pkgsrc-Changes archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
CVS commit: pkgsrc/security/tor-browser-noscript
Module Name: pkgsrc
Committed By: wiz
Date: Wed Mar 31 22:00:06 UTC 2021
Modified Files:
pkgsrc/security/tor-browser-noscript: Makefile distinfo
Log Message:
tor-browser-noscript: update to 11.2.4.
v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements
v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring
v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
undefined
x HTML event atoms reorder in Mozilla sources
v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
release builds
x More selective CSS PP0 protection, excluded on the Tor
Browser where it's unneeded and easier to test/debug on
dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library
v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
only cross-site resources
v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script
v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
element capability
x Fixed missing red halo feedback in CUSTOM preset for
inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
rendered sometimes
v 11.2.2
============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
zh_TW.
v 11.2.1
============================================================
x Configurable capability to show noscript elements on
script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on Chromium
v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
script-disabled pages
x [L10n] Updated de
v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on Chromium
x Updated TLDs
x Merge German language update
v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDs
v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
report)
v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
user choices
v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDs
v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)
v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
permissions
v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
barbaz for reporting)
v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)
v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs
To generate a diff of this commit:
cvs rdiff -u -r1.9 -r1.10 pkgsrc/security/tor-browser-noscript/Makefile \
pkgsrc/security/tor-browser-noscript/distinfo
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: pkgsrc/security/tor-browser-noscript/Makefile
diff -u pkgsrc/security/tor-browser-noscript/Makefile:1.9 pkgsrc/security/tor-browser-noscript/Makefile:1.10
--- pkgsrc/security/tor-browser-noscript/Makefile:1.9 Sun Jan 3 19:02:52 2021
+++ pkgsrc/security/tor-browser-noscript/Makefile Wed Mar 31 22:00:06 2021
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2021/01/03 19:02:52 wiz Exp $
+# $NetBSD: Makefile,v 1.10 2021/03/31 22:00:06 wiz Exp $
-VERSION= 11.1.7
+VERSION= 11.2.4
DISTNAME= noscript-${VERSION}
PKGNAME= tor-browser-${DISTNAME}
CATEGORIES= security www
Index: pkgsrc/security/tor-browser-noscript/distinfo
diff -u pkgsrc/security/tor-browser-noscript/distinfo:1.9 pkgsrc/security/tor-browser-noscript/distinfo:1.10
--- pkgsrc/security/tor-browser-noscript/distinfo:1.9 Sun Jan 3 19:02:52 2021
+++ pkgsrc/security/tor-browser-noscript/distinfo Wed Mar 31 22:00:06 2021
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2021/01/03 19:02:52 wiz Exp $
+$NetBSD: distinfo,v 1.10 2021/03/31 22:00:06 wiz Exp $
-SHA1 (noscript-11.1.7.xpi) = c4f218497f48b1f01ea982bb167e8a61de7cd7c7
-RMD160 (noscript-11.1.7.xpi) = 06e71c2c7b2a87327fb061a7a5901252e92887a0
-SHA512 (noscript-11.1.7.xpi) = 763c77462895ca24084fb6f78af1ecbb27f833be08b2e3f73b47556706e388cf01128e3dcb330dfc5a0ea8644a9557bc0175bfe95c08bc7a21a06158431a55c5
-Size (noscript-11.1.7.xpi) = 603151 bytes
+SHA1 (noscript-11.2.4.xpi) = 87165419811a3413c4628dacc05c985fcf95e7fc
+RMD160 (noscript-11.2.4.xpi) = 7435aff79646751fa43c1ebbfb2e7063dc5798aa
+SHA512 (noscript-11.2.4.xpi) = d7055ca08f85f0afcaf477149b3cabd99319d86b9452a39bdf0dcadf70b8fc3ae8416288ca3869488fdfec6d20b0a93789826eeb903f277085ea7450dded8a17
+Size (noscript-11.2.4.xpi) = 612139 bytes
Home |
Main Index |
Thread Index |
Old Index