From d2055d65073d5839623e4ea663d223d5584e64f8 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Tue, 14 Dec 2021 15:44:52 -0500 Subject: 95.0 attempt 2 --- librewolf.cfg | 62 ++++++++++++++++++++++------------------ librewolf.spec | 25 +++++++++++----- policies.json | 2 +- remove_addons.patch.orig | 74 ++++++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 128 insertions(+), 35 deletions(-) create mode 100644 remove_addons.patch.orig diff --git a/librewolf.cfg b/librewolf.cfg index 6afe37a..56918a7 100755 --- a/librewolf.cfg +++ b/librewolf.cfg @@ -9,7 +9,7 @@ */ -defaultPref("librewolf.cfg.version", "3.0"); +defaultPref("librewolf.cfg.version", "4.0"); // ------------------------------- // # SANITIZING, TP, SESSIONS @@ -26,20 +26,20 @@ defaultPref("librewolf.cfg.version", "3.0"); pref("browser.contentblocking.category", "strict"); defaultPref("network.cookie.cookieBehavior", 5); // dFPI is default for strict mode, but enforce -defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until the browser is closed then delete everything minus exceptions +defaultPref("network.cookie.lifetimePolicy", 2); // keep cookies until end of the session, then clear // make third party and http cookies session-only defaultPref("network.cookie.thirdparty.sessionOnly", true); defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true); /** - this way of sanitizing would override the exceptions set by the users and just delete everything, - therefore we tell it to delete everything but ignore data needed to stay logged into websites set - manually as exceptions. + this way of sanitizing cookies would override the exceptions set by the users and just delete everything, + we disable it but cookies and site data are still cleared per session unless exceptions are set. + all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want. */ defaultPref("privacy.clearOnShutdown.cookies", false); -defaultPref("privacy.clearOnShutdown.offlineApps", false); defaultPref("privacy.sanitize.sanitizeOnShutdown", true); +defaultPref("privacy.sanitize.timeSpan", 0); // disable browsing, search and form history defaultPref("places.history.enabled", false); @@ -128,13 +128,14 @@ defaultPref("browser.pagethumbnails.capturing_disabled", true); // disable page // # MEDIA // ---------------------- -// disable webrtc -defaultPref("media.peerconnection.enabled", false); // master switch - -// limit potential IP leaks for webrtc users -defaultPref("media.peerconnection.ice.default_address_only", true); // use public IP for ICE candidates -defaultPref("media.peerconnection.ice.no_host", true); // don't use local IP for ICE candidates -defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy for proxy users +/** + * limit potential private IP leaks for webrtc users. + * mDNS protects the value on linux, osx and win10+. + * these prefs protect the value when allowing mic and camera access, and for win7/8.x. + * */ +defaultPref("media.peerconnection.ice.no_host", true); // don't use any private IPs for ICE candidate +defaultPref("media.peerconnection.ice.default_address_only", true); // use a single interface for ICE candidates, the vpn one when a vpn is used +defaultPref("media.peerconnection.ice.proxy_only_if_behind_proxy", true); // force webrtc inside proxy, when one is used // autoplay defaultPref("media.autoplay.blocking_policy", 2); // only allow to play when a certain element is clicked @@ -153,8 +154,12 @@ defaultPref("browser.display.use_system_colors", false); // default but enforced defaultPref("privacy.resistFingerprinting.letterboxing", false); // expose hidden letterboxing pref, but do not enable by default -// librewolf specifc pref that prevents rfp from forcing light theme, review -lockPref("privacy.override_rfp_for_color_scheme", false); +/** + * increase the size of new RFP windows for better usability, while still using a rounded value. + * if the screen resolution is lower it will stretch to the biggest possible rounded value. + * */ +defaultPref("privacy.window.maxInnerWidth", 1600); +defaultPref("privacy.window.maxInnerHeight", 900); defaultPref("webgl.disabled", true); // master switch, disable webgl @@ -167,11 +172,11 @@ defaultPref("fission.autostart", true); // enable fission by default // certificates defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates -defaultPref("security.OCSP.enabled", 0); // disable OCSP fetching +defaultPref("security.OCSP.enabled", 0); // disable ocsp fetching -// crl with no OCSP fallback. commented for now but review -// defaultPref("security.remote_settings.crlite_filters.enabled", true); -// defaultPref("security.pki.crlite_mode", 2); +// crl with no ocsp fallback +defaultPref("security.remote_settings.crlite_filters.enabled", true); +defaultPref("security.pki.crlite_mode", 2); // safe negotiation defaultPref("security.ssl.require_safe_negotiation", true); // block websites that do not support safe negotiation, occasional breakage @@ -233,9 +238,6 @@ defaultPref("media.gmp-gmpopenh264.enabled", false); // # LOCATION, LANGUAGE AND REGION // --------------------------------------------- -defaultPref("geo.enabled", false); // block geo api, behind a prompt so review -defaultPref("permissions.default.geo", 2); // review as well - // use mozilla geo service as deault defaultPref("geo.provider.network.url", "https://location.services.mozilla.com/v1/geolocate?key=%MOZILLA_API_KEY%"); @@ -260,7 +262,13 @@ lockPref("browser.region.update.enabled", false); // disable search suggestions defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.search.suggest.enabled", false); -pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests and hide its UI + +// firefox suggest, review to trim +lockPref("browser.urlbar.quicksuggest.scenario", "history"); // prevent opt-in, doesn't work alone +lockPref("browser.urlbar.quicksuggest.enabled", false); // disable suggest and hide its ui +lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false); // disable suggestions from firefox +lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false); // disable sponsored suggestions +lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default defaultPref("browser.search.region", "US"); // set a default search region for all users defaultPref("browser.search.update", false); // do not update open search search engines @@ -310,11 +318,11 @@ defaultPref("devtools.selfxss.count", 0); // see https://gitlab.com/librewolf-co // misc defaultPref("browser.shell.checkDefaultBrowser", false); // do not check if default browser -defaultPref("browser.tabs.drawInTitlebar", true); // hide titlebar defaultPref("browser.aboutConfig.showWarning", false); // disable about:config warning defaultPref("browser.download.autohideButton", false); // hide download button automatically defaultPref("browser.download.manager.addToRecentDocs", false); // do not add downloads to recents defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks in new tab +defaultPref("webchannel.allowObject.urlWhitelist", ""); // remove webchannel whitelist // -------------------------------------- // # EXTENSIONS @@ -327,8 +335,7 @@ defaultPref("browser.tabs.loadBookmarksInTabs", true); // always open bookmarks defaultPref("extensions.webextensions.restrictedDomains", ""); // set extensions scopes -defaultPref("extensions.enabledScopes", 5); -defaultPref("extensions.autoDisableScopes", 11); +defaultPref("extensions.enabledScopes", 5); // hidden defaultPref("extensions.postDownloadThirdPartyPrompt", false); // force install prompt for thrid party extensions @@ -447,7 +454,8 @@ lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default lockPref("toolkit.telemetry.cachedClientID", ""); lockPref("toolkit.telemetry.previousBuildID", ""); lockPref("toolkit.telemetry.server_owner", ""); -lockPref("toolkit.coverage.opt-out", true); // [HIDDEN PREF] +lockPref("toolkit.coverage.opt-out", true); // hidden +lockPref("toolkit.telemetry.coverage.opt-out", true); // hidden lockPref("toolkit.coverage.enabled", false); lockPref("toolkit.coverage.endpoint.base", ""); lockPref("toolkit.crashreporter.infoURL", ""); diff --git a/librewolf.spec b/librewolf.spec index 6560c54..8ad0ad1 100644 --- a/librewolf.spec +++ b/librewolf.spec @@ -126,7 +126,7 @@ ExcludeArch: aarch64 %if %{?system_nss} %global nspr_version 4.26 %global nspr_build_version %{nspr_version} -%global nss_version 3.70 +%global nss_version 3.73 %global nss_build_version %{nss_version} %endif @@ -163,13 +163,13 @@ ExcludeArch: aarch64 Summary: Mozilla Firefox Web browser Name: librewolf %global enable_mozilla_crashreporter 0 -Version: 94.0 -Release: 1%{?pre_tag}%{?dist} +Version: 95.0 +Release: 2%{?pre_tag}%{?dist} URL: https://www.mozilla.org/firefox/ License: MPLv1.1 or GPLv2+ or LGPLv2+ Source0: https://archive.mozilla.org/pub/firefox/releases/%{version}%{?pre_version}/source/firefox-%{version}%{?pre_version}.source.tar.xz %if %{with langpacks} -Source1: firefox-langpacks-%{version}%{?pre_version}-20211031.tar.xz +Source1: firefox-langpacks-%{version}%{?pre_version}-20211203.tar.xz %endif Source2: cbindgen-vendor.tar.xz Source10: firefox-mozconfig @@ -221,6 +221,7 @@ Patch54: mozilla-1669639.patch Patch55: firefox-testing.patch Patch57: firefox-disable-ffvpx-with-vapi.patch Patch61: firefox-glibc-dynstack.patch +Patch62: build-python.patch # Test patches # Generate without context by @@ -483,9 +484,10 @@ This package contains results of tests executed during build. %patch49 -p1 -b .build-arm-libaom %patch53 -p1 -b .firefox-gcc-build %patch54 -p1 -b .1669639 -%patch55 -p1 -b .testing +#%patch55 -p1 -b .testing %patch57 -p1 -b .ffvpx-with-vapi #%patch61 -p1 -b .glibc-dynstack +%patch62 -p1 -b .build-python # Test patches #%patch100 -p1 -b .firefox-tests-xpcshell @@ -508,7 +510,7 @@ This package contains results of tests executed during build. %patch407 -p1 -b .1667096 %patch408 -p1 -b .1663844 %patch415 -p1 -b .1670333 -%patch420 -p1 -b .mochitest-wayland-workaround +#%patch420 -p1 -b .mochitest-wayland-workaround # PGO patches %if %{build_with_pgo} @@ -1143,9 +1145,18 @@ gtk-update-icon-cache %{_datadir}/icons/hicolor &>/dev/null || : #--------------------------------------------------------------------- %changelog -* Fri Nov 19 2021 B. Stack - 94.0-1 +* Tue Dec 14 2021 B. Stack - 95.0-1 - Fork to librewolf release. +* Thu Dec 9 2021 Martin Stransky - 95.0-2 +- Updated symbolic icon (rhbz#2028939) + +* Fri Dec 3 2021 Martin Stransky - 95.0-1 +- Updated to 95.0 + +* Fri Nov 19 2021 Martin Stransky - 94.0-2 +- Added fix for mozbz#1739924 / rhbz#2020981. + * Mon Nov 1 2021 Martin Stransky - 94.0-1 - Updated to 94.0 diff --git a/policies.json b/policies.json index e31a2f0..ee3f556 100644 --- a/policies.json +++ b/policies.json @@ -30,7 +30,7 @@ }, "Extensions": { "Install": [ - "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.38.6-an+fx.xpi" + "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.39.2-an+fx.xpi" ], "Uninstall": [ "google@search.mozilla.org", diff --git a/remove_addons.patch.orig b/remove_addons.patch.orig new file mode 100644 index 0000000..3487f6d --- /dev/null +++ b/remove_addons.patch.orig @@ -0,0 +1,74 @@ +diff --git a/browser/extensions/moz.build b/browser/extensions/moz.build +index 269dcb2..ed7c31d 100644 +--- a/browser/extensions/moz.build ++++ b/browser/extensions/moz.build +@@ -5,11 +5,8 @@ + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + DIRS += [ +- "doh-rollout", + "formautofill", + "screenshots", +- "webcompat", +- "report-site-issue", + "pictureinpicture", + "proxy-failover", + "search-detection", +diff --git a/browser/locales/Makefile.in b/browser/locales/Makefile.in +index 496379c..dd6f359 100644 +--- a/browser/locales/Makefile.in ++++ b/browser/locales/Makefile.in +@@ -61,7 +61,6 @@ l10n-%: + ifneq (,$(wildcard ../extensions/formautofill/locales)) + @$(MAKE) -C ../extensions/formautofill/locales AB_CD=$* XPI_NAME=locale-$* + endif +- @$(MAKE) -C ../extensions/report-site-issue/locales AB_CD=$* XPI_NAME=locale-$* + @$(MAKE) -C ../../devtools/client/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)' + @$(MAKE) -C ../../devtools/startup/locales AB_CD=$* XPI_NAME=locale-$* XPI_ROOT_APPID='$(XPI_ROOT_APPID)' + @$(MAKE) l10n AB_CD=$* XPI_NAME=locale-$* PREF_DIR=$(PREF_DIR) +@@ -82,7 +81,6 @@ endif + @$(MAKE) -C ../../devtools/startup/locales chrome AB_CD=$* + @$(MAKE) chrome AB_CD=$* + @$(MAKE) -C $(DEPTH)/$(MOZ_BRANDING_DIRECTORY)/locales chrome AB_CD=$* +- @$(MAKE) -C ../extensions/report-site-issue/locales chrome AB_CD=$* + + package-win32-installer: $(SUBMAKEFILES) + $(MAKE) -C ../installer/windows CONFIG_DIR=l10ngen ZIP_IN='$(ZIP_OUT)' installer +diff --git a/browser/locales/filter.py b/browser/locales/filter.py +index bb2e992..7d7768e 100644 +--- a/browser/locales/filter.py ++++ b/browser/locales/filter.py +@@ -19,7 +19,6 @@ + "devtools/startup", + "browser", + "browser/extensions/formautofill", +- "browser/extensions/report-site-issue", + "extensions/spellcheck", + "other-licenses/branding/firefox", + "browser/branding/official", +diff --git a/browser/locales/l10n.ini b/browser/locales/l10n.ini +index f4cb7ca..4efac13 100644 +--- a/browser/locales/l10n.ini ++++ b/browser/locales/l10n.ini +@@ -13,7 +13,6 @@ + devtools/client + devtools/startup + browser/extensions/formautofill +- browser/extensions/report-site-issue + + [includes] + # non-central apps might want to use %(topsrcdir)s here, or other vars +diff --git a/browser/locales/l10n.toml b/browser/locales/l10n.toml +index b9b18fe..af7c583 100644 +--- a/browser/locales/l10n.toml ++++ b/browser/locales/l10n.toml +@@ -132,10 +132,6 @@ + l10n = "{l}browser/extensions/formautofill/**" + + [[paths]] +- reference = "browser/extensions/report-site-issue/locales/en-US/**" +- l10n = "{l}browser/extensions/report-site-issue/**" +- +-[[paths]] + reference = "services/sync/locales/en-US/**" + l10n = "{l}services/sync/**" -- cgit