From 1fb5aad1796596e6c875bfaf1eed71324a7d64df Mon Sep 17 00:00:00 2001
From: "B. Stack" <bgstack15@gmail.com>
Date: Wed, 25 May 2022 16:23:01 -0400
Subject: lw 100.0.2 dpkg rc1

---
 librewolf/debian/librewolf_settings/README.md      | 10 ++-
 .../librewolf_settings/distribution/policies.json  |  2 +-
 .../debian/librewolf_settings/docs/Changelog.md    | 93 +++++++++++++++++++++-
 librewolf/debian/librewolf_settings/librewolf.cfg  | 23 +++---
 4 files changed, 108 insertions(+), 20 deletions(-)

(limited to 'librewolf/debian/librewolf_settings')

diff --git a/librewolf/debian/librewolf_settings/README.md b/librewolf/debian/librewolf_settings/README.md
index 0b0edee..f0ed372 100755
--- a/librewolf/debian/librewolf_settings/README.md
+++ b/librewolf/debian/librewolf_settings/README.md
@@ -8,11 +8,13 @@ we encourage users to find **their own setup** and to use our default configurat
 - [website](https://librewolf.net/): read the docs.
 - [faq](https://librewolf.net/docs/faq/): for any question you might have, and to help you creating your own pref file.
 - [all releases](https://gitlab.com/librewolf-community/browser).
-- [issue tracker](https://gitlab.com/librewolf-community/settings/-/issues). issues that have the `provide info` label need user input or they will be quarantined after a week, and closed after ten days.
+- [issue tracker](https://gitlab.com/librewolf-community/settings/-/issues).
+  - if you ignore the pre-requisites and the template the issues might be closed.
+  - issues that have the `provide info` label need user input or they will be quarantined after a week, and closed after ten days.
 - find us on [gitter](https://gitter.im/librewolf-community/librewolf) / [matrix](https://matrix.to/#/#librewolf:matrix.org) / [reddit](https://www.reddit.com/r/LibreWolf/) / [lemmy](https://lemmy.ml/c/librewolf).
 
 ## Notes and thanks
 - this repository benefits from the knowledge and research provided by [arkenfox](https://github.com/arkenfox), so special thanks to the project.
-we do not use arkenfox's user.js but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup.
-- some of the older prefs in this project were taken from [pyllyukko](https://github.com/pyllyukko/user.js/) and many more were investigated on [bugzilla](https://bugzilla.mozilla.org/home);
-- thanks to the whole LibreWolf community and to all the contributors of this repo.
\ No newline at end of file
+we do not use arkenfox's `user.js` but we try to keep up with it, and we also consider it a great resource for users who want to find their own setup.
+- many thanks to the firefox team and to the people working on [bugzilla](https://bugzilla.mozilla.org/home);
+- thanks to the whole LibreWolf community and to all the contributors of this repo.
diff --git a/librewolf/debian/librewolf_settings/distribution/policies.json b/librewolf/debian/librewolf_settings/distribution/policies.json
index 50a0eb2..b726d3e 100644
--- a/librewolf/debian/librewolf_settings/distribution/policies.json
+++ b/librewolf/debian/librewolf_settings/distribution/policies.json
@@ -29,7 +29,7 @@
         },
         "Extensions": {
             "Install": [
-                "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.41.8-an+fx.xpi"
+                "https://addons.mozilla.org/firefox/downloads/file/3933192/ublock_origin-1.42.4-an+fx.xpi"
             ],
             "Uninstall": [
                 "google@search.mozilla.org",
diff --git a/librewolf/debian/librewolf_settings/docs/Changelog.md b/librewolf/debian/librewolf_settings/docs/Changelog.md
index 1b1b657..b3a325c 100644
--- a/librewolf/debian/librewolf_settings/docs/Changelog.md
+++ b/librewolf/debian/librewolf_settings/docs/Changelog.md
@@ -1,9 +1,98 @@
 This changelog will be used from now on to document changes in a precise manner, with a list of changes for each setting version.
 Setting versions are documented using the pref `librewolf.cfg.version`, available in about:config.
 
+# 6.4
+
+**target commit**: eea09ca07333dc166213fa9c873e4916d979e97f
+
+**base librewolf version**: 100.x
+
+**References**:
+- hide Firefox Focus promo in private tabs.
+- double checking revoked certificates with both CRL and OCSP allows to detect false positives and it is also [the default](https://hg.mozilla.org/mozilla-central/rev/a6ba7b4ee17).
+- [clearOnShutdown prefs now respect exceptions](https://github.com/arkenfox/user.js/issues/1441) so we can tick all boxes in that UI as well.
+
+#### Added preferences
+```
+lockPref("browser.promo.focus.enabled", false);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
+```
+
+#### Changed preferences
+```
+defaultPref("security.pki.crlite_mode", 3); // prev 2
+```
+
+#### Removed preferences
+```
+defaultPref("privacy.clearOnShutdown.cookies", false);
+```
+
+# 6.3
+
+**target commit**: e84fc950bfd7c3542cb974e9d545b9b8e18c010d
+
+**base librewolf version**: 99.x
+
+**References**:
+- Fixes the uBlock Origin installation URL
+
+# 6.2
+
+**target commit**: ac95f5195ed82ca6bcec48acf9d1241e3c683b25
+
+**base librewolf version**: 99.x
+
+**References**:
+- vpn pref was set to the wrong value by mistake.
+- offscreencanvas cannot be read back using JS, plus it is being tracked upstream. see [this comment](https://github.com/arkenfox/user.js/issues/1418#issuecomment-1093390017), which solves doubts from 6.1 changelog.
+
+#### Removed preferences
+```
+defaultPref("gfx.offscreencanvas.domain-enabled", false);
+```
+
+#### Changed preferences
+```
+lockPref("browser.vpn_promo.enabled", false);
+```
+
+# 6.1
+
+**target commit**: 465257e5993893cd7896ef1533d37e245f206fb9
+
+**base librewolf version**: 99.x
+
+**References**:
+- csp pref has been deprecated.
+- quicksuggest prefs are redundant as it has a master switch. the master switch is now force applied on each restart of the browser.
+- do not whitelist offscreencanvas for now, we need to first check how it is tied to the "normal" canvas.
+
+**Notes**: using the vpn pref should allow us to get rid of one patch.
+
+#### Added preferences
+```
+lockPref("browser.vpn_promo.enabled", true);
+defaultPref("gfx.offscreencanvas.domain-enabled", false);
+```
+
+#### Removed preferences
+```
+lockPref("security.csp.enable", true); // enforce csp, default
+lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
+lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false);
+lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default
+lockPref("browser.urlbar.quicksuggest.scenario", "history");
+```
+
+#### Changed preferences
+```
+pref("browser.urlbar.quicksuggest.enabled", false);
+```
+
 # 6.0
 
-**target commit**:
+**target commit**: 0822d491d2b377b5cd7f0429cee5aa916538fa50
 
 **base librewolf version**: 98.x
 
@@ -612,4 +701,4 @@ lockPref("privacy.override_rfp_for_color_scheme", false);
 **base librewolf version**: 89.x
 
 This is the initial release from which we start tagging and versioning settings. For previous changes see 
-[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).
\ No newline at end of file
+[here](https://gitlab.com/librewolf-community/settings/-/blob/master/docs/changelog-legacy.md).
diff --git a/librewolf/debian/librewolf_settings/librewolf.cfg b/librewolf/debian/librewolf_settings/librewolf.cfg
index 8525c82..8f07322 100755
--- a/librewolf/debian/librewolf_settings/librewolf.cfg
+++ b/librewolf/debian/librewolf_settings/librewolf.cfg
@@ -6,7 +6,7 @@
  * 
  * WARNING: please make sure the first line of this file is empty. this is a known bug.
  */
-defaultPref("librewolf.cfg.version", "6.0");
+defaultPref("librewolf.cfg.version", "6.4");
 
 
 /** INDEX
@@ -54,7 +54,7 @@ defaultPref("network.cookie.thirdparty.nonsecureSessionOnly", true);
  * we disable it but cookies and site data are still cleared per session unless exceptions are set.
  * all the cleaning prefs true by default except for siteSetting and offlineApps, which is what we want.
  */
-defaultPref("privacy.clearOnShutdown.cookies", false);
+defaultPref("privacy.clearOnShutdown.offlineApps", true);
 defaultPref("privacy.sanitize.sanitizeOnShutdown", true);
 defaultPref("privacy.sanitize.timeSpan", 0);
 
@@ -208,10 +208,10 @@ defaultPref("security.ssl.treat_unsafe_negotiation_as_broken", true);
  * our strategy with revocation is to perform all possible checks with CRL, but when a cert
  * cannot be checked with it we use OCSP stapled with hard-fail, to still keep privacy and
  * increase security.
- * switching to crlite mode 3 (v99+) would allow us to detect false positive with OCSP.
+ * crlite is in mode 3 by default, which allows us to detect false positive with OCSP.
  */
 defaultPref("security.remote_settings.crlite_filters.enabled", true);
-defaultPref("security.pki.crlite_mode", 2); // mode 2 means enforce CRL checks
+defaultPref("security.pki.crlite_mode", 3); // default
 defaultPref("security.OCSP.enabled", 1); // default
 defaultPref("security.OCSP.require", true); // set to hard-fail
 
@@ -255,7 +255,6 @@ lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false);
 lockPref("browser.safebrowsing.provider.google4.dataSharingURL", "");
 
 /** [SECTION] OTHERS */
-lockPref("security.csp.enable", true); // enforce csp, default
 defaultPref("network.IDN_show_punycode", true); // use punycode in idn to prevent spoofing
 defaultPref("pdfjs.enableScripting", false); // disable js scripting in the built-in pdf reader
 
@@ -301,15 +300,11 @@ defaultPref("browser.search.suggest.enabled", false);
 defaultPref("browser.search.update", false);
 defaultPref("browser.urlbar.trimURLs", false);
 /**
- * quicksuggest is a feature of firefox that shows sponsored suggestions. we disable it in full
- * but the list could and should be trimmed at some point. the scenario controls the opt-in, while
- * the second pref disables the feature and hides it from the ui.
+ * the pref disables the whole feature and hide it from the ui
+ * (as noted in https://bugzilla.mozilla.org/show_bug.cgi?id=1755057).
+ * this also includes the best match feature, as it is part of firefox suggest.
  */
-lockPref("browser.urlbar.quicksuggest.scenario", "history");
-lockPref("browser.urlbar.quicksuggest.enabled", false);
-lockPref("browser.urlbar.suggest.quicksuggest.nonsponsored", false);
-lockPref("browser.urlbar.suggest.quicksuggest.sponsored", false);
-lockPref("browser.urlbar.quicksuggest.dataCollection.enabled", false); // default
+pref("browser.urlbar.quicksuggest.enabled", false);
 
 /** [SECTION] DOWNLOADS
  * user interaction should always be required for downloads, as a way to enhance security by asking
@@ -476,6 +471,8 @@ defaultPref("browser.contentblocking.report.monitor.enabled", false);
 lockPref("browser.contentblocking.report.hide_vpn_banner", true);
 lockPref("browser.contentblocking.report.vpn.enabled", false);
 lockPref("browser.contentblocking.report.show_mobile_app", false);
+lockPref("browser.vpn_promo.enabled", false);
+lockPref("browser.promo.focus.enabled", false);
 // ...about:addons recommendations sections and more
 defaultPref("extensions.htmlaboutaddons.recommendations.enabled", false);
 defaultPref("extensions.getAddons.showPane", false);
-- 
cgit