This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository pale-moon. from b827b68 debian/patches/series: add new file fixes/Define-splice-constants.patch. adds 23668d3 Fix missing include in Skia SafeMath adds 9b54bd3 Port libopus upstream patch. adds be8bcd2 Fix typo in 9b54bd30006c008b4a951331b273613d5bac3abf adds cbf1d45 Clarify status or repo in README. adds d77bbb8 Update HSTS preload list adds 500b1e6 Merge pull request #1682 from trav90/HSTS-preload-update adds 4463c70 Fix count of compacting update tasks started. adds dea50cb Add a nullcheck in DOMProxyHandler::EnsureExpandoObject adds c335df4 Merge branch 'master' into 27.9_RelBranch adds 9cc99a1 Bump version for release. adds 4197dba Satisfy AMO's discrimination by UA. adds 1ffd7ba Restrict web access to moz-icon:// scheme adds 53606d9 Prevent various location-based hazards. adds 4a7f5bc Check redirect status code before forwarding to NPAPI. adds 93403cd Confirm launch of executables other than .exe on Windows. adds d8e715c Confirm launch of executables other than .exe on Windows. adds f929ffa Reject some invalid qcms transforms. adds 1abb23f Update dimensions early in ClearTarget. adds e50a11d Perform some sanity checks on nsMozIconURI. adds 8b999f2 Ensure the right anonymous element is focused when calling input.focus() adds 54887c5 Fix typo (RefPtr -> nsRefPtr) adds 862d7fa Merge branch 'master' into 27.9_RelBranch adds 3a1c742 Bump version for release. adds 9ced226 Make nsAtomicFileOutputStream::DoOpen() fail if the file is read-only. adds fb0d956 Merge branch 'master' into 27.9_RelBranch new 845fb77 Merge branch 'upstream/27.9.4_repack-1' new 71e28cb debian: sync directory with Steven Pusser's palemoon_27.9.4~repack-1 version. new 1723df8 debian/changelog: update to 27.9.4. The 3 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: README.md | 6 + browser/app/profile/palemoon.js | 6 +- browser/components/downloads/DownloadsCommon.jsm | 21 +- browser/components/downloads/moz.build | 7 +- browser/config/version.txt | 2 +- caps/nsScriptSecurityManager.cpp | 16 +- debian/README.7z-source | 12 - debian/changelog | 49 +- dom/base/nsLocation.cpp | 20 + dom/bindings/DOMJSProxyHandler.cpp | 4 + dom/canvas/CanvasRenderingContext2D.cpp | 14 +- dom/canvas/CanvasRenderingContext2D.h | 5 +- dom/html/HTMLInputElement.cpp | 3 +- dom/plugins/base/nsPluginStreamListenerPeer.cpp | 18 +- gfx/qcms/chain.c | 6 + gfx/thebes/gfxPlatform.cpp | 6 +- image/decoders/icon/nsIconURI.cpp | 10 + js/src/jsgc.cpp | 2 +- media/libopus/silk/NLSF_stabilize.c | 2 +- netwerk/base/nsFileStreams.cpp | 7 + security/manager/boot/src/nsSTSPreloadList.errors | 7845 ++++++++++++-------- security/manager/boot/src/nsSTSPreloadList.inc | 7383 +++++++++++------- .../jsdownloads/src/DownloadIntegration.jsm | 28 +- 23 files changed, 9630 insertions(+), 5842 deletions(-) delete mode 100644 debian/README.7z-source -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 845fb7782d87c944e6a6a5e6f4e3b3c4e846ca97 Merge: b827b68 fb0d956 Author: Mihai Moldovan <ionic@ionic.de> Date: Sat Sep 29 03:36:00 2018 +0200 Merge branch 'upstream/27.9.4_repack-1' README.md | 6 + browser/app/profile/palemoon.js | 6 +- browser/components/downloads/DownloadsCommon.jsm | 21 +- browser/components/downloads/moz.build | 7 +- browser/config/version.txt | 2 +- caps/nsScriptSecurityManager.cpp | 16 +- dom/base/nsLocation.cpp | 20 + dom/bindings/DOMJSProxyHandler.cpp | 4 + dom/canvas/CanvasRenderingContext2D.cpp | 14 +- dom/canvas/CanvasRenderingContext2D.h | 5 +- dom/html/HTMLInputElement.cpp | 3 +- dom/plugins/base/nsPluginStreamListenerPeer.cpp | 18 +- gfx/qcms/chain.c | 6 + gfx/thebes/gfxPlatform.cpp | 6 +- image/decoders/icon/nsIconURI.cpp | 10 + js/src/jsgc.cpp | 2 +- media/libopus/silk/NLSF_stabilize.c | 2 +- netwerk/base/nsFileStreams.cpp | 7 + security/manager/boot/src/nsSTSPreloadList.errors | 7845 ++++++++++++-------- security/manager/boot/src/nsSTSPreloadList.inc | 7383 +++++++++++------- .../jsdownloads/src/DownloadIntegration.jsm | 28 +- 21 files changed, 9582 insertions(+), 5829 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 71e28cb01e54b0ed7105154da543980de09d12bd Author: Mihai Moldovan <ionic@ionic.de> Date: Sat Sep 29 03:50:39 2018 +0200 debian: sync directory with Steven Pusser's palemoon_27.9.4~repack-1 version. --- debian/README.7z-source | 12 ------------ debian/changelog | 42 +++++++++++++++++++++++++++++++++++++++++- 2 files changed, 41 insertions(+), 13 deletions(-) diff --git a/debian/README.7z-source b/debian/README.7z-source deleted file mode 100644 index c916e90..0000000 --- a/debian/README.7z-source +++ /dev/null @@ -1,12 +0,0 @@ -If you obtain the source in a 7z archive, it does not support Linux permissions. -In order to compile it, and create a source tarball, extract the archive, run - -chmod -R 777 <extracted-source-directory> - -and then recompress the source into an approved Debian tarball format. - -Make sure to add a "~repack" to the versioning and the orig tarball to label it -as repacked. - -Currently the tar.gz tarballs from the github releases don't require this, but -a tar.xz repack will save considerable bandwidth. diff --git a/debian/changelog b/debian/changelog index ec1a696..12bed3c 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,43 @@ +palemoon (27.9.4~repack-1) obs; urgency=medium + + * Import new upstream 27.9.4 release. + - Updated the useragent for addons.mozilla.org to work around their "Only + with Firefox" discrimination preventing users from downloading themes, old + versions of extensions, and other files with Pale Moon. + - Restricted web access to the moz-icon:// scheme that could potentially be + abused to infringe the user's privacy. + - Prevented various location-based threats. DiD + - Fixed a potential vulnerability with plugins being redirected to different + origins (CVE-2018-12364). + - Improved the security check for launching executable files + (by association) on Windows from the browser. For users who have (most + likely accidentally) granted a system-wide waiver for opening these kinds + of files without being prompted, this permission has been reset. + - Fixed an issue with invalid qcms transforms (CVE-2018-12366). + - Fixed a buffer overflow using the computed size of canvas elements + (CVE-2018-12359). + - Fixed a use-after-free when using focus() (CVE-2018-12360). + - Added some sanity checks on nsMozIconURI. DiD + - Fixed an issue in the case the preferences file in the profile would not be + writable (e.g. temporary permission issues due to backup, virus scanning or + similar external processes). + + -- Steven Pusser <stevep@mxlinux.org> Wed, 11 Jul 2018 13:59:46 -0700 + +palemoon (27.9.3~repack-1~mx17+1) mx; urgency=medium + + * New upstream security update: + + - Changes/fixes: + - (CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to + that report, the libopus maintainers state they don't believe remote + code execution was possible, so this was not a critical patch. + - Fixed an issue with task counting in JS GC. + - Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks + to Berk Cem Göksel for reporting). + + -- Steven Pusser <stevep@mxlinux.org> Tue, 12 Jun 2018 11:12:06 -0700 + palemoon (27.9.2~repack-1-0x2go1) UNRELEASED; urgency=medium [ Mihai Moldovan ] @@ -288,7 +328,7 @@ palemoon (27.9.2~repack-1-0x2go1) UNRELEASED; urgency=medium -- Mihai Moldovan <ionic@ionic.de> Mon, 28 May 2018 03:44:10 +0200 -palemoon (27.9.2~repack-1) obs; urgency=medium +palemoon (27.9.2~repack-1~mx17+1) mx; urgency=medium * New upstream security and stability update: -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository pale-moon. commit 1723df84b8181e00c235bef5d442c98a18ba170b Author: Mihai Moldovan <ionic@ionic.de> Date: Sat Sep 29 03:52:37 2018 +0200 debian/changelog: update to 27.9.4. --- debian/changelog | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/debian/changelog b/debian/changelog index 12bed3c..c89b3e4 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,10 @@ +palemoon (27.9.4~repack-1-0x2go1) UNRELEASED; urgency=medium + + [ Mihai Moldovan ] + * New downstream version (27.9.4): + + -- Mihai Moldovan <ionic@ionic.de> Mon, 29 Sep 2018 03:52:10 +0200 + palemoon (27.9.4~repack-1) obs; urgency=medium * Import new upstream 27.9.4 release. -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/pale-moon.git
-
git-admin@x2go.org