[pkgsrc/trunk]: pkgsrc/security/tor-browser-noscript tor-browser-noscript: up...

To: pkgsrc-changes-hg%NetBSD.org@localhost
Subject: [pkgsrc/trunk]: pkgsrc/security/tor-browser-noscript tor-browser-noscript: up...
From: wiz <wiz%pkgsrc.org@localhost>
Date: Wed, 31 Mar 2021 22:54:59 +0000
details:   https://anonhg.NetBSD.org/pkgsrc/rev/bdae72a85f06
branches:  trunk
changeset: 449512:bdae72a85f06
user:      wiz <wiz%pkgsrc.org@localhost>
date:      Wed Mar 31 22:00:06 2021 +0000

description:
tor-browser-noscript: update to 11.2.4.

v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements

v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring

v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
  undefined
x HTML event atoms reorder in Mozilla sources

v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
  release builds
x More selective CSS PP0 protection, excluded on the Tor
  Browser where it's unneeded and easier to test/debug on
  dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library

v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
  skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
  pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
  only cross-site resources

v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script

v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
  element capability
x Fixed missing red halo feedback in CUSTOM preset for
  inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
  rendered sometimes

v 11.2.2
  ============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
  zh_TW.

v 11.2.1
============================================================
x Configurable capability to show noscript elements on
  script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
  edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium

v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
  script-disabled pages
x [L10n] Updated de

v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
  Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library

v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events

v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
  edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium
x Updated TLDs
x Merge German language update

v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
  user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
  report)

v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
  user choices

v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
  permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)

v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing

v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
  permissions

v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
  barbaz for reporting)

v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs

diffstat:

 security/tor-browser-noscript/Makefile |   4 ++--
 security/tor-browser-noscript/distinfo |  10 +++++-----
 2 files changed, 7 insertions(+), 7 deletions(-)

diffs (27 lines):

diff -r 5df9a464a1d5 -r bdae72a85f06 security/tor-browser-noscript/Makefile
--- a/security/tor-browser-noscript/Makefile    Wed Mar 31 21:59:02 2021 +0000
+++ b/security/tor-browser-noscript/Makefile    Wed Mar 31 22:00:06 2021 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.9 2021/01/03 19:02:52 wiz Exp $
+# $NetBSD: Makefile,v 1.10 2021/03/31 22:00:06 wiz Exp $
 
-VERSION=       11.1.7
+VERSION=       11.2.4
 DISTNAME=      noscript-${VERSION}
 PKGNAME=       tor-browser-${DISTNAME}
 CATEGORIES=    security www
diff -r 5df9a464a1d5 -r bdae72a85f06 security/tor-browser-noscript/distinfo
--- a/security/tor-browser-noscript/distinfo    Wed Mar 31 21:59:02 2021 +0000
+++ b/security/tor-browser-noscript/distinfo    Wed Mar 31 22:00:06 2021 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.9 2021/01/03 19:02:52 wiz Exp $
+$NetBSD: distinfo,v 1.10 2021/03/31 22:00:06 wiz Exp $
 
-SHA1 (noscript-11.1.7.xpi) = c4f218497f48b1f01ea982bb167e8a61de7cd7c7
-RMD160 (noscript-11.1.7.xpi) = 06e71c2c7b2a87327fb061a7a5901252e92887a0
-SHA512 (noscript-11.1.7.xpi) = 763c77462895ca24084fb6f78af1ecbb27f833be08b2e3f73b47556706e388cf01128e3dcb330dfc5a0ea8644a9557bc0175bfe95c08bc7a21a06158431a55c5
-Size (noscript-11.1.7.xpi) = 603151 bytes
+SHA1 (noscript-11.2.4.xpi) = 87165419811a3413c4628dacc05c985fcf95e7fc
+RMD160 (noscript-11.2.4.xpi) = 7435aff79646751fa43c1ebbfb2e7063dc5798aa
+SHA512 (noscript-11.2.4.xpi) = d7055ca08f85f0afcaf477149b3cabd99319d86b9452a39bdf0dcadf70b8fc3ae8416288ca3869488fdfec6d20b0a93789826eeb903f277085ea7450dded8a17
+Size (noscript-11.2.4.xpi) = 612139 bytes
Prev by Date: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/tor-browser-noscript to 11.2.4
Next by Date: [pkgsrc/trunk]: pkgsrc/graphics/libjpeg-turbo libjpeg-turbo: Change symbol in...
Previous by Thread: [pkgsrc/trunk]: pkgsrc/doc doc: Updated security/tor-browser-noscript to 11.2.4
Next by Thread: [pkgsrc/trunk]: pkgsrc/graphics/libjpeg-turbo libjpeg-turbo: Change symbol in...
Indexes:
Home | Main Index | Thread Index | Old Index