diff --git a/README.md b/README.md index 75516ae..171f3d1 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,16 @@ _What is it then?_ It's a **_hardened_** _version_ of Firefox. (See bottom of fi * **[download latest release](https://gitlab.com/librewolf-community/browser/windows/-/releases)**. * [issue tracker](https://gitlab.com/librewolf-community/browser/windows/-/issues). -# download locations +# Chocolatey package manager + +This work is not completely finished yet, but ready to be used anyway. +For now, to install, download [librewolf.87.0.4.nupkg](https://gitlab.com/librewolf-community/browser/windows/uploads/c0d228fc15c1a8f96f4f1db0e0fe2d42/librewolf.87.0.4.nupkg), and run this in the folder with the nupkg: + +`choco install librewolf -s "'.;chocolatey'"` + +Code is here https://github.com/maltejur/librewolf-choco + +# other download locations * [[arch releases](https://gitlab.com/librewolf-community/browser/arch/-/releases)] - [librewolf-bin AUR(en)](https://aur.archlinux.org/packages/librewolf-bin/), [librewolf AUR(en)](https://aur.archlinux.org/packages/librewolf/) * [[linux releases](https://gitlab.com/librewolf-community/browser/linux/-/releases)] - Flatpak, AppImage, Arch and other Linux builds of the LibreWolf browser. @@ -39,7 +48,7 @@ _What is it then?_ It's a **_hardened_** _version_ of Firefox. (See bottom of fi * If at all possible, pleasse go to the relevant 'issues' link and start discussing thing there. * [[reddit](https://www.reddit.com/r/LibreWolf/)] - [r/LibreWolf](https://www.reddit.com/r/LibreWolf/) 😺 * [readthedocs.io](https://librewolf.readthedocs.io/en/latest/). -* [[gitter](https://gitter.im/librewolf-community/librewolf)]. +* [[gitter](https://gitter.im/librewolf-community/librewolf)], and the same room on [matrix](https://app.element.io/#/room/#librewolf-community_librewolf:gitter.im) (element.io). # hardening firefox diff --git a/artifacts_all.sh b/artifacts_all.sh index d44335b..fdac51a 100644 --- a/artifacts_all.sh +++ b/artifacts_all.sh @@ -26,63 +26,17 @@ cd librewolf ; rm -rf maintenanceservice* pingsender* firefox.*.xml precomplete cp -v common/source_files/browser/branding/librewolf/firefox.ico librewolf/librewolf.ico # create the final zip/exe artifacts -if [ ! -z $permissive ]; then - - # patch to permissive config - pushd librewolf - echo "Applying permissive patches..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/permissive/librewolf-config.patch - patch -p1 -i ../patches/permissive/librewolf-policies.patch - popd - - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-permissive.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-permissive.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-permissive-setup.exe tmp.nsi tmp-permissive.nsi - sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi - sed "s/win64-setup/win64-permissive-setup/g" < tmp.nsi > tmp-permissive.nsi - makensis-3.01.exe -V1 tmp-permissive.nsi - if [ $? -ne 0 ]; then exit 1; fi - -elif [ ! -z $strict ]; then - # patch to strict config - pushd librewolf - echo "Applying strict config..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/strict/librewolf-config.patch - patch -p1 -i ../patches/strict/librewolf-policies.patch - popd +rm -f librewolf-$pkgver.en-US.$ospkg.zip +zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf +if [ $? -ne 0 ]; then exit 1; fi - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-strict.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-strict.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi +# now to try to make the installer +rm -f librewolf-$pkgver.en-US.win64-setup.exe tmp.nsi +sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi +makensis-3.01.exe -V1 tmp.nsi +if [ $? -ne 0 ]; then exit 1; fi - # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-strict-setup.exe tmp.nsi tmp-strict.nsi - sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi - sed "s/win64-setup/win64-strict-setup/g" < tmp.nsi > tmp-strict.nsi - makensis-3.01.exe -V1 tmp-strict.nsi - if [ $? -ne 0 ]; then exit 1; fi - -else - - rm -f librewolf-$pkgver.en-US.$ospkg.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - rm -f librewolf-$pkgver.en-US.win64-setup.exe tmp.nsi - sed "s/pkg_version/$pkgver/g" < artifacts_win.nsi > tmp.nsi - makensis-3.01.exe -V1 tmp.nsi - if [ $? -ne 0 ]; then exit 1; fi - -fi popd } @@ -120,53 +74,13 @@ cd librewolf ; rm -rf maintenanceservice* pingsender* firefox.*.xml precomplete # copy the windows icon cp -v common/source_files/browser/branding/librewolf/firefox.ico librewolf/librewolf.ico -# create the final zip/exe artifacts -if [ ! -z $permissive ]; then - - # patch to permissive config - pushd librewolf - echo "Applying permissive patches..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/permissive/librewolf-config.patch - patch -p1 -i ../patches/permissive/librewolf-policies.patch - popd - - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-permissive.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-permissive.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - # (create a .deb here) - -elif [ ! -z $strict ]; then +# create the final zip artifact +rm -f librewolf-$pkgver.en-US.$ospkg.zip +zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf +if [ $? -ne 0 ]; then exit 1; fi - # patch to strict config - pushd librewolf - echo "Applying strict config..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/strict/librewolf-config.patch - patch -p1 -i ../patches/strict/librewolf-policies.patch - popd - - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-strict.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-strict.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - # (create a .deb here) - -else - - rm -f librewolf-$pkgver.en-US.$ospkg.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - # (create a .deb here) - -fi +# now to try to make the installer +# (create a .deb here) popd } @@ -208,37 +122,16 @@ cd librewolf ; rm -rf maintenanceservice* pingsender* firefox.*.xml precomplete # linux: copy app icon stuff cp files/register-librewolf files/start-librewolf files/start-librewolf.desktop.in librewolf - # create the final zip artifact rm -f librewolf-$pkgver.en-US.$ospkg.zip zip -qr9 librewolf-$pkgver.en-US.$ospkg.zip librewolf if [ $? -ne 0 ]; then exit 1; fi # now to try to make the installer -# (create a .deb here) - -# patch to permissive config -if [ ! -z $permissive ]; then - pushd librewolf - echo "Applying permissive patches..." - cp -v ../settings/librewolf.cfg . && cp -v ../settings/distribution/policies.json distribution - patch -p1 -i ../patches/permissive/librewolf-config.patch - patch -p1 -i ../patches/permissive/librewolf-policies.patch - popd - - # create the final zip artifact - rm -f librewolf-$pkgver.en-US.$ospkg-permissive.zip - zip -qr9 librewolf-$pkgver.en-US.$ospkg-permissive.zip librewolf - if [ $? -ne 0 ]; then exit 1; fi - - # now to try to make the installer - # (create a .deb here) -fi +# (create a .rpm here) popd } - - diff --git a/build.sh b/build.sh index 16cb435..b1f3fa7 100755 --- a/build.sh +++ b/build.sh @@ -83,25 +83,36 @@ do_patches() { patch -p1 -i ../linux/mozilla-vpn-ad.patch if [ "$srcdir" == "mozilla-unified" ]; then + echo "../patches/nightly/context-menu2.patch" patch -p1 -i ../patches/nightly/context-menu2.patch + echo "../patches/nightly/report-site-issue.patch" patch -p1 -i ../patches/nightly/report-site-issue.patch - patch -p1 -i ../patches/nightly/megabar2.patch + echo "../patches/nightly/megabar3.patch" + patch -p1 -i ../patches/nightly/megabar3.patch else + echo "../linux/context-menu.patch" patch -p1 -i ../linux/context-menu.patch + echo "../linux/remove_addons.patch" patch -p1 -i ../linux/remove_addons.patch + echo "../linux/megabar.patch" patch -p1 -i ../linux/megabar.patch fi echo 'GNU sed patches...' + echo "../patches/sed-patches/allow-searchengines-non-esr.patch" patch -p1 -i ../patches/sed-patches/allow-searchengines-non-esr.patch + echo "../patches/sed-patches/disable-pocket.patch" patch -p1 -i ../patches/sed-patches/disable-pocket.patch + echo "../patches/sed-patches/remove-internal-plugin-certs.patch" patch -p1 -i ../patches/sed-patches/remove-internal-plugin-certs.patch + echo "../patches/sed-patches/stop-undesired-requests.patch" patch -p1 -i ../patches/sed-patches/stop-undesired-requests.patch echo 'Local patches...' # local win10 patches + echo "../patches/browser-confvars.patch" patch -p1 -i ../patches/browser-confvars.patch # not sure about this one yet! if [ "$strict" == "strict" ]; then @@ -214,13 +225,6 @@ deps_pkg() { echo "deps_pkg: done." } -deps_mac() { - echo "deps_mac: begin." - deps="yasm nasm ffmpeg node@14 gcc dbus nss" - brew install $deps - echo "deps_mac: done." -} - # these utilities should work everywhere clean() { echo "clean: begin." @@ -277,6 +281,7 @@ mach_env() { git_subs() { echo "git_subs: begin." git submodule update --recursive + git submodule foreach git pull origin master git submodule foreach git merge origin master echo "git_subs: done." } @@ -300,49 +305,6 @@ git_init() { echo "git_init: done." } - -# Permissive/strict configuration options (win10 only at the moment) - -perm_config_diff() { - pushd settings > /dev/null - cp "/c/Program Files/LibreWolf/librewolf.cfg" librewolf.cfg - if [ $? -ne 0 ]; then exit 1; fi - git diff librewolf.cfg > ../patches/permissive/librewolf-config.patch - git diff librewolf.cfg - git checkout librewolf.cfg > /dev/null 2>&1 - popd > /dev/null -} - -perm_policies_diff() { - pushd settings/distribution > /dev/null - cp "/c/Program Files/LibreWolf/distribution/policies.json" policies.json - if [ $? -ne 0 ]; then exit 1; fi - git diff policies.json > ../../patches/permissive/librewolf-policies.patch - git diff policies.json - git checkout policies.json > /dev/null 2>&1 - popd > /dev/null -} - -strict_config_diff() { - pushd settings > /dev/null - cp "/c/Program Files/LibreWolf/librewolf.cfg" librewolf.cfg - if [ $? -ne 0 ]; then exit 1; fi - git diff librewolf.cfg > ../patches/strict/librewolf-config.patch - git diff librewolf.cfg - git checkout librewolf.cfg > /dev/null 2>&1 - popd > /dev/null -} - -strict_policies_diff() { - pushd settings/distribution > /dev/null - cp "/c/Program Files/LibreWolf/distribution/policies.json" policies.json - if [ $? -ne 0 ]; then exit 1; fi - git diff policies.json > ../../patches/strict/librewolf-policies.patch - git diff policies.json - git checkout policies.json > /dev/null 2>&1 - popd > /dev/null -} - # # Nightly builds, alternative builds. # @@ -478,17 +440,6 @@ if [[ "$*" == *reset_tor_browser* ]]; then done_something=1 fi -# permissive & strict modes. -if [[ "$*" == *set_perm* ]]; then - permissive=permissive -fi -if [[ "$*" == *set_permissive* ]]; then - permissive=permissive -fi -if [[ "$*" == *set_strict* ]]; then - strict=strict -fi - @@ -534,10 +485,6 @@ if [[ "$*" == *deps_pkg* ]]; then deps_pkg done_something=1 fi -if [[ "$*" == *deps_mac* ]]; then - deps_mac - done_something=1 -fi # main building actions... @@ -577,26 +524,6 @@ if [[ "$*" == *artifacts_rpm* ]]; then done_something=1 fi -# librewolf.cfg and policies.json differences - -if [[ "$*" == *perm_config_diff* ]]; then - perm_config_diff - done_something=1 -fi -if [[ "$*" == *perm_policies_diff* ]]; then - perm_policies_diff - done_something=1 -fi -if [[ "$*" == *strict_config_diff* ]]; then - strict_config_diff - done_something=1 -fi -if [[ "$*" == *strict_policies_diff* ]]; then - strict_policies_diff - done_something=1 -fi - - # by default, give help.. if (( done_something == 0 )); then cat << EOF @@ -619,7 +546,6 @@ Use: ./build.sh clean | all | [other stuff...] deps_deb - install dependencies with apt. deps_rpm - install dependencies with dnf. deps_pkg - install dependencies with pkg. (experimental) - deps_mac - install dependencies with brew. (experimental) artifacts_deb - apply .cfg, create a dist zip file (for debian10). artifacts_rpm - apply .cfg, create a dist zip file (for fedora33). @@ -631,22 +557,7 @@ Use: ./build.sh clean | all | [other stuff...] git_subs - update git submodules. git_init - create .git folder in firefox-87.0 for creating patches. -# Strict/permissive config: - - set_perm - produce permissive artifacts. - set_strict - produce strict mode build/artifacts - - perm_config_diff - diff between -release and -permissive config - perm_policies_diff - diff between -release and -permissive policies.json - strict_config_diff - diff between -release and -strict config - strict_policies_diff - diff between -release and -strict policies.json - -The *_diff commands are dangerous (change repo files), win10 specific, and -just for internal use. You can use './build set_perm all' to build permissve -and './build set_strict all' for -strict. This functionality exists because -we're constantly balancing settings between usability and security. - -# Cross-compile from linux: (experimental) +# Cross-compile from linux: (in development) linux_patches - the 'do_patches' for linux->win crosscompile. linux_artifacts - standard artifact zip file. perhaps a -setup.exe. diff --git a/patches/nightly/megabar3.patch b/patches/nightly/megabar3.patch new file mode 100644 index 0000000..d0687aa --- /dev/null +++ b/patches/nightly/megabar3.patch @@ -0,0 +1,148 @@ +diff --git a/browser/components/urlbar/UrlbarInput.jsm b/browser/components/urlbar/UrlbarInput.jsm +index f076d5d7f2..92f0adf003 100644 +--- a/browser/components/urlbar/UrlbarInput.jsm ++++ b/browser/components/urlbar/UrlbarInput.jsm +@@ -1704,13 +1704,13 @@ class UrlbarInput { + + // Enable the animation only after the first extend call to ensure it + // doesn't run when opening a new window. +- if (!this.hasAttribute("breakout-extend-animate")) { +- this.window.promiseDocumentFlushed(() => { +- this.window.requestAnimationFrame(() => { +- this.setAttribute("breakout-extend-animate", "true"); +- }); +- }); +- } ++// if (!this.hasAttribute("breakout-extend-animate")) { ++// this.window.promiseDocumentFlushed(() => { ++// this.window.requestAnimationFrame(() => { ++// this.setAttribute("breakout-extend-animate", "true"); ++// }); ++// }); ++// } + } + + endLayoutExtend() { +diff --git a/browser/themes/shared/urlbar-searchbar.inc.css b/browser/themes/shared/urlbar-searchbar.inc.css +index 3abd701732..87713b9cbd 100644 +--- a/browser/themes/shared/urlbar-searchbar.inc.css ++++ b/browser/themes/shared/urlbar-searchbar.inc.css +@@ -5,7 +5,7 @@ + %endif + + %define fieldHoverBorderColor hsla(240,5%,5%,.35) +-%define urlbarMarginInline 5px ++%define urlbarMarginInline 0px + %define urlbarSearchButtonWidth calc(16px + 2 * var(--urlbar-icon-padding)) + + :root { +@@ -273,40 +273,40 @@ + } + + #urlbar[breakout][breakout-extend] { +- top: -@urlbarBreakoutExtend@; +- left: calc(-@urlbarMarginInline@ - @urlbarBreakoutExtend@); +- width: calc(100% + 2 * @urlbarMarginInline@ + 2 * @urlbarBreakoutExtend@); ++ top: 0; ++ left: 0; ++ width: 100%; + } + + @media (-moz-proton) { + #urlbar[breakout][breakout-extend] { + top: 0; +- left: -@urlbarMarginInline@; +- width: calc(100% + 2 * @urlbarMarginInline@); ++ left: 0; ++ width: 100%; + } + } /*** END proton ***/ + + @media not (-moz-proton) { + #urlbar[breakout][breakout-extend] > #urlbar-background { +- box-shadow: 0 3px 8px 0 rgba(0,0,0,.15) ++ box-shadow: 0 1px 4px rgba(0,0,0,.05); + } + + #urlbar[breakout][breakout-extend][open] > #urlbar-background { +- box-shadow: 0 5px 18px rgba(0,0,0,.2); ++ box-shadow: 0 1px 4px rgba(0,0,0,.05); + } + } /*** END !proton ***/ + + #urlbar[breakout][breakout-extend] > #urlbar-input-container { +- height: calc(var(--urlbar-toolbar-height) + 2 * @urlbarBreakoutExtend@); +- padding-block: calc(@urlbarBreakoutExtend@ + (var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2); +- padding-inline: calc(@urlbarMarginInline@ + @urlbarBreakoutExtend@); ++ height: var(--urlbar-toolbar-height); ++ padding-block: 0; ++ padding-inline: 0; + } + + @media (-moz-proton) { + #urlbar[breakout][breakout-extend] > #urlbar-input-container { + height: var(--urlbar-toolbar-height); +- padding-block: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2 + var(--urlbar-container-padding)); +- padding-inline: calc(@urlbarMarginInline@ + var(--urlbar-container-padding)); ++ padding-block: 0; ++ padding-inline: 0; + } + } /*** END proton ***/ + +@@ -325,7 +325,7 @@ + } + + #urlbar[breakout][breakout-extend] > #urlbar-background { +- animation-name: urlbar-grow; ++ animation-name: none; + animation-duration: 0s; + animation-timing-function: var(--animation-easing-function); + } +diff --git a/browser/themes/shared/urlbarView.inc.css b/browser/themes/shared/urlbarView.inc.css +index e58531723e..dba8668168 100644 +--- a/browser/themes/shared/urlbarView.inc.css ++++ b/browser/themes/shared/urlbarView.inc.css +@@ -86,16 +86,16 @@ + display: block; + text-shadow: none; + overflow: clip; +- margin-inline: calc(5px + var(--urlbar-container-padding)); +- width: calc(100% - 2 * (5px + var(--urlbar-container-padding))); ++ margin-inline: 0; ++ width: 100% + /* Match urlbar-background's border. */ + border-inline: 1px solid transparent; + } + + @media not (-moz-proton) { + .urlbarView { +- margin-inline: calc(4px + var(--identity-box-margin-inline)); +- width: calc(100% - 2 * (4px + var(--identity-box-margin-inline))); ++ margin-inline: 0; ++ width: 100%; + } + /* If the view is open, offset the toolbar overlap so the view's top border + aligns with the toolbar. */ +@@ -298,6 +298,7 @@ + object-fit: contain; + flex-shrink: 0; + -moz-context-properties: fill, fill-opacity; ++ margin-inline-start: 20px; + } + + @media not (-moz-proton) { +@@ -331,10 +332,10 @@ + + .urlbarView-type-icon { + position: absolute; +- width: 12px; +- height: 12px; +- margin-bottom: -4px; +- margin-inline-start: 8px; ++ width: 16px; ++ height: 16px;; ++ margin-bottom: 0; ++ margin-inline-start: 0; + align-self: end; + background-repeat: no-repeat; + background-size: contain; diff --git a/patches/permissive/librewolf-config.patch b/patches/permissive/librewolf-config.patch index 9ef2f02..c6ccb9e 100644 --- a/patches/permissive/librewolf-config.patch +++ b/patches/permissive/librewolf-config.patch @@ -1,26 +1,16 @@ diff --git a/librewolf.cfg b/librewolf.cfg -index 1ad0cea..7515734 100644 +index 03524fd..7aa8d33 100644 --- a/librewolf.cfg +++ b/librewolf.cfg -@@ -264,11 +264,12 @@ defaultPref("media.gmp-manager.certs.1.commonName", ""); - // User Settings : WebRTC - // ---------------------- - --defaultPref("media.navigator.enabled", false); --defaultPref("media.navigator.video.enabled", false); --defaultPref("media.getusermedia.browser.enabled", false); --defaultPref("media.getusermedia.screensharing.enabled", false); --defaultPref("media.getusermedia.audiocapture.enabled", false); -+// these 5 are needed to be true for webcam/camera -+defaultPref("media.navigator.enabled", true); -+defaultPref("media.navigator.video.enabled", true); -+defaultPref("media.getusermedia.browser.enabled", true); -+defaultPref("media.getusermedia.screensharing.enabled", true); -+defaultPref("media.getusermedia.audiocapture.enabled", true); - defaultPref("media.peerconnection.use_document_iceservers", false); - defaultPref("media.peerconnection.identity.enabled", false); - // 10000 per default -@@ -389,7 +390,7 @@ defaultPref("extensions.ui.experiment.hidden", false); +@@ -375,6 +375,7 @@ defaultPref("network.proxy.socks_version", 5); + defaultPref("browser.tabs.loadBookmarksInTabs", true); + defaultPref("devtools.debugger.remote-enabled", false); + defaultPref("devtools.chrome.enabled", false); ++defaultPref("general.useragent.site_specific_overrides", false); + defaultPref("extensions.ui.experiment.hidden", false); + //defaultPref("extensions.ui.dictionary.hidden", false); + //defaultPref("extensions.ui.locale.hidden", false); +@@ -388,7 +389,7 @@ defaultPref("extensions.ui.experiment.hidden", false); lockPref("dom.indexedDB.enabled", true); //default true //lockPref("dom.indexedDB.logging.details", false); //default true //lockPref("dom.indexedDB.logging.enabled", false); //default true @@ -29,7 +19,16 @@ index 1ad0cea..7515734 100644 //lockPref("network.http.spdy.enabled", false); //lockPref("network.http.spdy.enabled.deps", false); //lockPref("network.http.spdy.enabled.http2", false); -@@ -882,12 +883,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); +@@ -616,7 +617,7 @@ defaultPref("extensions.webextensions.background-delayed-startup", true); //defa + // >>>>>>>>>>>>>>>>>>>> + + // Pref : Disabling performance addon url [FF64+] +-lockPref("devtools.performance.recording.ui-base-url", "http://localhost:4242"); ++lockPref("devtools.performance.recording.ui-base-url", "https://localhost:4242"); + // Default Value : https://perf-html.io + + // Pref : The default set of protocol handlers for irc [FF64+] +@@ -881,12 +882,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); // https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE% // Pref : @@ -44,7 +43,7 @@ index 1ad0cea..7515734 100644 // Default Value // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% -@@ -897,12 +898,12 @@ defaultPref("extensions.getAddons.link.url", ""); +@@ -896,12 +897,12 @@ defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ // Pref : @@ -59,7 +58,7 @@ index 1ad0cea..7515734 100644 // Default Value // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox -@@ -932,7 +933,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +@@ -931,7 +932,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // https://accounts.firefox.com/ // Pref : @@ -68,7 +67,16 @@ index 1ad0cea..7515734 100644 // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= // %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -@@ -1804,7 +1805,7 @@ lockPref("datareporting.healthreport.uploadEnabled", false); +@@ -1476,7 +1477,7 @@ lockPref("javascript.options.shared_memory", false); + // So overall, disabling SW should enhance performance because it blocks SW Scripts. + // [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. + // [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. +-defaultPref("dom.serviceWorkers.enabled", false); ++lockPref("dom.serviceWorkers.enabled", false); + + // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + // Section : General Settings 1/3 +@@ -1803,7 +1804,7 @@ lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); // Pref : Disable right-click menu manipulation via JavaScript (disabled) @@ -77,7 +85,16 @@ index 1ad0cea..7515734 100644 // Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript // Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in -@@ -2773,3 +2774,14 @@ defaultPref("devtools.selfxss.count", 0); +@@ -1893,7 +1894,7 @@ lockPref("dom.enable_user_timing", false); + // Pref : Disable Web Audio API + // https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 + // Avoid fingerprinting +-defaultPref("dom.webaudio.enabled", false); ++lockPref("dom.webaudio.enabled", false); + + // Pref : When geolocation is enabled, don't log geolocation requests to the console + lockPref("geo.wifi.logging.enabled", false); +@@ -2772,3 +2773,10 @@ defaultPref("devtools.selfxss.count", 0); // enable HTTPS only mode by default defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_ever_enabled", true); @@ -88,7 +105,3 @@ index 1ad0cea..7515734 100644 +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("network.cookie.lifetimePolicy", 2); -+ -+// attempting to allow webcam and microphone -+defaultPref("permissions.default.microphone",1); -+defaultPref("permissions.default.camera",1); diff --git a/patches/permissive/librewolf-policies.patch b/patches/permissive/librewolf-policies.patch index f572558..2ee87f6 100644 --- a/patches/permissive/librewolf-policies.patch +++ b/patches/permissive/librewolf-policies.patch @@ -1,13 +1,33 @@ diff --git a/distribution/policies.json b/distribution/policies.json -index 7f7e822..e517284 100644 +index 171e53e..28669dd 100644 --- a/distribution/policies.json +++ b/distribution/policies.json -@@ -62,7 +62,7 @@ - - "Extensions": { - "Install": [ -- "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi" -+ "https://addons.cdn.mozilla.net/user-media/addons/607454/ublock_origin-1.33.2-an+fx.xpi", - ], - "Uninstall": [ - "google@search.mozilla.org", +@@ -21,7 +21,12 @@ + "ProviderURL": "", + "Locked": false + }, +- ++ "UserMessaging": { ++ "ExtensionRecommendations": false, ++ "FeatureRecommendations": false, ++ "SkipOnboarding": true, ++ "UrlbarInterventions": false ++ }, + "Bookmarks": [ + { + "Title": "Library", +@@ -97,14 +102,6 @@ + "PostData": "q={searchTerms}&time_range=&language=en-US&category_general=on", + "IconURL": "https://searx.be/favicon.ico" + }, +- { +- "Name": "StartPage", +- "Description": "The world's most private search engine", +- "Alias": "", +- "Method": "GET", +- "URLTemplate": "https://www.startpage.com/do/search?query={searchTerms}", +- "IconURL": "https://www.startpage.com/assets/images/logo-180x180.png" +- }, + { + "Name": "Qwant", + "Description": "The search engine that respects your privacy.", diff --git a/patches/strict/README.md b/patches/strict/README.md deleted file mode 100644 index a11389b..0000000 --- a/patches/strict/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# current differences between -release and -strict - -## librewolf.cfg: - -* todo - -## policies.json - -* todo: add noscript diff --git a/patches/strict/librewolf-config.patch b/patches/strict/librewolf-config.patch deleted file mode 100644 index e69de29..0000000 diff --git a/patches/strict/librewolf-policies.patch b/patches/strict/librewolf-policies.patch deleted file mode 100644 index e69de29..0000000 diff --git a/patches/urlbarprovider-interventions.patch b/patches/urlbarprovider-interventions.patch new file mode 100644 index 0000000..22448f1 --- /dev/null +++ b/patches/urlbarprovider-interventions.patch @@ -0,0 +1,13 @@ +diff --git a/browser/components/urlbar/UrlbarProviderInterventions.jsm b/browser/components/urlbar/UrlbarProviderInterventions.jsm +index e22886ce92..d46d8191f2 100644 +--- a/browser/components/urlbar/UrlbarProviderInterventions.jsm ++++ b/browser/components/urlbar/UrlbarProviderInterventions.jsm +@@ -451,7 +451,7 @@ class ProviderInterventions extends UrlbarProvider { + ]), + }); + for (let [id, phrases] of Object.entries(DOCUMENTS)) { +- queryScorer.addDocument({ id, phrases }); ++// queryScorer.addDocument({ id, phrases }); + } + return queryScorer; + }); diff --git a/util/upload-distfiles.sh b/util/upload-distfiles.sh new file mode 100644 index 0000000..1ce211e --- /dev/null +++ b/util/upload-distfiles.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +pkgver=88.0.1 +private_token=$1 +if [ -z $private_token ]; then + echo "Please specify the Gitlab PRIVATE TOKEN on the commandline." + exit 1 +fi + +echo "" +echo "" + +curl --request POST --header "PRIVATE-TOKEN: ${private_token}" --form "file=@librewolf-${pkgver}.en-US.win64-setup.exe" "https://gitlab.com/api/v4/projects/13852981/uploads" +echo "" +echo "" + +curl --request POST --header "PRIVATE-TOKEN: ${private_token}" --form "file=@librewolf-${pkgver}.en-US.win64.zip" "https://gitlab.com/api/v4/projects/13852981/uploads" +echo "" +echo "" + +curl --request POST --header "PRIVATE-TOKEN: ${private_token}" --form "file=@librewolf-${pkgver}.en-US.win64-permissive-nightly-setup.exe" "https://gitlab.com/api/v4/projects/13852981/uploads" +echo "" +echo "" + diff --git a/version.sh b/version.sh index 8ba9183..91ffa4f 100644 --- a/version.sh +++ b/version.sh @@ -1 +1 @@ -pkgver=87.0 +pkgver=88.0.1