Hi, On Sat, Apr 09, 2022 at 03:30:24AM +0000, Yifei Zhan wrote: > Here is a security update for Tor Browser: > > - Update Firefox to 91.8.0esr, addressing mfsa2022-14: > https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/ > - Update NoScript to 11.4.3 > - Bug tor-browser-build#40469: Update zlib to 1.2.12 (CVE-2018-25032) > > Tested on amd64, fonts rendering / noscript / .onion access worked fine.
Thanks for your diff and testing. I arrived at the same diff so OK with me. Caspar > > Can this still get in? Or should I wait and backport it later? > > Index: www/tor-browser//Makefile.inc > =================================================================== > RCS file: /cvs/ports/www/tor-browser/Makefile.inc,v > retrieving revision 1.51 > diff -u -p -u -r1.51 Makefile.inc > --- www/tor-browser//Makefile.inc 20 Mar 2022 07:08:04 -0000 1.51 > +++ www/tor-browser//Makefile.inc 9 Apr 2022 03:23:39 -0000 > @@ -3,7 +3,7 @@ HOMEPAGE ?= https://www.torproject.org > PERMIT_PACKAGE ?= Yes > CATEGORIES = www > BROWSER_NAME = tor-browser > -TB_VERSION = 11.0.9 > +TB_VERSION = 11.0.10 > TB_PREFIX = tb > > SUBST_VARS += BROWSER_NAME TB_VERSION > Index: www/tor-browser//browser/Makefile > =================================================================== > RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v > retrieving revision 1.78 > diff -u -p -u -r1.78 Makefile > --- www/tor-browser//browser/Makefile 20 Mar 2022 07:08:04 -0000 1.78 > +++ www/tor-browser//browser/Makefile 9 Apr 2022 03:23:39 -0000 > @@ -15,7 +15,7 @@ EXTRACT_SUFX = .tar.xz > PATCHORIG = .pat.orig > > PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION} > -DISTNAME = src-firefox-tor-browser-91.7.0esr-11.0-1-build4 > +DISTNAME = src-firefox-tor-browser-91.8.0esr-11.0-1-build1 > > FIX_EXTRACT_PERMISSIONS = Yes > EXTRACT_ONLY += ${DISTNAME}.tar.xz \ > Index: www/tor-browser//browser/distinfo > =================================================================== > RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v > retrieving revision 1.49 > diff -u -p -u -r1.49 distinfo > --- www/tor-browser//browser/distinfo 20 Mar 2022 07:08:04 -0000 1.49 > +++ www/tor-browser//browser/distinfo 9 Apr 2022 03:23:39 -0000 > @@ -1,8 +1,8 @@ > SHA256 (mozilla/https-everywhere-2021.4.15-eff.xpi) = > fl9ygI6hSL7M1BbsvfM+oevEOkMuTnhbXl4TObeitwg= > -SHA256 (mozilla/src-firefox-tor-browser-91.7.0esr-11.0-1-build4.tar.xz) = > 7BrcYVyk0EeRHha5qk++aCR1Io9GC+SLPJCraVSyuWk= > +SHA256 (mozilla/src-firefox-tor-browser-91.8.0esr-11.0-1-build1.tar.xz) = > fEH0W0zIL1Ag/+AJRk/OPctGPcaWViUTmq5ucOqhtsY= > SHA256 (mozilla/src-tor-launcher-0.2.33.tar.xz) = > ZG7lH5mBhkCRA26AEdCo52HP0iNlHKbRKl/BKyP0C9U= > -SHA256 (mozilla/tor-browser-linux64-11.0.9_en-US.tar.xz) = > uqXMr7XGjxxG+a6YO5sKBBn2bUHgSDulqss0YvoKgDI= > +SHA256 (mozilla/tor-browser-linux64-11.0.10_en-US.tar.xz) = > l95Me9hKfKiS0sPu6pmUGnizq/P9/O0mnPCktQLYacg= > SIZE (mozilla/https-everywhere-2021.4.15-eff.xpi) = 1746434 > -SIZE (mozilla/src-firefox-tor-browser-91.7.0esr-11.0-1-build4.tar.xz) = > 413189544 > +SIZE (mozilla/src-firefox-tor-browser-91.8.0esr-11.0-1-build1.tar.xz) = > 412536840 > SIZE (mozilla/src-tor-launcher-0.2.33.tar.xz) = 229992 > -SIZE (mozilla/tor-browser-linux64-11.0.9_en-US.tar.xz) = 86336256 > +SIZE (mozilla/tor-browser-linux64-11.0.10_en-US.tar.xz) = 86532224 > Index: www/tor-browser//noscript/Makefile > =================================================================== > RCS file: /cvs/ports/www/tor-browser/noscript/Makefile,v > retrieving revision 1.41 > diff -u -p -u -r1.41 Makefile > --- www/tor-browser//noscript/Makefile 9 Mar 2022 20:48:33 -0000 > 1.41 > +++ www/tor-browser//noscript/Makefile 9 Apr 2022 03:23:39 -0000 > @@ -1,5 +1,5 @@ > ADDON_NAME = noscript > -V = 11.3.7 > +V = 11.4.3 > COMMENT = Tor Browser add-on: flexible JS blocker > HOMEPAGE = https://noscript.net > MASTER_SITES = > https://secure.informaction.com/download/releases/ > Index: www/tor-browser//noscript/distinfo > =================================================================== > RCS file: /cvs/ports/www/tor-browser/noscript/distinfo,v > retrieving revision 1.36 > diff -u -p -u -r1.36 distinfo > --- www/tor-browser//noscript/distinfo 9 Mar 2022 20:46:02 -0000 > 1.36 > +++ www/tor-browser//noscript/distinfo 9 Apr 2022 03:23:39 -0000 > @@ -1,2 +1,2 @@ > -SHA256 (noscript-11.3.7.xpi) = blrxjORr/ElvsCdYHT03oO25XfFY0FOl2aH4m4CTvEk= > -SIZE (noscript-11.3.7.xpi) = 677785 > +SHA256 (noscript-11.4.3.xpi) = mS4kJSQPZcuWIovWhCvdQ9OmR7z+TN4K6RLNnSciRnI= > +SIZE (noscript-11.4.3.xpi) = 875826 > Index: meta/tor-browser//Makefile > =================================================================== > RCS file: /cvs/ports/meta/tor-browser/Makefile,v > retrieving revision 1.53 > diff -u -p -u -r1.53 Makefile > --- meta/tor-browser//Makefile 20 Mar 2022 07:08:04 -0000 1.53 > +++ meta/tor-browser//Makefile 9 Apr 2022 03:23:48 -0000 > @@ -2,11 +2,11 @@ COMMENT= Tor Browser meta package > > MAINTAINER= Caspar Schutijser <cas...@schutijser.com> > > -PKGNAME= tor-browser-11.0.9 > +PKGNAME= tor-browser-11.0.10 > ONLY_FOR_ARCHS = amd64 > > -RUN_DEPENDS= www/tor-browser/browser>=11.0.9 \ > - www/tor-browser/noscript>=11.3.7 \ > +RUN_DEPENDS= www/tor-browser/browser>=11.0.10 \ > + www/tor-browser/noscript>=11.4.3 \ > net/tor>=0.4.6.10 > > .include <bsd.port.mk>
