MX 17/18 Repository: The Pale Moon Browser Thread

Locked
Message
Author
User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#81 Post by Stevo »

We now have 28.2.0 in the main repository. Enjoy!
v28.2.0 (2018-11-13)
This is a major development and bugfix release.

Changes/fixes:

Fixed a major performance issue with web workers.
Fixed a rare crash on local networks with HTTP basic auth and unsupported cipher suites.
Fixed a performance/timer issue when leaving the browser idle.
Fixed an issue causing an empty dialog when launching executable files from the browser.
Fixed an issue preventing making entries to disallow sites to store data for off-line use.
Removed code to prevent extensions with binary components.
Fixed an issue with common dialogs being sized incorrectly for their content.
Fixed an issue with event handling on the tab bar that would cause frustrating behavior when trying to open/close tabs in rapid succession.
Switched default behavior for scrolling when a context or pop-up menu is open to allow scrolling, like in v27. This also affects scrolling in very long menus, e.g. bookmarks.
Added experimental Asynchronous Panning and Zooming (APZ) for desktop use.
Re-enabled the use and parsing of ICC v4 color profiles.
Removed telemetry code from the caching subsystem.
Improved full-screen detection for suppressing status messages.
Made all arguments passed to Init*Event() optional except the first for parity with other browsers.
Cleaned up some internal installer code.
Fixed making caret width configurable when dealing with CJK characters (regression).
Fixed drawing of table borders consistently when zooming a page (regression).
Exposed the "Save download location per site" pref in about:config.
Improved media handling (ongoing).
Added experimental support for AV1 in WebM videos (disabled by default).
Note: this is for WebM only for now, so MP4 and MSE AV1 streams (e.g. YouTube) will not (yet) play.
Removed the (defunct and incomplete) in-browser translation code.
Fixed an issue with CSS Grid layouts unnecessarily shrinking element blocks.
Fixed notification settings menu entry (opes about:permissions with relevant data now).
Fixed the launching of an undesirable background content process for capturing page thumbnails.
Fixed a focus issue in the bookmark properties dialog.
Changed the setting for reporting CSS errors to the console to false by default, to prevent unnecessary performance loss for recording this data.
Added control mechanisms for Opportunistic Encryption (both for alternative services and upgrade-insecure-requests) in preferences, and disabled this by default due to potential security and privacy issues with this transitional technology.
Updated the default reported Firefox version in Firefox Compatibility Mode to prevent "too old Firefox" complaints on websites.
Updated libnestegg, ffvpx, reader view components and several other modules from upstream.
Implemented security fixes for CVE-2018-12381, CVE-2017-7797, a better fix for CVE-2018-12386 (DiD), CVE-2018-12401 (DiD), CVE-2018-12398, CVE-2018-12392, several Skia bugs, and several crashes and memory safety hazards that do not have a CVE number.

User avatar
Gordon Cooper
Posts: 965
Joined: Mon Nov 21, 2011 5:50 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#82 Post by Gordon Cooper »

Thanks Steve. Update looks OK so far, I'll yell if any problems appear.
Backup: Dell9010, MX-19_B2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.

zorzi

Re: MX 17 Repository: The Pale Moon Browser Thread

#83 Post by zorzi »

Thanks.

User avatar
dreamer
Posts: 738
Joined: Sun Oct 15, 2017 11:34 am

Re: MX 17 Repository: The Pale Moon Browser Thread

#84 Post by dreamer »

Pale Moon 28.2.1 for Linux has been released.
This release addresses a critical usability issue in the history and bookmarks window.
The release is just 12 hours old, but I want to leave a reminder to Stevo ;)

User avatar
Gordon Cooper
Posts: 965
Joined: Mon Nov 21, 2011 5:50 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#85 Post by Gordon Cooper »

Don't think that 28.2.1 is a Linux release yet.
Backup: Dell9010, MX-19_B2, Win7, 120 SSD, WD 232GIB HD, 4GB RAM
Primary :Homebrew64 bit Intel duo core 2 GB RAM, 120 GB Kingston SSD, Seagate1TB.
MX-18.2 64bit. Also MX17, Kubuntu14.04 & Puppy 6.3.

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#86 Post by Stevo »

Pale Moon has been updated to 28.2.2 in the main repository, from 28.2.1 that I forgot to enter here.

28.2.2:

Changes/fixes:

Changed the about:feeds icon for external applications to a generic icon, since that kind of access to executables is no longer allowed for security reasons.
Fixed issues with copying/pasting bookmarks in the Library View.
Fixed a crash occurring when using HTTP pipelining over some (broken) proxies.
Fixed several issues with animated WebP display (animations stopping, corrupted frames on lossy images, etc.)
Fixed an issue with the display of truncated GIF images.
Fixed an issue with deleting recent history not working properly.
Fixed incorrect duplicate compatibility mode preferences in about:config.

28.2.1:

This is a bugfix release to address critical usability issues with the bookmarks/history window.

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#87 Post by Stevo »

Pale Moon 28.3.0 is now in the main repository and should be propagating through the mirrors.

This is a major development and bugfix release. Packaging changes include shipping a much better copyright file and also shipping copies of the MPL 1.1 and MPL 2 licenses.
Changes/fixes:

Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec.
Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx.
Redesigned the main toolbar icons as SVG images to make them HiDPI compliant.
Fixed the sync notification (infobar) icon.
Fixed a potential cycle collector resource leak.
Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click.
This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon.
Removed support for VR hardware.
Fixed out-of-bounds sizes for CSS calculation strings.
Removed the DirectShow component since it is no longer necessary.
Removed Firefox Accounts integration, phase 1:
Changed the Sync client to the one from Tycho.
Made Sync optional at build time.
Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™.
Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process
Fixed an incorrect preference reference in feed reader.
Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow.
Media code improvements and cleanup (ongoing).
Updated the DropBox useragent override to solve login issues.
Fixed potential crashes due to shutdown observers in VTT and font lists. DiD
Enabled some mistakingly-disabled optimizations in the JS JIT compiler.
Fixed several potential crashes in JS. DiD
Fixed several potential crashes in WebCrypto. DiD
Fixed a potential crash in JS Range Analysis. DiD
Fixed a potential crash in the layout engine due to combo boxes. DiD
Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD
Fixed a potential overflow in the PNG writer. DiD
Fixed a potential double-free in the MAR signing utility. DiD
Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).
Updated NSPR to v4.20.
Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites.
Updated location.protocol to the latest spec.
Updated Intersection Observers to the latest spec and enabled them by default.
Updated the SQLite lib to 3.26.0.
Fixed errors about the login manager's recipeManager not being available (yet).
Switched status bar download arrow to SVG.
Fixed a crash in IntersectionObservers.
Fixed initialization of the Search service from browser code to avoid synchronous init.
Added logging of performance warnings to devtools consoles.
Fixed favicons in taskbar tab preview listings.
Blocked Comodo IS dll < version 6.3 to prevent startup crashes.
Fixed issues in the HTML form submit observer module.
Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue).
Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification.
Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy).
Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#88 Post by Stevo »

Updated to 28.3.1 in main:

This is a minor bugfix and stability release.

If you are using a language pack, please make sure you have the matching version for this browser version installed. Some strings were added for Captive Portal detection (see below) and outdated language packs will cause blank preference pages.
Changes/fixes:

• Improved toolbar icon display for all DPIs on Windows.
• Disabled the IntersectionObserver API by default while we work on resolving crashes caused by it.
• Added isIntersecting to the IntersectionObserver API per specification.
• Added an option to the preferences window to enable Captive Portal detection (Advanced -> General). If your network connection regularly encounters Captive Portals (e.g. using a laptop on the road or other WiFi connections that require login or agreement to terms) then enabling this detection may make your use of such networks more convenient.
For those worried about privacy: the detection service makes use of our own infrastructure and does not contact third parties like Apple or Google.

User avatar
Stevo
Developer
Posts: 12774
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#89 Post by Stevo »

Pale Moon 28.4.0 is now in the main repo and making its way through the mirrors. Changes include:
This is a major development, stability and security release.

Changes/fixes:

Removed more telemetry code from the platform.
Fixed implementation of the IntersectionObserver API to avoid crashes, and enabled it by default.
Switched to the new ffmpeg decode API to avoid dropping of frames.
Fixed a buffering issue in the WebP decoder that caused intermittent browser crashes.
Improved resource-efficiency for internal stopwatch timers.
Improved handling of incorrectly-encoded CTTS in media files, resolving some playback issues of videos.
Improved the Cycle Collector and Garbage Collector.
Improved fullscreen navigation bar handling in the situation it has focus when switching to full screen.
Aligned instanceof with the final ES6 spec.
Improved Windows DIB (bitmap) clipboard data handling.
Exposed TLS 1.3 cipher suite prefs in about:config in case people want to disable them individually.
Allowed empty string on the location.search setter to clear URL query parameters from JS.
Added a potential fix for external links not opening in the current window/tab (untested).
Enabled C++11 thread-safe statics in the entire application.
Updated several preferences for integration with the new add-ons site.

Security fixes:

Fixed a potential use-after-free in IndexedDB code. (DiD)
Improved proxy handling to avoid localhost getting proxied. (CVE-2018-18506)
Ported upstream Skia fixes. (CVE-2018-18356, CVE-2018-18335)
Fixed an additional Skia issue. (CVE-2019-5785)
Fixed several potentially-exploitable memory safety hazards and crashes. (DiD)
Fixed a possible data race when performing compacting GC.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

User avatar
cyrilus31
Posts: 629
Joined: Thu Nov 03, 2016 3:24 pm

Re: MX 17 Repository: The Pale Moon Browser Thread

#90 Post by cyrilus31 »

Unfortunately libfontconfig1 2.13 is missing in antiX 17 and palemoon can't be installed.

Locked

Return to “Package Requests/Status - MX 17/18”