OpenBSD Mail Box: Re: security update: tor-browser: 11.0.9 -> 11.0.10

Hi,

On Sat, Apr 09, 2022 at 03:30:24AM +0000, Yifei Zhan wrote:
> Here is a security update for Tor Browser:
>
> - Update Firefox to 91.8.0esr, addressing mfsa2022-14:
> https://www.mozilla.org/en-US/security/advisories/mfsa2022-14/
> - Update NoScript to 11.4.3
> - Bug tor-browser-build#40469: Update zlib to 1.2.12 (CVE-2018-25032)
>
> Tested on amd64, fonts rendering / noscript / .onion access worked fine.

Thanks for your diff and testing. I arrived at the same diff so OK
with me.

Caspar

>
> Can this still get in? Or should I wait and backport it later?
>
> Index: www/tor-browser//Makefile.inc
> ===================================================================
> RCS file: /cvs/ports/www/tor-browser/Makefile.inc,v
> retrieving revision 1.51
> diff -u -p -u -r1.51 Makefile.inc
> --- www/tor-browser//Makefile.inc 20 Mar 2022 07:08:04 -0000 1.51
> +++ www/tor-browser//Makefile.inc 9 Apr 2022 03:23:39 -0000
> @@ -3,7 +3,7 @@ HOMEPAGE ?= https://www.torproject.org
> PERMIT_PACKAGE ?= Yes
> CATEGORIES = www
> BROWSER_NAME = tor-browser
> -TB_VERSION = 11.0.9
> +TB_VERSION = 11.0.10
> TB_PREFIX = tb
>
> SUBST_VARS += BROWSER_NAME TB_VERSION
> Index: www/tor-browser//browser/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/tor-browser/browser/Makefile,v
> retrieving revision 1.78
> diff -u -p -u -r1.78 Makefile
> --- www/tor-browser//browser/Makefile 20 Mar 2022 07:08:04 -0000 1.78
> +++ www/tor-browser//browser/Makefile 9 Apr 2022 03:23:39 -0000
> @@ -15,7 +15,7 @@ EXTRACT_SUFX = .tar.xz
> PATCHORIG = .pat.orig
>
> PKGNAME = ${TB_PREFIX}-browser-${TB_VERSION}
> -DISTNAME = src-firefox-tor-browser-91.7.0esr-11.0-1-build4
> +DISTNAME = src-firefox-tor-browser-91.8.0esr-11.0-1-build1
>
> FIX_EXTRACT_PERMISSIONS = Yes
> EXTRACT_ONLY += ${DISTNAME}.tar.xz \
> Index: www/tor-browser//browser/distinfo
> ===================================================================
> RCS file: /cvs/ports/www/tor-browser/browser/distinfo,v
> retrieving revision 1.49
> diff -u -p -u -r1.49 distinfo
> --- www/tor-browser//browser/distinfo 20 Mar 2022 07:08:04 -0000 1.49
> +++ www/tor-browser//browser/distinfo 9 Apr 2022 03:23:39 -0000
> @@ -1,8 +1,8 @@
> SHA256 (mozilla/https-everywhere-2021.4.15-eff.xpi) = fl9ygI6hSL7M1BbsvfM+oevEOkMuTnhbXl4TObeitwg=
> -SHA256 (mozilla/src-firefox-tor-browser-91.7.0esr-11.0-1-build4.tar.xz) = 7BrcYVyk0EeRHha5qk++aCR1Io9GC+SLPJCraVSyuWk=
> +SHA256 (mozilla/src-firefox-tor-browser-91.8.0esr-11.0-1-build1.tar.xz) = fEH0W0zIL1Ag/+AJRk/OPctGPcaWViUTmq5ucOqhtsY=
> SHA256 (mozilla/src-tor-launcher-0.2.33.tar.xz) = ZG7lH5mBhkCRA26AEdCo52HP0iNlHKbRKl/BKyP0C9U=
> -SHA256 (mozilla/tor-browser-linux64-11.0.9_en-US.tar.xz) = uqXMr7XGjxxG+a6YO5sKBBn2bUHgSDulqss0YvoKgDI=
> +SHA256 (mozilla/tor-browser-linux64-11.0.10_en-US.tar.xz) = l95Me9hKfKiS0sPu6pmUGnizq/P9/O0mnPCktQLYacg=
> SIZE (mozilla/https-everywhere-2021.4.15-eff.xpi) = 1746434
> -SIZE (mozilla/src-firefox-tor-browser-91.7.0esr-11.0-1-build4.tar.xz) = 413189544
> +SIZE (mozilla/src-firefox-tor-browser-91.8.0esr-11.0-1-build1.tar.xz) = 412536840
> SIZE (mozilla/src-tor-launcher-0.2.33.tar.xz) = 229992
> -SIZE (mozilla/tor-browser-linux64-11.0.9_en-US.tar.xz) = 86336256
> +SIZE (mozilla/tor-browser-linux64-11.0.10_en-US.tar.xz) = 86532224
> Index: www/tor-browser//noscript/Makefile
> ===================================================================
> RCS file: /cvs/ports/www/tor-browser/noscript/Makefile,v
> retrieving revision 1.41
> diff -u -p -u -r1.41 Makefile
> --- www/tor-browser//noscript/Makefile 9 Mar 2022 20:48:33 -0000 1.41
> +++ www/tor-browser//noscript/Makefile 9 Apr 2022 03:23:39 -0000
> @@ -1,5 +1,5 @@
> ADDON_NAME = noscript
> -V = 11.3.7
> +V = 11.4.3
> COMMENT = Tor Browser add-on: flexible JS blocker
> HOMEPAGE = https://noscript.net
> MASTER_SITES = https://secure.informaction.com/download/releases/
> Index: www/tor-browser//noscript/distinfo
> ===================================================================
> RCS file: /cvs/ports/www/tor-browser/noscript/distinfo,v
> retrieving revision 1.36
> diff -u -p -u -r1.36 distinfo
> --- www/tor-browser//noscript/distinfo 9 Mar 2022 20:46:02 -0000 1.36
> +++ www/tor-browser//noscript/distinfo 9 Apr 2022 03:23:39 -0000
> @@ -1,2 +1,2 @@
> -SHA256 (noscript-11.3.7.xpi) = blrxjORr/ElvsCdYHT03oO25XfFY0FOl2aH4m4CTvEk=
> -SIZE (noscript-11.3.7.xpi) = 677785
> +SHA256 (noscript-11.4.3.xpi) = mS4kJSQPZcuWIovWhCvdQ9OmR7z+TN4K6RLNnSciRnI=
> +SIZE (noscript-11.4.3.xpi) = 875826
> Index: meta/tor-browser//Makefile
> ===================================================================
> RCS file: /cvs/ports/meta/tor-browser/Makefile,v
> retrieving revision 1.53
> diff -u -p -u -r1.53 Makefile
> --- meta/tor-browser//Makefile 20 Mar 2022 07:08:04 -0000 1.53
> +++ meta/tor-browser//Makefile 9 Apr 2022 03:23:48 -0000
> @@ -2,11 +2,11 @@ COMMENT= Tor Browser meta package
>
> MAINTAINER= Caspar Schutijser <caspar@schutijser.com>
>
> -PKGNAME= tor-browser-11.0.9
> +PKGNAME= tor-browser-11.0.10
> ONLY_FOR_ARCHS = amd64
>
> -RUN_DEPENDS= www/tor-browser/browser>=11.0.9 \
> - www/tor-browser/noscript>=11.3.7 \
> +RUN_DEPENDS= www/tor-browser/browser>=11.0.10 \
> + www/tor-browser/noscript>=11.4.3 \
> net/tor>=0.4.6.10
>
> .include <bsd.port.mk>

OpenBSD Mail Box

Saturday, April 09, 2022

Re: security update: tor-browser: 11.0.9 -> 11.0.10

No comments:

Post a Comment