniff (for scripts). + - Changed the resolution of performance timers to a level where any future + potential abuse for hardware-timing attacks becomes impractical. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 16 Jan 2018 12:02:55 -0800 + +palemoon (27.6.2~repack-1) obs; urgency=medium + + * Minor security and bugfix release: + - Implemented the concept of so-called "cookie-averse document objects", + which is a security&privacy measure that blocks certain web content from + setting cookies. This mitigates cookie-injection, which might help against + "hidden" cookie tracking. + - Mitigated some domain name spoofing through IDN by using dotless-i and + dotless-j with accents. (CVE-2017-7832) + - Pale Moon will display these kinds of spoofed domains in punycode now in + the actual address bar. Please note that the identity panel will always be + able to help you on secure sites when IDNs are in use to notice potential + spoofing, as opposed to relying on detection algorithms in the URL itself. + As such, some other issues like CVE-2017-7833 are already mitigated by us. + - Fixed an issue with mixed-content blocking. (CVE-2017-7835) + - Added an extra check for the correct signature data type on certificates. + - Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840) + - Fixed several crashes and memory safety hazards. + * Bump debhelper build-depend to >= 9. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 29 Nov 2017 12:31:22 -0800 + +palemoon (27.6.1~repack-1mx15+1) mx; urgency=medium + + * Minor bugfix release: + - Fixed a regression with new windows (opening two windows from the + command-line or file association, focus issues on new windows, not + loading the home page in a new window, etc.) + - Aligned XHR with the currect spec to allow withCredentials. + - Fixed an input element focus issue within handlers. + - Fixed the processing of all-padding HTTP/2 frames to prevent rare + HTTP/2 hangups. + - Updated CitiBank override to work around their login issues. + - Updated Netflix override to a community-supplied one that seems to + satisfy their arbitrary restrictions better. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 20 Nov 2017 15:52:34 -0800 + +palemoon (27.6.0~repack-1) obs; urgency=medium + + * Major development update; changes can be viewed at + https://github.com/MoonchildProductions/Pale-Moon/releases. + * debian/mozconfig: add vectorization flags for distreleases that support it. + Those that don't get the mozconfig without the flags. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 08 Nov 2017 11:10:24 -0800 + +palemoon (27.5.1~repack-1) obs; urgency=medium + + * Minor bugfix release: + - Changed the default Windows 10 styling when no accent color is applied to + black-on-white. + - Changed the theme styling on Windows 10 when the system window frame is + used (menu bar enabled) to use the window manager background directly, + preventing visual lag updating the window color when it changes. + - Updated user agent overrides for DropBox, YouTube and Yahoo to work around + user agent sniffing issues. + - Fixed a crash in the media subsystem. + - Fixed a regression where video playback hardware acceleration was disabled + incorrectly on some systems. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 13 Oct 2017 15:15:01 -0700 + +palemoon (27.5.0~repack-1mx15+1) mx; urgency=medium + + * New upstream major release, changes can be viewed at + https://github.com/MoonchildProductions/Pale-Moon/releases. + * Disable updater and installer in mozconfig. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 26 Sep 2017 18:32:35 -0700 + +palemoon (27.4.2~repack-1) obs; urgency=medium + + * New upstream bugfix release: + - Fixed a number of crashes. + - Enabled the opt-in debugging feature to log SSL keys to a file in all + builds. + - Added a fix for TLS 1.3 handshakes causing a browser hangup. + - Handshakes should be considerably faster now and no longer stall in the + wrong circumstances. + - Updated NSPR to 4.15. + - Updated NSS to 3.31.1. + - Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783) + - Fixed an issue where (cross domain) iframes could break + scope (CVE-2017-7787) + - Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804) + - Fixed an issue with elliptic curve addition in mixed Jacobian-affine + coordinates (CVE-2017-7781) + - Fixed a UAF in nsImageLoadingContent (CVE-2017-7784) + - Fixed a UAF in WebSockets (CVE-2017-7800) + - Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD + (accessibility is disabled) + + -- Steven Pusser <stevep@mxlinux.org> Wed, 23 Aug 2017 15:50:07 -0700 + +palemoon (27.4.1~repack-1mx15+1) mx; urgency=medium + + * New upstream bugfix release: + - Fixed an issue where MSE media playback would not use hardware + acceleration when it could, causing choppy playback and high CPU usage. + - Fixed ES6 iterator chains to be spec-compliant. + - Fixed ES6 vector append calls and some related memory leaks. + - Added a workaround to reduce the chances of a rare crash occurring. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 04 Aug 2017 18:22:19 -0700 + +palemoon (27.4.0~repack-2) obs; urgency=medium + + * debian/mozconfig: drop deprecated "--disable-gstreamer" option. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 12 Jul 2017 13:25:27 -0700 + +palemoon (27.4.0~repack-1) obs; urgency=medium + + * New upstream release--the github 27.4.0 was not a real release: + Changes/fixes: + - Completely re-worked the Media Source Extensions code to make it spec + compliant, and asynchronous as per specification for MSE with MP4. This + should fix playback problems on YouTube, Twitch, Vimeo and other sites + that previously had some issues. A massive thank you to Travis for his + tireless work on making this happen! + Please note that MSE+WebM (disabled by default) is not using this new code + yet (planned for the next release), and as such there is a temporary set + of things to keep in mind if you don't use default settings: + If you have previously enabled MSE+WebM, this setting will be reset when + you update to avoid conflicting settings with the updated MSE code. + We've added an extra setting in Options to disable the updated MSE code + (asynchronous use) in case you need to use WebM or are otherwise having + issues with the updated code (please let us know in that case). + Once again, the MSE+WebM and Asynchronous MSE use are currently mutually + exclusive. You can have one or the other, not both, until we sort out + the code for WebM. To enable MSE+WebM you will first have to disable + Asynchronouse MSE in settings (otherwise the WebM setting will be greyed + out and disabled). + - Added a control in options/preferences for HSTS and HPKP usage. + - Changed HTML bookmark exports to write CRLF line endings to the file on + Windows. + - Leveraged multi-core rendering for libVPX (VP8/VP9 WebM decoding). + - Fixed some issues accessing DeviantArt (useragent-sniffing). + - Aligned CSS text-align with the spec. + - Added a recovery module for browser initialization issues (e.g. when using + a wrong language pack). + - Fixed spurious console errors for XHR requests with certain http response + codes. + - Enabled v-sync aligned refresh for a smoother scrolling experience. + - Removed support for CSS XP-theme media queries. + - Improved console error reporting. + - Fixed resetting toolbars and controls from the safe mode dialog. + - Fixed bookmark recovery option from the safe mode dialog. + - Fixed innerText getters for display:none elements. + - Fixed a GL buffer crash that might occur with certain combinations of + drivers and hardware. + - Added some more details to about:support. + - Fixed a potential crash when the last audio device is removed during + playback. + - Fixed a crash on about:support when windowless browsers are created. + - Updated <select> elements to blank if the actively set value doesn't match + any of the options. + - Updated the interpretation of 2-digit years in date formats to match other + browsers: + - 0-49 = 2000-2049, 50-99 = 1950-1999. + - Added "q" units to CSS (quarter of a millimeter). + - Added .origin property to blobs. + - Fixed several minor layout issues. + - Fixed disabled HTML elements not producing the proper JS events. + - Implemented web content handler blacklist according to the spec, allowing + more than feeds to be registered. + - Fixed a spec compliance issue with execCommand() on HTML elements. + - Fixed a problem with table borders being drawn uneven or being omitted + when zooming the page. + - Added devtools "filter URLs" option in the network panel. + - Added visual sorting options to the Network inspector. + - Added importing of login data from Chrome profiles on Windows (Chrome + has to be closed first). + - Added importing of tags from bookmark export files (HTML format). + - Updated usage of SourceMap headers with the updated spec (SourceMap + header, keeping X-SourceMap as a fallback). + - Fixed several cases of wrongly-used negations in JS modules. + - Added the auxclick mouse event. + - Added a control to not autoplay video unless it is in view + (media.block-play-until-visible). + - Updated the Graphite font library to 1.3.10. + - Updated how image and media elements respond to window size changes + (responsive design). + - Added parsing and use of rotation meta data in video. + - Fixed several crashes in a number of modules. + - Fixed performance regression for scaling large vector images (e.g. MSIE + Chalkboard test) \o/ + - Fixed some issues with notification icons. + - Fixed some internal errors with live bookmarks. + - Updated SQLite to 3.19.3. + - Fixed several reported issues with devtools (cli-cookies, cli help, + copying cURL, inspecting SVGs, element size calculations, etc.) + - Fixed an issue where a server response was allowed to override add-ons' + specified version ranges even for add-ons that have strict compatibility + (e.g. themes, language packs). + + Security fixes: + + - Removed preloading of HPKP hosts and enabled HPKP header enforcement. + - Added support for TLS 1.3, the up-next secure connection protocol. + - Fixed an issue with TLS 1.3 not supporting renegotiation by design. + - Relaxed some restrictions for CSP to temporarily work around web + compatibility issues with the CSP-3 deprecated `child-src` directive. + - Updated NSS to 3.28.5.1-PM to address some security issues. + - Updated the installer selfextractor module to address unsafe loading of + libraries. + - Changed the way certain resources are included to reduce effectiveness of + some common fingerprinting techniques. (e.g. browserleaks.org) + - Fixed a regression in the display of security information in the page info + dialog for insecure content. + - Fixed two potential issues with allocating memory for video. DiD + - Fixed a potential issue with the network prediction algorithm. DiD + - Restricted the use of Aspirational scripts in IDNs to prevent domain + spoofing, in anticipation of the UAX#31 update making this official. + - Prevented a Mac font specific issue that could be abused for domain + spoofing (CVE-2017-7763) + - Fixed several potentially exploitable crashes. (CVE-2017-7751) + (CVE-2017-7757) and some that do not have a CVE designation. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 12 Jul 2017 10:54:26 -0700 + +palemoon (27.3.0~repack-1) obs; urgency=medium + + * New upstream release. + + -- Steven Pusser <stevep@mxlinux.org> Sat, 29 Apr 2017 19:50:41 -0700 + +palemoon (27.2.1~repack-1) obs; urgency=medium + + * New upstream release: + + - Changes/Fixes: + - Fixed an issue with planar alpha handling (transparency) when drawing + JXR images. + - Fixed a crash related to a change JavaScript array handling introduced + in 27.2.0. This became apparent with the pentadactyl extension, but + could happen in other situations as well. + - Fixed a crash when opening ridiculously large images with HQ scaling + enabled (default). Pale Moon will now only apply HQ scaling for images + within reasonable limits (64 Mpix or smaller). Images larger than that + may not display properly when zooming in, or may not display at all, + even scaled down (e.g. >256 Mpix large) and show a "broken image" + placeholder instead; please use dedicated image viewer applications for + those kinds of images; it is outside the scope of a web browser to + handle such large images. + - Changed the way URL hashes are handled, and will no longer %-decode + anchor hash identifiers by default. Note that this is against RFC 3986, + which states that any part of the URL scheme that isn't data should be + decoded. This is required for web compatibility because several sites + use hash links to pass actual data to web applications (Please don't do + this! Hashes are part of the URL address, should only consist of "safe" + characters, and aren't suited to pass arbitrary data) and the most + common browsers no longer follow the RFC in that respect. If you want + RFC compliance, switch dom.url.getters_decode_hash to true. + - Restored 2 RSA Camellia cipher suites that were missing: + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA. + - Fixed an issue with custom toolbars getting deleted during upgrade + from 27.0/27.1 to 27.2 + + -- Steven Pusser <stevep@mxlinux.org> Wed, 29 Mar 2017 12:27:06 -0700 + +palemoon (27.2.0~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + + - Changes/Fixes: + - Updated the ICU lib to 58.2 to fix a number of issues. + - Added proper control for the user for offline storage for web + applications. + - Added a check to prevent auto-filled URLs from copying the auto-filled + selection to clipboard/primary. + - Added the feature to pass a URL to open in a private window from the + command-line. + - Improved the display of the downloads indicator on the button in + bright-text situations. + - DOM storage now honors the "3rd party cookie" setting in that it will + not allow 3rd party data to be stored if 3rd party cookies are + disallowed. + - Allowed toolbar button badges to be properly styled. + - Updated the hunspell spellchecking library to 1.6.0 to fix a number + of issues. + - Fixed desktop notifications being off-screen if fired in rapid + succession. + - Added Element.insertAdjacentElement and Element.insertAdjacentText + DOM functions. + - Added support for JPEG-XR images. This makes Pale Moon have the broadest + support for image formats of all web browsers. (enabled by default; you + can disable this with media.jxr.enabled). + - Completely removed the use of GStreamer on Linux. + - Added support for Element.innerText. + - Custom toolbars should now properly remember their state. + - Fixed some more playback issues with MP4/MSE videos. Please be aware + that we are still working on further improving MSE video handling. + - Changed media processing to reduce dangerous processing asynchronicity. + This should also make media elements and playback more responsive. + - Fixed a useragent string regression always displaying the minor Goanna + version as .0 + - Updated NSPR to 4.13.1. + - Updated NSS to 3.28.3-RTM. + - Fixed unrestricted icon sizes in PMkit buttons. + - Fixed unresponsive buttons on support page when not building + the updater. + - Fixed the use of "View image" and "Save image as" on extremely + large images. + - Changed the way "View Image" and "Save image as" work on canvas + elements. + - Made checking for dangerously large resolution PNG images smarter. It + will now accept larger "strip"-aspect ratio images while reducing + unsupported large image resolutions. This will e.g. fix Gmail's "emoji" + window that uses a ridiculously long but very narrow single image to + store all the emoticon pictures. + - Converted several hard-coded URLs to preferences. + - Updated the google.com override so it would not cripple services based + on UA sniffing. + - Added Inner and Outer Window ID administration. + - Fixed the add-on discovery pane detection. + - Added support for canvas ellipse. + - Improved drawing of certain MathML elements at problematic zoom levels. + - No longer building gamepad support. + - Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues. + - Fixed a number of crashes (layout, plugins, uncommon navigation, + bad URLs). + - Aligned SVG specular filters with the spec. + + - Security/privacy changes: + - Added support for 256-bit AES-GCM encryption. + - Added support for ChaCha20-Poly1305 encryption. + - Removed support for Camellia-GCM since nobody seems interested in it. + (Camellia in 128/256-bit CBC block mode is still fully supported). + - Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils. + - Improved status handling of secure sites to be less sensitive to + "insecure" items that are local. + - Fixed print preview hijacking. (CVE-2017-5421) + - Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416) + - Fixed potential cross-origin content-stealing through a timing + attack. (CVE-2017-5407) + - Fixed a denial-of-service problem with view-source. (CVE-2017-5422) + - Fixed crash in directional controls. (CVE-2017-5413) + - Fixed a perceived problem with chrome manifests. (CVE-2017-5427) + - Fixed the use of an uninitialized value. (CVE-2017-5405) + - Fixed a buffer overflow. (CVE-2017-5412) + - Fixed a UAF situation. (CVE-2017-5403) + - Fixed a potential spoofing issue with the address bar. (CVE-2017-5417) + - Fixed a potential issue in libvpx. (CVE-2017-5402) DiD + - Fixed a potential issue with HTTP auth. (CVE-2017-5418) + - Fixed several memory safety hazards and potentially exploitable crashes. + + -- Steven Pusser <stevep@mxlinux.org> Sun, 19 Mar 2017 12:49:24 -0700 + +palemoon (27.1.2~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + -adds workaround for potential deadlocks happening in media elements. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 03 Mar 2017 13:45:54 -0800 + +palemoon (27.1.1~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + - Implemented a fix in media handling to prevent crashes with concurrent + videos and/or rapidly starting/stopping video playback in the browser. + - Fixed the way the Adobe Flash plugin is detected to prevent confusion with + other plugins that identify themselves as "Flash" (e.g. VLC). + - Windows: Solved stability issues caused by the release build process, + resulting in unexpected behavior (e.g. hangups). + + -- Steven Pusser <stevep@mxlinux.org> Wed, 22 Feb 2017 13:52:07 -0800 + +palemoon (27.1.0~repack-1) obs; urgency=medium + + * New major upstream release: + - Reworked the media back-end completely (thanks Travis!) to use FFmpeg + (including support for FFmpeg v3 and MP3 playback) and our own MP4 parser, + and no longer relying on gstreamer on Linux, as well as adding some + improvements on Windows for media parsing and playing. + - On Linux, Apple .mov files of the correct type will also be played through + FFmpeg now, for those rare occasions where they are still in use, + considering there is no Quicktime plug-in available on that operating + system. + - Restored the classic about:config styling. + - Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails. + - Improved cross-compartment wrapper handling when managing a large number + of tabs (fixes a performance regression with v27). + - Changed the way audio and video synchronization is calculated to account + for (slow) device latency, preventing things from getting out of sync on, + e.g. BlueTooth-connected speakers. + - Changed the way scripts are handled when they are stopped from the + "unresponsive script" dialog, to prevent browser lockup. We will now stop + all scripts in the affected compartment in one go. + - Fixed several errors in the devtools. + - Fixed a nasty crash caused by cross-origin referrers. + - Added HTML5-spec clipboard handling for content (cut© only -- paste + is not allowed for security reasons). + - Made multiple changes to the toolkit jetpack modules to cater to PMkit + extensions. This should make running SDK-based extensions as PMkit + extensions fairly simple for extension developers. + - Fixed a css layout issue: make max-width affect contributions to intrinsic + min-width. + - Implemented several updates to the permissions manager. Among others, + improved the permissions manager (about:permissions) with a more complete + set of permissions for pages. + - Removed otherwise unused Metro browser platform/widget code. + - Removed support for non-standard/deprecated let blocks and expressions. + - Made the use of let as a keyword versionless and ES6 compliant. + - Made the privacy category in preferences a tabbed setup to better fit the + current options. + - Fixed a regression preventing certain MP4 video files from playing. + - Fixed a regression where seeking in media files would halt playback/jump + to the end of the stream. + - Fixed a crash caused by certain downloadable fonts with DirectWrite + in use. + -Improved downloads-button indicator legibility on some combinations of + Windows versions and system theme colors. + - Changed the Facebook user-agent override to be our native one, based on + reports from users that it is (finally) working acceptably. + - Fixed site-specific useragents being ignored if a global override is + defined. + + Security/privacy changes: + + - Changed CORS handling to allow data: sources, assuming they are + same-origin. This should fix the infamous "Facebook endless reload" issue + and may make some other sites that assume this particular (unspecified) + CORS behavior happy with Pale Moon. + - Reinstated the network.stricttransportsecurity.enabled preference so + people who choose privacy over HSTS can do so again. + - Added, In HSTS "off" state, prevention of HSTS site status from being + written to disk. + - Updated the IDN blacklist with more extended unicode characters that + "look very similar to" normal ASCII characters, to prevent spoofing of + well-known domains. If blacklisted characters are found, the IDN domain + name will be displayed in its punycode form. (CVE-2017-5383 and similar) + - Fixed an exploitable crash when using MP4 video. (CVE-2017-5396) + - Fixed an exploitable crash in XSL parsing. (CVE-2017-5376) + - Fixed a potential security issue when exporting certificates with + specially-crafted credentials. (CVE-2017-5381) + - Fixed a potential use-after-free situation in frame selection. + (CVE-2017-5380) DiD + - Fixed a leak of window details through the Ion compiler in certain + situations. + - Fixed the potential for an exploitable crash involving Javascript GC. DiD + - Fixed a potential overflow situation in (non-released) WebRTC code. DiD + - Fixed a potentially unsafe situation in websockets. DiD + - Fixed several memory and other safety hazards (BMO bugs 1318766, 1325877, + 1328834 DiD, 1288561 DiD, 1322420 DiD, 1293327 DiD, 1322315, 1325344, + 1285960). + * debian/mozconfig: + - add "ac_add_options --disable-necko-wifi" and "--disable-gstreamer".. + - drop "ac_add_options --enable-jemalloc-lib". + * debian/control: + - remove all gstreamer dependencies and build-deps. + - ffmepg | libav-tools added to Depends. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 09 Feb 2017 13:53:41 -0800 + +palemoon (27.0.3~repack-3) stable; urgency=medium + + * debian rules and control: add some code and alternative depends to force + building on gcc-4.9 on releases that default to gcc 5 or 6. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 25 Jan 2017 10:19:25 -0800 + +palemoon (27.0.3~repack-2) stable; urgency=medium + + * debian/mozconfig: reenable the dev tools. + * debian/rules: don't install duplicate /usr/lib/palemoon/palemoon-bin file. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 29 Dec 2016 12:05:29 -0800 + +palemoon (27.0.3~repack-1) stable; urgency=medium + + * New upstream bugfix and security release. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 19 Dec 2016 20:05:49 -0800 + +palemoon (27.0.2~repack-1mx15+1) mx; urgency=medium + + * New upstream bugfix release. + -fixed crash in SVG renderer related to CVE-2016-9079 (defense in depth) + -Firefox compatibility mode is default in useragent string. + * Drop debian/menu, deprecated with the use of desktop file. + * Drop use of debian/palemoon.xpm, link takes care of that in pixmaps. + * Install much better palemoon.desktop from source instead of from debian + folder. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 02 Dec 2016 17:39:30 -0800 + +palemoon (27.0.1~repack-3mx15+1) mx; urgency=medium + + * Revise debian/mozconfig to remove deprecated configs and add sse2 + optimization. + * debian/rules: add override to help shlibdeps find libs on some releases. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 30 Nov 2016 16:42:03 -0800 + +palemoon (27.0.1~repack-2mx15+1) mx; urgency=medium + + * debian/mozconfig: drop the "1.0" from the gstreamer flag. + * debian/install: don't install anything from /integration; part of default + install now. + * debian/compat: bump compat level to 9. + + -- Steven Pusser <stevep@mxlinux.org> Sun, 27 Nov 2016 13:50:54 -0800 + +palemoon (27.0.1~repack-1) mx; urgency=medium + + * New upstream release. + + -- Steven Pusser <stevep@mxlinux.org> Sat, 26 Nov 2016 10:09:18 -0800 + +palemoon (26.5.0~repack-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Elstad (v3g4n) <maintainer@mepiscommunity.org> Thu, 29 Sep 2016 18:22:24 -0500 + +palemoon (26.5.0~repack-1) obs; urgency=medium + + * New upstream release: + Fixes/Changes: + - Implemented a breaking CSP (content security policy) spec change; when a + page with CSP is loaded over http, Pale Moon now interprets CSP directives + to also include https versions of the hosts listed in CSP if a scheme + (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is + more restrictive and doesn't allow this cross-protocol access, but is in + line with CSP 2 where this is allowed. + - Fixed an issue with the XML parser where it would sometimes end up in an + unknown state and throw an error (e.g. when specific networking errors + would occur). + - Improved the performance of canvas poisoning by explicitly + parallelizing it. + + Security fixes: + - Fixed a potentially exploitable crash related to text writing direction. + (CVE-2016-5280) + - Made checking for invalid PNG files more strict. Pale Moon will now reject + more PNG files that have corrupted/invalid data that could otherwise lead + to potential security issues. + - Changed the way paletted image frames are allocated so the space is + cleared before it's used. DiD + - Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo. DiD + - Fixed several memory safety errors. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 28 Sep 2016 11:44:18 -0700 + +palemoon (26.4.1~repack-1) obs; urgency=medium + + * New upstream release: + Changes/fixes: + - Fixed a crash in the XSS filter. + - Slightly changed the address bar shading on secure sites to be more subtle + and easily-blended. + - Fixed the occurrence of "null" titles in bookmarks dragged from special + folders. + - Fixed an error initializing the browser due to trying to restore + scratchpad data from a stored session when having switched from a version + with devtools to a version without devtools, and the previous version had + scratchpad data saved. + - Fixed some minor issues in scratchpad and gcli devtools. + + Security fixes: + - Updated the HSTS preload list to a much more updated source list, and + performing our own checks on validity from now on to have the list be as + accurate as possible. + - Disabled Triple-DES cipher suites by default (mitigating SWEET32). + + * Add a "~repack" to the versioning because we have to repack the source. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 23 Sep 2016 17:07:58 -0700 + +palemoon (26.4.0-1mx150+1) mx; urgency=medium + + * New upstream release: + - Removed Google Search as a bundled search provider. If desired, you can + manually install it (or other search engines) after the update by following + the steps in the Manage Search Engines topic. + - Fixed the URL API to allow "stringification" of the object per + specification. This should make a number of websites happy. + - Added the ES6 string .includes() function in addition to the pre-existing + .contains() function for checking if a string contains another string. + The .contains() function is retained for compatibility with web and + extension scripts that adhere to the ES6 pre-release specification up to + and including RC3. + - Fixed the calculation of standalone SVG embeds width and height, which + should solve some reported issues with html5 graphs being displayed + incorrectly. + - Linux: improved memory allocation. + - Updated the graphite font library to 1.3.9. + - Added a blocking rule for F-Secure's 64-bit deepguard library to prevent + crashes. + - Updated the SQLite library to 3.13.0. + - Download= properties of links are now honored from the context menu + "Save" option. + - Fixed a crash in the XSS filter. + - Fixed a crash in the DOM error module. + - Worked around a crash on Linux + - Linux: Improved optimization and GCC6 compatibility (Note: compiling with + GCC 6 is still not recommended and it may or may not work, depending on + your environment) + + Security fixes: + - (CVE-2016-5251)Potential URL spoofing in the address bar. + - (CVE-2016-0718) Context-dependent crash in expat 2.1.0. + - (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered. + - Fixed potentially exploitable crash in the array splice implementation. + - Fixed potentially exploitable crash caused by badly formatted ICO files. + - (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 19 Aug 2016 13:08:56 -0700 + +palemoon (26.3.3-1mx150+1) mx; urgency=medium + + * New upstream release: + - Fixed an additional issue found that could cause menu text on Windows 10 + to be white-on-white (and therefore unreadable). + - Fixed an issue with news feeds not showing up when embedded in web pages. + - Removed recently-added parsing of the child-src content security policy + directive, after some web compatibility issues with it came to light, as + well as it becoming clear that the CSP spec will see it removed in favor + of the previous directive for embedded content. This should fix some + intermittent issues people have reported on e.g. the main google.com page + and phpMyAdmin installations. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 01 Jul 2016 12:50:32 -0700 + +palemoon (26.3.2-1mx150+1) mx; urgency=medium + + * New upstream release: + - 26.3.2 (2016-06-27) - Windows only + This release only has pertinent changes for Windows. Other operating + systems do not need this update. + Changes/fixes: + + -Fixed a rare issue where the browser would not initialize properly + (missing bookmarks and menu entries) if certain Windows registry values + were missing (Windows 8 only). + -Fixed an issue on Windows 10 where the classic menu bar would become + unreadable (white on white). + -Portable only: Switched to non-compressed binaries to prevent issues with + antivirus packages, to prevent issues with browser run-time operation, and + to simplify code signing. + + - 26.3.1 (2016-06-25) + Changes/fixes: + + -Fixed an issue with new tab button theming on dark toolbars. + -Reverted the useragent identification of Firefox compatibility mode to + 38.9 to avoid WOFF2 font issues for sites that don't use proper font + deployment as recommended by the W3C. + -Added a site-specific override for Google fonts to make sure it always + works even if not using Firefox compatibility mode. (workaround pending + for a proper solution on Google's side) + -Adjusted the "dark color" detection routine to switch text to white at + higher relative contrast levels. This will more closely match Windows 10's + "flip point" for different accent colors and is within the recommended + range determined by the WCAG. + + - 26.3.0 (2016-06-21) + Changes/fixes: + + -Added detection for dark system themes on Windows 10 and re-worked Windows + 10 specific theming to better integrate into the OS and provide more + clarity. + -HTML5 media controls have been reworked to a horizontal volume control on + all media, including HTML5 audio that was previously without an + element-control for volume. + -Default HTML5 media volume preference added as media.default_volume -- + fractional, default 1.0 (=100%). + -String.prototype.match() and .replace() are now fully spec compliant. + -NSPR and NSS now correctly no longer enforce IA32 architecture + compatibility, getting the advantage of SSE2 like the rest of the code. + -Worked around crashes in the XSS filter when navigating back in history + due to document fragments. + -Instated a hard minimum of 10,000 places entries regardless of free disk + space and total memory to prevent undesired expiration of history. That is + around 16MB for an average entry size, which should be sane enough even on + low-memory machines. + -Fixed a typo in networking code introduced in 26.2.2 that would cause + issues on some sites due to adding extra forward slashes to the URL. + + - Security fixes: + + -Fixed a number of memory safety hazards and potentially exploitable + crashes. + -Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class + -Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL. + -Fixed a memory overrun error in the VP8 encoder. DiD + -Fixed non-threadsafe re-use of pixman images to prevent potential race + conditions. DiD + -Fixed CVE-2016-2825 Partial Same Origin Policy violation + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 27 Jun 2016 10:51:22 -0700 + +palemoon (26.2.2-1mx150+1) mx; urgency=medium + + * New upstream bugfix and security release: + + - CSS classes prefixed with "--" no longer stop parsing of the selectors. + - Several crash fixes. + - Made GC suppression more aggressive to prevent issues when actually out + of memory. + - Fixed a memory safety hazard in jpeg decoding. + - Fixed a potentially exploitable crash when using bi-directional text. + - Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things. + * Add Suggested packages gstreamer1.0-libav, gstreamer1.0-plugins-good, + gstreamer1.0-plugins-bad, gstreamer1.0-plugins-ugly to provide the most + comprehensive HTML 5 media playback. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Tue, 10 May 2016 18:26:54 -0700 + +palemoon (26.2.1-2) mx; urgency=medium + + * Switch to gstreamer 1.0 build-deps. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Sat, 09 Apr 2016 10:58:13 -0700 + +palemoon (26.2.1-1) mx; urgency=medium + + * New upstream release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 08 Apr 2016 20:50:19 -0700 + +palemoon (26.1.1-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Sat, 27 Feb 2016 19:41:04 -0800 + +palemoon (26.1.0-1mx150+1) mx; urgency=medium + + * New security, web compatibility, and bugfix release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 17 Feb 2016 10:18:12 -0800 + +palemoon (26.0.3-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Sat, 06 Feb 2016 18:02:47 -0800 + +palemoon (26.0.2-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Thu, 04 Feb 2016 19:31:53 -0800 + +palemoon (26.0.2-1mcr120+1) mepis; urgency=medium + + * New security and bugfix release. + * Install extensions directly from /integration folder in source, remove + debian/distribution. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 04 Feb 2016 14:02:54 -0800 + +palemoon (26.0.0-1mcr120+2) mepis; urgency=medium + + * Install addons from debian/distribution, taken from Pale Moon tarball. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 01 Feb 2016 08:08:54 -0800 + +palemoon (26.0.0-1mcr120+1) mepis; urgency=medium + + * Add libpulse-dev to build-depends to prevent FTBFS. + * Add Suggests: gstreamer0.10-ffmpeg to debian/control file. + * Add Mozilla Public License 2.0 to debian/copyright. + * debian/mozconfig: use -O2 optimization and remove the jmalloc option, + and match what results from about:buildconfig from the official binary. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Tue, 26 Jan 2016 15:43:43 -0800 + +palemoon (25.8.1-2mcr120+1) mepis; urgency=medium + + * Drop mozconfig.patch; use debian/mozconfig instead. + * Refresh debian/copyright. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Sun, 06 Dec 2015 13:08:26 -0800 + +palemoon (25.8.1-1mcr120+1) mepis; urgency=medium + + * A small update to address two important issues: + - Fix for a crash that could occur at random since the update to 25.8.0. + - Fix for CSP (Content Security Policy) to be more lenient towards the + incorrect passing of full URLs with all sorts of parameters in the CSP + header, leading to misinterpretation of the header and incorrectly + blocking the loading of content. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 30 Nov 2015 10:20:18 -0800 + +palemoon (25.8.0-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + Fixes/changes: + - Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded + videos. + - Updated the JPEG decoder library to 1.4.0. + - Fixed and cleaned up XPCOM timer thread code to avoid intermittent + issues with events not firing (especially after stand-by). + - Updated overrides to work around issues with Facebook and Netflix. + - Fixed an issue where too-old system-supplied NSPR and/or NSS libraries + would be accepted for use. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 18 Nov 2015 11:52:32 -0800 + +palemoon (25.7.3-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - usability update needed due to the fact that Mozilla has shut down their key + exchange (J-PAKE) server along with the old Sync servers. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 14 Oct 2015 19:40:39 -0700 + +palemoon (25.7.2-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - Fixed a critical hang caused by recursive reloads that might happen in + iframes if its hash changed. + - Fixed a critical hang caused by lazy-loading of stylesheets through a + specific web programming technique as advocated by Google's PageSpeed. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 05 Oct 2015 15:19:18 -0700 + +palemoon (25.7.1-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + + Fixes/changes: + + - Code cleanup: Removed the majority of remaining telemetry code (including + the data reporting back-end and health report) to prevent a few issues + with partially removed code in earlier versions. + - Fixed a crash due to handling of bogus URIs passed to CSS style filters + (e.g. whatsapp's web interface). + - Permitted spec-breaking syntax in Regex character classes, allowing + ranges that would be permitted per the grammar rules in the spec but not + necessarily following the syntax rules. This impacts a good number of + (also higher profile) sites that use invalid ranges in regular + expressions (e.g. Cisco's networking academy site, Yahoo Fantasy + Football). + - Fixed a crash due to the newly introduced WASAPI handling of audio + channel mapping that doesn't like actual surround hardware setups (e.g. + playing a video with quadraphonic audio on a 4-speaker setup). + - Fixed an issue where site-specific dictionary selections would be written + to content preferences without the user's action, potentially overwriting + or clearing a previously-chosen dictionary. + - Added support for drag and drop of local files from sources which use + text/uri-lists. (Some Linux flavors/file managers) + - Updated libnestegg to the most current version. + - Fixed an issue where setting the location to an empty string could cause + a reload loop. + + Security fixes: + + - Changed the jemalloc poison address to something that is not a NOP-slide. + DiD + - Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521) + - Fixed a buffer overflow/crash hazard in the + VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE + (CVE-2015-7179) + - Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function + (CVE-2015-7175) + - Fixed a stack buffer overread hazard in the ICC v4 profile parser + (CVE-2015-4504) + - Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day + vulnerability (ZDI-CAN-3176) (CVE-2015-4509) + - Fixed a potentially exploitable crash in nsXBLService::GetBinding + - Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy + (CVE-2015-7174) + - Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength + (CVE-2015-4522) + - Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers + (CVE-2015-4511) + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 30 Sep 2015 12:11:14 -0700 + +palemoon (25.7.0-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - Code cleanup: Removed the (otherwise unused) visual event tracer code. + - Code cleanup: Removed reflow performance tracing code (telemetry). + - Fixed a key JavaScript bug where defining properties on an object would + wipe the object. + - This seems to be a common issue with "modern" libraries that use "define" + instead of "change" and expecting the other properties on the object to be + retained, resulting in "x is undefined" errors all over the place if the + object is wiped. + - This aligns the behavior with ES6's "Validate and apply property + descriptor" pseudo-function. + - Updated the SQLite library to 3.8.11.1. + - Added support for the element.matches() Web API function. + - Added support for BASE tag parsing in source view. Previously, when + viewing the source of a document, clickable links would be incorrect if a + base path was specified in the document with this tag. + - Fixed an issue with running timers after the computer would have been put + to sleep with the browser opened. + + Security fixes: + + - Added protection against potential bugs where our SVG mPositions is out of + sync with the characters in the DOM. DiD + - Fixed use-after-free vulnerability in XMLHttpRequest::Open() + (CVE-2015-4492) + - Fixed use-after-free vulnerability in the StyleAnimationValue class + (CVE-2015-4488) + - Fixed crash or memory corruption in nsTArray (CVE-2015-4489) + - Fixed crash or memory corruption in nsTSubstring::ReplacePrep + (CVE-2015-4487) + - Fixed potential escalation of privileges or crash (out-of-bounds write) + via a crafted name in MARs (x64 only) -(CVE-2015-4482) + - Fixed an issue that would allow man-in-the-middle attackers to bypass a + mixed-content protection mechanism via a feed: URL in a POST request. + (CVE-2015-4483) + * Added blurb to postinst script. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 26 Aug 2015 14:50:58 -0700 + +palemoon (25.6.0-1mcr120+1) mepis; urgency=medium + + * New upstream release. + * Add debian README.7z-source to explain how to use the .7z source archive. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 31 Jul 2015 16:40:45 -0700 + +palemoon (25.5.0-1mx150+1) mx; urgency=medium + + * Rebuild for MX 15. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 26 Jun 2015 14:43:57 -0700 + +palemoon (25.5.0-1mcr120+1) mepis; urgency=medium + + * New upstream release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 11 Jun 2015 14:53:31 -0700 + +palemoon (25.4.1-1mcr120+1) mepis; urgency=low + + * Bugfix release, rebuild for MEPIS 12.0. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 01 May 2015 12:47:55 -0700 + +palemoon (25.3.1-0mcr120+1) mepis; urgency=low + + * Rebuild for MEPIS 12.0. + * debian/rules: compress deb packages with xz. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 26 Mar 2015 11:23:26 -0700 + +palemoon (25.3.1-0~precise1) precise; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Wed, 25 Mar 2015 20:46:17 +0100 + +palemoon (25.3.0-0~trusty1) trusty; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Sat, 14 Mar 2015 12:12:57 +0100 + +palemoon (25.2.1-0~trusty1) trusty; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Sun, 01 Feb 2015 16:18:52 +0100 + +palemoon (24.5.0-0~precise1) precise; urgency=low + + * Initial packaging + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Mon, 12 May 2014 20:42:01 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..a99eddf --- /dev/null +++ b/debian/control @@ -0,0 +1,46 @@ +Source: palemoon +Section: web +Priority: optional +Maintainer: Steven Pusser <stevep@mxlinux.org> +Bugs: mailto: <maintainer@mepiscommunity.org> +XSBC-Original-Maintainer: Marian Kadanka <marian.kadanka@openmailbox.org> +Build-Depends: debhelper (>= 9), +# Add for the conditional in rules to force use of gcc-4.9 on newer distreleases +# that default to gcc-5 or 6 + lsb-release, + gcc-4.9 | gcc-4.8 | gcc-4.7, + g++-4.9 | g++-4.8 | g++-4.7, + cpp-4.9 | cpp-4.8 | cpp-4.7, +# standard build-deps + autoconf2.13, + python (>= 2.7), + unzip, + zip, + pkg-config, + libgtk2.0-dev (>= 2.14), + libdbus-1-dev (>=0.60), + libdbus-glib-1-dev (>= 0.60), + yasm (>= 1.1), + libasound2-dev, + libpulse-dev, + libxt-dev, + mesa-common-dev +Standards-Version: 3.9.6 +Homepage: http://www.palemoon.org/ + +Package: palemoon +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, + ffmpeg | libav-tools +Provides: x-www-browser +Conflicts: palemoon-nonsse2 +Replaces: palemoon-nonsse2 +Description: Firefox-based, efficient and easy to use web browser + Pale Moon offers selected features and optimizations to maximize + the browser's speed, stability and user experience, while maintaining + compatibility with the thousands of Firefox extensions you have come + to love and rely on. + . + Pale Moon requires a processor that supports the SSE2 instruction set. + Run "/proc/cpuinfo" in a terminal, and look for sse2 in the flags to ensure + that your processor supports it. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..ab36daa --- /dev/null +++ b/debian/copyright @@ -0,0 +1,571 @@ +Even though Pale Moon is open source and the source is supplied under +the Mozilla Public License, redistribution of the Pale Moon binaries is +limited by certain conditions under a proprietary license by Moonchild +Productions, as permitted under 3.2b of the MPL v2.0. This has been +required because of, among other things, the increasing number of +rogue/altered copies and people taking advantage of the free +availability of the browser to monetize upon, which is against Pale +Moon's principles of free software. + +****** Pale Moon Freeware License ****** +Note: if not otherwise explicitly specified, the Copyright holder and Author of +software subject to this license is M.C. Straver BASc, AKA "Moonchild". Also +note that this license does not apply to the Pale Moon browser, but to other +specific (helper) applications released by Moonchild Productions. For licensing +of the browser, please see the MPL (for the source) and redistribution_license +(for binary (re)distribution). + +=============================================================================== +Last updated: 16 November 2015 +The software provided under this license is provided as Freely Available +Copyrighted Software ("Freeware"), which means: + 1. The author of this software retains full rights to all parts of the + software provided. No rights are given to copy, modify or create + derivative works of this software. + 2. The software may only be distributed by third parties if such + distribution is completely FREE OF CHARGE. No redistribution fee or cost + reimbursement may be charged, and the software must be supplied UNALTERED + and with all Copyright statements intact, accompanied by a copy of this + license. + 3. The software may not be included in whole or in part in other software, + either free or commercially, without the author's prior express written + permission. + 4. If the source code to the software is officially made available + (disclosed), it may be used for educational purposes, but (parts of) the + software's source code may not be copied verbatim to other software + without the author's prior express written permission. See (1). + 5. The term "Freeware" in this license should be interpreted as "gratis" + (with no attached cost or fee), and should not be interpreted as "libre" + (with no restrictions on use/modification). +Software distributed under the License is distributed on an "AS IS" basis, +WITHOUT WARRANTY OF ANY KIND, either express or implied. +=============================================================================== + +This license may be updated without notice, so please make sure to check back +on occasion if you use or distribute this software. That being said, there is +no intention of making changes to the core of this license and the main premise +of free availability behind it. + +If you have any questions about this freeware license, think anything is in +error or wish to discuss individual terms for your specific scenario or +specific property/distribution rights issues, then please contact_me. + + +Even though Pale Moon is open source and the source is supplied under +the Mozilla Public License, redistribution of the Pale Moon binaries is +limited by certain conditions under a proprietary license by Moonchild +Productions, as permitted under 3.2b of the MPL v2.0. This has been +required because of, among other things, the increasing number of +rogue/altered copies and people taking advantage of the free +availability of the browser to monetize upon, which is against Pale +Moon's principles of free software. + + +=============================================================================== +**** Redistribution license **** +Last updated: 14 September 2015 + +If you wish to redistribute the binaries (executable form of the code) of Pale +Moon, you are free to do so, with the following limitations: + 1. There is NO CHARGE for the download or distribution of the browser + package. + It is therefore not permitted if, without limitation: + a. You charge for the download of the binary packages (e.g. paid + hosting service, pay-per-download, subscription, etc.) or access to + them (password protected sites/archives/etc.) + b. You charge for redistribution rights of the browser binaries, + yourself (you have no rights to it) + c. You charge for a physical medium like a CD or DVD. Example: If you + provide a "cover disk" with a printed magazine, that is considered + a "no charge" item (free bonus item with the magazine) and is + therefore allowed. If you provide a disk-based magazine (digital) + that includes Pale Moon, the medium itself is paid for and + considered a "charge" item, and is therefore not allowed. + 2. You don't require the obligatory submission of personal data (name, e- + mail, telephone number, address, age, gender, ID, or similar) to download + the binaries. If you require registration of users before they can + download Pale Moon, you are not allowed to distribute it. Users must, at + all times, have the clear and equal option to download Pale Moon without + surrendering any personal information to you. + 3. The binaries and/or archives are completely UNALTERED. This includes + addition or removal of any component of the browser. Redistribution is + therefore not permitted if, without limitation: + a. You have re-packed the browser in a different archive format + (either common or proprietary) + (an exception to this is re-packaging required for specific target + operating systems, e.g. rpm, deb, pet) + b. You have added language packs/add-ons/plugins/etc. + c. You have added third-party tools/toolbars/utilities/etc. + d. You have changed supplied default preferences of the browser + e. You include a pre-set profile + f. You have removed any component from the browser package + g. You have edited or removed text or script files (including license + files, readmes, JavaScript modules, etc.) + h. The binaries have been in any way infected with or include a virus, + trojan, or other malware + i. The binaries and program structure have been in any way obscured + (e.g. by using application virtualization) making it difficult or + impossible to check for the previously listed alterations + 4. The binaries can be obtained without the use of third-party software not + officially endorsed, including but not limited to: download managers, + stub installers, wrappers, proprietary clients or proprietary protocols. + This includes any offering of such unendorsed downloading software or + methods, regardless of offering "direct" downloads or allowed methods + alongside the unendorsed ones. + 5. The binaries are not supplied as an integral part of a commercial/non- + commercial software package/larger works ("package"). If you wish to do + this, you must contact me beforehand to obtain permission and discuss + terms. Inclusion in a package will be subject to an individual agreement + (either extemporaneous or legalized) which may or may not involve + compensation. + 6. The binaries are not supplied as an integral part of a commercial/non- + commercial website/web service/on-line venue/etc. ("service"). If you + wish to do this, you must contact me beforehand to obtain permission and + discuss terms. Inclusion in a service will be subject to an individual + agreement (either extemporaneous or legalized) which may or may not + involve compensation. + 7. An exception applies to points 5 and 6 of this license for educational + purposes if bundled with other open source software or supplied as part + of a curriculum or in-college resource for students. + 8. An exception applies to point 5 of this license for inclusion of the + officially branded binaries in freely available and fully Open Source + operating systems, including but not limited to non-commercial variants + of Linux, variants of BSD and ReactOS. This exception only applies to + unaltered versions of the Pale Moon binaries or officially branded + variants specifically built for the target operating system from source + that have not been materially changed (including brand-specific + configurations like e.g. home page, default search engine). If any of the + essential settings of the browser are altered beyond what is strictly + needed for providing a working build on the target operating system, the + exception in this point does not apply and the license defaults to point + 10, instead. + 1. Clarification of "officially branded variants specifically built + for the target operating system": If an officially-built binary + (i.e. built by our team) is available for the target operating + system (e.g. existing Linux binaries), then those binaries will + always, in principle, take precedence over a third-party build to + ensure necessary QA and compatibility. Building and distributing a + binary with official branding is in that situation only in + principle allowed if an actual variant build is required for the + target distribution's compatibility (e.g. kernel or library + requirements) or operation, and otherwise not impacting the + material content of the browser package as a whole. QA of and + support for the resulting variant binaries will in that case fall + on the maintainer who will have to take full responsibility for the + variant binary. + 9. This redistribution agreement and any Individual Agreements for the + redistribution of executable code are provided by Moonchild Productions + ("Moonchild", "M.C. Straver") explicitly for the Pale Moon executable + code, and not by the Initial Developer or any Contributor. The Initial + Developer and every Contributor is hereby indemnified for any liability + incurred by the Initial Developer or such Contributor as a result of + these terms. + 10. The only exception to this redistribution policy not otherwise covered in + points 7 or 8 is if the repackaged or private build with official + branding has been pre-approved by Moonchild for redistribution and is + listed on this website as a contributed build. Contributed builds are + subject to a screening process, may be accepted or rejected, may be re- + screened at a later time, and may be at any time removed, in Moonchild's + sole discretion, either with or without stated reason. + 11. If a distribution is authorized as per point 10, the contributed build + may be redistributed in unaltered form by third parties as set out in the + points above and under the same conditions. + 12. If you wish to distribute binaries for other platforms, building from + Pale Moon source code, you may not use official branding unless these + builds have also been approved as a contributed build as per point 10 of + this license or if they are exempt under points 7 or 8 of this license. + Even so, you obtain no rights to the Pale Moon name or logo, merely the + permission to use it for the 3rd party build, and only for as long as it + is officially endorsed or satisfies the conditions for exemption. In all + other cases you must use significantly different branding files/graphics + and a significantly different name for the browser. + 13. Unofficial branding ("New Moon") as supplied in the source code may be + used for unendorsed binaries at all times. Thusly branded binaries with + the New Moon logo and product name are not subject to the endorsement and + exception rules as set out in previous points of this license and may be + freely distributed in altered or unaltered form, subject to the Mozilla + Public License as regards source code changes and availability. This + permission does, however, not include any rights or license to the Pale + Moon name and logo that may still be present in the resulting + unofficially branded binaries. +=============================================================================== + + + + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. + + + diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..de06d5e --- /dev/null +++ b/debian/install @@ -0,0 +1 @@ +browser/branding/official/palemoon.desktop usr/share/applications diff --git a/debian/mozconfig b/debian/mozconfig new file mode 100644 index 0000000..edb14ad --- /dev/null +++ b/debian/mozconfig @@ -0,0 +1,19 @@ +export MOZILLA_OFFICIAL=1 +mk_add_options MOZ_CO_PROJECT=browser +ac_add_options --enable-official-branding +ac_add_options --enable-application=browser +ac_add_options --enable-release +ac_add_options --disable-installer +ac_add_options --disable-updater +ac_add_options --enable-optimize="-O2 -msse2 -mfpmath=sse" +ac_add_options --disable-debug +ac_add_options --with-pthreads +ac_add_options --enable-shared-js +ac_add_options --enable-jemalloc +ac_add_options --enable-strip +ac_add_options --x-libraries=/usr/lib +ac_add_options --prefix=/usr +ac_add_options --enable-devtools +ac_add_options --disable-necko-wifi +ac_add_options --disable-installer +ac_add_options --disable-updater diff --git a/debian/palemoon.links b/debian/palemoon.links new file mode 100644 index 0000000..fedb535 --- /dev/null +++ b/debian/palemoon.links @@ -0,0 +1,6 @@ +/usr/lib/palemoon/browser/chrome/icons/default/default16.png /usr/share/icons/hicolor/16x16/apps/palemoon.png +/usr/lib/palemoon/browser/chrome/icons/default/default32.png /usr/share/icons/hicolor/32x32/apps/palemoon.png +/usr/lib/palemoon/browser/chrome/icons/default/default48.png /usr/share/icons/hicolor/48x48/apps/palemoon.png +/usr/lib/palemoon/browser/icons/mozicon128.png /usr/share/icons/hicolor/128x128/apps/palemoon.png +/usr/lib/palemoon/browser/icons/mozicon128.png /usr/share/pixmaps/palemoon.png +/usr/lib/palemoon/palemoon usr/bin/palemoon \ No newline at end of file diff --git a/debian/palemoon.lintian-overrides b/debian/palemoon.lintian-overrides new file mode 100644 index 0000000..5954bcd --- /dev/null +++ b/debian/palemoon.lintian-overrides @@ -0,0 +1,3 @@ +palemoon binary: embedded-library usr/lib/palemoon/libxul.so: libjpeg +palemoon binary: embedded-library usr/lib/palemoon/libmozsqlite3.so: sqlite +palemoon binary: image-file-in-usr-lib diff --git a/debian/palemoon.postinst b/debian/palemoon.postinst new file mode 100755 index 0000000..dde1357 --- /dev/null +++ b/debian/palemoon.postinst @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] ; then + update-alternatives --install /usr/bin/gnome-www-browser \ + gnome-www-browser /usr/bin/palemoon 40 + + update-alternatives --install /usr/bin/x-www-browser \ + x-www-browser /usr/bin/palemoon 40 +fi + +#DEBHELPER# diff --git a/debian/palemoon.prerm b/debian/palemoon.prerm new file mode 100755 index 0000000..b03dbd6 --- /dev/null +++ b/debian/palemoon.prerm @@ -0,0 +1,8 @@ +#!/bin/sh -e + +if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ] ; then + update-alternatives --remove x-www-browser /usr/bin/palemoon + update-alternatives --remove gnome-www-browser /usr/bin/palemoon +fi + +#DEBHELPER# diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..645c67e --- /dev/null +++ b/debian/rules @@ -0,0 +1,46 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +export SHELL=/bin/bash + +# Build with gcc-4.9 on Stretch, Buster,Xenial, Yakkety, Zesty, and Horizon. +distrelease := $(shell lsb_release -cs) +ifeq ($(distrelease),$(filter $(distrelease),stretch buster xenial yakkety \ +zesty artful bionic Horizon)) +export CC=gcc-4.9 +export CXX=g++-4.9 +export CPP=cpp-4.9 +export LD=gcc-4.9 +endif + +%: + dh $@ --parallel + +override_dh_auto_clean: + rm -f mozconfig + dh_auto_clean + + +override_dh_auto_configure: + cp debian/mozconfig mozconfig + +override_dh_auto_build: + make -f client.mk build + +override_dh_auto_install: + make -f client.mk DESTDIR=$$(pwd)/debian/palemoon prefix=/usr \ + installdir=/usr/lib/palemoon \ + sdkdir=/usr/lib/palemoon-devel install + rm -rf $$(pwd)/debian/palemoon/usr/share/idl + rm -rf $$(pwd)/debian/palemoon/usr/lib/palemoon-devel + rm -rf $$(pwd)/debian/palemoon/usr/include +# remove vestigial duplicate file + rm -rf $$(pwd)/debian/palemoon/usr/lib/palemoon/palemoon-bin + +override_dh_shlibdeps: + dh_shlibdeps -l /usr/lib/palemoon + +# For releases that don't use xz compression by default, such as Wheezy. +# It's OK to leave this in for those that do. +override_dh_builddeb: + dh_builddeb -- -Z xz diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 0000000..dd76db8 --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1,10 @@ +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/urlbar-over-link-arrow-rtl.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pms24.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pulse.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/throbberStatic.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pms16.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/urlbar-over-link-arrow.png +debian/distribution/bundles/statusbar@palemoon.org/components/status4evar.xpt +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/stop.png +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/statusbar.png +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/icon.png -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git