summaryrefslogtreecommitdiff
path: root/librewolf/debian/librewolf_settings
diff options
context:
space:
mode:
Diffstat (limited to 'librewolf/debian/librewolf_settings')
-rw-r--r--librewolf/debian/librewolf_settings/docs/Changelog.md38
-rwxr-xr-xlibrewolf/debian/librewolf_settings/librewolf.cfg14
2 files changed, 40 insertions, 12 deletions
diff --git a/librewolf/debian/librewolf_settings/docs/Changelog.md b/librewolf/debian/librewolf_settings/docs/Changelog.md
index 20211d5..eedeeda 100644
--- a/librewolf/debian/librewolf_settings/docs/Changelog.md
+++ b/librewolf/debian/librewolf_settings/docs/Changelog.md
@@ -1,9 +1,40 @@
This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
+# 6.6
+
+**target commit**:
+
+**base librewolf version**: 102.x
+
+**References**:
+- sha1 certificates: https://bugzilla.mozilla.org/1767489 and https://bugzilla.mozilla.org/1766687.
+- trimming only applies to http websites so it's very minimal.
+- crlite: https://bugzilla.mozilla.org/show_bug.cgi?id=1773371, we can stick to default 3 till v103, then the value will be changed to 2 which is the best possible if mozilla feels like it's ready usability wise.
+- add more entries to the native query stripping list, to [get in line with brave](https://github.com/brave/brave-core/blob/master/browser/net/brave_site_hacks_network_delegate_helper.cc).
+- `services.settings.server` can now be used as a pref, see: https://gitlab.com/librewolf-community/browser/source/-/merge_requests/37
+
+#### Added preferences
+```
+defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
+```
+
+#### Removed preferences
+```
+defaultPref("security.pki.sha1_enforcement_level", 1); // default
+defaultPref("browser.urlbar.trimURLs", false);
+defaultPref("security.pki.crlite_mode", 3); // default
+defaultPref("security.OCSP.enabled", 1); // default
+```
+
+#### Changed preferences
+```
+defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
+```
+
# 6.5
-**target commit**:
+**target commit**: b10dcbdd84e63787c4f2f6d34d41724b437df5be
**base librewolf version**: 101.x
@@ -12,7 +43,6 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
- session cookie prefs are useless given that we sanitize on close, [more details at arkenfox](https://github.com/arkenfox/user.js/pull/1443/commits/3207478033fefc19e933dab4eef6445125341ec4).
- fission has been a default for the longest now.
-
#### Removed preferences
```
defaultPref("privacy.query_stripping.enabled", true);
@@ -549,7 +579,7 @@ pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests an
#### Commented preferences
```
-// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5
+// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5
// pref("network.trr.uri", "https://dns.quad9.net/dns-query"); // previously uncommented defaultPref with empty value
```
@@ -720,5 +750,5 @@ lockPref("privacy.override_rfp_for_color_scheme", false);
**base librewolf version**: 89.x
-This is the initial release from which we start tagging and versioning settings. For previous changes see
+This is the initial release from which we start tagging and versioning settings. For previous changes see
[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).
diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg
index 176a0e6..f2452a0 100755
--- a/librewolf/debian/librewolf_settings/librewolf.cfg
+++ b/librewolf/debian/librewolf_settings/librewolf.cfg
@@ -6,7 +6,7 @@
*
* WARNING: please make sure the first line of this file is empty. this is a known bug.
*/
-defaultPref("librewolf.cfg.version", "6.5");
+defaultPref("librewolf.cfg.version", "6.6");
/** INDEX
@@ -80,7 +80,7 @@ defaultPref("browser.sessionstore.interval", 60000); // increase time between se
* currently we set the same query stripping list that brave uses:
* https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29
*/
-defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
+defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
/**
* librewolf specific pref that allows to include the query stripping lists in uBO by default.
* the asset file is fetched every 7 days.
@@ -188,7 +188,6 @@ defaultPref("webgl.disabled", true);
/** [SECTION] CERTIFICATES */
defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs
-defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates
/**
* enable safe negotiation and show warning when it is not supported. might cause breakage.
*/
@@ -199,10 +198,9 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
* cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
* increase security.
* crlite is in mode 3 by default, which allows us to detect false positive with OCSP.
+ * in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check.
*/
defaultPref("security.remote_settings.crlite_filters.enabled", true);
-defaultPref("security.pki.crlite_mode", 3); // default
-defaultPref("security.OCSP.enabled", 1); // default
defaultPref("security.OCSP.require", true); // set to hard-fail
/** [SECTION] TLS/SSL */
@@ -282,13 +280,11 @@ defaultPref("media.gmp-provider.enabled", false);
defaultPref("media.gmp-gmpopenh264.enabled", false);
/** [SECTION] SEARCH AND URLBAR
- * disable search suggestion and do not update opensearch engines. urls should also be
- * displayed in full instead of trimming them.
+ * disable search suggestion and do not update opensearch engines.
*/
defaultPref("browser.urlbar.suggest.searches", false);
defaultPref("browser.search.suggest.enabled", false);
defaultPref("browser.search.update", false);
-defaultPref("browser.urlbar.trimURLs", false);
/**
* the pref disables the whole feature and hide it from the ui
* (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).
@@ -403,6 +399,8 @@ defaultPref("devtools.selfxss.count", 0); // required for devtools console to wo
lockPref("browser.translation.engine", ""); // remove translation engine
defaultPref("accessibility.force_disabled", 1); // block accessibility services
defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels
+// NOTE/TODO: net really the right category/section, probably?
+defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code)
bgstack15