Next | Query returned 15 messages, browsing 1 to 10 | Previous

History of commit frequency

CVS Commit History:


   2022-02-16 11:25:15 by Thomas Klausner | Files touched by this commit (2)
Log message:
tor-browser*: reset maintainer
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-08-15 15:20:11 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.11.

v 11.2.11
============================================================
x [nscl] Fixed JavaScript access to CSS rules broken on
  Chromium when unrestricted CSS is disabled - issue #204
x Prevent Chromium builds from being sent to AMO for signing
x [nscl] Fixed CPU/RAM overload on some pages with
  unrestricted CSS disabled but scripting enabled (not
  recommended setting) - issue #194, issue #199
x [nscl] Fixed CPU spikes on Chromium triggered by automatic
  file downloads (thanks ptheborg for report)

v 11.2.10
============================================================
x Cross-browser file naming consistency, in spite of version
  numbering incompatibilities
x [nscl] Fix for potential race conditions on certain page
  transitions (issue #205)
x Handle exception when accessing navigator.serviceWorker on
  sandboxed frames
x MS Edge support

v 11.2.9
============================================================
x [L10n] Updated de, mk
x Replace deprecated extension.getURL() with
  runtime.getURL()
x REUSE-compliant licensing boilerplate
x Remove unused/refactored-out files
x Relicensing as GPL3+
x [nscl] Fixed infinite recursion issue on window.open
  wrappers
x Avoid treating JavaScript files as embeddings when opened
  as top-level documents
   2021-06-07 16:03:14 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.8.

v 11.2.8
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he, de
x Fix meta refresh sometimes ignored on Firefox 78 ESR
  (issue #192, thanks hackerncoder for report)
x Chromium-specific build-time customizations

v 11.2.8rc2
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he

v 11.2.8rc1
============================================================
x Fix meta refresh sometimes ignored on Firefox 78 ESR
  (issue #192, thanks hackerncoder for report)
x [l10n] Updated de
x Chromium-specific build-time customizations

v 11.2.7
============================================================
x Better prompt layout (no accidental scrollbar)
x [nscl] Fix regression causing media patches to break some
  pages (thanks l0drex for report, issue #189)

v 11.2.6
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
  scriptless pages (thanks skriptimaahinen for RFE)
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed race condition causing external CSS not to be
  rendered sometimes when unrestricted CSS is disabled
x Avoid document rewriting for noscript meta refresh
  emulation in most cases
x [nscl] Fixed XHTML pages broken when served with
  application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
  /nscl/service/DocStartInjection.js
x Configurable "unrestricted CSS" capability to for sites
  where the CSS PP0 mitigation should be disabled
  (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
  WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
  operator pre-checks

v 11.2.6rc1
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
  scriptless pages (thanks skriptimaahinen for RFE)

v 11.2.5rc6
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Policy retrieval origin fine tuning

v 11.2.5rc5
============================================================
x Fixed hook not taking in account experimental webgl
  contexts (issue #187, thanks roman567e45 for report)

v 11.2.5rc4
============================================================
x Fixed regression in NOSCRIPT emulation (thanks barbaz for
  reporting)

v 11.2.5rc3
============================================================
x Fixed race condition causing external CSS not to be
  rendered sometimes when unrestricted CSS is disabled
x Rename "unchecked CSS" capability to "unrestricted CSS"
x Avoid document rewriting for noscript meta refresh
  emulation in most cases

v 11.2.5rc2
============================================================
x [nscl] Minor fixes from the library
x [nscl] Fixed XHTML pages broken when served with
  application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
  /nscl/service/DocStartInjection.js
x [nscl] Refactored ContentScriptOnce.js to the library
x Rename the "csspp0" capability to "unchecked_css"

v 11.2.5rc1
============================================================
x Configurable "csspp0" capability to for sites where the
  CSS PP0 mitigation should be disabled (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
  WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
  operator pre-checks
   2021-04-01 00:00:06 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.4.

v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements

v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring

v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
  undefined
x HTML event atoms reorder in Mozilla sources

v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
  release builds
x More selective CSS PP0 protection, excluded on the Tor
  Browser where it's unneeded and easier to test/debug on
  dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library

v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
  skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
  pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
  only cross-site resources

v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script

v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
  element capability
x Fixed missing red halo feedback in CUSTOM preset for
  inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
  rendered sometimes

v 11.2.2
  ============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
  zh_TW.

v 11.2.1
============================================================
x Configurable capability to show noscript elements on
  script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
  edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium

v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
  script-disabled pages
x [L10n] Updated de

v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
  Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library

v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events

v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
  edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium
x Updated TLDs
x Merge German language update

v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
  user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
  report)

v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
  user choices

v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
  permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)

v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing

v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
  permissions

v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
  barbaz for reporting)

v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs
   2021-01-03 20:02:52 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.7.

v 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs

v 11.1.7rc3
============================================================
x Updated TLDs
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings

v 11.1.7rc2
============================================================
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)

v 11.1.7rc1
============================================================
x Explicit failure for wrong settings importation formats

v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
  page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders

v 11.1.6rc6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)

v 11.1.6rc5
============================================================
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)

v 11.1.6rc4
============================================================
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)

v 11.1.6rc3
============================================================
x More accurate blockage reporting, with better filtering of
  page's own CSP effects

v 11.1.6rc2
============================================================
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs

v 11.1.6rc1
============================================================
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
   2020-11-12 22:10:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.5.

v 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.5rc2
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded

v 11.1.5rc1
============================================================
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
  survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on Android

v 11.1.4rc3
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium

v 11.1.4rc2
============================================================
x Fixed race condition causing temporary settings not to
  survive updates sometimes

v 11.1.4rc1
============================================================
x Updated TLDs
x [Mobile] Improved prompts appearance on Android
   2020-10-31 01:54:38 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.3.

v 11.1.3
============================================================
x Fixed regression: document media and font restrictions
  always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs

v 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
  computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
  (thanks Horsefly for report)

v 11.1.0
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog
x Improved NOSCRIPT element emulation compatibility with XML
  documents
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Enforce more restrictive CSP on media/object documents
x Better cross-browser media handling
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk

v 11.1.0rc2
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog

v 11.1.0rc1
============================================================
x Improved NOSCRIPT element emulation compatibility with XML
  documents

v 11.0.47rc6
============================================================
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Fixed typo causing CSP-based media blocking to skip
  requests with no content-type header

v 11.0.47rc5
============================================================
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)

v 11.0.47rc4
============================================================
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Updated TLDs
x Enforce more restrictive CSP on media/object documents

v 11.0.47rc3
============================================================
x Better cross-browser media handling
x Improved file: directory path normalization

v 11.0.47rc2
============================================================
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing

v 11.0.47rc1
============================================================
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
   2020-09-23 21:03:10 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.46.

(would have to be pulled up anyway)

v 11.0.46
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
  runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
  (issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
  reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
  every page
x Better emulation of SVG events

v 11.0.45rc5
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
  runnning in subdocuments

v 11.0.45rc4
============================================================
x Fixed deferred scripts in file:// pages may run twice
  (issue #155)

v 11.0.45rc3
============================================================
x Fixed rendering bug with scrolled file:// pages on soft
  reload (thanks Iouri for report)

v 11.0.45rc2
============================================================
x Fixed 11.0.44 regression: ghost media item reported on
  every page

v 11.0.45rc1
============================================================
x Better emulation of SVG events

v 11.0.44
============================================================
x Dispatch synthetic SVGLoad event in soft load when needed
x [L10n] Updated da, es
x Fixed namespacing issues with script replacements
x Fixed media placeholder not shown when blocking Youtube
  movies
x Work around for unpredictable content script execution
  order
x Ensure content of NoScript prompts is always visible
x Fixed soft reload messing with non UTF-8 encodings (thanks
  "Quest" for reporting)
x Updated TLDs
x [XSS] Fixed escape detection bug causing strage false
  positives (thanks Dave Howorth for report)

v 11.0.44rc7
============================================================
x Better reflect event firing order in soft reload emulation

v 11.0.44rc6
============================================================
x [L10n] Updated da
x Dispatch synthetic SVGLoad event in soft load when needed

v 11.0.44rc5
============================================================
x Fixed typo

v 11.0.44rc4
============================================================
x Fixed namespacing issues with script replacements
x Fixed typo in content script ordering work-around

v 11.0.44rc3
============================================================
x Fixed media placeholder not shown when blocking Youtube
  movies
x Work around for unpredictable content script execution
  order
x Ensure content of NoScript prompts is always visible

v 11.0.44rc2
============================================================
x Fixed soft reload messing with non UTF-8 encodings (thanks
  "Quest" for reporting)

v 11.0.44rc1
============================================================
x Updated TLDs
x [L10n] Updated es
x [XSS] Fixed escape detection bug causing strage false
  positives (thanks Dave Howorth for report)
x Fixed markup typo

v 11.0.43
============================================================
x Fix for some race conditions causing corruptions in
  non-HTML non-XML documents

v 11.0.42
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDsm
x Work-around for applying DOM CSP to non-HTML XML documents
  (thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
  as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
  and ftp: special cases

v 11.0.42rc8
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags

v 11.0.42rc7
============================================================
x Updated TLDs
x Let injected CSP prevent onload events from firing on
  unfrozen embedded elements
x Work-around for applying DOM CSP to non-HTML XML documents
  (thanks skriptimaahinen)

v 11.0.42rc6
============================================================
x Document freezing to handle SVG and other XML documents
  impervious to CSP on Mozilla

v 11.0.42rc5
============================================================
x Skip soft reload if not needed

v 11.0.42rc4
============================================================
x XML-compatible soft reload

v 11.0.42rc3
============================================================
x "Soft reload" approach to fix file: and ftp: issues

v 11.0.42rc2
============================================================
x SyncMessage suspending on DOMContentLoaded
x Updated TLDs

v 11.0.42rc1
============================================================
x Refactored and improved syncFetchPolicy fallback for file:
  and ftp: special cases

Next | Query returned 15 messages, browsing 1 to 10 | Previous