NOTICE: This package has been removed from pkgsrc

./security/tor-browser-noscript, Noscript plugin for tor-browser

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ]


Branch: CURRENT, Version: 11.2.11, Package name: tor-browser-noscript-11.2.11, Maintainer: pkgsrc-users

The NoScript Firefox extension provides extra protection for
browsers: this free, open source add-on allows JavaScript, Java,
Flash, and other plugins to be executed only by trusted web sites
of your choice (e.g., your online bank).


Required to build:
[pkgtools/cwrappers]

Master sites:

Filesize: 641.391 KB

Version history: (Expand)


CVS history: (Expand)


   2024-08-04 11:49:02 by Nia Alarie | Files touched by this commit (67) | Package removed
Log message:
Remove unmaintained tor-browser packages

Have not built anywhere for some time and pose an active security
threat to potential users, who are better off using a regular
browser with tor.
   2022-02-16 11:25:15 by Thomas Klausner | Files touched by this commit (2)
Log message:
tor-browser*: reset maintainer
   2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605)
Log message:
security: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

Unfetchable distfiles (fetched conditionally?):
./security/cyrus-sasl/distinfo \ 
cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2
   2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606)
Log message:
security: Remove SHA1 hashes for distfiles
   2021-08-15 15:20:11 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.11.

v 11.2.11
============================================================
x [nscl] Fixed JavaScript access to CSS rules broken on
  Chromium when unrestricted CSS is disabled - issue #204
x Prevent Chromium builds from being sent to AMO for signing
x [nscl] Fixed CPU/RAM overload on some pages with
  unrestricted CSS disabled but scripting enabled (not
  recommended setting) - issue #194, issue #199
x [nscl] Fixed CPU spikes on Chromium triggered by automatic
  file downloads (thanks ptheborg for report)

v 11.2.10
============================================================
x Cross-browser file naming consistency, in spite of version
  numbering incompatibilities
x [nscl] Fix for potential race conditions on certain page
  transitions (issue #205)
x Handle exception when accessing navigator.serviceWorker on
  sandboxed frames
x MS Edge support

v 11.2.9
============================================================
x [L10n] Updated de, mk
x Replace deprecated extension.getURL() with
  runtime.getURL()
x REUSE-compliant licensing boilerplate
x Remove unused/refactored-out files
x Relicensing as GPL3+
x [nscl] Fixed infinite recursion issue on window.open
  wrappers
x Avoid treating JavaScript files as embeddings when opened
  as top-level documents
   2021-06-07 16:03:14 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.8.

v 11.2.8
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he, de
x Fix meta refresh sometimes ignored on Firefox 78 ESR
  (issue #192, thanks hackerncoder for report)
x Chromium-specific build-time customizations

v 11.2.8rc2
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he

v 11.2.8rc1
============================================================
x Fix meta refresh sometimes ignored on Firefox 78 ESR
  (issue #192, thanks hackerncoder for report)
x [l10n] Updated de
x Chromium-specific build-time customizations

v 11.2.7
============================================================
x Better prompt layout (no accidental scrollbar)
x [nscl] Fix regression causing media patches to break some
  pages (thanks l0drex for report, issue #189)

v 11.2.6
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
  scriptless pages (thanks skriptimaahinen for RFE)
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed race condition causing external CSS not to be
  rendered sometimes when unrestricted CSS is disabled
x Avoid document rewriting for noscript meta refresh
  emulation in most cases
x [nscl] Fixed XHTML pages broken when served with
  application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
  /nscl/service/DocStartInjection.js
x Configurable "unrestricted CSS" capability to for sites
  where the CSS PP0 mitigation should be disabled
  (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
  WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
  operator pre-checks

v 11.2.6rc1
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
  scriptless pages (thanks skriptimaahinen for RFE)

v 11.2.5rc6
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Policy retrieval origin fine tuning

v 11.2.5rc5
============================================================
x Fixed hook not taking in account experimental webgl
  contexts (issue #187, thanks roman567e45 for report)

v 11.2.5rc4
============================================================
x Fixed regression in NOSCRIPT emulation (thanks barbaz for
  reporting)

v 11.2.5rc3
============================================================
x Fixed race condition causing external CSS not to be
  rendered sometimes when unrestricted CSS is disabled
x Rename "unchecked CSS" capability to "unrestricted CSS"
x Avoid document rewriting for noscript meta refresh
  emulation in most cases

v 11.2.5rc2
============================================================
x [nscl] Minor fixes from the library
x [nscl] Fixed XHTML pages broken when served with
  application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
  /nscl/service/DocStartInjection.js
x [nscl] Refactored ContentScriptOnce.js to the library
x Rename the "csspp0" capability to "unchecked_css"

v 11.2.5rc1
============================================================
x Configurable "csspp0" capability to for sites where the
  CSS PP0 mitigation should be disabled (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
  WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
  operator pre-checks
   2021-04-01 00:00:06 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.2.4.

v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements

v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring

v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
  undefined
x HTML event atoms reorder in Mozilla sources

v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
  release builds
x More selective CSS PP0 protection, excluded on the Tor
  Browser where it's unneeded and easier to test/debug on
  dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library

v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
  skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
  pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
  only cross-site resources

v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script

v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
  element capability
x Fixed missing red halo feedback in CUSTOM preset for
  inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
  rendered sometimes

v 11.2.2
  ============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
  zh_TW.

v 11.2.1
============================================================
x Configurable capability to show noscript elements on
  script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
  edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium

v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
  script-disabled pages
x [L10n] Updated de

v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
  Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library

v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events

v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
  edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium
x Updated TLDs
x Merge German language update

v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
  user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
  report)

v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
  user choices

v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
  permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)

v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing

v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
  permissions

v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
  barbaz for reporting)

v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs
   2021-01-03 20:02:52 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.7.

v 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs

v 11.1.7rc3
============================================================
x Updated TLDs
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings

v 11.1.7rc2
============================================================
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)

v 11.1.7rc1
============================================================
x Explicit failure for wrong settings importation formats

v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
  page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders

v 11.1.6rc6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)

v 11.1.6rc5
============================================================
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)

v 11.1.6rc4
============================================================
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)

v 11.1.6rc3
============================================================
x More accurate blockage reporting, with better filtering of
  page's own CSP effects

v 11.1.6rc2
============================================================
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs

v 11.1.6rc1
============================================================
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders