From 58c28f62226cff0c897ed608fb74134e4ebd1602 Mon Sep 17 00:00:00 2001 From: "B. Stack" Date: Mon, 4 Jul 2022 11:15:48 -0400 Subject: lw 102.0 rc1 --- .../debian/librewolf_settings/docs/Changelog.md | 38 +++++++++++++++++++--- librewolf/debian/librewolf_settings/librewolf.cfg | 14 ++++---- 2 files changed, 40 insertions(+), 12 deletions(-) (limited to 'librewolf/debian/librewolf_settings') diff --git a/librewolf/debian/librewolf_settings/docs/Changelog.md b/librewolf/debian/librewolf_settings/docs/Changelog.md index 20211d5..eedeeda 100644 --- a/librewolf/debian/librewolf_settings/docs/Changelog.md +++ b/librewolf/debian/librewolf_settings/docs/Changelog.md @@ -1,9 +1,40 @@ This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version. Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config. +# 6.6 + +**target commit**: + +**base librewolf version**: 102.x + +**References**: +- sha1 certificates: https://bugzilla.mozilla.org/1767489 and https://bugzilla.mozilla.org/1766687. +- trimming only applies to http websites so it's very minimal. +- crlite: https://bugzilla.mozilla.org/show_bug.cgi?id=1773371, we can stick to default 3 till v103, then the value will be changed to 2 which is the best possible if mozilla feels like it's ready usability wise. +- add more entries to the native query stripping list, to [get in line with brave](https://github.com/brave/brave-core/blob/master/browser/net/brave_site_hacks_network_delegate_helper.cc). +- `services.settings.server` can now be used as a pref, see: https://gitlab.com/librewolf-community/browser/source/-/merge_requests/37 + +#### Added preferences +``` +defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) +``` + +#### Removed preferences +``` +defaultPref("security.pki.sha1_enforcement_level", 1); // default +defaultPref("browser.urlbar.trimURLs", false); +defaultPref("security.pki.crlite_mode", 3); // default +defaultPref("security.OCSP.enabled", 1); // default +``` + +#### Changed preferences +``` +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); +``` + # 6.5 -**target commit**: +**target commit**: b10dcbdd84e63787c4f2f6d34d41724b437df5be **base librewolf version**: 101.x @@ -12,7 +43,6 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl - session cookie prefs are useless given that we sanitize on close, [more details at arkenfox](https://github.com/arkenfox/user.js/pull/1443/commits/3207478033fefc19e933dab4eef6445125341ec4). - fission has been a default for the longest now. - #### Removed preferences ``` defaultPref("privacy.query_stripping.enabled", true); @@ -549,7 +579,7 @@ pref("browser.urlbar.quicksuggest.scenario", ""); // disable firefox suggests an #### Commented preferences ``` -// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5 +// pref("network.trr.mode", 2); // previously uncommented defaultPref with value 5 // pref("network.trr.uri", "https://dns.quad9.net/dns-query"); // previously uncommented defaultPref with empty value ``` @@ -720,5 +750,5 @@ lockPref("privacy.override_rfp_for_color_scheme", false); **base librewolf version**: 89.x -This is the initial release from which we start tagging and versioning settings. For previous changes see +This is the initial release from which we start tagging and versioning settings. For previous changes see [here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md). diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg index 176a0e6..f2452a0 100755 --- a/librewolf/debian/librewolf_settings/librewolf.cfg +++ b/librewolf/debian/librewolf_settings/librewolf.cfg @@ -6,7 +6,7 @@ * * WARNING: please make sure the first line of this file is empty. this is a known bug. */ -defaultPref("librewolf.cfg.version", "6.5"); +defaultPref("librewolf.cfg.version", "6.6"); /** INDEX @@ -80,7 +80,7 @@ defaultPref("browser.sessionstore.interval", 60000); // increase time between se * currently we set the same query stripping list that brave uses: * https://github.com/brave/brave-core/blob/f337a47cf84211807035581a9f609853752a32fb/browser/net/brave_site_hacks_network_delegate_helper.cc#L29 */ -defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); +defaultPref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid"); /** * librewolf specific pref that allows to include the query stripping lists in uBO by default. * the asset file is fetched every 7 days. @@ -188,7 +188,6 @@ defaultPref("webgl.disabled", true); /** [SECTION] CERTIFICATES */ defaultPref("security.cert_pinning.enforcement_level", 2); // enable strict public key pinning, might cause issues with AVs -defaultPref("security.pki.sha1_enforcement_level", 1); // disable sha-1 certificates /** * enable safe negotiation and show warning when it is not supported. might cause breakage. */ @@ -199,10 +198,9 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true); * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and * increase security. * crlite is in mode 3 by default, which allows us to detect false positive with OCSP. + * in v103, when crlite is fully mature, it will switch to mode 2 and no longer double-check. */ defaultPref("security.remote_settings.crlite_filters.enabled", true); -defaultPref("security.pki.crlite_mode", 3); // default -defaultPref("security.OCSP.enabled", 1); // default defaultPref("security.OCSP.require", true); // set to hard-fail /** [SECTION] TLS/SSL */ @@ -282,13 +280,11 @@ defaultPref("media.gmp-provider.enabled", false); defaultPref("media.gmp-gmpopenh264.enabled", false); /** [SECTION] SEARCH AND URLBAR - * disable search suggestion and do not update opensearch engines. urls should also be - * displayed in full instead of trimming them. + * disable search suggestion and do not update opensearch engines. */ defaultPref("browser.urlbar.suggest.searches", false); defaultPref("browser.search.suggest.enabled", false); defaultPref("browser.search.update", false); -defaultPref("browser.urlbar.trimURLs", false); /** * the pref disables the whole feature and hide it from the ui * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057). @@ -403,6 +399,8 @@ defaultPref("devtools.selfxss.count", 0); // required for devtools console to wo lockPref("browser.translation.engine", ""); // remove translation engine defaultPref("accessibility.force_disabled", 1); // block accessibility services defaultPref("webchannel.allowObject.urlWhitelist", ""); // do not receive objects through webchannels +// NOTE/TODO: net really the right category/section, probably? +defaultPref("services.settings.server", "https://%.invalid") // set the remote settings URL (REMOTE_SETTINGS_SERVER_URL in the code) -- cgit