Subject: CVS commit: [pkgsrc-2020Q2] pkgsrc/security/tor-browser-noscript
From: Benny Siegert
Date: 2020-08-28 21:07:20
Message id: 20200828190720.C275DFB27@cvs.NetBSD.org

Log Message:
Pullup ticket #6315 - requested by wiz
security/tor-browser-noscript: dependent update

Revisions pulled up:
- security/tor-browser-noscript/Makefile                        1.5
- security/tor-browser-noscript/distinfo                        1.5

---
   Module Name:	pkgsrc
   Committed By:	wiz
   Date:		Wed Aug 26 20:08:15 UTC 2020

   Modified Files:
   	pkgsrc/security/tor-browser-noscript: Makefile distinfo

   Log Message:
   tor-browser-noscript: update to 11.0.41.

   v 11.0.41rc2
   ============================================================
   x More precise event suppression mechanism
   x Fixed regression: events suppressed on file:// pages
     unless scripts are allowed
   x Updated TLDs

   v 11.0.41rc2
   ============================================================
   x More precise event suppression mechanism

   v 11.0.41rc1
   ============================================================
   x Fixed regression: events suppressed on file:// pages
     unless scripts are allowed
   x Updated TLDs

   v 11.0.40
   ============================================================
   x Avoid synchronous policy fetching whenever possible
     (fixes multiple issues)

   v 11.0.40rc2
   ============================================================
   x Avoid synchronous policy fetching whenever possible

   v 11.0.40rc1
   ============================================================
   x Handle edge case in file:// pages: policy change and
     reload before DOMContentLoaded

   v 11.0.39
   ============================================================
   x Fix reload loops on broken file: HTML documents (thanks
     bernie for report)
   x [XSS] Updated HTML event attributes
   x Local policy fallback for file: and ftp: URLs using
     window.name rather than sessionStorage
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Added "Revoke temporary permissions on NoScript updates,
      even if the browser is not restarted" advanced option
   x Let temporary permissions survive NoScript updates
     (shameless hack)
   x Fixed some traps around Messages abstraction
   x Ignore search / hash on policy matching of domain-less
     URLs (e.g. file:///...)
   x Updated TLDs
   x Fixed automatic scrolling hampers usability on long sites
     lists in popup
   x Better timing for event attributes removal/restore
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)

   v 11.0.39rc8
   ============================================================
   x Several hacks to make non-distruptive updates compatible
     with Chromium
   x Tighten localPolicy persistence mechanism during reloads

   v 11.0.39rc7
   ============================================================
   x Temporary settings survival more resilient and compatible
     with Fenix
   x [L10n] Updated es

   v 11.0.39rc6
   ============================================================
   x Fix reload loops on broken file: HTML documents (thanks
     bernie for report)
   x [XSS] Updated HTML event attributes

   v 11.0.39rc5
   ============================================================
   x Local policy fallback for file: and ftp: URLs using
     window.name rather than sessionStorage
   x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
     ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
     zh_CN, zh_TW
   x Renamed option to "Revoke temporary permissions on
     NoScript updates, even if the browser is not restarted"

   v 11.0.39rc4
   ============================================================
   x Added option to forget temporary settings immediately
     whenever NoScript gets updated
   x Fixed regression: file:/// URLs reloaded whenever NoScript
     gets reinstalled / enabled / reloaded
   x More resilient and easy to debug survival data retrieving

   v 11.0.39rc3
   ============================================================
   x Fixed regression causing manual NoScript downgrades to be
     delayed until manual restart

   v 11.0.39rc2
   ============================================================
   x Let temporary permissions survive NoScript updates
     (shameless hack)
   x Fixed some traps around Messages abstraction
   x Ignore search / hash on policy matching of domain-less
     URLs (e.g. file:///...)
   x Removed useless CSS property
   x Updated TLDs

   v 11.0.39rc1
   ============================================================
   x Updated TLDs
   x Fixed automatic scrolling hampers usability on long sites
     lists in popup
   x Fixed typo in vendor-prefixed CSS

   v 11.0.38rc2
   ============================================================
   x Better timing for event attributes removal/restore

   v 11.0.38rc1
   ============================================================
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.38
   ============================================================
   x Better timing for event attributes removal/restore
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.38rc2
   ============================================================
   x Better timing for event attributes removal/restore

   v 11.0.38rc1
   ============================================================
   x Work-arounds for edge cases in synchronous page loads
     bypassing webRequest (thanks skriptimaahinen)
   x [L10n] Updated bn

   v 11.0.37
   ============================================================
   x Simpler and more reliable sendSyncMessage implementation
     and usage
   x sendSyncMessage support for multiple suspension requests
     (should fix extension script injection issues)
   x Updated TLDs

   v 11.0.37rc3
   ============================================================
   x Simpler and more reliable sendSyncMessage implementation
     and usage
   x Updated TLDs

   v 11.0.37rc2
   ============================================================
   x SyncMessage suspending on DOM modification as well
   x Updated TLDs

   v 11.0.37rc1
   ============================================================
   x Updated TLDs
   x sendSyncMessage support for multiple suspension requests
     (should fix extension script injection issues)

   v 11.0.36
   ============================================================
   x Fixed regression: temporary permissions revocation not
     working anymore on privileged pages
   x SendSyncMessage script execution safety net more
     compatible with other extensions (e.g. BlockTube)

   v 11.0.35
   ============================================================
   x Avoid unnecessary reloads on temporary permissions
     revocation
   x [UI] Removed accidental cyan background for site labels
   x [L10n] Updated es
   x Work-around for conflict with extensions inserting
     elements into content pages' DOM early
   x [XSS] Updated HTML events
   x Updated TLDs
   x Fixed buggy policy references in the Options dialog
   x More accurate NOSCRIPT element emulation
   x Anticipate onScriptDisabled surrogates to first script-src
     'none' CSP violation
   x isTrusted checks for all the content events
   x Improved look in mobile portrait mode
   x Let SyncMessage prevent undesired script execution
     scheduled during suspension

   v 11.0.35rc4
   ============================================================
   x Avoid unnecessary reloads on temporary permissions
     revocation
   x Fixed potentially infinite loop in SyncMessage Firefox
     implementation
   x [UI] Removed accidental cyan background for site labels
   x [L10n] Updated es

   v 11.0.35rc3
   ============================================================
   x Work-around for conflict with extensions inserting
     elements into content pages' DOM early
   x [XSS] Updated HTML events

   v 11.0.35rc2
   ============================================================
   x Updated TLDs
   x Fixed buggy policy references in the Options dialog
   x More accurate NOSCRIPT element emulation
   x Anticipate onScriptDisabled surrogates to first script-src
     'none' CSP violation
   x isTrusted checks for all the content events
   x Improved look in mobile portrait mode

   v 11.0.35rc1
   ============================================================
   x Let SyncMessage prevent undesired script execution
     scheduled during suspension

Files:
RevisionActionfile
1.2.2.3modifypkgsrc/security/tor-browser-noscript/Makefile
1.2.2.3modifypkgsrc/security/tor-browser-noscript/distinfo