Subject: CVS commit: pkgsrc/security/tor-browser-noscript
From: Thomas Klausner
Date: 2020-08-26 22:08:15
Message id: 20200826200815.69C6FFB26@cvs.NetBSD.org
Log Message:
tor-browser-noscript: update to 11.0.41.

v 11.0.41rc2
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
  unless scripts are allowed
x Updated TLDs

v 11.0.41rc2
============================================================
x More precise event suppression mechanism

v 11.0.41rc1
============================================================
x Fixed regression: events suppressed on file:// pages
  unless scripts are allowed
x Updated TLDs

v 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
  (fixes multiple issues)

v 11.0.40rc2
============================================================
x Avoid synchronous policy fetching whenever possible

v 11.0.40rc1
============================================================
x Handle edge case in file:// pages: policy change and
  reload before DOMContentLoaded

v 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
  bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
  window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
   even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
  (shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
  URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
  lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)

v 11.0.39rc8
============================================================
x Several hacks to make non-distruptive updates compatible
  with Chromium
x Tighten localPolicy persistence mechanism during reloads

v 11.0.39rc7
============================================================
x Temporary settings survival more resilient and compatible
  with Fenix
x [L10n] Updated es

v 11.0.39rc6
============================================================
x Fix reload loops on broken file: HTML documents (thanks
  bernie for report)
x [XSS] Updated HTML event attributes

v 11.0.39rc5
============================================================
x Local policy fallback for file: and ftp: URLs using
  window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Renamed option to "Revoke temporary permissions on
  NoScript updates, even if the browser is not restarted"

v 11.0.39rc4
============================================================
x Added option to forget temporary settings immediately
  whenever NoScript gets updated
x Fixed regression: file:/// URLs reloaded whenever NoScript
  gets reinstalled / enabled / reloaded
x More resilient and easy to debug survival data retrieving

v 11.0.39rc3
============================================================
x Fixed regression causing manual NoScript downgrades to be
  delayed until manual restart

v 11.0.39rc2
============================================================
x Let temporary permissions survive NoScript updates
  (shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
  URLs (e.g. file:///...)
x Removed useless CSS property
x Updated TLDs

v 11.0.39rc1
============================================================
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
  lists in popup
x Fixed typo in vendor-prefixed CSS

v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore

v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.38
============================================================
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore

v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.37
============================================================
x Simpler and more reliable sendSyncMessage implementation
  and usage
x sendSyncMessage support for multiple suspension requests
  (should fix extension script injection issues)
x Updated TLDs

v 11.0.37rc3
============================================================
x Simpler and more reliable sendSyncMessage implementation
  and usage
x Updated TLDs

v 11.0.37rc2
============================================================
x SyncMessage suspending on DOM modification as well
x Updated TLDs

v 11.0.37rc1
============================================================
x Updated TLDs
x sendSyncMessage support for multiple suspension requests
  (should fix extension script injection issues)

v 11.0.36
============================================================
x Fixed regression: temporary permissions revocation not
  working anymore on privileged pages
x SendSyncMessage script execution safety net more
  compatible with other extensions (e.g. BlockTube)

v 11.0.35
============================================================
x Avoid unnecessary reloads on temporary permissions
  revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
  elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
  'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
  scheduled during suspension

v 11.0.35rc4
============================================================
x Avoid unnecessary reloads on temporary permissions
  revocation
x Fixed potentially infinite loop in SyncMessage Firefox
  implementation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es

v 11.0.35rc3
============================================================
x Work-around for conflict with extensions inserting
  elements into content pages' DOM early
x [XSS] Updated HTML events

v 11.0.35rc2
============================================================
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
  'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode

v 11.0.35rc1
============================================================
x Let SyncMessage prevent undesired script execution
  scheduled during suspension
Files:
RevisionActionfile
1.5modifypkgsrc/security/tor-browser-noscript/Makefile
1.5modifypkgsrc/security/tor-browser-noscript/distinfo