pkgsrc.se | The NetBSD package collection

./www/palemoon, Customizable web browser (unofficial distribution of Pale Moon)

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 33.5.0, Package name: palemoon-33.5.0, Maintainer: nia

A customizable, privacy-respecting web browser derived from the
independent Pale Moon(tm) codebase, in turn derived from community
code from the Mozilla project.

This package is an UNOFFICIAL build and not to be confused with
official Pale Moon software available from palemoon.org.

No support is provided from Moonchild Productions - all
responsibility for this package falls on the pkgsrc community.

Pale Moon does not support NetBSD and this software has been
modified to enhance NetBSD compatibility.

Pale Moon is a trademark of Moonchild Productions.

Version history: (Expand)

(2024-12-05) Updated to version: palemoon-33.5.0
(2024-11-17) Updated to version: palemoon-33.4.1nb2
(2024-11-15) Updated to version: palemoon-33.4.1nb1
(2024-11-05) Updated to version: palemoon-33.4.1
(2024-11-01) Updated to version: palemoon-33.4.0nb3
(2024-11-01) Updated to version: palemoon-33.4.0nb2

CVS history: (Expand)

2024-12-05 17:54:05 by Nia Alarie | Files touched by this commit (2) | Package updated

Log message:
palemoon: Update to 33.5.0

   This is a development, bugfix and security release.

   Changes/fixes:
     * Implemented Regular Expression "match indices" (/d) feature.
     * Added a way to programmatically clear the DNS cache in the browser,
       and added a button to the UI for it in about:networking.
     * Updated handling of referrer policies to adhere to the updated spec.
     * CSS font variations keywords no longer throw an error. See
       implementation notes.
     * CSS border-radius will now also apply to element outlines.
     * Improved the display of amount of cached web content in preferences
       when cache is being cleared.
     * Updated NSS to 3.90.5 (unofficial) to pick up some security fixes.
     * Refreshed the built-in list of effective top-level domains.
     * Fixed several application crashes.
     * Reduced unnecessary debug/informative messages in release builds
       (WebGL and CSP).
     * Backed out building against ffmpeg 6.0 and ffvpx 6.0 for causing a
       video playback regression on full-range videos (levels 0-255).
     * Cleaned up a large amount of leftover Boot2Gecko code, simplifying
       code paths throughout the code base.
     * From this version forward we also publish language packs for Persian
       (Farsi), Hindi, Kannada and Vietnamese.
     * Security issues addressed: CVE-2024-11693 and CVE-2024-11704 (DiD).

2024-11-17 08:17:06 by Thomas Klausner | Files touched by this commit (944)

Log message:
*: recursive bump for default-on option of at-spi2-core

2024-11-14 23:22:33 by Thomas Klausner | Files touched by this commit (2429)

Log message:
*: recursive bump for icu 76 shlib major version bump

2024-11-05 18:15:16 by Nia Alarie | Files touched by this commit (2)

Log message:
palemoon: Update to 33.4.1

     v33.4.1 (2024-11-05)

     * Improved handling of multipart/mixed documents. (CVE-2024-10461 and
       CVE-2016-2816) (defense-in-depth)
     * Addressed CVE-2024-10463.

     ----------------------------------------------------------------------

     v33.4.0.1 (2024-10-09)

     * Extension compatibility issues with the ghostbuster (leading to tab
       handling problems).

2024-11-01 13:55:19 by Thomas Klausner | Files touched by this commit (2426)

Log message:
*: revbump for icu downgrade

2024-11-01 01:54:33 by Thomas Klausner | Files touched by this commit (2427)

Log message:
*: recursive bump for icu 76.1 shlib bump

2024-10-09 16:07:42 by Nia Alarie | Files touched by this commit (10) | Package removed

Log message:
palemoon: Update to 33.4.0

     v33.4.0 (2024-10-08)

   This is a development, bugfix and security release.

   Changes/fixes:
     * Introduced the "ghostbuster" concept; this is an automated internal
       mechanism to attempt cleanup of particularly problematic web content
       after a tab or window is closed. See implementation notes.
     * Added support for the PROT_MPROTECT security feature on targets that
       use it (notably PaX and NetBSD).
     * Implemented preferences to give the user control over the Same-Origin
       Policy (SOP) and CORS preflight. See implementation notes.
     * Improved buildability on NetBSD and Altivec architectures.
     * Fixed building issues on Apple Silicon Mac with XCode 16.
     * Added workarounds for non-standard MSE/WebM/VPx encoding on YouTube
       that could cause video buffering and halting issues.
     * Dev: Changed the default credentials mode for module scripts from
       'omit' to 'same-origin', aligning with mainstream.
     * Dev: Implemented getTransform and setTransform with DOMMatrix
       arguments.
     * Dev: Implemented ES2023 Hashbang grammar proposal.
     * Fixed an issue with JavaScript's StructuredClone.
     * Security issues addressed: CVE-2024-9396.
     * Rejected: CVE-2024-9398 (properly informing the user about attempts to
       use unhandled protocols by web pages is considered more important than
       potential determination whether a handler for such a protocol is
       installed)

2024-10-01 14:20:29 by Nia Alarie | Files touched by this commit (5)

Log message:
palemoon: Import the rest of our nsprpub patches

It's unclear to me if these are strictly necessary with Pale Moon.
They appear to not affect browser stability for me.  However, since
they're bugs in the nsprpub library that Mozilla doesn't want to fix
(likely due to API compatibility?), and previously triggered crashes on
NetBSD, better safe than sorry.