palemoon (28.12.0-1) stable; urgency=medium

  * Import new upstream release for VenenuX
  * Add python2 as alternative build-dep to allow build backported in older debians
  * Add more cflags optimizations agains stability cos we need to work in older machines
  * New upstream release: This is a development, bugfix and security update.
    - Added controls for WASM to the browser's preferences, and enabled by
      default.
    - Enabled various arbitrarily-disabled CSS functions.
    - Added the use of basic path descriptors (i.e. polygon) to css clip paths.
    - Implemented multithreaded request signal handling for the Abort API.
      Please see implementation notes below.
    - Updated the included US-English dictionary, adding approximately 2500
      additional words.
    - Removed the DOM battery API. This was already disabled for privacy reasons
      for a long while.
    - Fixed an erroneous warning displayed on toolkit-only add-ons like supplied
      dictionaries.
    - Fixed an issue with the sessionstore tab load preference.
    - Improved the generation of the names of downloaded files to prevent
      confusion. (CVE-2020-15658)
    - Fixed a code issue with base64 encoding of data.
    - Fixed 2 safety hazards in JavaScript. (One being CVE-2020-15656) DiD
    - Fixed a spec compliance issue with regards to the cross-origin loading
      of scripts. (CVE-2020-15652)

 -- PICCORO Lenz McKAY <mckaygerhard@gmail.com>  Tue, 01 Sep 2020 13:54:20 -0400

palemoon (27.9.4~repack-1) stable; urgency=high

  * Initial packaging
    + added initial page as venenux
    + fix mozconfig params to compile in non x86 arches
  * Import new upstream 27.9.4 release.
    - Updated the useragent for addons.mozilla.org to work around their "Only
      with Firefox" discrimination preventing users from downloading themes, old
      versions of extensions, and other files with Pale Moon.
    - Restricted web access to the moz-icon:// scheme that could potentially be
      abused to infringe the user's privacy.
    - Prevented various location-based threats. DiD

 -- PICCORO Lenz McKAY <mckaygerhard@gmail.com>  Thu, 13 Aug 2020 09:30:35 -0400

