Hi, I attached a patch that updates the debian/ folder for 5.0.5 (i.e. the latest upstream version).
Cheers, Julian -- () ascii ribbon campaign - against html e-mail /\ - against proprietary attachments
diff --git a/debian/changelog b/debian/changelog index 2f45431b..327d5097 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +mozilla-noscript (5.0.5-0.1) unstable; urgency=medium + + * Non-maintainer upload. + * New upstream version 5.0.5 (Closes: #865279): + - Refresh upstream changelog. + - Refresh patch '0002-remove-websites-from-default-white-list.patch'. + + -- Julian Wollrath <jwollr...@web.de> Tue, 27 Jun 2017 08:41:59 +0200 + mozilla-noscript (2.9.0.14-1) unstable; urgency=medium * New upstream version 2.9.0.14 diff --git a/debian/control b/debian/control index e2ab0a6d..39a90ce1 100644 --- a/debian/control +++ b/debian/control @@ -8,7 +8,7 @@ Uploaders: Damyan Ivanov <d...@debian.org>, Build-Depends: debhelper (>= 8), mozilla-devscripts, node-uglify Standards-Version: 3.9.8 Homepage: http://noscript.net/ -Vcs-Browser: http://anonscm.debian.org/gitweb/?p=pkg-mozext/noscript.git +Vcs-Browser: https://anonscm.debian.org/cgit/pkg-mozext/noscript.git Vcs-Git: git://anonscm.debian.org/pkg-mozext/noscript.git Package: xul-ext-noscript diff --git a/debian/patches/0002-remove-websites-from-default-white-list.patch b/debian/patches/0002-remove-websites-from-default-white-list.patch index d4cf61ba..c08cd3e0 100644 --- a/debian/patches/0002-remove-websites-from-default-white-list.patch +++ b/debian/patches/0002-remove-websites-from-default-white-list.patch @@ -13,13 +13,13 @@ Last-Update: 2013-09-22 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/defaults/preferences/noscript.js b/defaults/preferences/noscript.js -index fecf70f..7a3f66c 100644 +index 42834681..aa3b8074 100644 --- a/defaults/preferences/noscript.js +++ b/defaults/preferences/noscript.js @@ -30,7 +30,7 @@ pref("noscript.showExternalFilters", true); pref("noscript.showTempAllowPage", true); pref("noscript.showAllowPage", true); - pref("noscript.mandatory", "chrome: blob: mediasource: moz-extension: moz-safe-about: about: about:addons about:blocked about:crashes about:feeds about:home about:config about:neterror about:certerror about:memory about:plugins about:preferences about:privatebrowsing about:sessionrestore about:support resource: about:srcdoc"); + pref("noscript.mandatory", "[System+Principal] chrome: blob: mediasource: moz-extension: moz-safe-about: about: about:addons about:blocked about:crashes about:feeds about:home about:config about:neterror about:certerror about:memory about:plugins about:preferences about:privatebrowsing about:sessionrestore about:support resource: about:srcdoc"); -pref("noscript.default", "about:blank about:pocket-signup about:pocket-saved addons.mozilla.org persona.org mozilla.net google.com gstatic.com ajax.googleapis.com maps.googleapis.com paypal.com paypalobjects.com securecode.com securesuite.net firstdata.com firstdata.lv yahoo.com yimg.com yahooapis.com youtube.com ytimg.com googlevideo.com netflix.com nflxext.com nflximg.com nflxvideo.net noscript.net hotmail.com passport.com passport.net passportimages.com live.com live.net outlook.com afx.ms gfx.ms sfx.ms wlxrs.com ajax.aspnetcdn.com bootstrapcdn.com code.jquery.com yandex.st tinymce.cachefly.net"); +pref("noscript.default", "about:blank"); diff --git a/debian/upstream-changelog b/debian/upstream-changelog index 13508afd..56c79287 100644 --- a/debian/upstream-changelog +++ b/debian/upstream-changelog @@ -1,5 +1,422 @@ [+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change +v 5.0.5 +============================================================= +x [XSS] Updated XSS filter with latest Gecko Atoms and ES + features (thanks Maxim Rupp for reporting) ++ [XSS] Added countermeasures against XSS vectors exploiting + Mavo-script template expressions (thanks Krzysztof Kotowicz + and Gareth Heyes for reporting) + +v 5.0.5rc12 +============================================================= +x Fixed reported origins ordering glitch + +v 5.0.5rc11 +============================================================= +x [XSS] Fixed regression in Mavo-script detection (thanks + Gareth Heyes for reporting) + +v 5.0.5rc10 +============================================================= +x [XSS] Brutal crackdown on Mavo-script expressions (thanks + Gareth Heyes for reporting) + +v 5.0.5rc9 +============================================================= +x [XSS] Improved handling of Mavo-script translation edge + cases (thanks Gareth Heyes for reporting) + +v 5.0.5rc8 +============================================================= +x [XSS] More aggressive filter against Mavo-script madness + (thanks Gareth Heyes for reporting) + +v 5.0.5rc7 +============================================================= +x [XSS] Fixed bug in Mavo-script countermeasures (thanks + Gareth Heyes for reporting) + +v 5.0.5rc6 +============================================================= +x [XSS] Further countermeasures against Mavo-script madness + (thanks Gareth Heyes for reporting) + +v 5.0.5rc5 +============================================================= +x Fixed UI synchronization regression take 2 + +v 5.0.5rc4 +============================================================= +x Fixed UI synchronization regression + +v 5.0.5rc3 +============================================================= +x [XSS] Further countermeasures against Mavo-script madness + (thanks Gareth Heyes for reporting) + +v 5.0.5rc2 +============================================================= +x [XSS] Updated XSS filter with latest Gecko Atoms and ES + features (thanks Maxim Rupp for reporting) + +v 5.0.5rc1 +============================================================= ++ [XSS] Added countermeasures against XSS vectors exploiting + Mavo-script template expressions (thanks Krzysztof Kotowicz + for reporting) + +v 5.0.4 +============================================================= ++ [XSS] Added countermeasures against several vectors + exploiting client-side JavaScript templating frameworks + (thanks Krzysztof Kotowicz and Sebastian Lekies for their + research) +x [XSS] Fixed e10s-related regression in window.name + sanitization (thanks Krzysztof Kotowicz for reporting) +x Fixed "Allow local links" breaking file:/// URL loading in + Gecko 53 and above +x Fixed JSON viewer working only on JavaScript-enabled URLs + +v 5.0.4rc3 +============================================================= ++ [XSS] Added countermeasures against several vectors + exploiting client-side JavaScript templating frameworks + (thanks Krzysztof Kotowicz and Sebastian Lekies for their + research) + +v 5.0.4rc2 +============================================================= +x [XSS] Fixed e10s-related regression in window.name + sanitization (thanks Krzysztof Kotowicz for reporting) + +v 5.0.4rc1 +============================================================= +x Fixed "Allow local links" breaking file:/// URL loading in + Gecko 53 and above +x Fixed JSON viewer working only on JavaScript-enabled URLs + +v 5.0.3 +============================================================= +x Fixed global JavaScript enablement for HTTPS sites breaking + the UI (Tor ticket #21923) ++ noscript.webext.enabled preference to control embedded + WebExtension startup +x Fixed XHR regression (thanks Oleksandr Popov for reporting) +x Fixed compatibility issues with some WebExtensions (thanks + Oleksandr Popov for reporting) + +v 5.0.3rc5 +============================================================= +x Fixed global JavaScript enablement for HTTPS sites breaking + the UI (Tor ticket #21923) + +v 5.0.3rc4 +============================================================= +x Adjusted the embedded WebExtension's manifest to reflect + the target version upon whole userbase migration + +v 5.0.3rc3 +============================================================= ++ noscript.webext.enabled preference to control embedded + WebExtension startup + +v 5.0.3rc2 +============================================================= +x Fixed XHR regression (thanks Oleksandr Popov for reporting) + +v 5.0.3rc1 +============================================================= +x Fixed compatibility issues with some WebExtensions (thanks + Oleksandr Popov for reporting) + +v 5.0.2 +============================================================= +x Fixed thumbnails broken even if noscript.bgThumbs.allowed + is true (thanks rick for reporting) +x [e10s] Restored absolutely positioned elements removal by + mousedown + DEL key (broken by e10s) +x Absolutely positioned elements removal by mousedown + DEL + key now working also on whitelisted pages (controlled by + noscript.eraseFloatingElements about:config preference, + thanks MegaWolf for RFE) +x Fixed blocked XHR requests in frames not reflected in the + menu UI (thanks aocab and barbaz for reporting) +x [Locale] Improved nl translation (thanks Kris) + +v 5.0.2rc3 +============================================================= +x Fixed thumbnails broken even if noscript.bgThumbs.allowed + is true (thanks rick for reporting) + +v 5.0.2rc2 +============================================================= +x [e10s] Restored absolutely positioned elements removal by + mousedown + DEL key (broken by e10s) +x Absolutely positioned elements removal by mousedown + DEL + key now working also on whitelisted pages (controlled by + noscript.eraseFloatingElements about:config preference, + thanks MegaWolf for RFE) + +v 5.0.2rc1 +============================================================= +x Fixed blocked XHR requests in frames not reflected in the + menu UI (thanks aocab and barbaz for reporting) +x [Locale] Improved nl translation (thanks Kris) + +v 5.0.1 +============================================================= +x Fixed regression, some sites not being shown in UI +x Fixed recently blocked menu not working on e10s + +v 5.0 +============================================================= ++ Embedded WebExtension +x Dramatically Improved UI synchronization performance impact + on load-intensive web pages (thanks Rob Wu) +x [e10s] Fixed permissions out of sync when content processes + are more than one (thanks Ian Fennel for report) +x [Surrogates] Update google-analytics replacement (thanks + ng4never for reporting and barbaz for implementation) + +v 5.0rc2 +============================================================= +x Dramatically Improved UI synchronization performance impact + on load-intensive web pages (thanks Rob Wu) + +v 5.0rc1 +============================================================= ++ Embedded WebExtension +x [e10s] Fixed permissions out of sync when content processes + are more than one (thanks Ian Fennel for report) +x [Surrogates] Update google-analytics replacement (thanks + ng4never for reporting and barbaz for implementation) + +v 2.9.5.3 +============================================================= +x Fixed https://trac.torproject.org/projects/tor/ticket/20471 +x Fixed FRAME blocking issue on non-e10s browsers +x Fixed incompatibility with LastPass non-AMO version 4.x +x Fixed cross-domain HTTPS requests in the same subdomain + triggering XSS false positives (thanks Robert Aldridge for + reporting) +x ABE sandbox now enforced by CSP sandbox directive (thanks + barbaz for report) +x Fixed sites marked as untrusted could not be reallowed on + the same tab +- removed obsolete noscript.docShellJSBlocking preference + +v 2.9.5.3rc6 +============================================================= +x Fixed https://trac.torproject.org/projects/tor/ticket/20471 +x Fixed FRAME blocking issue on non-e10s browsers + +v 2.9.5.3rc5 +============================================================= +x Fixed incompatibility with LastPass non-AMO version 4.x + +v 2.9.5.3rc4 +============================================================= +x Fixed ABE sandbox overly restrictive on Gecko 50 and above + (thanks fatboy and barbaz for report) + +v 2.9.5.3rc3 +============================================================= +x Fixed UI synchronization issue (thanks Klayton for report) + +v 2.9.5.3rc2 +============================================================= +x Fixed browsers older than Gecko 50 unaffected by ABE's + sandbox action (thanks barbaz for reporting) +x Fixed cross-domain HTTPS requests in the same subdomain + triggering XSS false positives (thanks Robert Aldridge for + reporting) + +v 2.9.5.3rc1 +============================================================= +x ABE sandbox now enforced by CSP sandbox directive (thanks + barbaz for report) +x Fixed sites marked as untrusted could not be reallowed on + the same tab +- removed obsolete noscript.docShellJSBlocking preference + +v 2.9.5.2 +============================================================= +x Fixed Stylish editor breakage (thanks JustAnotherGuy for + reporting +x Fixed media blocking delayed with Tor Browser's "Medium" + Security Sider preset +x Fixed frame blocking issues +x Fixed top-level media loads issues +x Fixed apparent delay in menu UI feedback (thanks mechadon + for reporting) +x Fixed some XSS filter over-sensitivity regressions +x Fixed "Allow local links" causing file:// URLs to fail +x [Locale] Updated nl (thanks Ton) + +v 2.9.5.2rc5 +============================================================= +x Fixed Stylish editor breakage (thanks JustAnotherGuy for + reporting + +v 2.9.5.2rc4 +============================================================= +x Fixed media blocking delayed with Tor Browser's "Medium" + Security Sider preset + +v 2.9.5.2rc3 +============================================================= +x Fixed frame blocking issues +x Fixed top-level media loads issues + +v 2.9.5.2rc2 +============================================================= +x Fixed apparent delay in menu UI feedback (thanks mechadon + for reporting) +x Further XSS positives tweakings + +v 2.9.5.2rc1 +============================================================= +x Fixed some XSS filter over-sensitivity regressions +x Fixed "Allow local links" causing file:// URLs to fail +x [Locale] Updated nl (thanks Ton) + +v 2.9.5.1 +============================================================= +x Fixed some pages not loading on 1st attempt when e10s is + enabled (thanks Semtex for reporting) + +v 2.9.5 +============================================================= ++ Full e10s compatibility +x Fixed big whitelists being reset to default permissions on + e10s-enabled browsers (thanks sabret00the and Internet User + for reporting) +x Better fix for some embedding permissions issues (thanks + barbaz for reporting) +x MediaSource blocking support (Tor Project) +x Better handling of media types loaded as top-level + documents +x Declared (but untested) Palemoon support (thanks barbaz) +x [System Principal] included in the mandatory allowed list +x Fixed allow scripts globally requiring a restart (thanks + FFreestyleRR for reporting +x Fixed embeddings autoreload on e10s-disabled browsers +x Improved autoreload responsiveness and precision +x Fixed IFrame over-blocking bug (thanks G113 for report) +x Fixed sites involved in background requests being not + reported in the UI, even if intercepted and/or blocked ( + thanks GH113 for reporting) +x Fixed typo in PasteHandler (thanks barbaz for reporting) +x Fixed embedding-related automatic reload issues (thanks + barbaz and tmeader for reporting) +x Fixed compatibility regression with Firefox 45 +x [Surrogate] Fixed file:// replacements broken (thanks + barbaz for reporting) +x Fixed typo in XSS filter breaking JSON cross-site requests +x Fixed automatic reload issues (thanks GH113 for reporting) +x Fixed UI not always synchronized on startup (thanks GH113 + for reporting) +x Fixed incompatibilities with older Firefox down to 45 + (thanks barbaz for reporting) +x Fixed automatic reload impossible to be disabled (thanks + GH113 for reporting) +x Fixed UI initially not synced on new windows (thanks GH113 + for reporting) +x Fixed bug in secure cookie enforcement upgrading all the + unsecure cookies on secure connections even if a secure + cookie for the domain existed, increasing chances of + incompatibilities (thanks PDL for reporting) +x Fixed escaping issues in the noscript.js preference file + (thanks PDL for reporting) + +v 2.9.5rc36 +============================================================= +x Fixed big whitelists being reset to default permissions on + e10s-enabled browsers (thanks sabret00the and Internet User + for reporting) + +v 2.9.5rc35 +============================================================= +x Better fix for some embedding permissions issues (thanks + barbaz for reporting) +x MediaSource blocking support (Tor Project) +x Better handling of media types loaded as top-level + documents +x Declared (but untested) Palemoon support (thanks barbaz) + +v 2.9.5rc33 +============================================================= +x [System Principal] included in the mandatory allowed list +^ Partial fix for some embedding permissions issues (barbaz) + +v 2.9.5rc32 +============================================================= +x Fixed allow scripts globally requiring a restart (thanks + FFreestyleRR for reporting + +v 2.9.5rc31 +============================================================= +x Fixed embeddings autoreload on e10s-disabled browsers + +v 2.9.5rc30 +============================================================= +x Improved autoreload responsiveness and precision +x Fixed IFrame over-blocking bug (thanks G113 for report) + +v 2.9.5rc29 +============================================================= +x Fixed sites involved in background requests being not + reported in the UI, even if intercepted and/or blocked ( + thanks GH113 for reporting) +x Fixed typo in PasteHandler (thanks barbaz for reporting) + +v 2.9.5rc28 +============================================================= +x Fixed embedding-related automatic reload issues (thanks + barbaz and tmeader for reporting) + +v 2.9.5rc27 +============================================================= +x Fixed compatibility regression with Firefox 45 + +v 2.9.5rc26 +============================================================= +x [Surrogate] Fixed file:// replacements broken (thanks + barbaz for reporting) + +v 2.9.5rc25 +============================================================= +x Fixed typo in XSS filter breaking JSON cross-site requests + +v 2.9.5rc24 +============================================================= +x Fixed automatic reload issues (thanks GH113 for reporting) + +v 2.9.5rc23 +============================================================= +x Fixed UI not always synchronized on startup (thanks GH113 + for reporting) +x Fixed incompatibilities with older Firefox down to 45 + (thanks barbaz for reporting) + +v 2.9.5rc22 +============================================================= +x Fixed automatic reload impossible to be disabled (thanks + GH113 for reporting) +x Fixed UI initially not synced on new windows (thanks GH113 + for reporting) + +v 2.9.5rc21 +============================================================= ++ Full e10s compatibility +x Fixed bug in secure cookie enforcement upgrading all the + unsecure cookies on secure connections even if a secure + cookie for the domain existed, increasing chances of + incompatibilities (thanks PDL for reporting) +x Fixed escaping issues in the noscript.js preference file + (thanks PDL for reporting) + v 2.9.0.14 ============================================================= x Fixed live bookmarks in Firefox 48 or above
pgpXQJHBGbKYN.pgp
Description: Digitale Signatur von OpenPGP
