From 47cd0f254ce32843902579b1bc62d09110a271f3 Mon Sep 17 00:00:00 2001 From: bsiegert Date: Fri, 28 Aug 2020 19:07:20 +0000 Subject: Pullup ticket #6315 - requested by wiz security/tor-browser-noscript: dependent update Revisions pulled up: - security/tor-browser-noscript/Makefile 1.5 - security/tor-browser-noscript/distinfo 1.5 --- Module Name: pkgsrc Committed By: wiz Date: Wed Aug 26 20:08:15 UTC 2020 Modified Files: pkgsrc/security/tor-browser-noscript: Makefile distinfo Log Message: tor-browser-noscript: update to 11.0.41. v 11.0.41rc2 ============================================================ x More precise event suppression mechanism x Fixed regression: events suppressed on file:// pages unless scripts are allowed x Updated TLDs v 11.0.41rc2 ============================================================ x More precise event suppression mechanism v 11.0.41rc1 ============================================================ x Fixed regression: events suppressed on file:// pages unless scripts are allowed x Updated TLDs v 11.0.40 ============================================================ x Avoid synchronous policy fetching whenever possible (fixes multiple issues) v 11.0.40rc2 ============================================================ x Avoid synchronous policy fetching whenever possible v 11.0.40rc1 ============================================================ x Handle edge case in file:// pages: policy change and reload before DOMContentLoaded v 11.0.39 ============================================================ x Fix reload loops on broken file: HTML documents (thanks bernie for report) x [XSS] Updated HTML event attributes x Local policy fallback for file: and ftp: URLs using window.name rather than sessionStorage x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW x Added "Revoke temporary permissions on NoScript updates, even if the browser is not restarted" advanced option x Let temporary permissions survive NoScript updates (shameless hack) x Fixed some traps around Messages abstraction x Ignore search / hash on policy matching of domain-less URLs (e.g. file:///...) x Updated TLDs x Fixed automatic scrolling hampers usability on long sites lists in popup x Better timing for event attributes removal/restore x Work-arounds for edge cases in synchronous page loads bypassing webRequest (thanks skriptimaahinen) v 11.0.39rc8 ============================================================ x Several hacks to make non-distruptive updates compatible with Chromium x Tighten localPolicy persistence mechanism during reloads v 11.0.39rc7 ============================================================ x Temporary settings survival more resilient and compatible with Fenix x [L10n] Updated es v 11.0.39rc6 ============================================================ x Fix reload loops on broken file: HTML documents (thanks bernie for report) x [XSS] Updated HTML event attributes v 11.0.39rc5 ============================================================ x Local policy fallback for file: and ftp: URLs using window.name rather than sessionStorage x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW x Renamed option to "Revoke temporary permissions on NoScript updates, even if the browser is not restarted" v 11.0.39rc4 ============================================================ x Added option to forget temporary settings immediately whenever NoScript gets updated x Fixed regression: file:/// URLs reloaded whenever NoScript gets reinstalled / enabled / reloaded x More resilient and easy to debug survival data retrieving v 11.0.39rc3 ============================================================ x Fixed regression causing manual NoScript downgrades to be delayed until manual restart v 11.0.39rc2 ============================================================ x Let temporary permissions survive NoScript updates (shameless hack) x Fixed some traps around Messages abstraction x Ignore search / hash on policy matching of domain-less URLs (e.g. file:///...) x Removed useless CSS property x Updated TLDs v 11.0.39rc1 ============================================================ x Updated TLDs x Fixed automatic scrolling hampers usability on long sites lists in popup x Fixed typo in vendor-prefixed CSS v 11.0.38rc2 ============================================================ x Better timing for event attributes removal/restore v 11.0.38rc1 ============================================================ x Work-arounds for edge cases in synchronous page loads bypassing webRequest (thanks skriptimaahinen) x [L10n] Updated bn v 11.0.38 ============================================================ x Better timing for event attributes removal/restore x Work-arounds for edge cases in synchronous page loads bypassing webRequest (thanks skriptimaahinen) x [L10n] Updated bn v 11.0.38rc2 ============================================================ x Better timing for event attributes removal/restore v 11.0.38rc1 ============================================================ x Work-arounds for edge cases in synchronous page loads bypassing webRequest (thanks skriptimaahinen) x [L10n] Updated bn v 11.0.37 ============================================================ x Simpler and more reliable sendSyncMessage implementation and usage x sendSyncMessage support for multiple suspension requests (should fix extension script injection issues) x Updated TLDs v 11.0.37rc3 ============================================================ x Simpler and more reliable sendSyncMessage implementation and usage x Updated TLDs v 11.0.37rc2 ============================================================ x SyncMessage suspending on DOM modification as well x Updated TLDs v 11.0.37rc1 ============================================================ x Updated TLDs x sendSyncMessage support for multiple suspension requests (should fix extension script injection issues) v 11.0.36 ============================================================ x Fixed regression: temporary permissions revocation not working anymore on privileged pages x SendSyncMessage script execution safety net more compatible with other extensions (e.g. BlockTube) v 11.0.35 ============================================================ x Avoid unnecessary reloads on temporary permissions revocation x [UI] Removed accidental cyan background for site labels x [L10n] Updated es x Work-around for conflict with extensions inserting elements into content pages' DOM early x [XSS] Updated HTML events x Updated TLDs x Fixed buggy policy references in the Options dialog x More accurate NOSCRIPT element emulation x Anticipate onScriptDisabled surrogates to first script-src 'none' CSP violation x isTrusted checks for all the content events x Improved look in mobile portrait mode x Let SyncMessage prevent undesired script execution scheduled during suspension v 11.0.35rc4 ============================================================ x Avoid unnecessary reloads on temporary permissions revocation x Fixed potentially infinite loop in SyncMessage Firefox implementation x [UI] Removed accidental cyan background for site labels x [L10n] Updated es v 11.0.35rc3 ============================================================ x Work-around for conflict with extensions inserting elements into content pages' DOM early x [XSS] Updated HTML events v 11.0.35rc2 ============================================================ x Updated TLDs x Fixed buggy policy references in the Options dialog x More accurate NOSCRIPT element emulation x Anticipate onScriptDisabled surrogates to first script-src 'none' CSP violation x isTrusted checks for all the content events x Improved look in mobile portrait mode v 11.0.35rc1 ============================================================ x Let SyncMessage prevent undesired script execution scheduled during suspension --- security/tor-browser-noscript/Makefile | 4 ++-- security/tor-browser-noscript/distinfo | 10 +++++----- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/security/tor-browser-noscript/Makefile b/security/tor-browser-noscript/Makefile index c434c6ffed9..c68bb46e11c 100644 --- a/security/tor-browser-noscript/Makefile +++ b/security/tor-browser-noscript/Makefile @@ -1,6 +1,6 @@ -# $NetBSD: Makefile,v 1.2.2.2 2020/07/30 13:06:33 bsiegert Exp $ +# $NetBSD: Makefile,v 1.2.2.3 2020/08/28 19:07:20 bsiegert Exp $ -VERSION= 11.0.34 +VERSION= 11.0.41 DISTNAME= noscript-${VERSION} PKGNAME= tor-browser-${DISTNAME} CATEGORIES= security www diff --git a/security/tor-browser-noscript/distinfo b/security/tor-browser-noscript/distinfo index 56494347001..5299248064a 100644 --- a/security/tor-browser-noscript/distinfo +++ b/security/tor-browser-noscript/distinfo @@ -1,6 +1,6 @@ -$NetBSD: distinfo,v 1.2.2.2 2020/07/30 13:06:33 bsiegert Exp $ +$NetBSD: distinfo,v 1.2.2.3 2020/08/28 19:07:20 bsiegert Exp $ -SHA1 (noscript-11.0.34.xpi) = 0bd3b80832cf628a0b4e579fcc1fc50ccc8ed4af -RMD160 (noscript-11.0.34.xpi) = 47ebd45c34a84ed545b6f1457e476778206038f8 -SHA512 (noscript-11.0.34.xpi) = 1732b2763d365edbbab95360c959d03216d31869f9125de7f99ee444687aef3bf7960196378dab79fd8e05776616ce4ae7ac36d46a19d895c80018891827dada -Size (noscript-11.0.34.xpi) = 587588 bytes +SHA1 (noscript-11.0.41.xpi) = 8ef865cb7c67b0529be8812456410e5bbe8ba39f +RMD160 (noscript-11.0.41.xpi) = b6052099a375ae3feca989977ecfb5af9b14f77c +SHA512 (noscript-11.0.41.xpi) = d28dfe02881d6e2bfcc89dc6e1cfe76e2d8167c0dcfed0a2cf556810522b84d052ca02bd21f73f572d923582e583f243f87895cf724af74407a217b17aef62f2 +Size (noscript-11.0.41.xpi) = 594369 bytes -- cgit v1.2.3