pkgsrc/security/tor-browser-noscript
wiz 7851f5b89a tor-browser-noscript: update to 11.2.4.
v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements

v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring

v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
  undefined
x HTML event atoms reorder in Mozilla sources

v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
  release builds
x More selective CSS PP0 protection, excluded on the Tor
  Browser where it's unneeded and easier to test/debug on
  dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library

v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
  skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
  pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
  only cross-site resources

v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script

v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
  element capability
x Fixed missing red halo feedback in CUSTOM preset for
  inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
  rendered sometimes

v 11.2.2
  ============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
  zh_TW.

v 11.2.1
============================================================
x Configurable capability to show noscript elements on
  script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
  edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium

v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
  script-disabled pages
x [L10n] Updated de

v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
  Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library

v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events

v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
  edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium
x Updated TLDs
x Merge German language update

v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
  user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
  report)

v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
  user choices

v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
  permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)

v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing

v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
  permissions

v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
  barbaz for reporting)

v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs
2021-03-31 22:00:06 +00:00
..
DESCR
distinfo tor-browser-noscript: update to 11.2.4. 2021-03-31 22:00:06 +00:00
Makefile tor-browser-noscript: update to 11.2.4. 2021-03-31 22:00:06 +00:00
PLIST