From dac682c48ab2ee91a377346d0686838607247666 Mon Sep 17 00:00:00 2001 From: Bert van der Weerd Date: Wed, 21 Apr 2021 14:51:08 +0200 Subject: [PATCH] cleanup, new patch --- build.sh | 36 +---- linux | 2 +- patches/nightly/megabar3.patch | 148 +++++++++++++++++++++ patches/permissive/librewolf-config.patch | 100 ++++++-------- patches/strict/README.md | 9 -- patches/strict/librewolf-config.patch | 0 patches/strict/librewolf-policies.patch | 0 patches/urlbarprovider-interventions.patch | 13 ++ 8 files changed, 206 insertions(+), 102 deletions(-) create mode 100644 patches/nightly/megabar3.patch delete mode 100644 patches/strict/README.md delete mode 100644 patches/strict/librewolf-config.patch delete mode 100644 patches/strict/librewolf-policies.patch create mode 100644 patches/urlbarprovider-interventions.patch diff --git a/build.sh b/build.sh index 069c67f..fdb3b02 100755 --- a/build.sh +++ b/build.sh @@ -87,8 +87,8 @@ do_patches() { patch -p1 -i ../patches/nightly/context-menu2.patch echo "../patches/nightly/report-site-issue.patch" patch -p1 -i ../patches/nightly/report-site-issue.patch - echo "../patches/nightly/megabar2.patch" - patch -p1 -i ../patches/nightly/megabar2.patch + echo "../patches/nightly/megabar3.patch" + patch -p1 -i ../patches/nightly/megabar3.patch else echo "../linux/context-menu.patch" patch -p1 -i ../linux/context-menu.patch @@ -307,6 +307,7 @@ git_init() { # Permissive/strict configuration options (win10 only at the moment) +# this stuff should probably go away.. perm_config_diff() { pushd settings > /dev/null @@ -328,25 +329,6 @@ perm_policies_diff() { popd > /dev/null } -strict_config_diff() { - pushd settings > /dev/null - cp "/c/Program Files/LibreWolf/librewolf.cfg" librewolf.cfg - if [ $? -ne 0 ]; then exit 1; fi - git diff librewolf.cfg > ../patches/strict/librewolf-config.patch - git diff librewolf.cfg - git checkout librewolf.cfg > /dev/null 2>&1 - popd > /dev/null -} - -strict_policies_diff() { - pushd settings/distribution > /dev/null - cp "/c/Program Files/LibreWolf/distribution/policies.json" policies.json - if [ $? -ne 0 ]; then exit 1; fi - git diff policies.json > ../../patches/strict/librewolf-policies.patch - git diff policies.json - git checkout policies.json > /dev/null 2>&1 - popd > /dev/null -} # # Nightly builds, alternative builds. @@ -588,14 +570,6 @@ if [[ "$*" == *perm_policies_diff* ]]; then perm_policies_diff done_something=1 fi -if [[ "$*" == *strict_config_diff* ]]; then - strict_config_diff - done_something=1 -fi -if [[ "$*" == *strict_policies_diff* ]]; then - strict_policies_diff - done_something=1 -fi # by default, give help.. @@ -638,15 +612,13 @@ Use: ./build.sh clean | all | [other stuff...] perm_config_diff - diff between -release and -permissive config perm_policies_diff - diff between -release and -permissive policies.json - strict_config_diff - diff between -release and -strict config - strict_policies_diff - diff between -release and -strict policies.json The *_diff commands are dangerous (change repo files), win10 specific, and just for internal use. You can use './build set_perm all' to build permissve and './build set_strict all' for -strict. This functionality exists because we're constantly balancing settings between usability and security. -# Cross-compile from linux: (experimental) +# Cross-compile from linux: (in development) linux_patches - the 'do_patches' for linux->win crosscompile. linux_artifacts - standard artifact zip file. perhaps a -setup.exe. diff --git a/linux b/linux index 062a454..95feca8 160000 --- a/linux +++ b/linux @@ -1 +1 @@ -Subproject commit 062a454cf3a13f04f303c5a1ac88c80f92e689d7 +Subproject commit 95feca84f5c83a27418cf4822a83537606a21a53 diff --git a/patches/nightly/megabar3.patch b/patches/nightly/megabar3.patch new file mode 100644 index 0000000..d0687aa --- /dev/null +++ b/patches/nightly/megabar3.patch @@ -0,0 +1,148 @@ +diff --git a/browser/components/urlbar/UrlbarInput.jsm b/browser/components/urlbar/UrlbarInput.jsm +index f076d5d7f2..92f0adf003 100644 +--- a/browser/components/urlbar/UrlbarInput.jsm ++++ b/browser/components/urlbar/UrlbarInput.jsm +@@ -1704,13 +1704,13 @@ class UrlbarInput { + + // Enable the animation only after the first extend call to ensure it + // doesn't run when opening a new window. +- if (!this.hasAttribute("breakout-extend-animate")) { +- this.window.promiseDocumentFlushed(() => { +- this.window.requestAnimationFrame(() => { +- this.setAttribute("breakout-extend-animate", "true"); +- }); +- }); +- } ++// if (!this.hasAttribute("breakout-extend-animate")) { ++// this.window.promiseDocumentFlushed(() => { ++// this.window.requestAnimationFrame(() => { ++// this.setAttribute("breakout-extend-animate", "true"); ++// }); ++// }); ++// } + } + + endLayoutExtend() { +diff --git a/browser/themes/shared/urlbar-searchbar.inc.css b/browser/themes/shared/urlbar-searchbar.inc.css +index 3abd701732..87713b9cbd 100644 +--- a/browser/themes/shared/urlbar-searchbar.inc.css ++++ b/browser/themes/shared/urlbar-searchbar.inc.css +@@ -5,7 +5,7 @@ + %endif + + %define fieldHoverBorderColor hsla(240,5%,5%,.35) +-%define urlbarMarginInline 5px ++%define urlbarMarginInline 0px + %define urlbarSearchButtonWidth calc(16px + 2 * var(--urlbar-icon-padding)) + + :root { +@@ -273,40 +273,40 @@ + } + + #urlbar[breakout][breakout-extend] { +- top: -@urlbarBreakoutExtend@; +- left: calc(-@urlbarMarginInline@ - @urlbarBreakoutExtend@); +- width: calc(100% + 2 * @urlbarMarginInline@ + 2 * @urlbarBreakoutExtend@); ++ top: 0; ++ left: 0; ++ width: 100%; + } + + @media (-moz-proton) { + #urlbar[breakout][breakout-extend] { + top: 0; +- left: -@urlbarMarginInline@; +- width: calc(100% + 2 * @urlbarMarginInline@); ++ left: 0; ++ width: 100%; + } + } /*** END proton ***/ + + @media not (-moz-proton) { + #urlbar[breakout][breakout-extend] > #urlbar-background { +- box-shadow: 0 3px 8px 0 rgba(0,0,0,.15) ++ box-shadow: 0 1px 4px rgba(0,0,0,.05); + } + + #urlbar[breakout][breakout-extend][open] > #urlbar-background { +- box-shadow: 0 5px 18px rgba(0,0,0,.2); ++ box-shadow: 0 1px 4px rgba(0,0,0,.05); + } + } /*** END !proton ***/ + + #urlbar[breakout][breakout-extend] > #urlbar-input-container { +- height: calc(var(--urlbar-toolbar-height) + 2 * @urlbarBreakoutExtend@); +- padding-block: calc(@urlbarBreakoutExtend@ + (var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2); +- padding-inline: calc(@urlbarMarginInline@ + @urlbarBreakoutExtend@); ++ height: var(--urlbar-toolbar-height); ++ padding-block: 0; ++ padding-inline: 0; + } + + @media (-moz-proton) { + #urlbar[breakout][breakout-extend] > #urlbar-input-container { + height: var(--urlbar-toolbar-height); +- padding-block: calc((var(--urlbar-toolbar-height) - var(--urlbar-height)) / 2 + var(--urlbar-container-padding)); +- padding-inline: calc(@urlbarMarginInline@ + var(--urlbar-container-padding)); ++ padding-block: 0; ++ padding-inline: 0; + } + } /*** END proton ***/ + +@@ -325,7 +325,7 @@ + } + + #urlbar[breakout][breakout-extend] > #urlbar-background { +- animation-name: urlbar-grow; ++ animation-name: none; + animation-duration: 0s; + animation-timing-function: var(--animation-easing-function); + } +diff --git a/browser/themes/shared/urlbarView.inc.css b/browser/themes/shared/urlbarView.inc.css +index e58531723e..dba8668168 100644 +--- a/browser/themes/shared/urlbarView.inc.css ++++ b/browser/themes/shared/urlbarView.inc.css +@@ -86,16 +86,16 @@ + display: block; + text-shadow: none; + overflow: clip; +- margin-inline: calc(5px + var(--urlbar-container-padding)); +- width: calc(100% - 2 * (5px + var(--urlbar-container-padding))); ++ margin-inline: 0; ++ width: 100% + /* Match urlbar-background's border. */ + border-inline: 1px solid transparent; + } + + @media not (-moz-proton) { + .urlbarView { +- margin-inline: calc(4px + var(--identity-box-margin-inline)); +- width: calc(100% - 2 * (4px + var(--identity-box-margin-inline))); ++ margin-inline: 0; ++ width: 100%; + } + /* If the view is open, offset the toolbar overlap so the view's top border + aligns with the toolbar. */ +@@ -298,6 +298,7 @@ + object-fit: contain; + flex-shrink: 0; + -moz-context-properties: fill, fill-opacity; ++ margin-inline-start: 20px; + } + + @media not (-moz-proton) { +@@ -331,10 +332,10 @@ + + .urlbarView-type-icon { + position: absolute; +- width: 12px; +- height: 12px; +- margin-bottom: -4px; +- margin-inline-start: 8px; ++ width: 16px; ++ height: 16px;; ++ margin-bottom: 0; ++ margin-inline-start: 0; + align-self: end; + background-repeat: no-repeat; + background-size: contain; diff --git a/patches/permissive/librewolf-config.patch b/patches/permissive/librewolf-config.patch index 9a8c049..c6ccb9e 100644 --- a/patches/permissive/librewolf-config.patch +++ b/patches/permissive/librewolf-config.patch @@ -1,26 +1,16 @@ diff --git a/librewolf.cfg b/librewolf.cfg -index 1ad0cea..934e6ca 100644 +index 03524fd..7aa8d33 100644 --- a/librewolf.cfg +++ b/librewolf.cfg -@@ -264,11 +264,12 @@ defaultPref("media.gmp-manager.certs.1.commonName", ""); - // User Settings : WebRTC - // ---------------------- - --defaultPref("media.navigator.enabled", false); --defaultPref("media.navigator.video.enabled", false); --defaultPref("media.getusermedia.browser.enabled", false); --defaultPref("media.getusermedia.screensharing.enabled", false); --defaultPref("media.getusermedia.audiocapture.enabled", false); -+// these 5 are needed to be true for webcam/camera -+defaultPref("media.navigator.enabled", true); -+defaultPref("media.navigator.video.enabled", true); -+defaultPref("media.getusermedia.browser.enabled", true); -+defaultPref("media.getusermedia.screensharing.enabled", true); -+defaultPref("media.getusermedia.audiocapture.enabled", true); - defaultPref("media.peerconnection.use_document_iceservers", false); - defaultPref("media.peerconnection.identity.enabled", false); - // 10000 per default -@@ -389,7 +390,7 @@ defaultPref("extensions.ui.experiment.hidden", false); +@@ -375,6 +375,7 @@ defaultPref("network.proxy.socks_version", 5); + defaultPref("browser.tabs.loadBookmarksInTabs", true); + defaultPref("devtools.debugger.remote-enabled", false); + defaultPref("devtools.chrome.enabled", false); ++defaultPref("general.useragent.site_specific_overrides", false); + defaultPref("extensions.ui.experiment.hidden", false); + //defaultPref("extensions.ui.dictionary.hidden", false); + //defaultPref("extensions.ui.locale.hidden", false); +@@ -388,7 +389,7 @@ defaultPref("extensions.ui.experiment.hidden", false); lockPref("dom.indexedDB.enabled", true); //default true //lockPref("dom.indexedDB.logging.details", false); //default true //lockPref("dom.indexedDB.logging.enabled", false); //default true @@ -29,7 +19,16 @@ index 1ad0cea..934e6ca 100644 //lockPref("network.http.spdy.enabled", false); //lockPref("network.http.spdy.enabled.deps", false); //lockPref("network.http.spdy.enabled.http2", false); -@@ -882,12 +883,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); +@@ -616,7 +617,7 @@ defaultPref("extensions.webextensions.background-delayed-startup", true); //defa + // >>>>>>>>>>>>>>>>>>>> + + // Pref : Disabling performance addon url [FF64+] +-lockPref("devtools.performance.recording.ui-base-url", "http://localhost:4242"); ++lockPref("devtools.performance.recording.ui-base-url", "https://localhost:4242"); + // Default Value : https://perf-html.io + + // Pref : The default set of protocol handlers for irc [FF64+] +@@ -881,12 +882,12 @@ lockPref("extensions.getAddons.compatOverides.url", ""); // https://services.addons.mozilla.org/api/v3/addons/compat-override/?guid=%IDS%&lang=%LOCALE% // Pref : @@ -44,7 +43,7 @@ index 1ad0cea..934e6ca 100644 // Default Value // https://services.addons.mozilla.org/api/v3/addons/language-tools/?app=firefox&type=language&appversion=%VERSION% -@@ -897,12 +898,12 @@ defaultPref("extensions.getAddons.link.url", ""); +@@ -896,12 +897,12 @@ defaultPref("extensions.getAddons.link.url", ""); // https://addons.mozilla.org/%LOCALE%/firefox/ // Pref : @@ -59,7 +58,7 @@ index 1ad0cea..934e6ca 100644 // Default Value // https://addons.mozilla.org/%LOCALE%/firefox/themes/?src=firefox -@@ -932,7 +933,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); +@@ -931,7 +932,7 @@ lockPref("browser.newtabpage.activity-stream.fxaccounts.endpoint", ""); // https://accounts.firefox.com/ // Pref : @@ -68,33 +67,16 @@ index 1ad0cea..934e6ca 100644 // Default Value // https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion= // %REQ_VERSION%&id=%ITEM_ID%&version=%ITEM_VERSION%&maxAppVersion= -@@ -1430,18 +1431,18 @@ defaultPref("browser.tabs.animate", false); - // Bench Diff : -220/5000 - // Pref : Disable webGL I/II - // WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) --defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) -+//defaultPref("webgl.disabled", false); // Tor have it false but the rest is the same (webgl) - // This does not leak --lockPref("webgl.enable-webgl2", false); --lockPref("webgl.min_capability_mode", true); -+//lockPref("webgl.enable-webgl2", false); -+//lockPref("webgl.min_capability_mode", true); +@@ -1476,7 +1477,7 @@ lockPref("javascript.options.shared_memory", false); + // So overall, disabling SW should enhance performance because it blocks SW Scripts. + // [NOTE] Service worker APIs are hidden (in Firefox) and cannot be used when in PB mode. + // [NOTE] Service workers only run over HTTPS. Service Workers have no DOM access. +-defaultPref("dom.serviceWorkers.enabled", false); ++lockPref("dom.serviceWorkers.enabled", false); - // Bench Diff : 0/5000 - // Pref : Disable webGL II/II - // WebGL introduces high fingerprinting (WebGL is a js API for directly accessing hardware) --lockPref("pdfjs.enableWebGL", false); --lockPref("webgl.disable-extensions", true); --lockPref("webgl.disable-fail-if-major-performance-caveat", true); --lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active -+//lockPref("pdfjs.enableWebGL", false); -+//lockPref("webgl.disable-extensions", true); -+//lockPref("webgl.disable-fail-if-major-performance-caveat", true); -+//lockPref("webgl.enable-debug-renderer-info", false); //Deprecated Active - - // Bench Diff : -1500/5000 - // Pref : Disable asm.js -@@ -1804,13 +1805,13 @@ lockPref("datareporting.healthreport.uploadEnabled", false); + // >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> + // Section : General Settings 1/3 +@@ -1803,7 +1804,7 @@ lockPref("datareporting.healthreport.uploadEnabled", false); lockPref("datareporting.policy.dataSubmissionEnabled", false); // Pref : Disable right-click menu manipulation via JavaScript (disabled) @@ -103,14 +85,16 @@ index 1ad0cea..934e6ca 100644 // Pref : Disable clipboard event detection (onCut/onCopy/onPaste) via Javascript // Disabling clipboard events breaks Ctrl+C/X/V copy/cut/paste functionaility in - // JS-based web applications (Google Docs etc.) - // https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled --lockPref("dom.event.clipboardevents.enabled", false); -+lockPref("dom.event.clipboardevents.enabled", true); +@@ -1893,7 +1894,7 @@ lockPref("dom.enable_user_timing", false); + // Pref : Disable Web Audio API + // https://bugzilla.mozilla.org/show_bug.cgi?id=1288359 + // Avoid fingerprinting +-defaultPref("dom.webaudio.enabled", false); ++lockPref("dom.webaudio.enabled", false); - // Pref : Force Punycode for Internationalized Domain Names - // http://kb.mozillazine.org/Network.IDN_show_punycode -@@ -2773,3 +2774,14 @@ defaultPref("devtools.selfxss.count", 0); + // Pref : When geolocation is enabled, don't log geolocation requests to the console + lockPref("geo.wifi.logging.enabled", false); +@@ -2772,3 +2773,10 @@ defaultPref("devtools.selfxss.count", 0); // enable HTTPS only mode by default defaultPref("dom.security.https_only_mode", true); defaultPref("dom.security.https_only_mode_ever_enabled", true); @@ -121,7 +105,3 @@ index 1ad0cea..934e6ca 100644 +defaultPref("privacy.clearOnShutdown.cookies", false); +defaultPref("privacy.clearOnShutdown.offlineApps", false); +defaultPref("network.cookie.lifetimePolicy", 2); -+ -+// attempting to allow webcam and microphone -+defaultPref("permissions.default.microphone",1); -+defaultPref("permissions.default.camera",1); diff --git a/patches/strict/README.md b/patches/strict/README.md deleted file mode 100644 index a11389b..0000000 --- a/patches/strict/README.md +++ /dev/null @@ -1,9 +0,0 @@ -# current differences between -release and -strict - -## librewolf.cfg: - -* todo - -## policies.json - -* todo: add noscript diff --git a/patches/strict/librewolf-config.patch b/patches/strict/librewolf-config.patch deleted file mode 100644 index e69de29..0000000 diff --git a/patches/strict/librewolf-policies.patch b/patches/strict/librewolf-policies.patch deleted file mode 100644 index e69de29..0000000 diff --git a/patches/urlbarprovider-interventions.patch b/patches/urlbarprovider-interventions.patch new file mode 100644 index 0000000..22448f1 --- /dev/null +++ b/patches/urlbarprovider-interventions.patch @@ -0,0 +1,13 @@ +diff --git a/browser/components/urlbar/UrlbarProviderInterventions.jsm b/browser/components/urlbar/UrlbarProviderInterventions.jsm +index e22886ce92..d46d8191f2 100644 +--- a/browser/components/urlbar/UrlbarProviderInterventions.jsm ++++ b/browser/components/urlbar/UrlbarProviderInterventions.jsm +@@ -451,7 +451,7 @@ class ProviderInterventions extends UrlbarProvider { + ]), + }); + for (let [id, phrases] of Object.entries(DOCUMENTS)) { +- queryScorer.addDocument({ id, phrases }); ++// queryScorer.addDocument({ id, phrases }); + } + return queryScorer; + });