Commit graph

10849 commits

Author SHA1 Message Date
nia
02c822bf31 stunnel: Update to 5.57
### Version 5.57, 2020.10.11, urgency: HIGH
* Security bugfixes
  - The "redirect" option was fixed to properly
    handle "verifyChain = yes" (thx to Rob Hoes).
  - OpenSSL DLLs updated to version 1.1.1h.
* New features
  - New securityLevel configuration file option.
  - FIPS support for RHEL-based distributions.
  - Support for modern PostgreSQL clients (thx to Bram Geron).
  - Windows tooltip texts updated to mention "stunnel".
  - TLS 1.3 configuration updated for better compatibility.
* Bugfixes
  - Fixed a transfer() loop bug.
  - Fixed memory leaks on configuration reloading errors.
  - DH/ECDH initialization restored for client sections.
  - Delay startup with systemd until network is online.
  - bin\libssp-0.dll removed when uninstalling.
  - A number of testing framework fixes and improvements.
2020-11-24 13:41:57 +00:00
adam
c2a4a7e1b0 py-cryptography py-cryptography_vectors: updated to 3.2.1
3.2.1 - 2020-10-27

Disable blinding on RSA public keys to address an error with some versions of OpenSSL.

3.2 - 2020-10-25

SECURITY ISSUE: Attempted to make RSA PKCS#1v1.5 decryption more constant time, to protect against Bleichenbacher vulnerabilities. Due to limitations imposed by our API, we cannot completely mitigate this vulnerability and a future release will contain a new API which is designed to be resilient to these for contexts where it is required. Credit to Hubert Kario for reporting the issue. CVE-2020-25659
Support for OpenSSL 1.0.2 has been removed. Users on older version of OpenSSL will need to upgrade.
Added basic support for PKCS7 signing (including SMIME) via :class:`~cryptography.hazmat.primitives.serialization.pkcs7.PKCS7SignatureBuilder`.

3.1.1 - 2020-09-22

Updated Windows, macOS, and manylinux wheels to be compiled with OpenSSL 1.1.1h.

3.1 - 2020-08-26

BACKWARDS INCOMPATIBLE: Removed support for idna based :term:`U-label` parsing in various X.509 classes. This support was originally deprecated in version 2.1 and moved to an extra in 2.5.
Deprecated OpenSSL 1.0.2 support. OpenSSL 1.0.2 is no longer supported by the OpenSSL project. The next version of cryptography will drop support for it.
Deprecated support for Python 3.5. This version sees very little use and will be removed in the next release.
backend arguments to functions are no longer required and the default backend will automatically be selected if no backend is provided.
Added initial support for parsing certificates from PKCS7 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates` and :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates` .
Calling update or update_into on :class:`~cryptography.hazmat.primitives.ciphers.CipherContext` with data longer than 231 bytes no longer raises an OverflowError. This also resolves the same issue in :doc:`/fernet`.
3.0 - 2020-07-20

BACKWARDS INCOMPATIBLE: Removed support for passing an :class:`~cryptography.x509.Extension` instance to :meth:`~cryptography.x509.AuthorityKeyIdentifier.from_issuer_subject_key_identifier`, as per our deprecation policy.

BACKWARDS INCOMPATIBLE: Support for LibreSSL 2.7.x, 2.8.x, and 2.9.0 has been removed (2.9.1+ is still supported).

BACKWARDS INCOMPATIBLE: Dropped support for macOS 10.9, macOS users must upgrade to 10.10 or newer.

BACKWARDS INCOMPATIBLE: RSA :meth:`~cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key` no longer accepts public_exponent values except 65537 and 3 (the latter for legacy purposes).

BACKWARDS INCOMPATIBLE: X.509 certificate parsing now enforces that the version field contains a valid value, rather than deferring this check until :attr:`~cryptography.x509.Certificate.version` is accessed.

Deprecated support for Python 2. At the time there is no time table for actually dropping support, however we strongly encourage all users to upgrade their Python, as Python 2 no longer receives support from the Python core team.

If you have trouble suppressing this warning in tests view the :ref:`FAQ entry addressing this issue <faq-howto-handle-deprecation-warning>`.

Added support for OpenSSH serialization format for ec, ed25519, rsa and dsa private keys: :func:`~cryptography.hazmat.primitives.serialization.load_ssh_private_key` for loading and :attr:`~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH` for writing.

Added support for OpenSSH certificates to :func:`~cryptography.hazmat.primitives.serialization.load_ssh_public_key`.

Added :meth:`~cryptography.fernet.Fernet.encrypt_at_time` and :meth:`~cryptography.fernet.Fernet.decrypt_at_time` to :class:`~cryptography.fernet.Fernet`.

Added support for the :class:`~cryptography.x509.SubjectInformationAccess` X.509 extension.

Added support for parsing :class:`~cryptography.x509.SignedCertificateTimestamps` in OCSP responses.

Added support for parsing attributes in certificate signing requests via :meth:`~cryptography.x509.CertificateSigningRequest.get_attribute_for_oid`.

Added support for encoding attributes in certificate signing requests via :meth:`~cryptography.x509.CertificateSigningRequestBuilder.add_attribute`.

On OpenSSL 1.1.1d and higher cryptography now uses OpenSSL's built-in CSPRNG instead of its own OS random engine because these versions of OpenSSL properly reseed on fork.

Added initial support for creating PKCS12 files with :func:`~cryptography.hazmat.primitives.serialization.pkcs12.serialize_key_and_certificates`.
2020-11-24 08:56:55 +00:00
wiz
c5f19aff57 tor-browser-https-everywhere: update to 2020.11.17.
2020.11.17
* Copy URL in EASE interstitial
* Dependapot NPM updates
* CRX distribution scripts for transparency for Edge and Opera
* Port inclusion on allowlist for EASE
* UI change to reflect a global setting
2020-11-23 16:02:22 +00:00
nia
e09a3b68f2 gnome-keyring: Update to 3.36.0
This brings us up to the latest GNOME 3 release. There's too many
changes to easily list.
2020-11-22 21:26:50 +00:00
nia
074952d6e7 seahorse: Update to 3.38.0.1
Too many changes to list. This brings pkgsrc seahorse up to the GNOME 3
version.
2020-11-22 12:04:28 +00:00
nia
73f9f13436 security: Add libpwquality. Based on work by coypu and others in wip.
This is a library for password quality checking and generation of
random passwords that pass the checks.
2020-11-22 11:58:58 +00:00
nia
a9c630c1b3 security: Add cracklib.
CrackLib is a library containing a C function (well, lots of functions
really, but you only need to use one of them) which may be used in a
"passwd"-like program.

The idea is simple: try to prevent users from choosing passwords that
could be guessed by "Crack" by filtering them out, at source.

CrackLib is an offshoot of the the version 5 "Crack" software, and
contains a considerable number of ideas nicked from the new software.
2020-11-22 11:36:31 +00:00
nia
885602e53a libsecret: Update to 0.20.4
0.20.4
 * secret-file-collection: Make MAC comparison constant time [!60]
 * Initialize libgcrypt for SecretFileCollection [!56]
 * meson: Add tests for GIR-based languages [!54]
 * man: Add a bugtracker section to the manpage [!14]
 * meson: add option introspection [!53]
 * Updated translations
2020-11-22 11:34:32 +00:00
nia
c505fcf30a Remove gnome-keyring-manager - obsolete GNOME 2 version 2020-11-21 09:52:47 +00:00
wiz
7b6f3b0e60 polkit: update to 0.118.
--------------
polkit 0.118
--------------

WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.

This is polkit 0.118.

Highlights:
 move to mozjs78
 tarball CI fix

Build requirements

 glib, gobject, gio    >= 2.32
 mozjs-78
 gobject-introspection >= 0.6.2 (optional)
 pam (optional)
 ConsoleKit OR systemd

Changes since polkit 0.117:

 Xi Ruoyao:
    tarball fixup for distcheck

 Valentin David:
    updated dependency to mozjs78

Many thanks to all contributors!

Jan Rybar et al.,
September 8, 2020

--------------
polkit 0.117
--------------

WARNING WARNING WARNING: This is a prerelease on the road to polkit
1.0. Public API might change and certain parts of the code still needs
some security review. Use at your own risk.

This is polkit 0.117.

Highlights:
 Gitlab CI activation - all merge requests are tested before merged
 New Norwegian translation, several other language updates

Build requirements

 glib, gobject, gio    >= 2.32
 mozjs-68
 gobject-introspection >= 0.6.2 (optional)
 pam (optional)
 ConsoleKit OR systemd

Changes since polkit 0.116:

 Bastien Nocera:
    Activated Gitlab CI

 Xi Ruoyao:
    Updated dependency to mozjs68

 Kalev Lember, Jan Rybar
    Memory management fixes

 Anders Jonsson, Karl Ove Hufthammer, Andika Triwidada, Yuri Chornoivan:
    Language updates

Many thanks to all contributors!

Jan Rybar et al.,
July 24, 2020
2020-11-20 17:59:18 +00:00
nia
3f7adfcf1e gcr: Needs autopoint 2020-11-20 11:35:35 +00:00
riastradh
f1aec684bb security/libfido2: Restore NetBSD support. 2020-11-20 05:55:02 +00:00
schmonz
c6e2fac040 Remove DJB_RESTRICTED, no longer used. 2020-11-19 09:35:38 +00:00
riastradh
d930623692 www/firefox*: Use -Og for debug option and -O2 for debug-info option. 2020-11-18 22:38:21 +00:00
adam
1ab7d064e7 gnupg2: updated to 2.2.24
Noteworthy changes in version 2.2.24
------------------------------------

  * Allow Unicode file names on Windows almost everywhere.  Note that
    it is still not possible to use Unicode strings on the command
    line.  This change also fixes a regression in 2.2.22 related to
    non-ascii file names.

  * Fix localized time printing on Windows.

  * gpg: New command --quick-revoke-sig.

  * gpg: Do not use weak digest algos if selected by recipient
    preference during sign+encrypt.

  * gpg: Switch to AES256 for symmetric encryption in de-vs mode.

  * gpg: Silence weak digest warnings with --quiet.

  * gpg: Print new status line CANCELED_BY_USER for a cancel during
    symmetric encryption.

  * gpg: Fix the encrypt+sign hash algo preference selection for
    ECDSA.  This is in particular needed for keys created from
    existing smartcard based keys.

  * agent: Fix secret key import of GnuPG 2.3 generated Ed25519 keys.

  * agent: Keep some permissions of private-keys-v1.d.

  * dirmngr: Align sks-keyservers.netCA.pem use between ntbtls and
    gnutls builds.

  * dirmngr: Fix the pool keyserver case for a single host in the
    pool.

  * scd: Fix the use case of verify_chv2 by CHECKPIN.

  * scd: Various improvements to the ccid-driver.

  * scd: Minor fixes for Yubikey

  * gpgconf: New option --show-versions.

  * w32: Install gpg-check-pattern and example profiles.  Install
    Windows subsystem variant of gpgconf (gpgconf-w32).

  * i18n: Complete overhaul and completion of the Italian translation.
    Thanks to Denis Renzi.

  * Require Libgcrypt 1.8 because 1.7 has long reached end-of-life.
2020-11-18 13:06:44 +00:00
wiz
d017adc401 tor-browser: update to 10.0.5.
This release updates Firefox to 78.5.0esr and updates Tor to 0.4.4.6.
This release includes important security updates to Firefox.

The full changelog since Tor Browser 10.0.4 (Desktop) is:

    Windows + OS X + Linux
        Update Firefox to 78.5.0esr
        Update Tor to 0.4.4.6
        Bug 40212: Add new default obfs4 bridge
2020-11-18 11:43:19 +00:00
nia
d8b7d1b317 gcr: Fix building w/o RLIMIT_MEMLOCK. Don't ./configure twice. 2020-11-17 12:25:16 +00:00
adam
416401b734 easy-rsa: updated to 3.0.8
3.0.8 (2020-09-09)
* Provide --version option
* Version information now within generated certificates like on *nix
* Fixed issue where gen-dh overwrote existing files without warning
* Fixed issue with ED/EC certificates were still signed by RSA
* Added support for export-p8
* Clarified error message
* 2->3 upgrade now errors and prints message when vars isn't found
* Update OpenSSL Windows binaries to 1.1.1g
2020-11-17 12:14:17 +00:00
wiz
5e28fb5271 gsasl: update to 1.8.1.
* Version 1.8.1 (released 2019-08-02) [stable]

** gsasl: IMAP client code now permits empty SASL tokens prefixed with '+'.
Normally servers should send '+ '.  Buggy servers include Microsoft
Exchange.  Reported by Adam Sjøgren.

** GSSAPI client: Now retrieves GSASL_AUTHZID for authorization identity.
** GSSAPI client: Can now transmit an empty/missing authorization identity.
See lib/NEWS for more information.

** Build fixes.
Update of gnulib, including how it is bootstrapped.

** i18n: Updated translations.
2020-11-16 13:05:07 +00:00
schmonz
b0596c2881 Pre-create the build's OBJDIR, to be MAKE_JOBS_SAFE on at least Darwin.
(Otherwise a few objects fail pretty early in the build.) Install the
shared library as .dylib on Darwin. Set MASTER_SITES=${HOMEPAGE}. Sort
PLIST and chmod -x libbearssl.a to quell pkglint warnings.
2020-11-16 07:43:25 +00:00
schmonz
5aa4d5b176 Add a buildlink3.mk. 2020-11-15 21:01:22 +00:00
bsiegert
2915abcd8b Revbump all Go packages after go115 update 2020-11-13 19:26:03 +00:00
wiz
298a6fcc95 tor-browser: update to 10.0.4.
This release updates NoScript to 11.1.5 and includes an important security update to Firefox.

The full changelog since Tor Browser 10.0.2 (Desktop) is:

    Windows + OS X + Linux
        Update NoScript to 11.1.5
        Bug 40021: Keep page shown after Tor Browser update purple
        Bug 40022: EOY November Update - Matching
        Bug 40219: Backport Mozilla Bug 1675905
        Translations update
    Build System
        Windows + OS X + Linux
            Update Go to 1.14.11
            Bug 40141: Include "desktop" in signed tag
2020-11-12 22:24:20 +00:00
wiz
659cc59c65 tor-browser-noscript: update to 11.1.5.
v 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.5rc2
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded

v 11.1.5rc1
============================================================
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
  survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on Android

v 11.1.4rc3
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium

v 11.1.4rc2
============================================================
x Fixed race condition causing temporary settings not to
  survive updates sometimes

v 11.1.4rc1
============================================================
x Updated TLDs
x [Mobile] Improved prompts appearance on Android
2020-11-12 21:10:49 +00:00
wiz
110edf894a tor-browser: merge recent changes from firefox
This includes nia's mprotect patch.

Bump PKGREVISION.
2020-11-12 21:07:45 +00:00
kim
d0a30abf28 acmesh: update to 2.8.7
Changes since 2.8.6:
- Support External Account Binding (EAB)
- Support ZeroSSL.com CA
- Support preferred-chain
- More dns api support
- Adds Docker multi-arch build support

Also remove incorrect (unnecessary) dependency on mozilla-rootcerts.

OK by ryoon@
2020-11-10 19:04:45 +00:00
adam
ded670d4a8 py-josepy: updated to 1.5.0
1.5.0
* Added support for Python 3.9.
* Dropped support for Python 3.5.
* Stopped supporting running tests with ``python setup.py test`` which is
  deprecated in favor of ``python -m pytest``.
2020-11-09 13:38:39 +00:00
adam
6dca5bb71f py-google-auth-oauthlib: updated to 0.4.2
0.4.2:
Bug Fixes
don't open browser if port is occupied
2020-11-09 13:05:15 +00:00
adam
96ad493478 py-google-auth: updated to 1.23.0
1.23.0:

Features

Add custom scopes for access tokens from the metadata service

Bug Fixes

deps: Revert "fix: pin 'aoihttp < 3.7.0dev'
pin 'aoihttp < 3.7.0dev'
remove checks for ancient versions of Cryptography
2020-11-09 13:04:13 +00:00
bsiegert
bea1f7d75a Revbump all Go packages after Go 1.15 update. 2020-11-08 21:59:09 +00:00
mef
f49741c04e (security/gcr) Updated 3.28.0 to 3.38.0
(pkgsrc changes)
 - Add ./autogen.sh for pre-configure:
 - Add following two lines to get the similar PLIST
   CONFIGURE_ARGS+=       --enable-gtk-doc
   .include "../../textproc/gtk-doc/buildlink3.mk"
 - Add following lines to avoid  "msgfmt: unknown option -- desktop" (thanks joerg@)
   .if ${OPSYS} == "NetBSD"
   TOOLS_PLATFORM.msgfmt=
   .endif

(upstream changes)
gcr 3.38.0:
- No changes from 3.37.91

gcr 3.37.91:
- meson: missing dependency on generated oids header [GNOME/gcr#48, GNOME/gcr!57]
- Correct display of key usage extensions [GNOME/gcr#47, GNOME/gcr!56]
- meson: Correctly set internal vapi dependencies [GNOME/gcr!55]
- Cleanup GType boilerplate [GNOME/gcr!53]
- gck: Fixed test failures [GNOME/gcr#42, GNOME/gcr!51, GNOME/gcr!52]
- Updated translations

gcr 3.36.0:
- gcr: Update gtk-doc get_der_data() vfunc [GNOME/gcr!48]
- Updated translations

gcr 3.35.91:
- Mark deprecated functions with G_DEPRECATED [GNOME/gcr#36, GNOME/gcr!47]
- egg-oid: Add comments for translators for new abbrevations [GNOME/gcr#40, GNOME/gcr!45]
- Updated translations

gcr 3.35.90:
- Add support for "NEW CERTIFICATE REQUEST" header [GNOME/gcr!44]
- Add support for GOST certificates [GNOME/gcr!43]
- Rework handling of ASN.1 standard types [GNOME/gcr!42]
- Fix a few regressions in the Meson build [GNOME/gcr!46, 7ba0e00d]
- Add support for g_autoptr [GNOME/gcr!36, GNOME/gcr#16]
- Fixed some compiler warnings [GNOME/gcr!38]
- Updated translations

gcr 3.35.1:
- gcr-certificate: Add (virtual) annotation [GNOME/gcr!35, GNOME/gcr#37]
- Always use G_PARAM_STATIC_STRINGS [GNOME/gcr!31]
- Support Meson build system [GNOME/gcr!11,32,33,34]
- Avoid potential 64-bit pointer aliasing alignment issues [GNOME/gcr!27, GNOME/gcr#34]
- Update README to mention correct environment variables [GNOME/gcr!25]
- build: Use sed for .desktop variables substitution [GNOME/gcr!24]
- Updated translations

gcr 3.34.0:
- gcr-prompt-dialog: Allow the use of mnemonics in the choice label [GNOME/gcr!22]
- Use python3 shebang in ui/icons/render-icons.py [GNOME/gcr!21]
- configure: Use PKG_PROG_PKG_CONFIG instead of reinventing it [GNOME/gcr!20]
- Replace tap-gtester with one that relies on GLib 2.38+ TAP output [GNOME/gcr!19]
- Remove SKS network from keyserver defaults [GNOME/gcr!18]
- Updated translations

gcr 3.33.4:
- Move from intltool to gettext [GNOME/gcr#18]
- Fix parameter type for signal handler causing stack smashing on ppc64le [GNOME/gcr!16]
- cleanup: Don't use deprecated g_type_class_add_private() anymore [GNOME/gcr!12]
- Fix GIR annotations [GNOME/gcr!10]
- Fix hashtable ordering assumptions [GNOME/gcr!9]
- build: Fix gcr-trust symbols not appearing in GIR, and hence also VAPI [GNOME/gcr!7]
- Update gcr_pkcs11_get_trust_{store|lookup}_slot URI checks [GNOME/gcr!5]
- build: Update tap scripts for Python 3 compat [GNOME/gcr!2]
- Updated translations
2020-11-07 07:17:07 +00:00
tnn
65b331c5e1 authelia: fix unfetchable distfile 2020-11-06 18:15:37 +00:00
tnn
8bc17e21e1 add security/authelia 2020-11-06 18:10:41 +00:00
tnn
678aef445a security/authelia: import authelia-4.22.0
Authelia is an open-source authentication and authorization server providing
2-factor authentication and single sign-on (SSO) for your applications via a web
portal. It acts as a companion of reverse proxies like nginx, Traefik or HAProxy
to let them know whether queries should pass through. Unauthenticated user are
redirected to Authelia Sign-in portal instead.
2020-11-06 18:07:54 +00:00
adam
c7434f8034 py-cryptodome: updated to 3.9.9
3.9.9:

Resolved issues
* Fixed ``Crypto.Util.number.size`` for negative numbers.

New features
* Build Python 3.9 wheels on Windows.
2020-11-06 09:12:25 +00:00
nia
0625bb0934 polkit: Enable introspection. Required by gnome-shell. 2020-11-05 17:06:57 +00:00
ryoon
2831546220 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:07:25 +00:00
ryoon
4675ccbc79 *: Recursive revbump from textproc/icu-68.1 2020-11-05 09:06:42 +00:00
wiz
aff4c83661 security/Makefile: add libsecp256k1 2020-11-05 00:40:14 +00:00
js
bd4e438ec6 Add security/libsecp256k1
This is required for newer versions of finance/electrum.

Optimized C library for ECDSA signatures and secret/public key operations on
curve secp256k1.

This library is intended to be the highest quality publicly available library
for cryptography on the secp256k1 curve. However, the primary focus of its
development has been for usage in the Bitcoin system and usage unlike Bitcoin's
may be less well tested, verified, or suffer from a less well thought out
interface. Correct usage requires some care and consideration that the library
is fit for your application's purpose.

Features:
* secp256k1 ECDSA signing/verification and key generation.
* Additive and multiplicative tweaking of secret/public keys.
* Serialization/parsing of secret keys, public keys, signatures.
* Constant time, constant memory access signing and public key generation.
* Derandomized ECDSA (via RFC6979 or with a caller provided function.)
* Very efficient implementation.
* Suitable for embedded systems.
* Optional module for public key recovery.
* Optional module for ECDH key exchange.

Experimental features have not received enough scrutiny to satisfy the standard
of quality of this library but are made available for testing and review by the
community. The APIs of these features should not be considered stable.
2020-11-04 20:32:18 +00:00
schmonz
91311adb43 Not ${PREFIX}/etc, ${PKG_SYSCONFDIR}. 2020-11-02 08:17:43 +00:00
wiz
1d20f6e95f netpgpverify: update to 20201101
Merge:
absorb issuer fingerprint (RFC4880bis 5.2.3.28) in libverify.c
from jhigh from src/

While here, fix build with RELRO and a pkglint warning.

Bump version to 20201101.
2020-11-01 11:28:35 +00:00
wiz
b9b559d225 libgcrypt: update to 1.8.7.
Noteworthy changes in version 1.8.7 (2020-10-23)  [C22/A2/R8]
------------------------------------------------

 * Bug fixes:

   - Support opaque MPI with gcry_mpi_print.  [#4872]

   - Fix extra entropy collection via clock_gettime.  Note that this
     fallback code path is not used on any decent hardware.  [#4966]

   - Allow for a Unicode random seed file on Windows.  [#5098]
2020-10-31 13:51:24 +00:00
wiz
4ad2e085f4 tor-browser: update to 10.0.2.
This release updates Firefox to 78.4.0esr and NoScript to 11.1.3.
This release includes important security updates to Firefox.

Note: Now Javascript on the Safest security level is governed by
NoScript again. It was set as false when on Safest in 9.5a9. The
javascript.enabled preference was reset to true for everyone using
Safest beginning in Tor Browser 10.0 and you must re-set it as
false if that is your preference.
2020-10-31 00:55:27 +00:00
wiz
c43deb3760 tor-browser-noscript: update to 11.1.3.
v 11.1.3
============================================================
x Fixed regression: document media and font restrictions
  always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs

v 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
  computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
  (thanks Horsefly for report)

v 11.1.0
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog
x Improved NOSCRIPT element emulation compatibility with XML
  documents
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Enforce more restrictive CSP on media/object documents
x Better cross-browser media handling
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk

v 11.1.0rc2
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog

v 11.1.0rc1
============================================================
x Improved NOSCRIPT element emulation compatibility with XML
  documents

v 11.0.47rc6
============================================================
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Fixed typo causing CSP-based media blocking to skip
  requests with no content-type header

v 11.0.47rc5
============================================================
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)

v 11.0.47rc4
============================================================
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Updated TLDs
x Enforce more restrictive CSP on media/object documents

v 11.0.47rc3
============================================================
x Better cross-browser media handling
x Improved file: directory path normalization

v 11.0.47rc2
============================================================
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing

v 11.0.47rc1
============================================================
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
2020-10-31 00:54:38 +00:00
ryoon
ccd964f280 keepassxc: Update to 2.6.2
Changelog:
## 2.6.2 (2020-10-21)

### Added

- Add option to keep window always on top to view menu [#5542]
- Move show/hide usernames and passwords to view menu [#5542]
- Add command line options and environment variables for changing the config locations [#5452]
- Include TOTP settings in CSV import/export and add support for ISO datetimes [#5346]

### Changed

- Mask sensitive information in command execution confirmation prompt [#5542]
- SSH Agent: Avoid shortcut conflict on macOS by changing "Add key" to Ctrl+H on all platforms [#5484]
2020-10-29 10:57:55 +00:00
adam
f4fede3bb1 py-authlib: updated to 0.15.2
Version 0.15.2
Fixed httpx authentication bug
2020-10-28 20:00:01 +00:00
mcf
25e3573cb0 mbedtls: avoid implementation-defined find(1) usage
It is implementation-defined whether find(1) replaces {} in arguments
that are not exactly equal to {}, so use a for-loop instead.
2020-10-27 00:06:59 +00:00
schmonz
ad88e85be3 Use archive.org for HOMEPAGE. 2020-10-26 10:34:16 +00:00
schmonz
8f2ea62c2d HOMEPAGE is long dead; use archive.org. Set LICENSE. Document patches. 2020-10-26 10:04:12 +00:00