msfntor Posted January 8, 2020 Posted January 8, 2020 In the latest NEW MOON 28.9 20200104 I've: Session Ticket Support Improvable
Sampei.Nihira Posted January 8, 2020 Posted January 8, 2020 (edited) 1 hour ago, msfntor said: In the latest NEW MOON 28.9 20200104 I've: Session Ticket Support Improvable It is OK. I wrote on page 37 of this 3D the reason, that nobody ever reads. Edited January 8, 2020 by Sampei.Nihira 2
Mathwiz Posted January 8, 2020 Posted January 8, 2020 @msfntor: Session Tickets exist for performance, not for security. If enabled, they avoid renegotiating TLS for every HTML download from a given server. But it was recently discovered that they can be abused for tracking you. Thus Pale Moon (and thence New Moon) have them disabled by default. If you want to enable them, you'll have to toggle pref security.ssl.disable_session_identifiers to false in about:config. But you'll make it a little easier for the Goog to track you online. 2
roytam1 Posted January 9, 2020 Author Posted January 9, 2020 K-Meleon 74 with Goanna 2.2 archive refreshed with sha384 support: http://o.rths.ml/gpc/files1.rt/KM74-g22-20180718.win2000.7z pm26 archive also refreshed: http://o.rths.ml/gpc/files1.rt/palemoon-26.5.0-20180718.win2000.7z 6
msfntor Posted January 9, 2020 Posted January 9, 2020 (edited) 16 hours ago, Mathwiz said: @msfntor: Session Tickets exist for performance, not for security. If enabled, they avoid renegotiating TLS for every HTML download from a given server. But it was recently discovered that they can be abused for tracking you. Thus Pale Moon (and thence New Moon) have them disabled by default. If you want to enable them, you'll have to toggle pref security.ssl.disable_session_identifiers to false in about:config. Thank you, - I've set now New Name, boolean, in Moebius 55. And what you think (looking for better performance and security too) to set security.ssl.errorReporting.enabled to false? I've it set to true (default). toolkit.telemetry.reportingpolicy.firstRun I've set to false. toolkit.telemetry.enabled I've set false (default). toolkit.telemetry.unified I've user set to false... Reddit topic to read: Edited January 9, 2020 by msfntor
VistaLover Posted January 9, 2020 Posted January 9, 2020 4 hours ago, msfntor said: 20 hours ago, Mathwiz said: If you want to enable them, you'll have to toggle pref security.ssl.disable_session_identifiers to false in about:config. Thank you, - I've set now New Name, boolean, in Moebius 55. Some relevant Firefox documentation, for the curious... which links to the corresponding Bugzilla bug number: https://bugzilla.mozilla.org/show_bug.cgi?id=967977 1
Sampei.Nihira Posted January 10, 2020 Posted January 10, 2020 @roytam1 Hi, Is it possible to know if the CVE-2019-17026 vulnerability also affects Pale Moon? TH.
roytam1 Posted January 10, 2020 Author Posted January 10, 2020 4 hours ago, Sampei.Nihira said: @roytam1 Hi, Is it possible to know if the CVE-2019-17026 vulnerability also affects Pale Moon? TH. patch ported. https://github.com/roytam1/UXP/commit/b8ab527949bdf21e00bbcd4173d58ebfa373b6ed 2
roytam1 Posted January 10, 2020 Author Posted January 10, 2020 (edited) New build of Serpent/UXP for XP! Test binary: Win32 https://o.rths.ml/basilisk/basilisk52-g4.5.win32-git-20200111-fd382bb-uxp-f64e760ab-xpmod.7z Win64 https://o.rths.ml/basilisk/basilisk52-g4.5.win64-git-20200111-fd382bb-uxp-f64e760ab-xpmod.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/custom IA32 Win32 https://o.rths.ml/basilisk/basilisk52-g4.5.win32-git-20200111-fd382bb-uxp-f64e760ab-xpmod-ia32.7z source code that is comparable to my current working tree is available here: https://github.com/roytam1/UXP/commits/ia32 NM28XP build: Win32 https://o.rths.ml/palemoon/palemoon-28.9.0a1.win32-git-20200111-b7841e5cf-uxp-f64e760ab-xpmod.7z Win64 https://o.rths.ml/palemoon/palemoon-28.9.0a1.win64-git-20200111-b7841e5cf-uxp-f64e760ab-xpmod.7z Official UXP changes since my last build: - Issue #1338 - Part 1: Update NSPR to 4.24 (f7d301332) - Issue #1338 - Part 2: Update NSS to 3.48-RTM (f4a12fc67) - Issue #1338 - Part 3: Update NSS symbols (c097dcf7f) - Issue #1338 - Part 4: Initialize NSS with desired run-time values. (24f97a168) - Issue #1338 - Part 5: Clobber for NSS update (b1694ef0a) - Merge pull request #1341 from MoonchildProductions/nss-work (e30d68b69) - Issue #1345 - Implement non-standard legacy CSSStyleSheet rules (b4d686d62) - Merge pull request #1346 from JustOff/PR_CSSStyleSheet_legacy (c66b70c4d) - Reject sample rates that are out-of-range for libsoundtouch. (c03265177) - Bug 1322938 - Basic implementation of HTMLDialogElement. (2e3b937f4) - Bug 1322938 - Emit close event when HTMLDialogElement.prototype.close() is called. (ef2cd8749) - Bug 1322938 - Update <dialog> element Web Platform Tests expected results. (a4011e724) - Bug 1322938 - Put <dialog> element behind preference. (b91b0c37e) - Bug 1322938 - Make the HTML tree builder aware of <dialog>. (25e85f99c) - Bug 1379728 part 1. Remove the double-definition of the 'close' event from EventNameList.h. (52bda2a82) - Issue #1348 - Part 1: Clean up input scope support for IMM32. (1672355a7) - Issue #1348 - Part 2: Teach IMEState about Private Browsing mode. (8ae047bbb) - Issue #1348 - Part 3: Set IS_PRIVATE input scope in private browsing. (d79cc5fb4) - Merge pull request #1347 from g4jc/html5_dialog (29bf28ca3) - Simplify value setting. (d429ac8a6) - Be more consistent about decoding IP addresses in PSM. (8198126c3) - Make copy of list before iterating over it. (51b1cd97a) - Handle missing base64 challenge in NegotiateAuth and NTLMAuth. (0186023f4) - Issue #1338 - Un-bust building of NSS after update to 3.48 on Linux. (936577621) - Update GTK clipboard handling (095a02f25) - Issue #1338 - Followup: certdb: propagate trust information if trust module is loaded afterwards, (f64e760ab) Official Pale-Moon changes since my last build: - Issue #1703 - Update UA overrides for Google and YouTube (832effab3) - Block Noveau NV96 mesa driver layers acceleration. (b7841e5cf) There are no new Official Basilisk changes since my last build. My changes since my last build: - ported mozilla upstream bug: Bug 1607443 - Fix some alias sets. r=tcampbell, a=lizzard (b8ab52794) Edited January 11, 2020 by roytam1 3
roytam1 Posted January 10, 2020 Author Posted January 10, 2020 New build of BOC/UXP for XP! Test binary: MailNews Win32 https://o.rths.ml/boc-uxp/mailnews.win32-20200111-beb2221f-uxp-f64e760ab-xpmod.7z Browser-only Suite Win32 https://o.rths.ml/boc-uxp/bnavigator.win32-20200111-beb2221f-uxp-f64e760ab-xpmod.7z source patch (excluding UXP): https://o.rths.ml/boc-uxp/boc-uxp-src-xpmod-20191123.7z There are no new Official repo changes since my last build. For UXP changes please see above. 2
roytam1 Posted January 10, 2020 Author Posted January 10, 2020 New build of post-deprecated Serpent/moebius for XP! * Notice: This repo will not be built on regular schedule, and changes are experimental as usual. ** Current moebius patch level should be on par with 52.9, but some security patches can not be applied/ported due to source milestone differences between versions. Test binary: Win32 http://o.rths.ml/basilisk/basilisk55-win32-git-20200111-791f70df3-xpmod.7z Win64 http://o.rths.ml/basilisk/basilisk55-win64-git-20200111-791f70df3-xpmod.7z repo: https://github.com/roytam1/basilisk55 Repo changes: - port changes from UXP and mozilla upstreams: - Simplify some alias sets in IonMonkey. (0b999100) - Bug 1607443 - Fix some alias sets. r=tcampbell, a=lizzard (791f70df3) 1
siria Posted January 11, 2020 Posted January 11, 2020 (edited) roytam1 said: > K-Meleon 74 with Goanna 2.2 archive refreshed with sha384 support: > http://o.rths.ml/gpc/files1.rt/KM74-g22-20180718.win2000.7z > pm26 archive also refreshed: http://o.rths.ml/gpc/files1.rt/palemoon-26.5.0-20180718.win2000.7z Great to get more ciphers for KMG74 too, thanks! But just noticed: the filedates are wrong, still the old ones from 2018. Yeah it's only some ciphers, but those are important and wrong filenames are completely misleading, please consider correcting it to avoid confusion and accidents... Edited January 11, 2020 by siria
DanR20 Posted January 11, 2020 Posted January 11, 2020 2 hours ago, roytam1 said: - Block Noveau NV96 mesa driver layers acceleration. (b7841e5cf) Whatever you do, please don't re-block ATI radeon drivers. I'm even getting good acceleration in an old W2k box, something I never saw with any version of firefox or flash player. Not sure what mozilla's criteria was for blocking drivers, all it took it seems was one or two crashes from random users. layers.acceleration.force-enabled never did anything either.
DanR20 Posted January 11, 2020 Posted January 11, 2020 Having problems tonight with Serpent/UXP on Windows 7, so far within an hour it's crashed four times. The offending file has either been ntdll.dll or xul.dll. Reverting back to last week's build and the crashes stopped.
Recommended Posts