Navigation:
Browse pkgsrc
(this page)
security tor-brow..
CVSweb ] [ 
Homepage ] [ 
RSS ] [ 
Required by ] | 2022-02-16 11:25:15 by Thomas Klausner | Files touched by this commit (2) |
Log message: tor-browser*: reset maintainer |
| 2021-10-26 13:18:07 by Nia Alarie | Files touched by this commit (605) |
Log message: security: Replace RMD160 checksums with BLAKE2s checksums All checksums have been double-checked against existing RMD160 and SHA512 hashes Unfetchable distfiles (fetched conditionally?): ./security/cyrus-sasl/distinfo \ cyrus-sasl-dedad73e5e7a75d01a5f3d5a6702ab8ccd2ff40d.patch.v2 |
| 2021-10-07 16:54:50 by Nia Alarie | Files touched by this commit (606) |
Log message: security: Remove SHA1 hashes for distfiles |
2021-08-15 15:20:11 by Thomas Klausner | Files touched by this commit (2) |  |
Log message: tor-browser-noscript: update to 11.2.11. v 11.2.11 ============================================================ x [nscl] Fixed JavaScript access to CSS rules broken on Chromium when unrestricted CSS is disabled - issue #204 x Prevent Chromium builds from being sent to AMO for signing x [nscl] Fixed CPU/RAM overload on some pages with unrestricted CSS disabled but scripting enabled (not recommended setting) - issue #194, issue #199 x [nscl] Fixed CPU spikes on Chromium triggered by automatic file downloads (thanks ptheborg for report) v 11.2.10 ============================================================ x Cross-browser file naming consistency, in spite of version numbering incompatibilities x [nscl] Fix for potential race conditions on certain page transitions (issue #205) x Handle exception when accessing navigator.serviceWorker on sandboxed frames x MS Edge support v 11.2.9 ============================================================ x [L10n] Updated de, mk x Replace deprecated extension.getURL() with runtime.getURL() x REUSE-compliant licensing boilerplate x Remove unused/refactored-out files x Relicensing as GPL3+ x [nscl] Fixed infinite recursion issue on window.open wrappers x Avoid treating JavaScript files as embeddings when opened as top-level documents |
| 2021-06-07 16:03:14 by Thomas Klausner | Files touched by this commit (2) | |
Log message: tor-browser-noscript: update to 11.2.8. v 11.2.8 ============================================================ x Quiet down unnecessary debug logging (issue #191) x [L10n] Updated he, de x Fix meta refresh sometimes ignored on Firefox 78 ESR (issue #192, thanks hackerncoder for report) x Chromium-specific build-time customizations v 11.2.8rc2 ============================================================ x Quiet down unnecessary debug logging (issue #191) x [L10n] Updated he v 11.2.8rc1 ============================================================ x Fix meta refresh sometimes ignored on Firefox 78 ESR (issue #192, thanks hackerncoder for report) x [l10n] Updated de x Chromium-specific build-time customizations v 11.2.7 ============================================================ x Better prompt layout (no accidental scrollbar) x [nscl] Fix regression causing media patches to break some pages (thanks l0drex for report, issue #189) v 11.2.6 ============================================================ x [nscl] Various webgl blocking enhancements x Remove also sticky-positioned elements with click+DEL on scriptless pages (thanks skriptimaahinen for RFE) x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW x Fixed race condition causing external CSS not to be rendered sometimes when unrestricted CSS is disabled x Avoid document rewriting for noscript meta refresh emulation in most cases x [nscl] Fixed XHTML pages broken when served with application/xml MIME type and no "object" capability x [nscl] Switch early content script configuration to use /nscl/service/DocStartInjection.js x Configurable "unrestricted CSS" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) x [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (thanks barbaz for report) x [XSS] Increased sensitivity and specificity of risky operator pre-checks v 11.2.6rc1 ============================================================ x [nscl] Various webgl blocking enhancements x Remove also sticky-positioned elements with click+DEL on scriptless pages (thanks skriptimaahinen for RFE) v 11.2.5rc6 ============================================================ x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW x Policy retrieval origin fine tuning v 11.2.5rc5 ============================================================ x Fixed hook not taking in account experimental webgl contexts (issue #187, thanks roman567e45 for report) v 11.2.5rc4 ============================================================ x Fixed regression in NOSCRIPT emulation (thanks barbaz for reporting) v 11.2.5rc3 ============================================================ x Fixed race condition causing external CSS not to be rendered sometimes when unrestricted CSS is disabled x Rename "unchecked CSS" capability to "unrestricted CSS" x Avoid document rewriting for noscript meta refresh emulation in most cases v 11.2.5rc2 ============================================================ x [nscl] Minor fixes from the library x [nscl] Fixed XHTML pages broken when served with application/xml MIME type and no "object" capability x [nscl] Switch early content script configuration to use /nscl/service/DocStartInjection.js x [nscl] Refactored ContentScriptOnce.js to the library x Rename the "csspp0" capability to "unchecked_css" v 11.2.5rc1 ============================================================ x Configurable "csspp0" capability to for sites where the CSS PP0 mitigation should be disabled (e.g TRUSTED) x [nscl] Fix CSS PP0 mitigation still interfering with some WebExtensions (thanks barbaz for report) x [XSS] Increased sensitivity and specificity of risky operator pre-checks |
| 2021-04-01 00:00:06 by Thomas Klausner | Files touched by this commit (2) | |
Log message: tor-browser-noscript: update to 11.2.4. v 11.2.4 ============================================================ x CSS resources prefetching as a mitigation against CSS PP0 (https://github.com/Yossioren/pp0) x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR, ru, sq, tr, zh_CN x [nscl] Inteception of webgl context creation in OffscreenCanvas too x Fixed configuration upgrades not applied on manual updates (thanks Nan for reporting) x Mitigation for misbehaving pages repeating failed requests in a tight loop x [UI] More understandable label for the cascading restrictions option x [nscl] More refactoring out in NoScript Commons Library x [nscl] patchWindow improvements v 11.2.4rc5 ============================================================ x [nscl] Inteception of webgl context creation in OffscreenCanvas too x Fixed regression: Site Info broken by NSCL refactoring v 11.2.4rc4 ============================================================ x [nscl] Fixed unmerged NetCSP "extra" headers always undefined x HTML event atoms reorder in Mozilla sources v 11.2.4rc3 ============================================================ x Avoid stack trace generation for debugging purposes on release builds x More selective CSS PP0 protection, excluded on the Tor Browser where it's unneeded and easier to test/debug on dev builds x Make isTorBrowser information available in child policy x Prevent console noise on startup with privileged tabs x [nscl] More refactoring out in NoScript Commons Library v 11.2.4rc2 ============================================================ x [nscl] Switch to NSCL for messaging x [nscl] Rollback unneded window.opener patching (thanks skriptimaahinen for insight) x CSS PP0 mitigation: cross-site stylesheets on scriptless pages, one resource per host x Limit CSS PP0 mitigation to scriptless pages and prefetch only cross-site resources v 11.2.4rc1 ============================================================ x CSS resources prefetching as a mitigation against CSS PP0 (https://github.com/Yossioren/pp0) x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR, ru, sq, tr, zh_CN x Fixed configuration upgrades not applied on manual updates (thanks Nan for reporting) x Mitigation for misbehaving pages repeating failed requests in a tight loop x [UI] More understandable label for the cascading restrictions option x [nscl] patchWindow improvements x [nscl] Switch to NSCL's generic inclusion shell script v 11.2.3 ============================================================ x [L10n] Purged non-inclusive terms from obsolete messages x Added red halo feedback in CUSTOM preset for noscript element capability x Fixed missing red halo feedback in CUSTOM preset for inline scripts and other capabilities sometimes x Fixed race condition causing noscript elements not to be rendered sometimes v 11.2.2 ============================================================ x Fixed typo in version checked on noscript capability update. x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW. v 11.2.1 ============================================================ x Configurable capability to show noscript elements on script-disabled pages x [UI] Minor CSS Chromium compatibility fix x [nscl] Refactoring to use Policy and its dependencies from the NoScript Commons Library x Switch to faster and easier to maintain tld.js from nscl x [UI] Fix punycode inconsistencies x [UI] Improve preset and site controls alignment x Provide feedback in the CUSTOM tab for WebGL usage attempts even if the canvas element is not attached to the DOM x [L10n] Updated de, ja x Updated HTML events x Prevent double script on trusted file:// pages in some edge cases x Prevent detection of wrapped functions (e.g. in WebGL interception) on Chromium v 11.2.1rc4 ============================================================ x [UI] Minor CSS Chromium compatibility fix x Configurable capability to show noscript elements on script-disabled pages x [L10n] Updated de v 11.2.1rc3 ============================================================ x [nscl] Improved integration of the NoScript Commons Library x Moved nscl submodule into src x [nscl] Update (restructured tree) x Removed nscl cache directory from src x [nscl] Refactoring to use Policy and its dependencies from the NoScript Commons Library v 11.2.1rc2 ============================================================ x Remove ||= operator which makes AMO's validator explode x Switch to faster and easier to maintain tld.js from nscl x [nscl] Updated with TLD_CACHE removal after usage x [nscl] Updated NoScript Common Library inclusions x Added the NoScript Commons Library (nscl) as a submodule x [UI] Fix punycode inconsistencies x [UI] improve preset and site controls alignment x Updated TLDs x Provide feedback in the CUSTOM tab for WebGL usage attempts even if the canvas element is not attached to the DOM x [L10n] Updated de, ja x Updated HTML events v 11.2.1rc1 ============================================================ x Prevent double script on trusted file:// pages in some edge cases x Updated events archive x Prevent detection of wrapped functions (e.g. in WebGL interception) on Chromium x Updated TLDs x Merge German language update v 11.2 ============================================================ x [XSS] New UI to reveal and selectively remove permanent user choices x [L10n] Updated de x Webgl hook refactored on nscl/content/patchWindow.js and made Chromium-compatibile x Updated TLDs v 11.2rc3 ============================================================ x [XSS] Fixed choice manager UI bug (thanks barbaz for report) v 11.2rc2 ============================================================ x Updated TLDs x [XSS] New UI to reveal and selectively remove permanent user choices v 11.2rc1 ============================================================ x [L10n] Updated de x Webgl hook refactored on nscl/content/patchWindow.js and made Chromium-compatibile x Updated TLDs v 11.1.9 ============================================================ x Return null when webgl is not allowed (thanks Matthew Finkel for patch) x [XSS] Fixed memoization bug resulting in performance degradation on some payloads x [XSS] Include call stack in debugging log output x [XSS] Skip naps when InjectionChecker runs in its own worker x Shortcut for easier XSS filter testing x More lenient filter to add a new entry to per-site permissions x [L10n] Updated de x Replace script-embedded bitmap with css-embedded SVG as the placeholder logo x Updated TLDs x Remove source map reference causing console noise x Fix per-site permissions UI glitches when base domain is added to existing subdomain (thanks barbaz for reporting) v 11.1.9rc5 ============================================================ x Return null when webgl is not allowed (thanks Matthew Finkel for patch) v 11.1.9rc4 ============================================================ x Updated TLDs x [XSS] Fixed memoization bug resulting in performance degradation on some payloads x [XSS] Include call stack in debugging log output x [XSS] Skip naps when InjectionChecker runs in its own worker x Shortcut for easier XSS filter testing v 11.1.9rc3 ============================================================ x More lenient filter to add a new entry to per-site permissions v 11.1.9rc2 ============================================================ x [L10n] Updated de x Better fix for per-site permissions UI glitches (thanks barbaz for reporting) v 11.1.9rc1 ============================================================ x Replace script-embedded bitmap with css-embedded SVG as the placeholder logo x Updated TLDs x Remove source map reference causing console noise x Fix per-site permissions UI glitches when base domain is added to existing subdomain (thanks barbaz for reporting) v 11.1.8 ============================================================ x [XSS] Fix for old pre-screening optimization exploitable to bypass the filter in recent browsers - thanks Tsubasa FUJII (@reinforchu) for reporting x Replace DOM-based entity decoding with the he.js pure JS library x Updated copyright statement x Updated browser-polyfill.js x Removed obsolete fastclick.js dependency x [l10n] Updated de (thanks ib and Musonius) x Updated TLDs |
| 2021-01-03 20:02:52 by Thomas Klausner | Files touched by this commit (2) | |
Log message: tor-browser-noscript: update to 11.1.7. v 11.1.7 ============================================================ x Optimize serviceWorker tracking for heavy tabs usage (thanks vadimm and barbaz for investigation) x Force placeholder visibility on Youtube embeddings x Fixed popup opening being slowed down if options UI is opened (thanks Sirus for report) x Explicit failure for wrong settings importation formats x Updated TLDs v 11.1.7rc3 ============================================================ x Updated TLDs x Optimize serviceWorker tracking for heavy tabs usage (thanks vadimm and barbaz for investigation) x Force placeholder visibility on Youtube embeddings v 11.1.7rc2 ============================================================ x Fixed popup opening being slowed down if options UI is opened (thanks Sirus for report) v 11.1.7rc1 ============================================================ x Explicit failure for wrong settings importation formats v 11.1.6 ============================================================ x Better handling of concurrent prompts issues (thanks billarbor for reporting) x Remove z-index boosting from ancestors when placeholder is collapsed or replaced (issue #162) x Fixed permission keyboard shortcuts being triggered with modifiers like CTRL (thanks barbaz for report) x More accurate blockage reporting, with better filtering of page's own CSP effects x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz for reporting) x Fixed bug in automatic HTML events build-time updates x Updated HTML events x Updated TLDs x [L10n] Updated sv_SE x Better handling 0 width / 0 height media placeholders v 11.1.6rc6 ============================================================ x Better handling of concurrent prompts issues (thanks billarbor for reporting) v 11.1.6rc5 ============================================================ x Remove z-index boosting from ancestors when placeholder is collapsed or replaced (issue #162) v 11.1.6rc4 ============================================================ x Fixed permission keyboard shortcuts being triggered with modifiers like CTRL (thanks barbaz for report) v 11.1.6rc3 ============================================================ x More accurate blockage reporting, with better filtering of page's own CSP effects v 11.1.6rc2 ============================================================ x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz for reporting) x Fixed bug in automatic HTML events build-time updates x Updated HTML events x Updated TLDs v 11.1.6rc1 ============================================================ x Updated TLDs x [L10n] Updated sv_SE x Better handling 0 width / 0 height media placeholders |
| 2020-11-12 22:10:49 by Thomas Klausner | Files touched by this commit (2) | |
Log message: tor-browser-noscript: update to 11.1.5. v 11.1.5 ============================================================ x Updated TLD x Fixed potential infinite loop via DOMContentLoaded x Work-around for Firefox 82 media redirection bug (thanks ppxxbu and skriptimaahinen) x Updated TLDs v 11.1.5rc2 ============================================================ x Updated TLD x Fixed potential infinite loop via DOMContentLoaded v 11.1.5rc1 ============================================================ x Work-around for Firefox 82 media redirection bug (thanks ppxxbu and skriptimaahinen) x Updated TLDs v 11.1.4 ============================================================ x Fixed sloppy CSP media blocker detection breaking MSE blob: media placeholders on Chromium x Fixed race condition causing temporary settings not to survive updates sometimes x Updated TLDs x [Mobile] Improved prompts appearance on Android v 11.1.4rc3 ============================================================ x Fixed sloppy CSP media blocker detection breaking MSE blob: media placeholders on Chromium v 11.1.4rc2 ============================================================ x Fixed race condition causing temporary settings not to survive updates sometimes v 11.1.4rc1 ============================================================ x Updated TLDs x [Mobile] Improved prompts appearance on Android |
New packages: