This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository pale-moon. at d2377fd debian/rules: tabbify. This branch includes the following new commits: new 97558c0 debian: add directory based on Steven Pusser's palemoon_27.9.2~repack-1 version. new 0fd0735 debian/control: switch maintainer to X2Go Developers. new dec59f0 debian/control: remove stray tab. new d2377fd debian/rules: tabbify. The 4 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 97558c014162f322a706af16d43b9f3e4604832d Author: Mihai Moldovan <ionic@ionic.de> Date: Mon May 28 03:31:20 2018 +0200 debian: add directory based on Steven Pusser's palemoon_27.9.2~repack-1 version. --- debian/README.7z-source | 12 + debian/changelog | 1222 +++++++++++++++++++++++++++++++++++++ debian/compat | 1 + debian/control | 46 ++ debian/copyright | 571 +++++++++++++++++ debian/install | 1 + debian/mozconfig | 19 + debian/palemoon.links | 6 + debian/palemoon.lintian-overrides | 3 + debian/palemoon.postinst | 11 + debian/palemoon.prerm | 8 + debian/rules | 46 ++ debian/source/format | 1 + debian/source/include-binaries | 10 + 14 files changed, 1957 insertions(+) diff --git a/debian/README.7z-source b/debian/README.7z-source new file mode 100644 index 0000000..c916e90 --- /dev/null +++ b/debian/README.7z-source @@ -0,0 +1,12 @@ +If you obtain the source in a 7z archive, it does not support Linux permissions. +In order to compile it, and create a source tarball, extract the archive, run + +chmod -R 777 <extracted-source-directory> + +and then recompress the source into an approved Debian tarball format. + +Make sure to add a "~repack" to the versioning and the orig tarball to label it +as repacked. + +Currently the tar.gz tarballs from the github releases don't require this, but +a tar.xz repack will save considerable bandwidth. diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..cff607f --- /dev/null +++ b/debian/changelog @@ -0,0 +1,1222 @@ +palemoon (27.9.2~repack-1) obs; urgency=medium + + * New upstream security and stability update: + + - Changes/fixes: + - We changed the language strings for softblocked items so people will cry + less when we do our job. + - (CVE-2018-5174) Prevent potential SmartScreen bypass on Windows 10. + - (CVE-2018-5173) Fixed an issue in the Downloads panel improperly + rendering some Unicode characters, allowing for the file name to be + spoofed. This could be used to obscure the file extension of potentially + executable files from user view in the panel. + - (CVE-2018-5177) Fixed a vulnerability in the XSLT component leading to a + buffer overflow and crash if it occurs. + - (CVE-2018-5159) Fixed an integer overflow vulnerability in the Skia + library resulting in possible out-of-bounds writes. + - (CVE-2018-5154) Fixed a use-after-free vulnerability while enumerating + attributes during SVG animations with clip paths. + - (CVE-2018-5178) Fixed a buffer overflow during UTF8 to Unicode string + conversion within JavaScript with extremely large amounts of data. This + vulnerability requires the use of a malicious or vulnerable extension in + order to occur. + - Fixed several stability issues (crashes) and memory safety hazards. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 21 May 2018 11:43:14 -0700 + +palemoon (27.9.1~repack-1) obs; urgency=medium + + * New upstream maintenance update: + - Removed the unused/incomplete places protocol handler. + - Worked around an issue with MSE media without a Track ID. This should help + with the playability of some live streams. + - Ported across jemalloc improvements from UXP. + - Ported across cairo mutex improvements from UXP. + - Added support for FFmpeg 4.0/libavcodec 58. + - Added a fix for Windows 10's "isAlpha()" not being what one would expect + in v1803. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 07 May 2018 15:07:33 -0700 + +palemoon (27.9.0~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Fixed a number of spec compliance issues in our media subsystem. + - Added a trailing slash to referrers when policy is set to fix some web + compatibility issues. + - Fixed the property order in Object.getOwnPropertyNames(string) and others + for web compatibility. + - Updated RegExp(RegExp object, flags) to the ES6 standard specification. + - Changed the embedded font from the no longer free EmojiOne to the + open-licensed Twemoji (with additional fixes). This also further extends + unicode support to Unicode 10 emoji(s). Please note that as a result, color + emoji(s) will look different than before. + - Adjusted some things in our memory allocator code to provide, among other + things, better allocation alignment on Windows. + - Made the attempt to migrate people from the old sync server domain name to + the current one more aggressive. We will be retiring the old + pmsync.palemoon.net Sync server address shortly to remove the need for us + to maintain a security certificate for it; this preference migration should + automatically put everyone on the correct server address when upgrading. + - Made reading of the sessionstore synchronous, to speed up startup and + prevent the homepage from being loaded when restoring a session. + - Added a fix to switch to the correct window/tab when a web notification + is clicked. + - Changed the placeholder text to not include "Search" when all search + functions from the address bar are disabled. + - Enabled the use of Skia for canvas on Linux and OSX. + - Worked around a potential cause for some non-standard bitmapped fonts + ending up with incorrect line heights (I'm looking at you, Noto fonts!). + - Added a workaround for incorrectly-encoded JPEG-XR images with planar + alpha. Ultimately, the jxrlib reference implementation should be fixed to + encode according to spec. + - Aligned XCTO:nosniff allowed script MIME types with the updated spec. + - Improved the logic for storing vector images in the surface cache. + - Fixed character set handling for XMLHttpRequests. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 17 Apr 2018 10:14:19 -0700 + +palemoon (27.8.3~repack-1) obs; urgency=medium + + * New upstream bugfix update: + - This is a small update to solve a pervasive crash in responsive web + layouts. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 29 Mar 2018 12:48:14 -0700 + +palemoon (27.8.2~repack-1) obs; urgency=medium + + * New upstream security update: + - Privacy fix: prevented update checks for the default theme. + - Added a user-agent override for Dropbox to improve compatibility with + their service. + - Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD + - Disabled the Mac OSX Nano allocator. DiD + - Fixed (CVE-2018-5129) OOB Write. + - Updated the lz4 library to 1.8.0 to solve potential issues. DiD + - Fixed (CVE-2018-5137) Path traversal on chrome:// URLs + - Fixed several memory safety an synchronicity hazards. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 22 Mar 2018 10:31:24 -0700 + +palemoon (27.8.1~repack-1) obs; urgency=medium + + * New upstream release: + - Backed out the NSPR/NSS update from 27.8.0 for causing crashes, general + operational instability and handshake issues. + - Disabled TLS 1.3 draft support by default, because with the NSS backout we + only support an older draft right now that is no longer current and may + cause connectivity issues. You can manually re-enable it at your own risk + in about:config by setting security.tls.version.max to 4. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 06 Mar 2018 12:04:10 -0800 + +palemoon (27.8.0~repack-1) obs; urgency=medium + + * New upstream release: + - Added support for emojis on Windows systems that have relatively poor + support for them with standard font sets by including our own font + (EmojiOne based for now). + - Added a setting in preferences to select the use of tab previews with + Ctrl+Tab. + - Added Eyedropper menu entry to the AppMenu. + - Added a preference to control whether the text cursor (caret) should be + thicker when dealing with CJK characters or not (default = yes). + - Added URL fix-ups for schemes (mis-typed "ttp://" etc.). + - Added support for ES6 "Symbol species". + - Updated our TLS 1.3 support to the latest (probably final) draft. + - Fixed gap inconsistency in the tabstrip. + - Fixed a number of browser crashes. + - Fixed a crash with the exponentiation operator "**" + - Set the performance timer granularity to 1 ms. + - Updated the kiss-fft library to our forked 1.4.0 version. + - Disabled a potentially problematic optimization on Win 8+ with high + contrast themes in use. + - Removed the notification bar when in full screen to prevent unwanted + visible screen elements. + - Removed unmaintained and insecure WebRTC code - building with WebRTC + enabled is no longer an option. + - Removed redundant checks for "Vista or later" since that is all we support. + - Added display of the http status to raw request displays. + - Added a workaround for cloned videos not retaining their muted state. + - Added a temporary workaround to avoid crashes on trackless media. + - Removed some superfluous ellipses from menu labels. + - Fixed undesired shrinking of line heights as a result of setting minimum + font size in preferences. + - Fixed some issues with setting the new tab preference (regression). + + * Add support for building on Debian Buster on gcc-4.9. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 02 Mar 2018 17:38:20 -0800 + +palemoon (27.7.2~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Changed the X-Content-Type-Options: nosniff behavior to only check + "success" class server responses, for web compatibility reasons. + - Changed the perfomance timer resolution once more to a granularity of + 1 ms, after evaluating more potential ways of abusing Spectre. This + takes the most cautious approach possible lacking more information + (because apparently NDAs have been signed over this between mainstream + players), follows Safari's lead, and should make it not just infeasible + but downright impossible to use these timers for nefarious purposes in + this context. + - Improved the debug-only startup cache wrapper to prevent a rare crash. + - Fixed a crash in the XML parser. + - Added a check for integer overflow in AesTask::DoCrypto() + (CVE-2018-5122) DiD + - Fixed a potential race condition in the browser cache. + - Fixed a crash in HTML media elements (CVE-2018-5102) + - Fixed a crash in XHR using workers. + - Fixed a crash with some uncommon FTP operations. + - Fixed a potential race condition in the JAR library. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 01 Feb 2018 13:48:26 -0800 + +palemoon (27.7.1~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Added support for Array.prototype[@@unscopables]. + Unfortunately, the addition of Javascript's ES6 Unscopables in 27.7.0 was + incomplete, which caused a number of websites (e.g. Chase on-line banking, + some Russian government sites) to display blank or not complete loading + after updating to that version of the browser. This update should fix the + problem by adding the missing part of the feature. + - Fixed an issue with the default theme causing tab borders to be drawn too + thick at higher settings for visual element scaling (125/150%) in Windows. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 18 Jan 2018 10:03:02 -0800 + +palemoon (27.7.0~repack-1~mx17+1) mx; urgency=medium + + * New upstream release: + - Reorganized access to preferences (moved to the Tools menu on Linux, and + renamed from "Options" to "Preferences" on Windows). + - Renamed "Restart with add-ons disabled" to "Restart in Safe Mode" to + better reflect what it does. + - Worked around an issue with some improperly-encoded PNG files not decoding + after our libpng update. + - Fixed an issue on Mac builds not properly populating the application menu. + - Added "My home page" as an option for new tabs. + - Added an option to disable the 4th and 5th mouse buttons (Windows). + - (mouse.button4.enabled and mouse.button5.enabled, respectively) + - Improved the resetting of non-default profiles. + - Fixed an issue with details/summary having the incorrect height if floated, + breaking layouts. + - Implemented support for flex/columnset contents inside buttons to align + its behavior with other browsers. + - (this should fix layout issues with Twitch's new web interface) + - Made several more improvements to the details/summary tags to align them + with the current spec and fix several bugs. + - Fixed an issue where CSS clone operations would draw a border. + - Changed the way fractional border widths are rounded to provide more + natural behavior. + - Fixed an issue where number inputs would incorrectly be flagged as + read-only. + - Added assets for tile display in the Windows start panel. + - Finished sync infra swapover by adding a one-time pref migration for + server used. + - Improved WebAudio API: Return the connected audio node from + AudioNode.connect() + - Added support for a default playback start position in media elements. + - Fixed an assert in cubeb-alsa code (Linux). + - Added support for media cue-change events (e.g. subtitles). + - Updated SQLite to 3.21.0. + - Fixed a crash when trying to use the platform embedded. + - Fixed devtools (gcli) screenshots on vertical-text pages. + - Fixed devtools copy as cURL for POST requests. + - Improved the HTML editor component (several bugfixes). + - Added support for ES7's exponentiation a ** b operator. + - Fixed an issue with arrow functions incorrectly creating an arguments + binding. + - Added Javascript's ES6 unscopables. + Security/privacy fixes: + - Disabled automatic filling in of log-in details by default to prevent + potential risks of credentials being abused (e.g. for tracking) or stolen. + - Added a preference (in the category security) to easily enable or disable + automatic filling in of log-in data. + - Removed the sending of referrers when opening a link in a new + private window. + - Added an option to disable the page visibility Web API + (dom.visibilityAPI.enabled), allowing users to prevent pages from knowing + whether they are being actively displayed to the user or not. + - Removed the "ask every time" policy for cookies. For granular control, + please use any of the excellent available extensions to regulate cookie use + on a per-site or per-url basis. + - Added support for X-Content-Type-Options: nosniff (for scripts). + - Changed the resolution of performance timers to a level where any future + potential abuse for hardware-timing attacks becomes impractical. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 16 Jan 2018 12:02:55 -0800 + +palemoon (27.6.2~repack-1) obs; urgency=medium + + * Minor security and bugfix release: + - Implemented the concept of so-called "cookie-averse document objects", + which is a security&privacy measure that blocks certain web content from + setting cookies. This mitigates cookie-injection, which might help against + "hidden" cookie tracking. + - Mitigated some domain name spoofing through IDN by using dotless-i and + dotless-j with accents. (CVE-2017-7832) + - Pale Moon will display these kinds of spoofed domains in punycode now in + the actual address bar. Please note that the identity panel will always be + able to help you on secure sites when IDNs are in use to notice potential + spoofing, as opposed to relying on detection algorithms in the URL itself. + As such, some other issues like CVE-2017-7833 are already mitigated by us. + - Fixed an issue with mixed-content blocking. (CVE-2017-7835) + - Added an extra check for the correct signature data type on certificates. + - Added missing sanitization in exporting bookmarks to HTML. (CVE-2017-7840) + - Fixed several crashes and memory safety hazards. + * Bump debhelper build-depend to >= 9. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 29 Nov 2017 12:31:22 -0800 + +palemoon (27.6.1~repack-1mx15+1) mx; urgency=medium + + * Minor bugfix release: + - Fixed a regression with new windows (opening two windows from the + command-line or file association, focus issues on new windows, not + loading the home page in a new window, etc.) + - Aligned XHR with the currect spec to allow withCredentials. + - Fixed an input element focus issue within handlers. + - Fixed the processing of all-padding HTTP/2 frames to prevent rare + HTTP/2 hangups. + - Updated CitiBank override to work around their login issues. + - Updated Netflix override to a community-supplied one that seems to + satisfy their arbitrary restrictions better. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 20 Nov 2017 15:52:34 -0800 + +palemoon (27.6.0~repack-1) obs; urgency=medium + + * Major development update; changes can be viewed at + https://github.com/MoonchildProductions/Pale-Moon/releases. + * debian/mozconfig: add vectorization flags for distreleases that support it. + Those that don't get the mozconfig without the flags. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 08 Nov 2017 11:10:24 -0800 + +palemoon (27.5.1~repack-1) obs; urgency=medium + + * Minor bugfix release: + - Changed the default Windows 10 styling when no accent color is applied to + black-on-white. + - Changed the theme styling on Windows 10 when the system window frame is + used (menu bar enabled) to use the window manager background directly, + preventing visual lag updating the window color when it changes. + - Updated user agent overrides for DropBox, YouTube and Yahoo to work around + user agent sniffing issues. + - Fixed a crash in the media subsystem. + - Fixed a regression where video playback hardware acceleration was disabled + incorrectly on some systems. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 13 Oct 2017 15:15:01 -0700 + +palemoon (27.5.0~repack-1mx15+1) mx; urgency=medium + + * New upstream major release, changes can be viewed at + https://github.com/MoonchildProductions/Pale-Moon/releases. + * Disable updater and installer in mozconfig. + + -- Steven Pusser <stevep@mxlinux.org> Tue, 26 Sep 2017 18:32:35 -0700 + +palemoon (27.4.2~repack-1) obs; urgency=medium + + * New upstream bugfix release: + - Fixed a number of crashes. + - Enabled the opt-in debugging feature to log SSL keys to a file in all + builds. + - Added a fix for TLS 1.3 handshakes causing a browser hangup. + - Handshakes should be considerably faster now and no longer stall in the + wrong circumstances. + - Updated NSPR to 4.15. + - Updated NSS to 3.31.1. + - Fixed a DoS issue using overly long Username in URL scheme (CVE-2017-7783) + - Fixed an issue where (cross domain) iframes could break + scope (CVE-2017-7787) + - Fixed an issue in WindowsDllDetourPatcher (CVE-2017-7804) + - Fixed an issue with elliptic curve addition in mixed Jacobian-affine + coordinates (CVE-2017-7781) + - Fixed a UAF in nsImageLoadingContent (CVE-2017-7784) + - Fixed a UAF in WebSockets (CVE-2017-7800) + - Fixed a heap-UAF in RelocateARIAOwnedIfNeeded (CVE-2017-7809) DiD + (accessibility is disabled) + + -- Steven Pusser <stevep@mxlinux.org> Wed, 23 Aug 2017 15:50:07 -0700 + +palemoon (27.4.1~repack-1mx15+1) mx; urgency=medium + + * New upstream bugfix release: + - Fixed an issue where MSE media playback would not use hardware + acceleration when it could, causing choppy playback and high CPU usage. + - Fixed ES6 iterator chains to be spec-compliant. + - Fixed ES6 vector append calls and some related memory leaks. + - Added a workaround to reduce the chances of a rare crash occurring. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 04 Aug 2017 18:22:19 -0700 + +palemoon (27.4.0~repack-2) obs; urgency=medium + + * debian/mozconfig: drop deprecated "--disable-gstreamer" option. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 12 Jul 2017 13:25:27 -0700 + +palemoon (27.4.0~repack-1) obs; urgency=medium + + * New upstream release--the github 27.4.0 was not a real release: + Changes/fixes: + - Completely re-worked the Media Source Extensions code to make it spec + compliant, and asynchronous as per specification for MSE with MP4. This + should fix playback problems on YouTube, Twitch, Vimeo and other sites + that previously had some issues. A massive thank you to Travis for his + tireless work on making this happen! + Please note that MSE+WebM (disabled by default) is not using this new code + yet (planned for the next release), and as such there is a temporary set + of things to keep in mind if you don't use default settings: + If you have previously enabled MSE+WebM, this setting will be reset when + you update to avoid conflicting settings with the updated MSE code. + We've added an extra setting in Options to disable the updated MSE code + (asynchronous use) in case you need to use WebM or are otherwise having + issues with the updated code (please let us know in that case). + Once again, the MSE+WebM and Asynchronous MSE use are currently mutually + exclusive. You can have one or the other, not both, until we sort out + the code for WebM. To enable MSE+WebM you will first have to disable + Asynchronouse MSE in settings (otherwise the WebM setting will be greyed + out and disabled). + - Added a control in options/preferences for HSTS and HPKP usage. + - Changed HTML bookmark exports to write CRLF line endings to the file on + Windows. + - Leveraged multi-core rendering for libVPX (VP8/VP9 WebM decoding). + - Fixed some issues accessing DeviantArt (useragent-sniffing). + - Aligned CSS text-align with the spec. + - Added a recovery module for browser initialization issues (e.g. when using + a wrong language pack). + - Fixed spurious console errors for XHR requests with certain http response + codes. + - Enabled v-sync aligned refresh for a smoother scrolling experience. + - Removed support for CSS XP-theme media queries. + - Improved console error reporting. + - Fixed resetting toolbars and controls from the safe mode dialog. + - Fixed bookmark recovery option from the safe mode dialog. + - Fixed innerText getters for display:none elements. + - Fixed a GL buffer crash that might occur with certain combinations of + drivers and hardware. + - Added some more details to about:support. + - Fixed a potential crash when the last audio device is removed during + playback. + - Fixed a crash on about:support when windowless browsers are created. + - Updated <select> elements to blank if the actively set value doesn't match + any of the options. + - Updated the interpretation of 2-digit years in date formats to match other + browsers: + - 0-49 = 2000-2049, 50-99 = 1950-1999. + - Added "q" units to CSS (quarter of a millimeter). + - Added .origin property to blobs. + - Fixed several minor layout issues. + - Fixed disabled HTML elements not producing the proper JS events. + - Implemented web content handler blacklist according to the spec, allowing + more than feeds to be registered. + - Fixed a spec compliance issue with execCommand() on HTML elements. + - Fixed a problem with table borders being drawn uneven or being omitted + when zooming the page. + - Added devtools "filter URLs" option in the network panel. + - Added visual sorting options to the Network inspector. + - Added importing of login data from Chrome profiles on Windows (Chrome + has to be closed first). + - Added importing of tags from bookmark export files (HTML format). + - Updated usage of SourceMap headers with the updated spec (SourceMap + header, keeping X-SourceMap as a fallback). + - Fixed several cases of wrongly-used negations in JS modules. + - Added the auxclick mouse event. + - Added a control to not autoplay video unless it is in view + (media.block-play-until-visible). + - Updated the Graphite font library to 1.3.10. + - Updated how image and media elements respond to window size changes + (responsive design). + - Added parsing and use of rotation meta data in video. + - Fixed several crashes in a number of modules. + - Fixed performance regression for scaling large vector images (e.g. MSIE + Chalkboard test) \o/ + - Fixed some issues with notification icons. + - Fixed some internal errors with live bookmarks. + - Updated SQLite to 3.19.3. + - Fixed several reported issues with devtools (cli-cookies, cli help, + copying cURL, inspecting SVGs, element size calculations, etc.) + - Fixed an issue where a server response was allowed to override add-ons' + specified version ranges even for add-ons that have strict compatibility + (e.g. themes, language packs). + + Security fixes: + + - Removed preloading of HPKP hosts and enabled HPKP header enforcement. + - Added support for TLS 1.3, the up-next secure connection protocol. + - Fixed an issue with TLS 1.3 not supporting renegotiation by design. + - Relaxed some restrictions for CSP to temporarily work around web + compatibility issues with the CSP-3 deprecated `child-src` directive. + - Updated NSS to 3.28.5.1-PM to address some security issues. + - Updated the installer selfextractor module to address unsafe loading of + libraries. + - Changed the way certain resources are included to reduce effectiveness of + some common fingerprinting techniques. (e.g. browserleaks.org) + - Fixed a regression in the display of security information in the page info + dialog for insecure content. + - Fixed two potential issues with allocating memory for video. DiD + - Fixed a potential issue with the network prediction algorithm. DiD + - Restricted the use of Aspirational scripts in IDNs to prevent domain + spoofing, in anticipation of the UAX#31 update making this official. + - Prevented a Mac font specific issue that could be abused for domain + spoofing (CVE-2017-7763) + - Fixed several potentially exploitable crashes. (CVE-2017-7751) + (CVE-2017-7757) and some that do not have a CVE designation. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 12 Jul 2017 10:54:26 -0700 + +palemoon (27.3.0~repack-1) obs; urgency=medium + + * New upstream release. + + -- Steven Pusser <stevep@mxlinux.org> Sat, 29 Apr 2017 19:50:41 -0700 + +palemoon (27.2.1~repack-1) obs; urgency=medium + + * New upstream release: + + - Changes/Fixes: + - Fixed an issue with planar alpha handling (transparency) when drawing + JXR images. + - Fixed a crash related to a change JavaScript array handling introduced + in 27.2.0. This became apparent with the pentadactyl extension, but + could happen in other situations as well. + - Fixed a crash when opening ridiculously large images with HQ scaling + enabled (default). Pale Moon will now only apply HQ scaling for images + within reasonable limits (64 Mpix or smaller). Images larger than that + may not display properly when zooming in, or may not display at all, + even scaled down (e.g. >256 Mpix large) and show a "broken image" + placeholder instead; please use dedicated image viewer applications for + those kinds of images; it is outside the scope of a web browser to + handle such large images. + - Changed the way URL hashes are handled, and will no longer %-decode + anchor hash identifiers by default. Note that this is against RFC 3986, + which states that any part of the URL scheme that isn't data should be + decoded. This is required for web compatibility because several sites + use hash links to pass actual data to web applications (Please don't do + this! Hashes are part of the URL address, should only consist of "safe" + characters, and aren't suited to pass arbitrary data) and the most + common browsers no longer follow the RFC in that respect. If you want + RFC compliance, switch dom.url.getters_decode_hash to true. + - Restored 2 RSA Camellia cipher suites that were missing: + TLS_RSA_WITH_CAMELLIA_128_CBC_SHA and TLS_RSA_WITH_CAMELLIA_256_CBC_SHA. + - Fixed an issue with custom toolbars getting deleted during upgrade + from 27.0/27.1 to 27.2 + + -- Steven Pusser <stevep@mxlinux.org> Wed, 29 Mar 2017 12:27:06 -0700 + +palemoon (27.2.0~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + + - Changes/Fixes: + - Updated the ICU lib to 58.2 to fix a number of issues. + - Added proper control for the user for offline storage for web + applications. + - Added a check to prevent auto-filled URLs from copying the auto-filled + selection to clipboard/primary. + - Added the feature to pass a URL to open in a private window from the + command-line. + - Improved the display of the downloads indicator on the button in + bright-text situations. + - DOM storage now honors the "3rd party cookie" setting in that it will + not allow 3rd party data to be stored if 3rd party cookies are + disallowed. + - Allowed toolbar button badges to be properly styled. + - Updated the hunspell spellchecking library to 1.6.0 to fix a number + of issues. + - Fixed desktop notifications being off-screen if fired in rapid + succession. + - Added Element.insertAdjacentElement and Element.insertAdjacentText + DOM functions. + - Added support for JPEG-XR images. This makes Pale Moon have the broadest + support for image formats of all web browsers. (enabled by default; you + can disable this with media.jxr.enabled). + - Completely removed the use of GStreamer on Linux. + - Added support for Element.innerText. + - Custom toolbars should now properly remember their state. + - Fixed some more playback issues with MP4/MSE videos. Please be aware + that we are still working on further improving MSE video handling. + - Changed media processing to reduce dangerous processing asynchronicity. + This should also make media elements and playback more responsive. + - Fixed a useragent string regression always displaying the minor Goanna + version as .0 + - Updated NSPR to 4.13.1. + - Updated NSS to 3.28.3-RTM. + - Fixed unrestricted icon sizes in PMkit buttons. + - Fixed unresponsive buttons on support page when not building + the updater. + - Fixed the use of "View image" and "Save image as" on extremely + large images. + - Changed the way "View Image" and "Save image as" work on canvas + elements. + - Made checking for dangerously large resolution PNG images smarter. It + will now accept larger "strip"-aspect ratio images while reducing + unsupported large image resolutions. This will e.g. fix Gmail's "emoji" + window that uses a ridiculously long but very narrow single image to + store all the emoticon pictures. + - Converted several hard-coded URLs to preferences. + - Updated the google.com override so it would not cripple services based + on UA sniffing. + - Added Inner and Outer Window ID administration. + - Fixed the add-on discovery pane detection. + - Added support for canvas ellipse. + - Improved drawing of certain MathML elements at problematic zoom levels. + - No longer building gamepad support. + - Updated Harfbuzz font shaper to 1.4.3 to fix a number of issues. + - Fixed a number of crashes (layout, plugins, uncommon navigation, + bad URLs). + - Aligned SVG specular filters with the spec. + + - Security/privacy changes: + - Added support for 256-bit AES-GCM encryption. + - Added support for ChaCha20-Poly1305 encryption. + - Removed support for Camellia-GCM since nobody seems interested in it. + (Camellia in 128/256-bit CBC block mode is still fully supported). + - Added support for SHA-224, SHA-256, SHA-384 and SHA-512 to Crypto utils. + - Improved status handling of secure sites to be less sensitive to + "insecure" items that are local. + - Fixed print preview hijacking. (CVE-2017-5421) + - Fixed a potentially exploitable crash in OnStartRequest. (CVE-2017-5416) + - Fixed potential cross-origin content-stealing through a timing + attack. (CVE-2017-5407) + - Fixed a denial-of-service problem with view-source. (CVE-2017-5422) + - Fixed crash in directional controls. (CVE-2017-5413) + - Fixed a perceived problem with chrome manifests. (CVE-2017-5427) + - Fixed the use of an uninitialized value. (CVE-2017-5405) + - Fixed a buffer overflow. (CVE-2017-5412) + - Fixed a UAF situation. (CVE-2017-5403) + - Fixed a potential spoofing issue with the address bar. (CVE-2017-5417) + - Fixed a potential issue in libvpx. (CVE-2017-5402) DiD + - Fixed a potential issue with HTTP auth. (CVE-2017-5418) + - Fixed several memory safety hazards and potentially exploitable crashes. + + -- Steven Pusser <stevep@mxlinux.org> Sun, 19 Mar 2017 12:49:24 -0700 + +palemoon (27.1.2~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + -adds workaround for potential deadlocks happening in media elements. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 03 Mar 2017 13:45:54 -0800 + +palemoon (27.1.1~repack-1mx15+1) mx; urgency=medium + + * New upstream release: + - Implemented a fix in media handling to prevent crashes with concurrent + videos and/or rapidly starting/stopping video playback in the browser. + - Fixed the way the Adobe Flash plugin is detected to prevent confusion with + other plugins that identify themselves as "Flash" (e.g. VLC). + - Windows: Solved stability issues caused by the release build process, + resulting in unexpected behavior (e.g. hangups). + + -- Steven Pusser <stevep@mxlinux.org> Wed, 22 Feb 2017 13:52:07 -0800 + +palemoon (27.1.0~repack-1) obs; urgency=medium + + * New major upstream release: + - Reworked the media back-end completely (thanks Travis!) to use FFmpeg + (including support for FFmpeg v3 and MP3 playback) and our own MP4 parser, + and no longer relying on gstreamer on Linux, as well as adding some + improvements on Windows for media parsing and playing. + - On Linux, Apple .mov files of the correct type will also be played through + FFmpeg now, for those rare occasions where they are still in use, + considering there is no Quicktime plug-in available on that operating + system. + - Restored the classic about:config styling. + - Added a fallback to US-ASCII if the autoconfig UTF-8 conversion fails. + - Improved cross-compartment wrapper handling when managing a large number + of tabs (fixes a performance regression with v27). + - Changed the way audio and video synchronization is calculated to account + for (slow) device latency, preventing things from getting out of sync on, + e.g. BlueTooth-connected speakers. + - Changed the way scripts are handled when they are stopped from the + "unresponsive script" dialog, to prevent browser lockup. We will now stop + all scripts in the affected compartment in one go. + - Fixed several errors in the devtools. + - Fixed a nasty crash caused by cross-origin referrers. + - Added HTML5-spec clipboard handling for content (cut© only -- paste + is not allowed for security reasons). + - Made multiple changes to the toolkit jetpack modules to cater to PMkit + extensions. This should make running SDK-based extensions as PMkit + extensions fairly simple for extension developers. + - Fixed a css layout issue: make max-width affect contributions to intrinsic + min-width. + - Implemented several updates to the permissions manager. Among others, + improved the permissions manager (about:permissions) with a more complete + set of permissions for pages. + - Removed otherwise unused Metro browser platform/widget code. + - Removed support for non-standard/deprecated let blocks and expressions. + - Made the use of let as a keyword versionless and ES6 compliant. + - Made the privacy category in preferences a tabbed setup to better fit the + current options. + - Fixed a regression preventing certain MP4 video files from playing. + - Fixed a regression where seeking in media files would halt playback/jump + to the end of the stream. + - Fixed a crash caused by certain downloadable fonts with DirectWrite + in use. + -Improved downloads-button indicator legibility on some combinations of + Windows versions and system theme colors. + - Changed the Facebook user-agent override to be our native one, based on + reports from users that it is (finally) working acceptably. + - Fixed site-specific useragents being ignored if a global override is + defined. + + Security/privacy changes: + + - Changed CORS handling to allow data: sources, assuming they are + same-origin. This should fix the infamous "Facebook endless reload" issue + and may make some other sites that assume this particular (unspecified) + CORS behavior happy with Pale Moon. + - Reinstated the network.stricttransportsecurity.enabled preference so + people who choose privacy over HSTS can do so again. + - Added, In HSTS "off" state, prevention of HSTS site status from being + written to disk. + - Updated the IDN blacklist with more extended unicode characters that + "look very similar to" normal ASCII characters, to prevent spoofing of + well-known domains. If blacklisted characters are found, the IDN domain + name will be displayed in its punycode form. (CVE-2017-5383 and similar) + - Fixed an exploitable crash when using MP4 video. (CVE-2017-5396) + - Fixed an exploitable crash in XSL parsing. (CVE-2017-5376) + - Fixed a potential security issue when exporting certificates with + specially-crafted credentials. (CVE-2017-5381) + - Fixed a potential use-after-free situation in frame selection. + (CVE-2017-5380) DiD + - Fixed a leak of window details through the Ion compiler in certain + situations. + - Fixed the potential for an exploitable crash involving Javascript GC. DiD + - Fixed a potential overflow situation in (non-released) WebRTC code. DiD + - Fixed a potentially unsafe situation in websockets. DiD + - Fixed several memory and other safety hazards (BMO bugs 1318766, 1325877, + 1328834 DiD, 1288561 DiD, 1322420 DiD, 1293327 DiD, 1322315, 1325344, + 1285960). + * debian/mozconfig: + - add "ac_add_options --disable-necko-wifi" and "--disable-gstreamer".. + - drop "ac_add_options --enable-jemalloc-lib". + * debian/control: + - remove all gstreamer dependencies and build-deps. + - ffmepg | libav-tools added to Depends. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 09 Feb 2017 13:53:41 -0800 + +palemoon (27.0.3~repack-3) stable; urgency=medium + + * debian rules and control: add some code and alternative depends to force + building on gcc-4.9 on releases that default to gcc 5 or 6. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 25 Jan 2017 10:19:25 -0800 + +palemoon (27.0.3~repack-2) stable; urgency=medium + + * debian/mozconfig: reenable the dev tools. + * debian/rules: don't install duplicate /usr/lib/palemoon/palemoon-bin file. + + -- Steven Pusser <stevep@mxlinux.org> Thu, 29 Dec 2016 12:05:29 -0800 + +palemoon (27.0.3~repack-1) stable; urgency=medium + + * New upstream bugfix and security release. + + -- Steven Pusser <stevep@mxlinux.org> Mon, 19 Dec 2016 20:05:49 -0800 + +palemoon (27.0.2~repack-1mx15+1) mx; urgency=medium + + * New upstream bugfix release. + -fixed crash in SVG renderer related to CVE-2016-9079 (defense in depth) + -Firefox compatibility mode is default in useragent string. + * Drop debian/menu, deprecated with the use of desktop file. + * Drop use of debian/palemoon.xpm, link takes care of that in pixmaps. + * Install much better palemoon.desktop from source instead of from debian + folder. + + -- Steven Pusser <stevep@mxlinux.org> Fri, 02 Dec 2016 17:39:30 -0800 + +palemoon (27.0.1~repack-3mx15+1) mx; urgency=medium + + * Revise debian/mozconfig to remove deprecated configs and add sse2 + optimization. + * debian/rules: add override to help shlibdeps find libs on some releases. + + -- Steven Pusser <stevep@mxlinux.org> Wed, 30 Nov 2016 16:42:03 -0800 + +palemoon (27.0.1~repack-2mx15+1) mx; urgency=medium + + * debian/mozconfig: drop the "1.0" from the gstreamer flag. + * debian/install: don't install anything from /integration; part of default + install now. + * debian/compat: bump compat level to 9. + + -- Steven Pusser <stevep@mxlinux.org> Sun, 27 Nov 2016 13:50:54 -0800 + +palemoon (27.0.1~repack-1) mx; urgency=medium + + * New upstream release. + + -- Steven Pusser <stevep@mxlinux.org> Sat, 26 Nov 2016 10:09:18 -0800 + +palemoon (26.5.0~repack-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Elstad (v3g4n) <maintainer@mepiscommunity.org> Thu, 29 Sep 2016 18:22:24 -0500 + +palemoon (26.5.0~repack-1) obs; urgency=medium + + * New upstream release: + Fixes/Changes: + - Implemented a breaking CSP (content security policy) spec change; when a + page with CSP is loaded over http, Pale Moon now interprets CSP directives + to also include https versions of the hosts listed in CSP if a scheme + (http/https) isn't explicitly listed. This breaks with CSP 1.0 which is + more restrictive and doesn't allow this cross-protocol access, but is in + line with CSP 2 where this is allowed. + - Fixed an issue with the XML parser where it would sometimes end up in an + unknown state and throw an error (e.g. when specific networking errors + would occur). + - Improved the performance of canvas poisoning by explicitly + parallelizing it. + + Security fixes: + - Fixed a potentially exploitable crash related to text writing direction. + (CVE-2016-5280) + - Made checking for invalid PNG files more strict. Pale Moon will now reject + more PNG files that have corrupted/invalid data that could otherwise lead + to potential security issues. + - Changed the way paletted image frames are allocated so the space is + cleared before it's used. DiD + - Fixed a crash in nsNodeUtils::CloneAndAdopt() due to a typo. DiD + - Fixed several memory safety errors. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 28 Sep 2016 11:44:18 -0700 + +palemoon (26.4.1~repack-1) obs; urgency=medium + + * New upstream release: + Changes/fixes: + - Fixed a crash in the XSS filter. + - Slightly changed the address bar shading on secure sites to be more subtle + and easily-blended. + - Fixed the occurrence of "null" titles in bookmarks dragged from special + folders. + - Fixed an error initializing the browser due to trying to restore + scratchpad data from a stored session when having switched from a version + with devtools to a version without devtools, and the previous version had + scratchpad data saved. + - Fixed some minor issues in scratchpad and gcli devtools. + + Security fixes: + - Updated the HSTS preload list to a much more updated source list, and + performing our own checks on validity from now on to have the list be as + accurate as possible. + - Disabled Triple-DES cipher suites by default (mitigating SWEET32). + + * Add a "~repack" to the versioning because we have to repack the source. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 23 Sep 2016 17:07:58 -0700 + +palemoon (26.4.0-1mx150+1) mx; urgency=medium + + * New upstream release: + - Removed Google Search as a bundled search provider. If desired, you can + manually install it (or other search engines) after the update by following + the steps in the Manage Search Engines topic. + - Fixed the URL API to allow "stringification" of the object per + specification. This should make a number of websites happy. + - Added the ES6 string .includes() function in addition to the pre-existing + .contains() function for checking if a string contains another string. + The .contains() function is retained for compatibility with web and + extension scripts that adhere to the ES6 pre-release specification up to + and including RC3. + - Fixed the calculation of standalone SVG embeds width and height, which + should solve some reported issues with html5 graphs being displayed + incorrectly. + - Linux: improved memory allocation. + - Updated the graphite font library to 1.3.9. + - Added a blocking rule for F-Secure's 64-bit deepguard library to prevent + crashes. + - Updated the SQLite library to 3.13.0. + - Download= properties of links are now honored from the context menu + "Save" option. + - Fixed a crash in the XSS filter. + - Fixed a crash in the DOM error module. + - Worked around a crash on Linux + - Linux: Improved optimization and GCC6 compatibility (Note: compiling with + GCC 6 is still not recommended and it may or may not work, depending on + your environment) + + Security fixes: + - (CVE-2016-5251)Potential URL spoofing in the address bar. + - (CVE-2016-0718) Context-dependent crash in expat 2.1.0. + - (CVE-2016-5266) Outgoing dataTransfer items are not properly filtered. + - Fixed potentially exploitable crash in the array splice implementation. + - Fixed potentially exploitable crash caused by badly formatted ICO files. + - (CVE-2016-5254) Heap-use-after-free in nsXULPopupManager::KeyDown + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 19 Aug 2016 13:08:56 -0700 + +palemoon (26.3.3-1mx150+1) mx; urgency=medium + + * New upstream release: + - Fixed an additional issue found that could cause menu text on Windows 10 + to be white-on-white (and therefore unreadable). + - Fixed an issue with news feeds not showing up when embedded in web pages. + - Removed recently-added parsing of the child-src content security policy + directive, after some web compatibility issues with it came to light, as + well as it becoming clear that the CSP spec will see it removed in favor + of the previous directive for embedded content. This should fix some + intermittent issues people have reported on e.g. the main google.com page + and phpMyAdmin installations. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 01 Jul 2016 12:50:32 -0700 + +palemoon (26.3.2-1mx150+1) mx; urgency=medium + + * New upstream release: + - 26.3.2 (2016-06-27) - Windows only + This release only has pertinent changes for Windows. Other operating + systems do not need this update. + Changes/fixes: + + -Fixed a rare issue where the browser would not initialize properly + (missing bookmarks and menu entries) if certain Windows registry values + were missing (Windows 8 only). + -Fixed an issue on Windows 10 where the classic menu bar would become + unreadable (white on white). + -Portable only: Switched to non-compressed binaries to prevent issues with + antivirus packages, to prevent issues with browser run-time operation, and + to simplify code signing. + + - 26.3.1 (2016-06-25) + Changes/fixes: + + -Fixed an issue with new tab button theming on dark toolbars. + -Reverted the useragent identification of Firefox compatibility mode to + 38.9 to avoid WOFF2 font issues for sites that don't use proper font + deployment as recommended by the W3C. + -Added a site-specific override for Google fonts to make sure it always + works even if not using Firefox compatibility mode. (workaround pending + for a proper solution on Google's side) + -Adjusted the "dark color" detection routine to switch text to white at + higher relative contrast levels. This will more closely match Windows 10's + "flip point" for different accent colors and is within the recommended + range determined by the WCAG. + + - 26.3.0 (2016-06-21) + Changes/fixes: + + -Added detection for dark system themes on Windows 10 and re-worked Windows + 10 specific theming to better integrate into the OS and provide more + clarity. + -HTML5 media controls have been reworked to a horizontal volume control on + all media, including HTML5 audio that was previously without an + element-control for volume. + -Default HTML5 media volume preference added as media.default_volume -- + fractional, default 1.0 (=100%). + -String.prototype.match() and .replace() are now fully spec compliant. + -NSPR and NSS now correctly no longer enforce IA32 architecture + compatibility, getting the advantage of SSE2 like the rest of the code. + -Worked around crashes in the XSS filter when navigating back in history + due to document fragments. + -Instated a hard minimum of 10,000 places entries regardless of free disk + space and total memory to prevent undesired expiration of history. That is + around 16MB for an average entry size, which should be sane enough even on + low-memory machines. + -Fixed a typo in networking code introduced in 26.2.2 that would cause + issues on some sites due to adding extra forward slashes to the URL. + + - Security fixes: + + -Fixed a number of memory safety hazards and potentially exploitable + crashes. + -Fixed CVE-2016-2821 Use-after-free in the mozilla::dom::Element class + -Fixed netaddr deserialization for AF_UNSPEC and AF_LOCAL. + -Fixed a memory overrun error in the VP8 encoder. DiD + -Fixed non-threadsafe re-use of pixman images to prevent potential race + conditions. DiD + -Fixed CVE-2016-2825 Partial Same Origin Policy violation + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 27 Jun 2016 10:51:22 -0700 + +palemoon (26.2.2-1mx150+1) mx; urgency=medium + + * New upstream bugfix and security release: + + - CSS classes prefixed with "--" no longer stop parsing of the selectors. + - Several crash fixes. + - Made GC suppression more aggressive to prevent issues when actually out + of memory. + - Fixed a memory safety hazard in jpeg decoding. + - Fixed a potentially exploitable crash when using bi-directional text. + - Updated NSS to 3.19.4.2-PM, fixing CVE-2016-1938 among other things. + * Add Suggested packages gstreamer1.0-libav, gstreamer1.0-plugins-good, + gstreamer1.0-plugins-bad, gstreamer1.0-plugins-ugly to provide the most + comprehensive HTML 5 media playback. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Tue, 10 May 2016 18:26:54 -0700 + +palemoon (26.2.1-2) mx; urgency=medium + + * Switch to gstreamer 1.0 build-deps. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Sat, 09 Apr 2016 10:58:13 -0700 + +palemoon (26.2.1-1) mx; urgency=medium + + * New upstream release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 08 Apr 2016 20:50:19 -0700 + +palemoon (26.1.1-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Sat, 27 Feb 2016 19:41:04 -0800 + +palemoon (26.1.0-1mx150+1) mx; urgency=medium + + * New security, web compatibility, and bugfix release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 17 Feb 2016 10:18:12 -0800 + +palemoon (26.0.3-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Sat, 06 Feb 2016 18:02:47 -0800 + +palemoon (26.0.2-1mx150+1) mx; urgency=medium + + * Repackaged for MX 15. + + -- Mike Purtell <mandbx@sbcglobal.net> Thu, 04 Feb 2016 19:31:53 -0800 + +palemoon (26.0.2-1mcr120+1) mepis; urgency=medium + + * New security and bugfix release. + * Install extensions directly from /integration folder in source, remove + debian/distribution. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 04 Feb 2016 14:02:54 -0800 + +palemoon (26.0.0-1mcr120+2) mepis; urgency=medium + + * Install addons from debian/distribution, taken from Pale Moon tarball. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 01 Feb 2016 08:08:54 -0800 + +palemoon (26.0.0-1mcr120+1) mepis; urgency=medium + + * Add libpulse-dev to build-depends to prevent FTBFS. + * Add Suggests: gstreamer0.10-ffmpeg to debian/control file. + * Add Mozilla Public License 2.0 to debian/copyright. + * debian/mozconfig: use -O2 optimization and remove the jmalloc option, + and match what results from about:buildconfig from the official binary. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Tue, 26 Jan 2016 15:43:43 -0800 + +palemoon (25.8.1-2mcr120+1) mepis; urgency=medium + + * Drop mozconfig.patch; use debian/mozconfig instead. + * Refresh debian/copyright. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Sun, 06 Dec 2015 13:08:26 -0800 + +palemoon (25.8.1-1mcr120+1) mepis; urgency=medium + + * A small update to address two important issues: + - Fix for a crash that could occur at random since the update to 25.8.0. + - Fix for CSP (Content Security Policy) to be more lenient towards the + incorrect passing of full URLs with all sorts of parameters in the CSP + header, leading to misinterpretation of the header and incorrectly + blocking the loading of content. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 30 Nov 2015 10:20:18 -0800 + +palemoon (25.8.0-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + Fixes/changes: + - Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded + videos. + - Updated the JPEG decoder library to 1.4.0. + - Fixed and cleaned up XPCOM timer thread code to avoid intermittent + issues with events not firing (especially after stand-by). + - Updated overrides to work around issues with Facebook and Netflix. + - Fixed an issue where too-old system-supplied NSPR and/or NSS libraries + would be accepted for use. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 18 Nov 2015 11:52:32 -0800 + +palemoon (25.7.3-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - usability update needed due to the fact that Mozilla has shut down their key + exchange (J-PAKE) server along with the old Sync servers. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 14 Oct 2015 19:40:39 -0700 + +palemoon (25.7.2-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - Fixed a critical hang caused by recursive reloads that might happen in + iframes if its hash changed. + - Fixed a critical hang caused by lazy-loading of stylesheets through a + specific web programming technique as advocated by Google's PageSpeed. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Mon, 05 Oct 2015 15:19:18 -0700 + +palemoon (25.7.1-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + + Fixes/changes: + + - Code cleanup: Removed the majority of remaining telemetry code (including + the data reporting back-end and health report) to prevent a few issues + with partially removed code in earlier versions. + - Fixed a crash due to handling of bogus URIs passed to CSS style filters + (e.g. whatsapp's web interface). + - Permitted spec-breaking syntax in Regex character classes, allowing + ranges that would be permitted per the grammar rules in the spec but not + necessarily following the syntax rules. This impacts a good number of + (also higher profile) sites that use invalid ranges in regular + expressions (e.g. Cisco's networking academy site, Yahoo Fantasy + Football). + - Fixed a crash due to the newly introduced WASAPI handling of audio + channel mapping that doesn't like actual surround hardware setups (e.g. + playing a video with quadraphonic audio on a 4-speaker setup). + - Fixed an issue where site-specific dictionary selections would be written + to content preferences without the user's action, potentially overwriting + or clearing a previously-chosen dictionary. + - Added support for drag and drop of local files from sources which use + text/uri-lists. (Some Linux flavors/file managers) + - Updated libnestegg to the most current version. + - Fixed an issue where setting the location to an empty string could cause + a reload loop. + + Security fixes: + + - Changed the jemalloc poison address to something that is not a NOP-slide. + DiD + - Fixed a memory safety hazard in ConvertDialogOptions (CVE-2015-4521) + - Fixed a buffer overflow/crash hazard in the + VertexBufferInterface::reserveVertexSpace function in libGLES in ANGLE + (CVE-2015-7179) + - Fixed an overflow/crash hazard in the XULContentSinkImpl::AddText function + (CVE-2015-7175) + - Fixed a stack buffer overread hazard in the ICC v4 profile parser + (CVE-2015-4504) + - Fixed an HTMLVideoElement Use-After-Free Remote Code Execution 0-day + vulnerability (ZDI-CAN-3176) (CVE-2015-4509) + - Fixed a potentially exploitable crash in nsXBLService::GetBinding + - Fixed a memory safety hazard in nsAttrAndChildArray::GrowBy + (CVE-2015-7174) + - Fixed a memory safety hazard for callers of nsUnicodeToUTF8::GetMaxLength + (CVE-2015-4522) + - Fixed a heap buffer overflow/crash hazard caused by invalid WebM headers + (CVE-2015-4511) + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 30 Sep 2015 12:11:14 -0700 + +palemoon (25.7.0-1mcr120+1) mepis; urgency=medium + + * New bugfix and maintenance release: + - Code cleanup: Removed the (otherwise unused) visual event tracer code. + - Code cleanup: Removed reflow performance tracing code (telemetry). + - Fixed a key JavaScript bug where defining properties on an object would + wipe the object. + - This seems to be a common issue with "modern" libraries that use "define" + instead of "change" and expecting the other properties on the object to be + retained, resulting in "x is undefined" errors all over the place if the + object is wiped. + - This aligns the behavior with ES6's "Validate and apply property + descriptor" pseudo-function. + - Updated the SQLite library to 3.8.11.1. + - Added support for the element.matches() Web API function. + - Added support for BASE tag parsing in source view. Previously, when + viewing the source of a document, clickable links would be incorrect if a + base path was specified in the document with this tag. + - Fixed an issue with running timers after the computer would have been put + to sleep with the browser opened. + + Security fixes: + + - Added protection against potential bugs where our SVG mPositions is out of + sync with the characters in the DOM. DiD + - Fixed use-after-free vulnerability in XMLHttpRequest::Open() + (CVE-2015-4492) + - Fixed use-after-free vulnerability in the StyleAnimationValue class + (CVE-2015-4488) + - Fixed crash or memory corruption in nsTArray (CVE-2015-4489) + - Fixed crash or memory corruption in nsTSubstring::ReplacePrep + (CVE-2015-4487) + - Fixed potential escalation of privileges or crash (out-of-bounds write) + via a crafted name in MARs (x64 only) -(CVE-2015-4482) + - Fixed an issue that would allow man-in-the-middle attackers to bypass a + mixed-content protection mechanism via a feed: URL in a POST request. + (CVE-2015-4483) + * Added blurb to postinst script. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Wed, 26 Aug 2015 14:50:58 -0700 + +palemoon (25.6.0-1mcr120+1) mepis; urgency=medium + + * New upstream release. + * Add debian README.7z-source to explain how to use the .7z source archive. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 31 Jul 2015 16:40:45 -0700 + +palemoon (25.5.0-1mx150+1) mx; urgency=medium + + * Rebuild for MX 15. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 26 Jun 2015 14:43:57 -0700 + +palemoon (25.5.0-1mcr120+1) mepis; urgency=medium + + * New upstream release. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 11 Jun 2015 14:53:31 -0700 + +palemoon (25.4.1-1mcr120+1) mepis; urgency=low + + * Bugfix release, rebuild for MEPIS 12.0. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Fri, 01 May 2015 12:47:55 -0700 + +palemoon (25.3.1-0mcr120+1) mepis; urgency=low + + * Rebuild for MEPIS 12.0. + * debian/rules: compress deb packages with xz. + + -- Steven Pusser (Stevo) <maintainer@mepiscommunity.org> Thu, 26 Mar 2015 11:23:26 -0700 + +palemoon (25.3.1-0~precise1) precise; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Wed, 25 Mar 2015 20:46:17 +0100 + +palemoon (25.3.0-0~trusty1) trusty; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Sat, 14 Mar 2015 12:12:57 +0100 + +palemoon (25.2.1-0~trusty1) trusty; urgency=low + + * New upstream release + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Sun, 01 Feb 2015 16:18:52 +0100 + +palemoon (24.5.0-0~precise1) precise; urgency=low + + * Initial packaging + + -- Marián Kadaňka <marian.kadanka@openmailbox.org> Mon, 12 May 2014 20:42:01 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..ec63514 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +9 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..a99eddf --- /dev/null +++ b/debian/control @@ -0,0 +1,46 @@ +Source: palemoon +Section: web +Priority: optional +Maintainer: Steven Pusser <stevep@mxlinux.org> +Bugs: mailto: <maintainer@mepiscommunity.org> +XSBC-Original-Maintainer: Marian Kadanka <marian.kadanka@openmailbox.org> +Build-Depends: debhelper (>= 9), +# Add for the conditional in rules to force use of gcc-4.9 on newer distreleases +# that default to gcc-5 or 6 + lsb-release, + gcc-4.9 | gcc-4.8 | gcc-4.7, + g++-4.9 | g++-4.8 | g++-4.7, + cpp-4.9 | cpp-4.8 | cpp-4.7, +# standard build-deps + autoconf2.13, + python (>= 2.7), + unzip, + zip, + pkg-config, + libgtk2.0-dev (>= 2.14), + libdbus-1-dev (>=0.60), + libdbus-glib-1-dev (>= 0.60), + yasm (>= 1.1), + libasound2-dev, + libpulse-dev, + libxt-dev, + mesa-common-dev +Standards-Version: 3.9.6 +Homepage: http://www.palemoon.org/ + +Package: palemoon +Architecture: any +Depends: ${shlibs:Depends}, ${misc:Depends}, + ffmpeg | libav-tools +Provides: x-www-browser +Conflicts: palemoon-nonsse2 +Replaces: palemoon-nonsse2 +Description: Firefox-based, efficient and easy to use web browser + Pale Moon offers selected features and optimizations to maximize + the browser's speed, stability and user experience, while maintaining + compatibility with the thousands of Firefox extensions you have come + to love and rely on. + . + Pale Moon requires a processor that supports the SSE2 instruction set. + Run "/proc/cpuinfo" in a terminal, and look for sse2 in the flags to ensure + that your processor supports it. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..ab36daa --- /dev/null +++ b/debian/copyright @@ -0,0 +1,571 @@ +Even though Pale Moon is open source and the source is supplied under +the Mozilla Public License, redistribution of the Pale Moon binaries is +limited by certain conditions under a proprietary license by Moonchild +Productions, as permitted under 3.2b of the MPL v2.0. This has been +required because of, among other things, the increasing number of +rogue/altered copies and people taking advantage of the free +availability of the browser to monetize upon, which is against Pale +Moon's principles of free software. + +****** Pale Moon Freeware License ****** +Note: if not otherwise explicitly specified, the Copyright holder and Author of +software subject to this license is M.C. Straver BASc, AKA "Moonchild". Also +note that this license does not apply to the Pale Moon browser, but to other +specific (helper) applications released by Moonchild Productions. For licensing +of the browser, please see the MPL (for the source) and redistribution_license +(for binary (re)distribution). + +=============================================================================== +Last updated: 16 November 2015 +The software provided under this license is provided as Freely Available +Copyrighted Software ("Freeware"), which means: + 1. The author of this software retains full rights to all parts of the + software provided. No rights are given to copy, modify or create + derivative works of this software. + 2. The software may only be distributed by third parties if such + distribution is completely FREE OF CHARGE. No redistribution fee or cost + reimbursement may be charged, and the software must be supplied UNALTERED + and with all Copyright statements intact, accompanied by a copy of this + license. + 3. The software may not be included in whole or in part in other software, + either free or commercially, without the author's prior express written + permission. + 4. If the source code to the software is officially made available + (disclosed), it may be used for educational purposes, but (parts of) the + software's source code may not be copied verbatim to other software + without the author's prior express written permission. See (1). + 5. The term "Freeware" in this license should be interpreted as "gratis" + (with no attached cost or fee), and should not be interpreted as "libre" + (with no restrictions on use/modification). +Software distributed under the License is distributed on an "AS IS" basis, +WITHOUT WARRANTY OF ANY KIND, either express or implied. +=============================================================================== + +This license may be updated without notice, so please make sure to check back +on occasion if you use or distribute this software. That being said, there is +no intention of making changes to the core of this license and the main premise +of free availability behind it. + +If you have any questions about this freeware license, think anything is in +error or wish to discuss individual terms for your specific scenario or +specific property/distribution rights issues, then please contact_me. + + +Even though Pale Moon is open source and the source is supplied under +the Mozilla Public License, redistribution of the Pale Moon binaries is +limited by certain conditions under a proprietary license by Moonchild +Productions, as permitted under 3.2b of the MPL v2.0. This has been +required because of, among other things, the increasing number of +rogue/altered copies and people taking advantage of the free +availability of the browser to monetize upon, which is against Pale +Moon's principles of free software. + + +=============================================================================== +**** Redistribution license **** +Last updated: 14 September 2015 + +If you wish to redistribute the binaries (executable form of the code) of Pale +Moon, you are free to do so, with the following limitations: + 1. There is NO CHARGE for the download or distribution of the browser + package. + It is therefore not permitted if, without limitation: + a. You charge for the download of the binary packages (e.g. paid + hosting service, pay-per-download, subscription, etc.) or access to + them (password protected sites/archives/etc.) + b. You charge for redistribution rights of the browser binaries, + yourself (you have no rights to it) + c. You charge for a physical medium like a CD or DVD. Example: If you + provide a "cover disk" with a printed magazine, that is considered + a "no charge" item (free bonus item with the magazine) and is + therefore allowed. If you provide a disk-based magazine (digital) + that includes Pale Moon, the medium itself is paid for and + considered a "charge" item, and is therefore not allowed. + 2. You don't require the obligatory submission of personal data (name, e- + mail, telephone number, address, age, gender, ID, or similar) to download + the binaries. If you require registration of users before they can + download Pale Moon, you are not allowed to distribute it. Users must, at + all times, have the clear and equal option to download Pale Moon without + surrendering any personal information to you. + 3. The binaries and/or archives are completely UNALTERED. This includes + addition or removal of any component of the browser. Redistribution is + therefore not permitted if, without limitation: + a. You have re-packed the browser in a different archive format + (either common or proprietary) + (an exception to this is re-packaging required for specific target + operating systems, e.g. rpm, deb, pet) + b. You have added language packs/add-ons/plugins/etc. + c. You have added third-party tools/toolbars/utilities/etc. + d. You have changed supplied default preferences of the browser + e. You include a pre-set profile + f. You have removed any component from the browser package + g. You have edited or removed text or script files (including license + files, readmes, JavaScript modules, etc.) + h. The binaries have been in any way infected with or include a virus, + trojan, or other malware + i. The binaries and program structure have been in any way obscured + (e.g. by using application virtualization) making it difficult or + impossible to check for the previously listed alterations + 4. The binaries can be obtained without the use of third-party software not + officially endorsed, including but not limited to: download managers, + stub installers, wrappers, proprietary clients or proprietary protocols. + This includes any offering of such unendorsed downloading software or + methods, regardless of offering "direct" downloads or allowed methods + alongside the unendorsed ones. + 5. The binaries are not supplied as an integral part of a commercial/non- + commercial software package/larger works ("package"). If you wish to do + this, you must contact me beforehand to obtain permission and discuss + terms. Inclusion in a package will be subject to an individual agreement + (either extemporaneous or legalized) which may or may not involve + compensation. + 6. The binaries are not supplied as an integral part of a commercial/non- + commercial website/web service/on-line venue/etc. ("service"). If you + wish to do this, you must contact me beforehand to obtain permission and + discuss terms. Inclusion in a service will be subject to an individual + agreement (either extemporaneous or legalized) which may or may not + involve compensation. + 7. An exception applies to points 5 and 6 of this license for educational + purposes if bundled with other open source software or supplied as part + of a curriculum or in-college resource for students. + 8. An exception applies to point 5 of this license for inclusion of the + officially branded binaries in freely available and fully Open Source + operating systems, including but not limited to non-commercial variants + of Linux, variants of BSD and ReactOS. This exception only applies to + unaltered versions of the Pale Moon binaries or officially branded + variants specifically built for the target operating system from source + that have not been materially changed (including brand-specific + configurations like e.g. home page, default search engine). If any of the + essential settings of the browser are altered beyond what is strictly + needed for providing a working build on the target operating system, the + exception in this point does not apply and the license defaults to point + 10, instead. + 1. Clarification of "officially branded variants specifically built + for the target operating system": If an officially-built binary + (i.e. built by our team) is available for the target operating + system (e.g. existing Linux binaries), then those binaries will + always, in principle, take precedence over a third-party build to + ensure necessary QA and compatibility. Building and distributing a + binary with official branding is in that situation only in + principle allowed if an actual variant build is required for the + target distribution's compatibility (e.g. kernel or library + requirements) or operation, and otherwise not impacting the + material content of the browser package as a whole. QA of and + support for the resulting variant binaries will in that case fall + on the maintainer who will have to take full responsibility for the + variant binary. + 9. This redistribution agreement and any Individual Agreements for the + redistribution of executable code are provided by Moonchild Productions + ("Moonchild", "M.C. Straver") explicitly for the Pale Moon executable + code, and not by the Initial Developer or any Contributor. The Initial + Developer and every Contributor is hereby indemnified for any liability + incurred by the Initial Developer or such Contributor as a result of + these terms. + 10. The only exception to this redistribution policy not otherwise covered in + points 7 or 8 is if the repackaged or private build with official + branding has been pre-approved by Moonchild for redistribution and is + listed on this website as a contributed build. Contributed builds are + subject to a screening process, may be accepted or rejected, may be re- + screened at a later time, and may be at any time removed, in Moonchild's + sole discretion, either with or without stated reason. + 11. If a distribution is authorized as per point 10, the contributed build + may be redistributed in unaltered form by third parties as set out in the + points above and under the same conditions. + 12. If you wish to distribute binaries for other platforms, building from + Pale Moon source code, you may not use official branding unless these + builds have also been approved as a contributed build as per point 10 of + this license or if they are exempt under points 7 or 8 of this license. + Even so, you obtain no rights to the Pale Moon name or logo, merely the + permission to use it for the 3rd party build, and only for as long as it + is officially endorsed or satisfies the conditions for exemption. In all + other cases you must use significantly different branding files/graphics + and a significantly different name for the browser. + 13. Unofficial branding ("New Moon") as supplied in the source code may be + used for unendorsed binaries at all times. Thusly branded binaries with + the New Moon logo and product name are not subject to the endorsement and + exception rules as set out in previous points of this license and may be + freely distributed in altered or unaltered form, subject to the Mozilla + Public License as regards source code changes and availability. This + permission does, however, not include any rights or license to the Pale + Moon name and logo that may still be present in the resulting + unofficially branded binaries. +=============================================================================== + + + + +Mozilla Public License Version 2.0 +================================== + +1. Definitions +-------------- + +1.1. "Contributor" + means each individual or legal entity that creates, contributes to + the creation of, or owns Covered Software. + +1.2. "Contributor Version" + means the combination of the Contributions of others (if any) used + by a Contributor and that particular Contributor's Contribution. + +1.3. "Contribution" + means Covered Software of a particular Contributor. + +1.4. "Covered Software" + means Source Code Form to which the initial Contributor has attached + the notice in Exhibit A, the Executable Form of such Source Code + Form, and Modifications of such Source Code Form, in each case + including portions thereof. + +1.5. "Incompatible With Secondary Licenses" + means + + (a) that the initial Contributor has attached the notice described + in Exhibit B to the Covered Software; or + + (b) that the Covered Software was made available under the terms of + version 1.1 or earlier of the License, but not also under the + terms of a Secondary License. + +1.6. "Executable Form" + means any form of the work other than Source Code Form. + +1.7. "Larger Work" + means a work that combines Covered Software with other material, in + a separate file or files, that is not Covered Software. + +1.8. "License" + means this document. + +1.9. "Licensable" + means having the right to grant, to the maximum extent possible, + whether at the time of the initial grant or subsequently, any and + all of the rights conveyed by this License. + +1.10. "Modifications" + means any of the following: + + (a) any file in Source Code Form that results from an addition to, + deletion from, or modification of the contents of Covered + Software; or + + (b) any new file in Source Code Form that contains any Covered + Software. + +1.11. "Patent Claims" of a Contributor + means any patent claim(s), including without limitation, method, + process, and apparatus claims, in any patent Licensable by such + Contributor that would be infringed, but for the grant of the + License, by the making, using, selling, offering for sale, having + made, import, or transfer of either its Contributions or its + Contributor Version. + +1.12. "Secondary License" + means either the GNU General Public License, Version 2.0, the GNU + Lesser General Public License, Version 2.1, the GNU Affero General + Public License, Version 3.0, or any later versions of those + licenses. + +1.13. "Source Code Form" + means the form of the work preferred for making modifications. + +1.14. "You" (or "Your") + means an individual or a legal entity exercising rights under this + License. For legal entities, "You" includes any entity that + controls, is controlled by, or is under common control with You. For + purposes of this definition, "control" means (a) the power, direct + or indirect, to cause the direction or management of such entity, + whether by contract or otherwise, or (b) ownership of more than + fifty percent (50%) of the outstanding shares or beneficial + ownership of such entity. + +2. License Grants and Conditions +-------------------------------- + +2.1. Grants + +Each Contributor hereby grants You a world-wide, royalty-free, +non-exclusive license: + +(a) under intellectual property rights (other than patent or trademark) + Licensable by such Contributor to use, reproduce, make available, + modify, display, perform, distribute, and otherwise exploit its + Contributions, either on an unmodified basis, with Modifications, or + as part of a Larger Work; and + +(b) under Patent Claims of such Contributor to make, use, sell, offer + for sale, have made, import, and otherwise transfer either its + Contributions or its Contributor Version. + +2.2. Effective Date + +The licenses granted in Section 2.1 with respect to any Contribution +become effective for each Contribution on the date the Contributor first +distributes such Contribution. + +2.3. Limitations on Grant Scope + +The licenses granted in this Section 2 are the only rights granted under +this License. No additional rights or licenses will be implied from the +distribution or licensing of Covered Software under this License. +Notwithstanding Section 2.1(b) above, no patent license is granted by a +Contributor: + +(a) for any code that a Contributor has removed from Covered Software; + or + +(b) for infringements caused by: (i) Your and any other third party's + modifications of Covered Software, or (ii) the combination of its + Contributions with other software (except as part of its Contributor + Version); or + +(c) under Patent Claims infringed by Covered Software in the absence of + its Contributions. + +This License does not grant any rights in the trademarks, service marks, +or logos of any Contributor (except as may be necessary to comply with +the notice requirements in Section 3.4). + +2.4. Subsequent Licenses + +No Contributor makes additional grants as a result of Your choice to +distribute the Covered Software under a subsequent version of this +License (see Section 10.2) or under the terms of a Secondary License (if +permitted under the terms of Section 3.3). + +2.5. Representation + +Each Contributor represents that the Contributor believes its +Contributions are its original creation(s) or it has sufficient rights +to grant the rights to its Contributions conveyed by this License. + +2.6. Fair Use + +This License is not intended to limit any rights You have under +applicable copyright doctrines of fair use, fair dealing, or other +equivalents. + +2.7. Conditions + +Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted +in Section 2.1. + +3. Responsibilities +------------------- + +3.1. Distribution of Source Form + +All distribution of Covered Software in Source Code Form, including any +Modifications that You create or to which You contribute, must be under +the terms of this License. You must inform recipients that the Source +Code Form of the Covered Software is governed by the terms of this +License, and how they can obtain a copy of this License. You may not +attempt to alter or restrict the recipients' rights in the Source Code +Form. + +3.2. Distribution of Executable Form + +If You distribute Covered Software in Executable Form then: + +(a) such Covered Software must also be made available in Source Code + Form, as described in Section 3.1, and You must inform recipients of + the Executable Form how they can obtain a copy of such Source Code + Form by reasonable means in a timely manner, at a charge no more + than the cost of distribution to the recipient; and + +(b) You may distribute such Executable Form under the terms of this + License, or sublicense it under different terms, provided that the + license for the Executable Form does not attempt to limit or alter + the recipients' rights in the Source Code Form under this License. + +3.3. Distribution of a Larger Work + +You may create and distribute a Larger Work under terms of Your choice, +provided that You also comply with the requirements of this License for +the Covered Software. If the Larger Work is a combination of Covered +Software with a work governed by one or more Secondary Licenses, and the +Covered Software is not Incompatible With Secondary Licenses, this +License permits You to additionally distribute such Covered Software +under the terms of such Secondary License(s), so that the recipient of +the Larger Work may, at their option, further distribute the Covered +Software under the terms of either this License or such Secondary +License(s). + +3.4. Notices + +You may not remove or alter the substance of any license notices +(including copyright notices, patent notices, disclaimers of warranty, +or limitations of liability) contained within the Source Code Form of +the Covered Software, except that You may alter any license notices to +the extent required to remedy known factual inaccuracies. + +3.5. Application of Additional Terms + +You may choose to offer, and to charge a fee for, warranty, support, +indemnity or liability obligations to one or more recipients of Covered +Software. However, You may do so only on Your own behalf, and not on +behalf of any Contributor. You must make it absolutely clear that any +such warranty, support, indemnity, or liability obligation is offered by +You alone, and You hereby agree to indemnify every Contributor for any +liability incurred by such Contributor as a result of warranty, support, +indemnity or liability terms You offer. You may include additional +disclaimers of warranty and limitations of liability specific to any +jurisdiction. + +4. Inability to Comply Due to Statute or Regulation +--------------------------------------------------- + +If it is impossible for You to comply with any of the terms of this +License with respect to some or all of the Covered Software due to +statute, judicial order, or regulation then You must: (a) comply with +the terms of this License to the maximum extent possible; and (b) +describe the limitations and the code they affect. Such description must +be placed in a text file included with all distributions of the Covered +Software under this License. Except to the extent prohibited by statute +or regulation, such description must be sufficiently detailed for a +recipient of ordinary skill to be able to understand it. + +5. Termination +-------------- + +5.1. The rights granted under this License will terminate automatically +if You fail to comply with any of its terms. However, if You become +compliant, then the rights granted under this License from a particular +Contributor are reinstated (a) provisionally, unless and until such +Contributor explicitly and finally terminates Your grants, and (b) on an +ongoing basis, if such Contributor fails to notify You of the +non-compliance by some reasonable means prior to 60 days after You have +come back into compliance. Moreover, Your grants from a particular +Contributor are reinstated on an ongoing basis if such Contributor +notifies You of the non-compliance by some reasonable means, this is the +first time You have received notice of non-compliance with this License +from such Contributor, and You become compliant prior to 30 days after +Your receipt of the notice. + +5.2. If You initiate litigation against any entity by asserting a patent +infringement claim (excluding declaratory judgment actions, +counter-claims, and cross-claims) alleging that a Contributor Version +directly or indirectly infringes any patent, then the rights granted to +You by any and all Contributors for the Covered Software under Section +2.1 of this License shall terminate. + +5.3. In the event of termination under Sections 5.1 or 5.2 above, all +end user license agreements (excluding distributors and resellers) which +have been validly granted by You or Your distributors under this License +prior to termination shall survive termination. + +************************************************************************ +* * +* 6. Disclaimer of Warranty * +* ------------------------- * +* * +* Covered Software is provided under this License on an "as is" * +* basis, without warranty of any kind, either expressed, implied, or * +* statutory, including, without limitation, warranties that the * +* Covered Software is free of defects, merchantable, fit for a * +* particular purpose or non-infringing. The entire risk as to the * +* quality and performance of the Covered Software is with You. * +* Should any Covered Software prove defective in any respect, You * +* (not any Contributor) assume the cost of any necessary servicing, * +* repair, or correction. This disclaimer of warranty constitutes an * +* essential part of this License. No use of any Covered Software is * +* authorized under this License except under this disclaimer. * +* * +************************************************************************ + +************************************************************************ +* * +* 7. Limitation of Liability * +* -------------------------- * +* * +* Under no circumstances and under no legal theory, whether tort * +* (including negligence), contract, or otherwise, shall any * +* Contributor, or anyone who distributes Covered Software as * +* permitted above, be liable to You for any direct, indirect, * +* special, incidental, or consequential damages of any character * +* including, without limitation, damages for lost profits, loss of * +* goodwill, work stoppage, computer failure or malfunction, or any * +* and all other commercial damages or losses, even if such party * +* shall have been informed of the possibility of such damages. This * +* limitation of liability shall not apply to liability for death or * +* personal injury resulting from such party's negligence to the * +* extent applicable law prohibits such limitation. Some * +* jurisdictions do not allow the exclusion or limitation of * +* incidental or consequential damages, so this exclusion and * +* limitation may not apply to You. * +* * +************************************************************************ + +8. Litigation +------------- + +Any litigation relating to this License may be brought only in the +courts of a jurisdiction where the defendant maintains its principal +place of business and such litigation shall be governed by laws of that +jurisdiction, without reference to its conflict-of-law provisions. +Nothing in this Section shall prevent a party's ability to bring +cross-claims or counter-claims. + +9. Miscellaneous +---------------- + +This License represents the complete agreement concerning the subject +matter hereof. If any provision of this License is held to be +unenforceable, such provision shall be reformed only to the extent +necessary to make it enforceable. Any law or regulation which provides +that the language of a contract shall be construed against the drafter +shall not be used to construe this License against a Contributor. + +10. Versions of the License +--------------------------- + +10.1. New Versions + +Mozilla Foundation is the license steward. Except as provided in Section +10.3, no one other than the license steward has the right to modify or +publish new versions of this License. Each version will be given a +distinguishing version number. + +10.2. Effect of New Versions + +You may distribute the Covered Software under the terms of the version +of the License under which You originally received the Covered Software, +or under the terms of any subsequent version published by the license +steward. + +10.3. Modified Versions + +If you create software not governed by this License, and you want to +create a new license for such software, you may create and use a +modified version of this License if you rename the license and remove +any references to the name of the license steward (except to note that +such modified license differs from this License). + +10.4. Distributing Source Code Form that is Incompatible With Secondary +Licenses + +If You choose to distribute Source Code Form that is Incompatible With +Secondary Licenses under the terms of this version of the License, the +notice described in Exhibit B of this License must be attached. + +Exhibit A - Source Code Form License Notice +------------------------------------------- + + This Source Code Form is subject to the terms of the Mozilla Public + License, v. 2.0. If a copy of the MPL was not distributed with this + file, You can obtain one at http://mozilla.org/MPL/2.0/. + +If it is not possible or desirable to put the notice in a particular +file, then You may include the notice in a location (such as a LICENSE +file in a relevant directory) where a recipient would be likely to look +for such a notice. + +You may add additional accurate notices of copyright ownership. + +Exhibit B - "Incompatible With Secondary Licenses" Notice +--------------------------------------------------------- + + This Source Code Form is "Incompatible With Secondary Licenses", as + defined by the Mozilla Public License, v. 2.0. + + + diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..de06d5e --- /dev/null +++ b/debian/install @@ -0,0 +1 @@ +browser/branding/official/palemoon.desktop usr/share/applications diff --git a/debian/mozconfig b/debian/mozconfig new file mode 100644 index 0000000..edb14ad --- /dev/null +++ b/debian/mozconfig @@ -0,0 +1,19 @@ +export MOZILLA_OFFICIAL=1 +mk_add_options MOZ_CO_PROJECT=browser +ac_add_options --enable-official-branding +ac_add_options --enable-application=browser +ac_add_options --enable-release +ac_add_options --disable-installer +ac_add_options --disable-updater +ac_add_options --enable-optimize="-O2 -msse2 -mfpmath=sse" +ac_add_options --disable-debug +ac_add_options --with-pthreads +ac_add_options --enable-shared-js +ac_add_options --enable-jemalloc +ac_add_options --enable-strip +ac_add_options --x-libraries=/usr/lib +ac_add_options --prefix=/usr +ac_add_options --enable-devtools +ac_add_options --disable-necko-wifi +ac_add_options --disable-installer +ac_add_options --disable-updater diff --git a/debian/palemoon.links b/debian/palemoon.links new file mode 100644 index 0000000..fedb535 --- /dev/null +++ b/debian/palemoon.links @@ -0,0 +1,6 @@ +/usr/lib/palemoon/browser/chrome/icons/default/default16.png /usr/share/icons/hicolor/16x16/apps/palemoon.png +/usr/lib/palemoon/browser/chrome/icons/default/default32.png /usr/share/icons/hicolor/32x32/apps/palemoon.png +/usr/lib/palemoon/browser/chrome/icons/default/default48.png /usr/share/icons/hicolor/48x48/apps/palemoon.png +/usr/lib/palemoon/browser/icons/mozicon128.png /usr/share/icons/hicolor/128x128/apps/palemoon.png +/usr/lib/palemoon/browser/icons/mozicon128.png /usr/share/pixmaps/palemoon.png +/usr/lib/palemoon/palemoon usr/bin/palemoon \ No newline at end of file diff --git a/debian/palemoon.lintian-overrides b/debian/palemoon.lintian-overrides new file mode 100644 index 0000000..5954bcd --- /dev/null +++ b/debian/palemoon.lintian-overrides @@ -0,0 +1,3 @@ +palemoon binary: embedded-library usr/lib/palemoon/libxul.so: libjpeg +palemoon binary: embedded-library usr/lib/palemoon/libmozsqlite3.so: sqlite +palemoon binary: image-file-in-usr-lib diff --git a/debian/palemoon.postinst b/debian/palemoon.postinst new file mode 100755 index 0000000..dde1357 --- /dev/null +++ b/debian/palemoon.postinst @@ -0,0 +1,11 @@ +#!/bin/sh -e + +if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] ; then + update-alternatives --install /usr/bin/gnome-www-browser \ + gnome-www-browser /usr/bin/palemoon 40 + + update-alternatives --install /usr/bin/x-www-browser \ + x-www-browser /usr/bin/palemoon 40 +fi + +#DEBHELPER# diff --git a/debian/palemoon.prerm b/debian/palemoon.prerm new file mode 100755 index 0000000..b03dbd6 --- /dev/null +++ b/debian/palemoon.prerm @@ -0,0 +1,8 @@ +#!/bin/sh -e + +if [ "$1" = "remove" ] || [ "$1" = "deconfigure" ] ; then + update-alternatives --remove x-www-browser /usr/bin/palemoon + update-alternatives --remove gnome-www-browser /usr/bin/palemoon +fi + +#DEBHELPER# diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..645c67e --- /dev/null +++ b/debian/rules @@ -0,0 +1,46 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +export SHELL=/bin/bash + +# Build with gcc-4.9 on Stretch, Buster,Xenial, Yakkety, Zesty, and Horizon. +distrelease := $(shell lsb_release -cs) +ifeq ($(distrelease),$(filter $(distrelease),stretch buster xenial yakkety \ +zesty artful bionic Horizon)) +export CC=gcc-4.9 +export CXX=g++-4.9 +export CPP=cpp-4.9 +export LD=gcc-4.9 +endif + +%: + dh $@ --parallel + +override_dh_auto_clean: + rm -f mozconfig + dh_auto_clean + + +override_dh_auto_configure: + cp debian/mozconfig mozconfig + +override_dh_auto_build: + make -f client.mk build + +override_dh_auto_install: + make -f client.mk DESTDIR=$$(pwd)/debian/palemoon prefix=/usr \ + installdir=/usr/lib/palemoon \ + sdkdir=/usr/lib/palemoon-devel install + rm -rf $$(pwd)/debian/palemoon/usr/share/idl + rm -rf $$(pwd)/debian/palemoon/usr/lib/palemoon-devel + rm -rf $$(pwd)/debian/palemoon/usr/include +# remove vestigial duplicate file + rm -rf $$(pwd)/debian/palemoon/usr/lib/palemoon/palemoon-bin + +override_dh_shlibdeps: + dh_shlibdeps -l /usr/lib/palemoon + +# For releases that don't use xz compression by default, such as Wheezy. +# It's OK to leave this in for those that do. +override_dh_builddeb: + dh_builddeb -- -Z xz diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..163aaf8 --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (quilt) diff --git a/debian/source/include-binaries b/debian/source/include-binaries new file mode 100644 index 0000000..dd76db8 --- /dev/null +++ b/debian/source/include-binaries @@ -0,0 +1,10 @@ +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/urlbar-over-link-arrow-rtl.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pms24.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pulse.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/throbberStatic.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/pms16.png +debian/distribution/bundles/statusbar@palemoon.org/chrome/skin/all/urlbar-over-link-arrow.png +debian/distribution/bundles/statusbar@palemoon.org/components/status4evar.xpt +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/stop.png +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/statusbar.png +debian/distribution/bundles/{3ff46564-d77c-491c-bfc5-fc555c87dbc4}/chrome/content/images/icon.png -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 0fd0735a1d70e3f539b728de9be36c246ea20450 Author: Mihai Moldovan <ionic@ionic.de> Date: Mon May 28 03:49:01 2018 +0200 debian/control: switch maintainer to X2Go Developers. --- debian/changelog | 9 +++++++++ debian/control | 5 ++--- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/debian/changelog b/debian/changelog index cff607f..c8265d5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +palemoon (27.9.1a1~0x2go1) obs; urgency=medium + + [ Mihai Moldovan ] + * New downstream version (27.9.1a1): + * debian/control: + - Switch maintainer to X2Go Developers. + + -- Mihai Moldovan <ionic@ionic.de> Mon, 28 May 2018 03:44:10 +0200 + palemoon (27.9.2~repack-1) obs; urgency=medium * New upstream security and stability update: diff --git a/debian/control b/debian/control index a99eddf..f767b4f 100644 --- a/debian/control +++ b/debian/control @@ -1,9 +1,8 @@ Source: palemoon Section: web Priority: optional -Maintainer: Steven Pusser <stevep@mxlinux.org> -Bugs: mailto: <maintainer@mepiscommunity.org> -XSBC-Original-Maintainer: Marian Kadanka <marian.kadanka@openmailbox.org> +Maintainer: X2Go Developers <x2go-dev@lists.x2go.org> +XSBC-Original-Maintainer: Steven Pusser <stevep@mxlinux.org> Build-Depends: debhelper (>= 9), # Add for the conditional in rules to force use of gcc-4.9 on newer distreleases # that default to gcc-5 or 6 -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit dec59f0e8363f05ce72bd6d8b9b230c94c6c7b0b Author: Mihai Moldovan <ionic@ionic.de> Date: Mon May 28 03:49:53 2018 +0200 debian/control: remove stray tab. --- debian/changelog | 1 + debian/control | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/debian/changelog b/debian/changelog index c8265d5..6fa0a3b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -4,6 +4,7 @@ palemoon (27.9.1a1~0x2go1) obs; urgency=medium * New downstream version (27.9.1a1): * debian/control: - Switch maintainer to X2Go Developers. + - Remove stray tab. -- Mihai Moldovan <ionic@ionic.de> Mon, 28 May 2018 03:44:10 +0200 diff --git a/debian/control b/debian/control index f767b4f..65ea757 100644 --- a/debian/control +++ b/debian/control @@ -30,7 +30,7 @@ Homepage: http://www.palemoon.org/ Package: palemoon Architecture: any Depends: ${shlibs:Depends}, ${misc:Depends}, - ffmpeg | libav-tools + ffmpeg | libav-tools Provides: x-www-browser Conflicts: palemoon-nonsse2 Replaces: palemoon-nonsse2 -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit d2377fd1cebb393d7c3d2624cd5bd9fc24b965fb Author: Mihai Moldovan <ionic@ionic.de> Date: Mon May 28 03:51:13 2018 +0200 debian/rules: tabbify. --- debian/changelog | 2 ++ debian/rules | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/debian/changelog b/debian/changelog index 6fa0a3b..15a0cdd 100644 --- a/debian/changelog +++ b/debian/changelog @@ -5,6 +5,8 @@ palemoon (27.9.1a1~0x2go1) obs; urgency=medium * debian/control: - Switch maintainer to X2Go Developers. - Remove stray tab. + * debian/rules: + - Tabbify. -- Mihai Moldovan <ionic@ionic.de> Mon, 28 May 2018 03:44:10 +0200 diff --git a/debian/rules b/debian/rules index 645c67e..d5c8711 100755 --- a/debian/rules +++ b/debian/rules @@ -29,8 +29,8 @@ override_dh_auto_build: override_dh_auto_install: make -f client.mk DESTDIR=$$(pwd)/debian/palemoon prefix=/usr \ - installdir=/usr/lib/palemoon \ - sdkdir=/usr/lib/palemoon-devel install + installdir=/usr/lib/palemoon \ + sdkdir=/usr/lib/palemoon-devel install rm -rf $$(pwd)/debian/palemoon/usr/share/idl rm -rf $$(pwd)/debian/palemoon/usr/lib/palemoon-devel rm -rf $$(pwd)/debian/palemoon/usr/include -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git