./security/tor-browser-noscript, Noscript plugin for tor-browser

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: pkgsrc-2020Q2, Version: 11.0.41, Package name: tor-browser-noscript-11.0.41, Maintainer: wiz

The NoScript Firefox extension provides extra protection for
browsers: this free, open source add-on allows JavaScript, Java,
Flash, and other plugins to be executed only by trusted web sites
of your choice (e.g., your online bank).

Master sites:

SHA1: 8ef865cb7c67b0529be8812456410e5bbe8ba39f
RMD160: b6052099a375ae3feca989977ecfb5af9b14f77c
Filesize: 580.438 KB

Version history: (Expand)

CVS history: (Expand)


   2020-08-28 21:07:20 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6315 - requested by wiz
security/tor-browser-noscript: dependent update

Revisions pulled up:
- security/tor-browser-noscript/Makefile                        1.5
- security/tor-browser-noscript/distinfo                        1.5

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Aug 26 20:08:15 UTC 2020

   Modified Files:
   	pkgsrc/security/tor-browser-noscript: Makefile distinfo

   Log message:
   tor-browser-noscript: update to 11.0.41.

   v 11.0.41rc2
   ============================================================
   x More precise event suppression mechanism
   x Fixed regression: events suppressed on file:// pages
     unless scripts are allowed
   x Updated TLDs

   v 11.0.41rc2
   ============================================================
   x More precise event suppression mechanism

   v 11.0.41rc1
   ============================================================
   x Fixed regression: events suppressed on file:// pages
     unless scripts are allowed
   x Updated TLDs

   v 11.0.40
   ============================================================
   x Avoid synchronous policy fetching whenever possible
     (fixes multiple issues)

   v 11.0.40rc2
   ============================================================
   x Avoid synchronous policy fetching whenever possible

   v 11.0.40rc1
   ============================================================
   x Handle edge case in file:// pages: policy change and
     reload before DOMContentLoaded

   v 11.0.39
   ============================================================
   x Fix reload loops on broken file: HTML documents (thanks
     bernie for report)
   x [XSS] Updated HTML event attributes
   x Local policy fallback for file: and ftp: URLs using
     window.name rather than sessionStorage
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Added "Revoke temporary permissions on NoScript updates,
      even if the browser is not restarted" advanced option
   x Let temporary permissions survive NoScript updates
     (shameless hack)
   x Fixed some traps around Messages abstraction
   x Ignore search / hash on policy matching of domain-less
     URLs (e.g. file:///...)
   x Updated TLDs
   x Fixed automatic scrolling hampers usability on long sites
     lists in popup
   x Better timing for event attributes removal/restore
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)

   v 11.0.39rc8
   ============================================================
   x Several hacks to make non-distruptive updates compatible
     with Chromium
   x Tighten localPolicy persistence mechanism during reloads

   v 11.0.39rc7
   ============================================================
   x Temporary settings survival more resilient and compatible
     with Fenix
   x [L10n] Updated es

   v 11.0.39rc6
   ============================================================
   x Fix reload loops on broken file: HTML documents (thanks
     bernie for report)
   x [XSS] Updated HTML event attributes

   v 11.0.39rc5
   ============================================================
   x Local policy fallback for file: and ftp: URLs using
     window.name rather than sessionStorage
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Renamed option to "Revoke temporary permissions on
     NoScript updates, even if the browser is not restarted"

   v 11.0.39rc4
   ============================================================
   x Added option to forget temporary settings immediately
     whenever NoScript gets updated
   x Fixed regression: file:/// URLs reloaded whenever NoScript
     gets reinstalled / enabled / reloaded
   x More resilient and easy to debug survival data retrieving

   v 11.0.39rc3
   ============================================================
   x Fixed regression causing manual NoScript downgrades to be
     delayed until manual restart

   v 11.0.39rc2
   ============================================================
   x Let temporary permissions survive NoScript updates
     (shameless hack)
   x Fixed some traps around Messages abstraction
   x Ignore search / hash on policy matching of domain-less
     URLs (e.g. file:///...)
   x Removed useless CSS property
   x Updated TLDs

   v 11.0.39rc1
   ============================================================
   x Updated TLDs
   x Fixed automatic scrolling hampers usability on long sites
     lists in popup
   x Fixed typo in vendor-prefixed CSS

   v 11.0.38rc2
   ============================================================
   x Better timing for event attributes removal/restore

   v 11.0.38rc1
   ============================================================
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.38
   ============================================================
   x Better timing for event attributes removal/restore
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.38rc2
   ============================================================
   x Better timing for event attributes removal/restore

   v 11.0.38rc1
   ============================================================
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.37
   ============================================================
   x Simpler and more reliable sendSyncMessage implementation
     and usage
   x sendSyncMessage support for multiple suspension requests
     (should fix extension script injection issues)
   x Updated TLDs

   v 11.0.37rc3
   ============================================================
   x Simpler and more reliable sendSyncMessage implementation
     and usage
   x Updated TLDs

   v 11.0.37rc2
   ============================================================
   x SyncMessage suspending on DOM modification as well
   x Updated TLDs

   v 11.0.37rc1
   ============================================================
   x Updated TLDs
   x sendSyncMessage support for multiple suspension requests
     (should fix extension script injection issues)

   v 11.0.36
   ============================================================
   x Fixed regression: temporary permissions revocation not
     working anymore on privileged pages
   x SendSyncMessage script execution safety net more
     compatible with other extensions (e.g. BlockTube)

   v 11.0.35
   ============================================================
   x Avoid unnecessary reloads on temporary permissions
     revocation
   x [UI] Removed accidental cyan background for site labels
   x [L10n] Updated es
   x Work-around for conflict with extensions inserting
     elements into content pages' DOM early
   x [XSS] Updated HTML events
   x Updated TLDs
   x Fixed buggy policy references in the Options dialog
   x More accurate NOSCRIPT element emulation
   x Anticipate onScriptDisabled surrogates to first script-src
     'none' CSP violation
   x isTrusted checks for all the content events
   x Improved look in mobile portrait mode
   x Let SyncMessage prevent undesired script execution
     scheduled during suspension

   v 11.0.35rc4
   ============================================================
   x Avoid unnecessary reloads on temporary permissions
     revocation
   x Fixed potentially infinite loop in SyncMessage Firefox
     implementation
   x [UI] Removed accidental cyan background for site labels
   x [L10n] Updated es

   v 11.0.35rc3
   ============================================================
   x Work-around for conflict with extensions inserting
     elements into content pages' DOM early
   x [XSS] Updated HTML events

   v 11.0.35rc2
   ============================================================
   x Updated TLDs
   x Fixed buggy policy references in the Options dialog
   x More accurate NOSCRIPT element emulation
   x Anticipate onScriptDisabled surrogates to first script-src
     'none' CSP violation
   x isTrusted checks for all the content events
   x Improved look in mobile portrait mode

   v 11.0.35rc1
   ============================================================
   x Let SyncMessage prevent undesired script execution
     scheduled during suspension
   2020-07-30 15:06:33 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6284 - requested by wiz
security/tor-browser-noscript: security fix

Revisions pulled up:
- security/tor-browser-noscript/Makefile                        1.4
- security/tor-browser-noscript/distinfo                        1.4

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Jul 29 07:02:59 UTC 2020

   Modified Files:
   	pkgsrc/security/tor-browser-noscript: Makefile distinfo

   Log message:
   tor-browser-noscript: update to 11.0.34.

   v 11.0.34
   ============================================================
   x Fixed regression breaking network-based CSP injection

   v 11.0.33
   ============================================================
   x Switch from HTTP to DOM event based CSP reporting in
     compatible browsers
   x [XSS] Updated HTML event attributes
   x Updated TLDs
   2020-07-09 08:27:52 by Benny Siegert | Files touched by this commit (2) | Package updated
Log message:
Pullup ticket #6261 - requested by wiz
security/tor-browser-noscript: security fix

Revisions pulled up:
- security/tor-browser-noscript/Makefile                        1.3
- security/tor-browser-noscript/distinfo                        1.3

---
   Module Name:    pkgsrc
   Committed By:   wiz
   Date:           Fri Jul  3 22:53:52 UTC 2020

   Modified Files:
           pkgsrc/security/tor-browser-noscript: Makefile distinfo

   Log message:
   tor-browser-noscript: update to 11.0.32.

   v 11.0.32
   ============================================================
   x [L10n] Updated it, mk, sv_SE
   x Fixed setting CUSTOM permissions in private mode may cause
     the TRUSTED preset to become temporary
   x Updated TLDs
   x [XSS] Updated HTML 5 events support
   x More compact high contrast appearance

   v 11.0.31
   ============================================================
   x Focus "OK" button on dialog-mode UI
   x Fixed various toolbar buttons DnD issues
   x Updated TLDs
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Fixed very low contrast HTTPS-only label in High Contrast
     mode

   v 11.0.31rc2
   ============================================================
   x Focus "OK" button on dialog-mode UI
   x [L10n] Updated da
   x Fixed various toolbar buttons DnD graphic issues
   x Updated TLDs

   v 11.0.31rc1
   ============================================================
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Fixed very low contrast HTTPS-only label in High Contrast
     mode
   x More precise DnD of toolbar buttons + work-around for
     https://bugzilla.mozilla.org/show_bug.cgi?id=568313