From 7fdd53743ab109dea4492f8cd75fe3eb9592c7b5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9=20Fabian=20Silva=20Delgado?= Date: Mon, 12 Dec 2016 00:03:39 -0300 Subject: iceweasel-1:50.0.2.deb1-2: icu 58.2 rebuild * apply settings to deal with privacy issues regarding EME, telemetry, flash, search suggestions, WebRTC, Geolocation, GMP, Pocket, and extension signatures --- libre/iceweasel/PKGBUILD | 8 +++---- libre/iceweasel/mozconfig | 5 +--- libre/iceweasel/vendor.js | 58 ++++++++++++++++++++++++++++++----------------- 3 files changed, 42 insertions(+), 29 deletions(-) diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD index d3b802992..a99492e4b 100644 --- a/libre/iceweasel/PKGBUILD +++ b/libre/iceweasel/PKGBUILD @@ -30,11 +30,11 @@ _pkgname=firefox pkgname=iceweasel epoch=1 pkgver=$_debver.$_debrel -pkgrel=1 +pkgrel=2 pkgdesc="A libre version of Debian Iceweasel, the standalone web browser based on Mozilla Firefox." arch=(i686 x86_64 armv7h) license=(MPL GPL LGPL) -depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell icu=58.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) +depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell icu=58.2 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg-stable libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip) makedepends_i686=(cargo) makedepends_x86_64=("${makedepends_i686[@]}") @@ -70,14 +70,14 @@ sha256sums=('66181e377062257bc7a09eff095f267d70cf12c4e0bee7d1dc118a89082693ea' '8a5d5590dc183011c2640440fe8c4c4b593e7c7772bb2ae02a6d060dc201b45f' 'c9a9f1b712598990ae60810d9e002d340bf0c016e284b11bc4169424b833b641' 'SKIP' - '69d612da53ed7eb04be20d0bfc51eb6e132216a7f7159dde37f4666973ca14d4' + '620e9fef398b2e26c121b6f21da5eefe178a54c9e0320221f5448827d75ab1d4' '013af398e97da9e855a143582816bf819e0d9d8d2b0e323d6b832f3df1157fdd' '32f1fe3ad4f80d0ae419064db2abe49b97cd7cb18c35d68be1a2befb60172a2a' '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' '87034dbb640f70454b27d1695a6f03b6fd1ab81c82eb4d8c771db925ae03d408' '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' - '9ba0053006d3ed1e59c8aa0c0b3c708501e7b60b9d3f7008b6c282b2de5ce870' + '25ba3f07357e07da1a758f9bac5c3e68bfbf327d646da6d2d8e097f7bdd5a4b7' 'f61ea706ce6905f568b9bdafd1b044b58f20737426f0aa5019ddb9b64031a269' '9765bca5d63fb5525bbd0520b7ab1d27cabaed697e2fc7791400abc3fa4f13b8' 'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484' diff --git a/libre/iceweasel/mozconfig b/libre/iceweasel/mozconfig index 0245c3ead..2558a827b 100644 --- a/libre/iceweasel/mozconfig +++ b/libre/iceweasel/mozconfig @@ -6,12 +6,9 @@ ac_add_options --enable-gold ac_add_options --enable-pie ac_add_options --enable-rust -# Release Iceweasel branding +# Iceweasel ac_add_options --disable-official-branding ac_add_options --with-branding=debian/branding -ac_add_options --enable-update-channel=release -MOZ_ADDON_SIGNING=1 -MOZ_REQUIRE_SIGNING=1 # System libraries ac_add_options --with-system-nspr diff --git a/libre/iceweasel/vendor.js b/libre/iceweasel/vendor.js index 9941c3f14..842919f54 100644 --- a/libre/iceweasel/vendor.js +++ b/libre/iceweasel/vendor.js @@ -20,14 +20,6 @@ pref("geo.enabled", false); // Make sure that the request URL of the GeoLocation backend is empty pref("geo.wifi.uri", ""); -// Disable Pocket and make sure that the request URLs of the Pocket are empty -pref("browser.pocket.api", "about:blank"); -pref("browser.pocket.enabled", false); -pref("browser.pocket.enabledLocales", "about:blank"); -pref("browser.pocket.oAuthConsumerKey", "about:blank"); -pref("browser.pocket.site", "about:blank"); -pref("browser.pocket.useLocaleList", false); - // Disable Freedom Violating DRM Feature pref("browser.eme.ui.enabled", false); pref("media.eme.enabled", false); @@ -36,9 +28,6 @@ pref("media.eme.apiVisible", false); // Default to classic view for about:newtab pref("browser.newtabpage.enhanced", false); -// Override add-on signing -pref("xpinstall.signatures.required", true); // Requires signing by AMO, disable to install third-party unsigned addons - // Poodle attack pref("security.tls.version.min", 1); @@ -53,7 +42,7 @@ pref("plugins.notifyMissingFlash", false); //https://developer.mozilla.org/en-US/docs/Web/API/MediaSource //pref("media.mediasource.enabled",true); -//Speeding it up +// Speeding it up pref("network.http.pipelining", true); pref("network.http.proxy.pipelining", true); pref("network.http.pipelining.maxrequests", 10); @@ -65,9 +54,6 @@ pref("network.cookie.cookieBehavior", 1); // Prevent EULA dialog to popup on first run pref("browser.EULA.override", true); -// disable app updater url -pref("app.update.url", "http://127.0.0.1/"); - // Set useragent to Firefox compatible //pref("general.useragent.compatMode.firefox", true); // Spoof the useragent to a generic one @@ -113,9 +99,10 @@ pref("network.prefetch-next", false); pref("network.dns.disablePrefetch", true); pref("network.http.sendSecureXSiteReferrer", false); pref("toolkit.telemetry.enabled", false); +pref("toolkit.telemetry.unified", false); // Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html pref("plugins.enumerable_names", ""); -pref("plugin.state.flash", 1); +pref("plugin.state.flash", 0); // Do not autoupdate search engines pref("browser.search.update", false); // Warn when the page tries to redirect or refresh @@ -125,10 +112,13 @@ pref("device.sensors.enabled", false); pref("camera.control.face_detection.enabled", false); pref("camera.control.autofocus_moving_callback.enabled", false); pref("network.http.speculative-parallel-limit", 0); +// No search suggestions +pref("browser.urlbar.userMadeSearchSuggestionsChoice", true); +pref("browser.search.suggest.enabled", false); // Crypto hardening // https://gist.github.com/haasn/69e19fc2fe0e25f3cff5 -//General settings +// General settings //pref("security.tls.unrestricted_rc4_fallback", false); //pref("security.tls.insecure_fallback_hosts.use_static_list", false); //pref("security.tls.version.min", 1); @@ -142,6 +132,14 @@ pref("network.http.speculative-parallel-limit", 0); pref("app.update.enabled", false); pref("app.update.auto", false); +// EME +pref("media.eme.enabled", false); +pref("media.eme.apiVisible", false); + +// WebRTC +pref("media.peerconnection.enabled", false); +pref("media.peerconnection.ice.default_address_only", true); + pref("font.default.x-western", "sans-serif"); // Preferences for the Get Add-ons panel and search engines @@ -153,6 +151,7 @@ pref ("browser.search.searchEnginesURL", "https://directory.fsf.org/wiki/GNU_Ice pref("privacy.announcements.enabled", false); pref("browser.snippets.enabled", false); pref("browser.snippets.syncPromo.enabled", false); +pref("identity.mobilepromo.android", "https://f-droid.org/repository/browse/?fdid=org.gnu.icecat&"); pref("browser.snippets.geoUrl", "http://127.0.0.1/"); pref("browser.snippets.updateUrl", "http://127.0.0.1/"); pref("browser.snippets.statsUrl", "http://127.0.0.1/"); @@ -166,20 +165,25 @@ pref("app.faqURL", "http://libreplanet.org/wiki/Group:IceCat/FAQ"); pref("pfs.datasource.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); pref("pfs.filehint.url", "http://gnuzilla.gnu.org/plugins/PluginFinderService.php?mimetype=%PLUGIN_MIMETYPE%"); +// Geolocation depends on third party services +pref("geo.enabled", false); +pref("geo.wifi.uri", ""); + // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins pref("media.gmp-manager.url", "http://127.0.0.1/"); pref("media.gmp-manager.url.override", "data:text/plain,"); pref("media.gmp-provider.enabled", false); // Don't install openh264 codec pref("media.gmp-gmpopenh264.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); -//Disable heartbeat +// Disable heartbeat pref("browser.selfsupport.url", ""); -//Disable Link to FireFox Marketplace, currently loaded with non-free "apps" +// Disable Link to FireFox Marketplace, currently loaded with non-free "apps" pref("browser.apps.URL", ""); -//Disable Firefox Hello +// Disable Firefox Hello pref("loop.enabled",false); pref("loop.feedback.baseUrl", ""); pref("loop.gettingStarted.url", ""); @@ -211,10 +215,22 @@ pref("webgl.disabled", false); // Disable SSDP pref("browser.casting.enabled", false); -//Disable directory service +// Disable directory service pref("social.directories", ""); pref("social.whitelist", ""); pref("social.shareDirectory", ""); +// Disable Pocket integration +pref("browser.pocket.api", "about:blank"); +pref("browser.pocket.enabled", false); +pref("browser.pocket.enabledLocales", "about:blank"); +pref("browser.pocket.oAuthConsumerKey", "about:blank"); +pref("browser.pocket.site", "about:blank"); +pref("browser.pocket.useLocaleList", false); +pref("extensions.pocket.enabled", false); + +// Do not require xpi extensions to be signed by Mozilla +pref("xpinstall.signatures.required", false); + // Disable Barlog pref("app.update.url", "about:blank"); -- cgit v1.2.3-2-g168b