Welcome!
Important information
-- Spectre and Meltdown vulnerabilities

News
-- MX Linux on social media: here
-- Mepis support still here

Current releases
-- MX-18 Final release info here
-- Migration Information to MX-18 here
-- antiX-17.3 release info here

New users
-- Please read this first, and don't forget to add system and hardware information to posts!
-- Here are the Forum Rules

MX 15 Repository: The palemoon thread

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17554
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#251

Post by Stevo » Thu Dec 06, 2018 5:29 pm

Pale Moon has been updated to 28.2.2 in the main repository, from 28.2.1 that I forgot to enter here.
28.2.2:

Changes/fixes:

Changed the about:feeds icon for external applications to a generic icon, since that kind of access to executables is no longer allowed for security reasons.
Fixed issues with copying/pasting bookmarks in the Library View.
Fixed a crash occurring when using HTTP pipelining over some (broken) proxies.
Fixed several issues with animated WebP display (animations stopping, corrupted frames on lossy images, etc.)
Fixed an issue with the display of truncated GIF images.
Fixed an issue with deleting recent history not working properly.
Fixed incorrect duplicate compatibility mode preferences in about:config.

28.2.1:

This is a bugfix release to address critical usability issues with the bookmarks/history window.

User avatar
Stevo
Forum Veteran
Forum Veteran
Posts: 17554
Joined: Fri Dec 15, 2006 8:07 pm

Re: MX 15 Repository: The palemoon thread

#252

Post by Stevo » Wed Jan 16, 2019 5:29 pm

Pale Moon 28.3.0 is now in the main repository and should be propagating through the mirrors.

This is a major development and bugfix release. Packaging changes include shipping a much better copyright file and also shipping copies of the MPL 1.1 and MPL 2 licenses.
Changes/fixes:

Added AV1 support for MP4/MSE videos. Please note that this is a reference library implementation and the upstream decoding lib currently has poor performance for higher resolutions (720p+). This is disabled by default; use the about:config preference media.av1.enabled to enable this codec.
Changed the API used for video playback with FFmpeg 58+. This should solve performance issues with VPx.
Redesigned the main toolbar icons as SVG images to make them HiDPI compliant.
Fixed the sync notification (infobar) icon.
Fixed a potential cycle collector resource leak.
Added icons and controls to tabs to indicate if sound is playing the tab and if so, allowing the user to mute it with a click.
This is a native implementation of the API in use in Basilisk and performs the same function as the "expose noisy tabs" extension, although the extension may still be preferred by some for e.g. skinning capabilities. The feature may be disabled with browser.tabs.showAudioPlayingIcon.
Removed support for VR hardware.
Fixed out-of-bounds sizes for CSS calculation strings.
Removed the DirectShow component since it is no longer necessary.
Removed Firefox Accounts integration, phase 1:
Changed the Sync client to the one from Tycho.
Made Sync optional at build time.
Stopped trying to cater to addons.mozilla.org since they no longer offer anything useful to Pale Moon after the Great XUL Extension Purge™.
Added an option to process favicons for optimal sized display and removing animations. Enable this with browser.chrome.favicons.process
Fixed an incorrect preference reference in feed reader.
Fixed an issue with lazy frame construction on display:contents elements. This should solve e.g. the use of mathjax in comments on stackoverflow.
Media code improvements and cleanup (ongoing).
Updated the DropBox useragent override to solve login issues.
Fixed potential crashes due to shutdown observers in VTT and font lists. DiD
Enabled some mistakingly-disabled optimizations in the JS JIT compiler.
Fixed several potential crashes in JS. DiD
Fixed several potential crashes in WebCrypto. DiD
Fixed a potential crash in JS Range Analysis. DiD
Fixed a potential crash in the layout engine due to combo boxes. DiD
Fixed a potential shutdown crash in non-standard environments related to 2D Canvas. DiD
Fixed a potential overflow in the PNG writer. DiD
Fixed a potential double-free in the MAR signing utility. DiD
Fixed an issue where URLs could be extracted cross-origin (CVE-2018-18494).
Updated NSPR to v4.20.
Updated NSS to 3.41, providing (among other things) full compatibility with the final version of TLS 1.3 on websites.
Updated location.protocol to the latest spec.
Updated Intersection Observers to the latest spec and enabled them by default.
Updated the SQLite lib to 3.26.0.
Fixed errors about the login manager's recipeManager not being available (yet).
Switched status bar download arrow to SVG.
Fixed a crash in IntersectionObservers.
Fixed initialization of the Search service from browser code to avoid synchronous init.
Added logging of performance warnings to devtools consoles.
Fixed favicons in taskbar tab preview listings.
Blocked Comodo IS dll < version 6.3 to prevent startup crashes.
Fixed issues in the HTML form submit observer module.
Limited resolving depth of CSS variables to a sane maximum (fixes cras.sh issue).
Removed Mozilla's proprietary constructor on WebAudio's AudioContext, aligning it with the standard specification.
Exposed the previously hidden preference in about:config for page thumbnail generation (some people prefer this for local privacy).
Aligned Element.ScrollIntoView with the DOM specification. This improves, among other things, compatibility with the React framework.

DiD This means that the fix is "Defense-in-Depth": It is a fix that does not apply to a (potentially) actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code, e.g. when surrounding code changes, exposing the problem, or when new attack vectors are discovered.

Post Reply

Return to “Package Requests/Status - MX-15/16”