[Pkg-mozext-commits] [noscript] 07/11: Refresh upstream changelog

David Prévot taffit at moszumanska.debian.org
Sat Aug 5 18:02:52 UTC 2017 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch master
in repository noscript.

commit a145cde8a53fdb5d74fc2392d7af77e427512e56
Author: David Prévot <david at tilapin.org>
Date:   Sat Aug 5 11:36:26 2017 -0400

    Refresh upstream changelog
---
 debian/upstream-changelog | 558 ++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 558 insertions(+)

diff --git a/debian/upstream-changelog b/debian/upstream-changelog
index 13508af..9780341 100644
--- a/debian/upstream-changelog
+++ b/debian/upstream-changelog
@@ -1,5 +1,563 @@
 [+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change
 
+v 5.0.8.1
+=============================================================
+x [ABE] XHR matches both TYPE_XMLHTTPREQUEST and TYPE_FETCH
+x [ABE] Updated INCLUSION types to match newest specific
+  types from nsIContentType constants. OTHER still matches
+  any type except "historically supported" ones (SCRIPT, CSS,
+  IMAGE, OBJ, OBJSUB, MEDIA, FONT, SUBDOC, XBL, PING, XHR,
+  DTD) for backward compatibility: please use
+  UNKNOWN to match just TYPE_OTHER (i.e. request whose type
+  is not specifically mapped yet by the nsIContentType API).
+x [e10s] Fixed INCLUSION type marked as OTHER for any request
+  when Electrolysis is enabled (thanks barbaz for reporting)
+x [XSS] Fixed excessive recursion causing GC-related hangs on
+  some ads-intensive websites (like der-postillion.de)
+
+v 5.0.8.1rc1
+=============================================================
+x [Surrogate] Fixed google-analytics replacement regression
+  (thanks barbaz)
+
+v 5.0.8rc6
+=============================================================
+x [ABE] Fixed regression: OTHER should not match MEDIA and
+  FONT (thanks barbaz for reporting)
+
+v 5.0.8rc5
+=============================================================
+x [ABE] Fixed regression: OTHER hould not match SCRIPT
+  (thanks barbaz for reporting)
+
+v 5.0.8rc4
+=============================================================
+x [ABE] Fixed regression: HTTP methods HEAD, OPTIONS and
+  TRACE were not matched by ABE's parser grammar anymore
+x [ABE] OTHER now matches any type not mapped by the "static"
+  ABE request types (including newest nsIContentPolicy.TYPE_*
+  constants), while UNKNOWN matches just TYPE_OTHER
+x [ABE] XHR matches both TYPE_XMLHTTPREQUEST and TYPE_FETCH
+
+v 5.0.8rc3
+=============================================================
+x [ABE] Updated INCLUSION types to match newest specific
+  types from nsIContentType constants. OTHER still matches
+  TYPE_WEBSOCKET for backward compatibility, please use
+  UNKNOWN for anything not specifically mapped yet by the
+  nsIContentType API. Thanks barbaz for reporting.
+
+v 5.0.8rc2
+=============================================================
+x [e10s] Fixed INCLUSION type marked as OTHER for any request
+  when Electrolysis is enabled (thanks barbaz for reporting)
+
+v 5.0.8rc1
+=============================================================
+x [XSS] Fixed excessive recursion causing GC-related hangs on
+  some ads-intensive websites (like der-postillion.de)
+
+v 5.0.7.1
+=============================================================
+x [WebExt] Fixed incompatibility with Firefox 54
+x [WebExt] Initiated preference migration via embedded
+WebExtension
+x [e10s] Fixed HTTP redirection issues with e10s enabled
+(thanks PLD for reporting)
+x [Surrogate] Updated googletag replacement (thanks barbaz)
+x Fixed HTML5 Media documents blockage delay if no other
+embedded content is forbidden (thanks Georg Koppen for
+reporting)
+x [XSS] Fixed bug causing false positives (thanks Georg
+Koppen for reporting)
+
+v 5.0.7.1rc1
+=============================================================
+x [WebExt] Fixed incompatibility with Firefox 54
+
+v 5.0.7rc3
+=============================================================
+x [WebExt] Initiated preference migration via embedded
+  WebExtension
+
+v 5.0.7rc2
+=============================================================
+x [e10s] Fixed HTTP redirection issues with e10s enabled
+  (thanks PLD for reporting)
+x [Surrogate] Updated googletag replacement (thanks barbaz)
+x Fixed HTML5 Media documents blockage delay if no other
+  embedded content is forbidden (thanks Georg Koppen for
+  reporting)
+
+v 5.0.7rc1
+=============================================================
+x [XSS] Fixed bug causing false positives (thanks Georg
+  Koppen for reporting)
+
+v 5.0.6
+=============================================================
+x [XSS] Fixed performance regression in handling of big JSON
+  payloads causing the browser to freeze on loading pages
+  with Facebook tracking subframes
+x [Surrogates] Updated ga replacement (thanks barbaz)
+x [L10n] Updated tr (thanks Volkan Gezer)
+x [L10n] Updated de (thanks milupo
+x [XSS] Fixed regression in window.name sanitization
+  (thanks Gareth Heyes for reporting)
+x [XSS] Work-around for Mavo-script operator translation side
+  effects (thanks Gareth Heyes for reporting)
+
+v 5.0.6rc6
+=============================================================
+x [Surrogates] Updated ga replacement (thanks barbaz)
+
+v 5.0.6rc5
+=============================================================
+x [XSS] Fixed performance regression in handling of big JSON
+  payloads causing the browser to freeze on loading pages
+  with Facebook tracking subframes
+x [Surrogates] Updated ga replacement (thanks barbaz)
+x [L10n] Updated tr (thanks Volkan Gezer)
+x [L10n] Updated de (thanks milupo)
+
+v 5.0.6rc4
+=============================================================
+x [XSS] Fixed regression in Mavo expression detection (the
+  fix didn't actually ship in RC3, thanks Gareth Heyes for
+  reporting)
+
+v 5.0.6rc3
+=============================================================
+x [XSS] Fixed regression in Mavo expression detection
+  (thanks Gareth Heyes for reporting)
+
+v 5.0.6rc2
+=============================================================
+x [XSS] Fixed regression in window.name sanitization
+  (thanks Gareth Heyes for reporting)
+
+v 5.0.6rc1
+=============================================================
+x [XSS] Work-around for Mavo-script operator translation side
+  effects (thanks Gareth Heyes for reporting)
+
+v 5.0.5
+=============================================================
+x [XSS] Updated XSS filter with latest Gecko Atoms and ES
+  features (thanks Maxim Rupp for reporting)
++ [XSS] Added countermeasures against XSS vectors exploiting
+  Mavo-script template expressions (thanks Krzysztof Kotowicz
+  and Gareth Heyes for reporting)
+
+v 5.0.5rc12
+=============================================================
+x Fixed reported origins ordering glitch
+
+v 5.0.5rc11
+=============================================================
+x [XSS] Fixed regression in Mavo-script detection (thanks
+  Gareth Heyes for reporting)
+
+v 5.0.5rc10
+=============================================================
+x [XSS] Brutal crackdown on Mavo-script expressions (thanks
+  Gareth Heyes for reporting)
+
+v 5.0.5rc9
+=============================================================
+x [XSS] Improved handling of Mavo-script translation edge
+  cases (thanks Gareth Heyes for reporting)
+
+v 5.0.5rc8
+=============================================================
+x [XSS] More aggressive filter against Mavo-script madness
+  (thanks Gareth Heyes for reporting)
+
+v 5.0.5rc7
+=============================================================
+x [XSS] Fixed bug in Mavo-script countermeasures (thanks
+  Gareth Heyes for reporting)
+
+v 5.0.5rc6
+=============================================================
+x [XSS] Further countermeasures against Mavo-script madness
+  (thanks Gareth Heyes for reporting)
+
+v 5.0.5rc5
+=============================================================
+x Fixed UI synchronization regression take 2
+
+v 5.0.5rc4
+=============================================================
+x Fixed UI synchronization regression
+
+v 5.0.5rc3
+=============================================================
+x [XSS] Further countermeasures against Mavo-script madness
+  (thanks Gareth Heyes for reporting)
+
+v 5.0.5rc2
+=============================================================
+x [XSS] Updated XSS filter with latest Gecko Atoms and ES
+  features (thanks Maxim Rupp for reporting)
+
+v 5.0.5rc1
+=============================================================
++ [XSS] Added countermeasures against XSS vectors exploiting
+  Mavo-script template expressions (thanks Krzysztof Kotowicz
+  for reporting)
+
+v 5.0.4
+=============================================================
++ [XSS] Added countermeasures against several vectors
+  exploiting client-side JavaScript templating frameworks
+  (thanks Krzysztof Kotowicz and Sebastian Lekies for their
+  research)
+x [XSS] Fixed e10s-related regression in window.name
+  sanitization (thanks Krzysztof Kotowicz for reporting)
+x Fixed "Allow local links" breaking file:/// URL loading in
+  Gecko 53 and above
+x Fixed JSON viewer working only on JavaScript-enabled URLs
+
+v 5.0.4rc3
+=============================================================
++ [XSS] Added countermeasures against several vectors
+  exploiting client-side JavaScript templating frameworks
+  (thanks Krzysztof Kotowicz and Sebastian Lekies for their
+  research)
+
+v 5.0.4rc2
+=============================================================
+x [XSS] Fixed e10s-related regression in window.name
+  sanitization (thanks Krzysztof Kotowicz for reporting)
+
+v 5.0.4rc1
+=============================================================
+x Fixed "Allow local links" breaking file:/// URL loading in
+  Gecko 53 and above
+x Fixed JSON viewer working only on JavaScript-enabled URLs
+
+v 5.0.3
+=============================================================
+x Fixed global JavaScript enablement for HTTPS sites breaking
+  the UI (Tor ticket #21923)
++ noscript.webext.enabled preference to control embedded
+  WebExtension startup
+x Fixed XHR regression (thanks Oleksandr Popov for reporting)
+x Fixed compatibility issues with some WebExtensions (thanks
+  Oleksandr Popov for reporting)
+
+v 5.0.3rc5
+=============================================================
+x Fixed global JavaScript enablement for HTTPS sites breaking
+  the UI (Tor ticket #21923)
+
+v 5.0.3rc4
+=============================================================
+x Adjusted the embedded WebExtension's manifest to reflect
+  the target version upon whole userbase migration
+
+v 5.0.3rc3
+=============================================================
++ noscript.webext.enabled preference to control embedded
+  WebExtension startup
+
+v 5.0.3rc2
+=============================================================
+x Fixed XHR regression (thanks Oleksandr Popov for reporting)
+
+v 5.0.3rc1
+=============================================================
+x Fixed compatibility issues with some WebExtensions (thanks
+  Oleksandr Popov for reporting)
+
+v 5.0.2
+=============================================================
+x Fixed thumbnails broken even if noscript.bgThumbs.allowed
+  is true (thanks rick for reporting)
+x [e10s] Restored absolutely positioned elements removal by
+  mousedown + DEL key (broken by e10s)
+x Absolutely positioned elements removal by mousedown + DEL
+  key now working also on whitelisted pages (controlled by
+  noscript.eraseFloatingElements about:config preference,
+  thanks MegaWolf for RFE)
+x Fixed blocked XHR requests in frames not reflected in the
+  menu UI (thanks aocab and barbaz for reporting)
+x [Locale] Improved nl translation (thanks Kris)
+
+v 5.0.2rc3
+=============================================================
+x Fixed thumbnails broken even if noscript.bgThumbs.allowed
+  is true (thanks rick for reporting)
+
+v 5.0.2rc2
+=============================================================
+x [e10s] Restored absolutely positioned elements removal by
+  mousedown + DEL key (broken by e10s)
+x Absolutely positioned elements removal by mousedown + DEL
+  key now working also on whitelisted pages (controlled by
+  noscript.eraseFloatingElements about:config preference,
+  thanks MegaWolf for RFE)
+
+v 5.0.2rc1
+=============================================================
+x Fixed blocked XHR requests in frames not reflected in the
+  menu UI (thanks aocab and barbaz for reporting)
+x [Locale] Improved nl translation (thanks Kris)
+
+v 5.0.1
+=============================================================
+x Fixed regression, some sites not being shown in UI
+x Fixed recently blocked menu not working on e10s
+
+v 5.0
+=============================================================
++ Embedded WebExtension
+x Dramatically Improved UI synchronization performance impact
+  on load-intensive web pages (thanks Rob Wu)
+x [e10s] Fixed permissions out of sync when content processes
+  are more than one (thanks Ian Fennel for report)
+x [Surrogates] Update google-analytics replacement (thanks
+  ng4never for reporting and barbaz for implementation)
+
+v 5.0rc2
+=============================================================
+x Dramatically Improved UI synchronization performance impact
+  on load-intensive web pages (thanks Rob Wu)
+
+v 5.0rc1
+=============================================================
++ Embedded WebExtension
+x [e10s] Fixed permissions out of sync when content processes
+  are more than one (thanks Ian Fennel for report)
+x [Surrogates] Update google-analytics replacement (thanks
+  ng4never for reporting and barbaz for implementation)
+
+v 2.9.5.3
+=============================================================
+x Fixed https://trac.torproject.org/projects/tor/ticket/20471
+x Fixed FRAME blocking issue on non-e10s browsers
+x Fixed incompatibility with LastPass non-AMO version 4.x
+x Fixed cross-domain HTTPS requests in the same subdomain
+  triggering XSS false positives (thanks Robert Aldridge for
+  reporting)
+x ABE sandbox now enforced by CSP sandbox directive (thanks
+  barbaz for report)
+x Fixed sites marked as untrusted could not be reallowed on
+  the same tab
+- removed obsolete noscript.docShellJSBlocking preference
+
+v 2.9.5.3rc6
+=============================================================
+x Fixed https://trac.torproject.org/projects/tor/ticket/20471
+x Fixed FRAME blocking issue on non-e10s browsers
+
+v 2.9.5.3rc5
+=============================================================
+x Fixed incompatibility with LastPass non-AMO version 4.x
+
+v 2.9.5.3rc4
+=============================================================
+x Fixed ABE sandbox overly restrictive on Gecko 50 and above
+  (thanks fatboy and barbaz for report)
+
+v 2.9.5.3rc3
+=============================================================
+x Fixed UI synchronization issue (thanks Klayton for report)
+
+v 2.9.5.3rc2
+=============================================================
+x Fixed browsers older than Gecko 50 unaffected by ABE's
+  sandbox action (thanks barbaz for reporting)
+x Fixed cross-domain HTTPS requests in the same subdomain
+  triggering XSS false positives (thanks Robert Aldridge for
+  reporting)
+
+v 2.9.5.3rc1
+=============================================================
+x ABE sandbox now enforced by CSP sandbox directive (thanks
+  barbaz for report)
+x Fixed sites marked as untrusted could not be reallowed on
+  the same tab
+- removed obsolete noscript.docShellJSBlocking preference
+
+v 2.9.5.2
+=============================================================
+x Fixed Stylish editor breakage (thanks JustAnotherGuy for
+  reporting
+x Fixed media blocking delayed with Tor Browser's "Medium"
+  Security Sider preset
+x Fixed frame blocking issues
+x Fixed top-level media loads issues
+x Fixed apparent delay in menu UI feedback (thanks mechadon
+  for reporting)
+x Fixed some XSS filter over-sensitivity regressions
+x Fixed "Allow local links" causing file:// URLs to fail
+x [Locale] Updated nl (thanks Ton)
+
+v 2.9.5.2rc5
+=============================================================
+x Fixed Stylish editor breakage (thanks JustAnotherGuy for
+  reporting
+
+v 2.9.5.2rc4
+=============================================================
+x Fixed media blocking delayed with Tor Browser's "Medium"
+  Security Sider preset
+
+v 2.9.5.2rc3
+=============================================================
+x Fixed frame blocking issues
+x Fixed top-level media loads issues
+
+v 2.9.5.2rc2
+=============================================================
+x Fixed apparent delay in menu UI feedback (thanks mechadon
+  for reporting)
+x Further XSS positives tweakings
+
+v 2.9.5.2rc1
+=============================================================
+x Fixed some XSS filter over-sensitivity regressions
+x Fixed "Allow local links" causing file:// URLs to fail
+x [Locale] Updated nl (thanks Ton)
+
+v 2.9.5.1
+=============================================================
+x Fixed some pages not loading on 1st attempt when e10s is
+  enabled (thanks Semtex for reporting)
+
+v 2.9.5
+=============================================================
++ Full e10s compatibility
+x Fixed big whitelists being reset to default permissions on
+  e10s-enabled browsers (thanks sabret00the and Internet User
+  for reporting)
+x Better fix for some embedding permissions issues (thanks
+  barbaz for reporting)
+x MediaSource blocking support (Tor Project)
+x Better handling of media types loaded as top-level
+  documents
+x Declared (but untested) Palemoon support (thanks barbaz)
+x [System Principal] included in the mandatory allowed list
+x Fixed allow scripts globally requiring a restart (thanks
+  FFreestyleRR for reporting
+x Fixed embeddings autoreload on e10s-disabled browsers
+x Improved autoreload responsiveness and precision
+x Fixed IFrame over-blocking bug (thanks G113 for report)
+x Fixed sites involved in background requests being not
+  reported in the UI, even if intercepted and/or blocked (
+  thanks GH113 for reporting)
+x Fixed typo in PasteHandler (thanks barbaz for reporting)
+x Fixed embedding-related automatic reload issues (thanks
+  barbaz and tmeader for reporting)
+x Fixed compatibility regression with Firefox 45
+x [Surrogate] Fixed file:// replacements broken (thanks
+  barbaz for reporting)
+x Fixed typo in XSS filter breaking JSON cross-site requests
+x Fixed automatic reload issues (thanks GH113 for reporting)
+x Fixed UI not always synchronized on startup (thanks GH113
+  for reporting)
+x Fixed incompatibilities with older Firefox down to 45
+  (thanks barbaz for reporting)
+x Fixed automatic reload impossible to be disabled (thanks
+  GH113 for reporting)
+x Fixed UI initially not synced on new windows (thanks GH113
+  for reporting)
+x Fixed bug in secure cookie enforcement upgrading all the
+  unsecure cookies on secure connections even if a secure
+  cookie for the domain existed, increasing chances of
+  incompatibilities (thanks PDL for reporting)
+x Fixed escaping issues in the noscript.js preference file
+  (thanks PDL for reporting)
+
+v 2.9.5rc36
+=============================================================
+x Fixed big whitelists being reset to default permissions on
+  e10s-enabled browsers (thanks sabret00the and Internet User
+  for reporting)
+
+v 2.9.5rc35
+=============================================================
+x Better fix for some embedding permissions issues (thanks
+  barbaz for reporting)
+x MediaSource blocking support (Tor Project)
+x Better handling of media types loaded as top-level
+  documents
+x Declared (but untested) Palemoon support (thanks barbaz)
+
+v 2.9.5rc33
+=============================================================
+x [System Principal] included in the mandatory allowed list
+^ Partial fix for some embedding permissions issues (barbaz)
+
+v 2.9.5rc32
+=============================================================
+x Fixed allow scripts globally requiring a restart (thanks
+  FFreestyleRR for reporting
+
+v 2.9.5rc31
+=============================================================
+x Fixed embeddings autoreload on e10s-disabled browsers
+
+v 2.9.5rc30
+=============================================================
+x Improved autoreload responsiveness and precision
+x Fixed IFrame over-blocking bug (thanks G113 for report)
+
+v 2.9.5rc29
+=============================================================
+x Fixed sites involved in background requests being not
+  reported in the UI, even if intercepted and/or blocked (
+  thanks GH113 for reporting)
+x Fixed typo in PasteHandler (thanks barbaz for reporting)
+
+v 2.9.5rc28
+=============================================================
+x Fixed embedding-related automatic reload issues (thanks
+  barbaz and tmeader for reporting)
+
+v 2.9.5rc27
+=============================================================
+x Fixed compatibility regression with Firefox 45
+
+v 2.9.5rc26
+=============================================================
+x [Surrogate] Fixed file:// replacements broken (thanks
+  barbaz for reporting)
+
+v 2.9.5rc25
+=============================================================
+x Fixed typo in XSS filter breaking JSON cross-site requests
+
+v 2.9.5rc24
+=============================================================
+x Fixed automatic reload issues (thanks GH113 for reporting)
+
+v 2.9.5rc23
+=============================================================
+x Fixed UI not always synchronized on startup (thanks GH113
+  for reporting)
+x Fixed incompatibilities with older Firefox down to 45
+  (thanks barbaz for reporting)
+
+v 2.9.5rc22
+=============================================================
+x Fixed automatic reload impossible to be disabled (thanks
+  GH113 for reporting)
+x Fixed UI initially not synced on new windows (thanks GH113
+  for reporting)
+
+v 2.9.5rc21
+=============================================================
++ Full e10s compatibility
+x Fixed bug in secure cookie enforcement upgrading all the
+  unsecure cookies on secure connections even if a secure
+  cookie for the domain existed, increasing chances of
+  incompatibilities (thanks PDL for reporting)
+x Fixed escaping issues in the noscript.js preference file
+  (thanks PDL for reporting)
+
 v 2.9.0.14
 =============================================================
 x Fixed live bookmarks in Firefox 48 or above

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-mozext/noscript.git

More information about the Pkg-mozext-commits mailing list