Welcome!
Important information
-- Spectre and Meltdown vulnerabilities
-- Change in MX sources

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-17.1 Final release info here
-- antiX-17 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 15 Repository: The palemoon thread

Message
Author
User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#231 Post by Stevo » Sun Mar 04, 2018 5:16 pm

Pale Moon 27.8.0 is now in the main repository.

This is a development update with new and improved features and bugfixes.

Changes/fixes:

Added support for emojis on Windows systems that have relatively poor support for them with standard font sets by including our own font (EmojiOne based for now).
Added a setting in preferences to select the use of tab previews with Ctrl+Tab.
Added Eyedropper menu entry to the AppMenu.
Added a preference to control whether the text cursor (caret) should be thicker when dealing with CJK characters or not (default = yes).
Added URL fix-ups for schemes (mis-typed "ttp://" etc.).
Added support for ES6 "Symbol species".
Updated our TLS 1.3 support to the latest (probably final) draft.
Fixed gap inconsistency in the tabstrip.
Fixed a number of browser crashes.
Fixed a crash with the exponentiation operator "**"
Set the performance timer granularity to 1 ms.
Updated the kiss-fft library to our forked 1.4.0 version.
Disabled a potentially problematic optimization on Win 8+ with high contrast themes in use.
Removed the notification bar when in full screen to prevent unwanted visible screen elements.
Removed unmaintained and insecure WebRTC code - building with WebRTC enabled is no longer an option.
Removed redundant checks for "Vista or later" since that is all we support.
Added display of the http status to raw request displays.
Added a workaround for cloned videos not retaining their muted state.
Added a temporary workaround to avoid crashes on trackless media.
Removed some superfluous ellipses from menu labels.
Fixed undesired shrinking of line heights as a result of setting minimum font size in preferences.
Fixed some issues with setting the new tab preference (regression).

User avatar
danielson
Forum Regular
Forum Regular
Posts: 187
Joined: Wed Dec 14, 2016 3:36 pm

Re: MX 15 Repository: The palemoon thread

#232 Post by danielson » Fri Mar 09, 2018 11:42 am

Yay!

Must admit, never thought i'd be going back to Palemoon.
Besides letting my frustrations with Firefox finally find a nice way out, it just seems to blend in so well with MX.
Distro: MX-18b1_x64
Laptop: HP EliteBook 8460p
CPU: Dual core Intel i5-2520M.
Office: LibreOffice.
Browser: Firefox (Quantum), Vivaldi (Snapshot).

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#233 Post by Stevo » Fri Mar 09, 2018 2:09 pm

BTW, the main repo version has been updated to 27.8.1 to fix a few small issues that cropped up with 27.8.0.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#234 Post by Stevo » Fri Mar 23, 2018 2:24 pm

Pale Moon has been updated to 27.8.2 in the main repository. This is a security update.

For those still on MX 14 or MEPIS 12, we don't have builds in the repo, but there are Wheezy builds in my OBS repository: https://software.opensuse.org//download ... e=palemoon

Since the PM installer from Pale Moon instead installs a version built on gcc-4.9 instead of Wheezy's 4.7, I don't know if it's backwards-compatible.

Changes/fixes:

Privacy fix: prevented update checks for the default theme.
Added a user-agent override for Dropbox to improve compatibility with their service.
Fixed an issue with mouseover handling related to (CVE-2018-5103). DiD
Disabled the Mac OSX Nano allocator. DiD
Fixed (CVE-2018-5129) OOB Write.
Updated the lz4 library to 1.8.0 to solve potential issues. DiD
Fixed (CVE-2018-5137) Path traversal on chrome:// URLs
Fixed several memory safety an synchronicity hazards.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#235 Post by Stevo » Tue Apr 17, 2018 9:37 pm

The new 27.9.0 release has now landed in the main repository! Changes are:

* New release:
- Fixed a number of spec compliance issues in our media subsystem.
- Added a trailing slash to referrers when policy is set to fix some web
compatibility issues.
- Fixed the property order in Object.getOwnPropertyNames(string) and others
for web compatibility.
- Updated RegExp(RegExp object, flags) to the ES6 standard specification.
- Changed the embedded font from the no longer free EmojiOne to the
open-licensed Twemoji (with additional fixes). This also further extends
unicode support to Unicode 10 emoji(s). Please note that as a result, color
emoji(s) will look different than before.
- Adjusted some things in our memory allocator code to provide, among other
things, better allocation alignment on Windows.
- Made the attempt to migrate people from the old sync server domain name to
the current one more aggressive. We will be retiring the old
pmsync.palemoon.net Sync server address shortly to remove the need for us
to maintain a security certificate for it; this preference migration should
automatically put everyone on the correct server address when upgrading.
- Made reading of the sessionstore synchronous, to speed up startup and
prevent the homepage from being loaded when restoring a session.
- Added a fix to switch to the correct window/tab when a web notification
is clicked.
- Changed the placeholder text to not include "Search" when all search
functions from the address bar are disabled.
- Enabled the use of Skia for canvas on Linux and OSX.
- Worked around a potential cause for some non-standard bitmapped fonts
ending up with incorrect line heights (I'm looking at you, Noto fonts!).
- Added a workaround for incorrectly-encoded JPEG-XR images with planar
alpha. Ultimately, the jxrlib reference implementation should be fixed to
encode according to spec.
- Aligned XCTO:nosniff allowed script MIME types with the updated spec.
- Improved the logic for storing vector images in the surface cache.
- Fixed character set handling for XMLHttpRequests.

User avatar
rokytnji.1
Forum Regular
Forum Regular
Posts: 777
Joined: Sun Apr 13, 2014 9:06 pm

Re: MX 15 Repository: The palemoon thread

#236 Post by rokytnji.1 » Tue Apr 17, 2018 11:35 pm

Code: Select all

$ apt-cache policy palemoon
palemoon:
  Installed: 27.9.0~repack-1
  Candidate: 27.9.0~repack-1
  Version table:
 *** 27.9.0~repack-1 0
        500 http://download.opensuse.org/repositories/home:/stevenpusser/Debian_8.0/  Packages
        100 /var/lib/dpkg/status
     27.9.0~binaryrepack-1 0
        500 http://download.opensuse.org/repositories/home:/stevenpusser/Debian_8.0/  Packages
     27.8.3~repack-1~mx15+1 0
        500 http://repo.antixlinux.com/jessie/ jessie/main i386 Packages
harry@biker:~
$ cd /etc
harry@biker:/etc
$ cat lsb-release
DISTRIB_ID=antiX
DISTRIB_RELEASE=15
DISTRIB_CODENAME=jessie
DISTRIB_DESCRIPTION="antiX 15"
harry@biker:/etc
oh yeah, forgot to post

Code: Select all

harry@biker:/etc
$ pinxi -r
Repos:     Active apt repos in: /etc/apt/sources.list.d/antix.list 
           1: deb http://repo.antixlinux.com/jessie jessie main nosystemd
           Active apt repos in: /etc/apt/sources.list.d/debian.list 
           1: deb http://ftp.gr.debian.org/debian/ jessie main contrib non-free
           2: deb http://security.debian.org/ jessie/updates main contrib non-free
           No active apt repos in: /etc/apt/sources.list.d/mx.list 
           Active apt repos in: /etc/apt/sources.list.d/palemoon.list 
           1: deb http://download.opensuse.org/repositories/home:/stevenpusser/Debian_8.0/ /
           No active apt repos in: /etc/apt/sources.list.d/siduction.list 
           No active apt repos in: /etc/apt/sources.list.d/various.list 

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#237 Post by Stevo » Wed Apr 18, 2018 12:55 am

Well, yes, I maintain that OBS repository for PM, too.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#238 Post by Stevo » Tue May 08, 2018 6:58 pm

Updated to 27.9.1 in the main repo.
* New upstream maintenance update:
- Removed the unused/incomplete places protocol handler.
- Worked around an issue with MSE media without a Track ID. This should help
with the playability of some live streams.
- Ported across jemalloc improvements from UXP.
- Ported across cairo mutex improvements from UXP.
- Added support for FFmpeg 4.0/libavcodec 58.
- Added a fix for Windows 10's "isAlpha()" not being what one would expect
in v1803.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#239 Post by Stevo » Wed Jun 13, 2018 5:43 pm

Pale Moon has been updated to security release 27.9.3 in the main repo:
Changes/fixes:

(CVE-2017-0381) Ported a patch from libopus upstream. Note, contrary to that report, the libopus maintainers state they don't believe remote code execution was possible, so this was not a critical patch.
Fixed an issue with task counting in JS GC.
Fixed a use-after-free in DOMProxyHandler::EnsureExpandoObject (thanks to Berk Cem Göksel for reporting).

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17097
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#240 Post by Stevo » Tue Jul 17, 2018 10:56 pm

Now updated to 27.9.4 in the main repo:

- Updated the useragent for addons.mozilla.org to work around their "Only with Firefox" discrimination preventing users from downloading themes, oldversions of extensions, and other files with Pale Moon.
- Restricted web access to the moz-icon:// scheme that could potentially be abused to infringe the user's privacy.
- Prevented various location-based threats. DiD
- Fixed a potential vulnerability with plugins being redirected to different origins (CVE-2018-12364).
- Improved the security check for launching executable files (by association) on Windows from the browser. For users who have (most likely accidentally) granted a system-wide waiver for opening these kinds
of files without being prompted, this permission has been reset.
- Fixed an issue with invalid qcms transforms (CVE-2018-12366).
- Fixed a buffer overflow using the computed size of canvas elements
(CVE-2018-12359).
- Fixed a use-after-free when using focus() (CVE-2018-12360).
- Added some sanity checks on nsMozIconURI. DiD
- Fixed an issue in the case the preferences file in the profile would not be writable (e.g. temporary permission issues due to backup, virus scanning or similar external processes).

Post Reply

Return to “Package Requests/Status - MX-15/16”