From 380a4791bf425e7bf132558326a09ca81ba93231 Mon Sep 17 00:00:00 2001 From: bill-auger Date: Mon, 14 Mar 2022 06:50:54 -0400 Subject: [iceweasel]: upgrade to v98.0 --- ...e-remoting-name-for-GDK-application-names.patch | 57 -- ...ways-sync-remote-settings-with-local-dump.patch | 1000 -------------------- ...FSDG-sync-remote-settings-with-local-dump.patch | 1000 ++++++++++++++++++++ libre/iceweasel/9003-FSDG-misc.patch | 323 ------- libre/iceweasel/9003-FSDG-urihandlers.patch | 240 +++++ libre/iceweasel/9004-FSDG-misc.patch | 309 ++++++ libre/iceweasel/PKGBUILD | 169 +++- 7 files changed, 1672 insertions(+), 1426 deletions(-) delete mode 100644 libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch delete mode 100644 libre/iceweasel/9001-FSDG-always-sync-remote-settings-with-local-dump.patch create mode 100644 libre/iceweasel/9001-FSDG-sync-remote-settings-with-local-dump.patch delete mode 100644 libre/iceweasel/9003-FSDG-misc.patch create mode 100644 libre/iceweasel/9003-FSDG-urihandlers.patch create mode 100644 libre/iceweasel/9004-FSDG-misc.patch (limited to 'libre/iceweasel') diff --git a/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch b/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch deleted file mode 100644 index f30777294..000000000 --- a/libre/iceweasel/0001-Use-remoting-name-for-GDK-application-names.patch +++ /dev/null @@ -1,57 +0,0 @@ -From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001 -From: "Jan Alexander Steffens (heftig)" -Date: Mon, 25 Mar 2019 20:30:11 +0100 -Subject: [PATCH] Use remoting name for GDK application names - ---- - toolkit/xre/nsAppRunner.cpp | 6 +----- - widget/gtk/nsAppShell.cpp | 12 +++++------- - 2 files changed, 6 insertions(+), 12 deletions(-) - -diff --git a/toolkit/xre/nsAppRunner.cpp b/toolkit/xre/nsAppRunner.cpp -index ce001e93821f..3be817c5cbd5 100644 ---- a/toolkit/xre/nsAppRunner.cpp -+++ b/toolkit/xre/nsAppRunner.cpp -@@ -4348,11 +4348,7 @@ int XREMain::XRE_mainStartup(bool* aExitFlag) { - // consistently. - - // Set program name to the one defined in application.ini. -- { -- nsAutoCString program(gAppData->name); -- ToLowerCase(program); -- g_set_prgname(program.get()); -- } -+ g_set_prgname(gAppData->remotingName); - - // Initialize GTK here for splash. - -diff --git a/widget/gtk/nsAppShell.cpp b/widget/gtk/nsAppShell.cpp -index c8bbd9a373f5..a6a2186f20fb 100644 ---- a/widget/gtk/nsAppShell.cpp -+++ b/widget/gtk/nsAppShell.cpp -@@ -27,6 +27,8 @@ - # include "nsIObserverService.h" - #endif - #include "gfxPlatform.h" -+#include "nsAppRunner.h" -+#include "mozilla/XREAppData.h" - #include "ScreenHelperGTK.h" - #include "HeadlessScreenHelper.h" - #include "mozilla/widget/ScreenManager.h" -@@ -257,13 +259,9 @@ nsresult nsAppShell::Init() { - // See https://bugzilla.gnome.org/show_bug.cgi?id=747634 - // - // Only bother doing this for the parent process, since it's the one -- // creating top-level windows. (At this point, a child process hasn't -- // received the list of registered chrome packages, so the -- // GetBrandShortName call would fail anyway.) -- nsAutoString brandName; -- mozilla::widget::WidgetUtils::GetBrandShortName(brandName); -- if (!brandName.IsEmpty()) { -- gdk_set_program_class(NS_ConvertUTF16toUTF8(brandName).get()); -+ // creating top-level windows. -+ if (gAppData) { -+ gdk_set_program_class(gAppData->remotingName); - } - } - } diff --git a/libre/iceweasel/9001-FSDG-always-sync-remote-settings-with-local-dump.patch b/libre/iceweasel/9001-FSDG-always-sync-remote-settings-with-local-dump.patch deleted file mode 100644 index d4e4ef5d3..000000000 --- a/libre/iceweasel/9001-FSDG-always-sync-remote-settings-with-local-dump.patch +++ /dev/null @@ -1,1000 +0,0 @@ -From 15cacd9bfdb9c08def24e780d83bb8dd672c711f Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:20:39 +0200 -Subject: [PATCH 01/13] Point to local omni.ja files, not remote server - -This patch series tries to remove any network communication with Remote -Settings [1], which can be used by Mozilla to silently push data to client -browsers. This data can include references to nonfree software, for example, -to search engines or other websites that contain nonfree JavaScript code. -Without this patching, it would be hard to make sure the browser does not -violate paragraph 4 of [2]: "Programs in the system should not suggest -installing nonfree plugins, documentation, and so on." - -Changes in the current patch: -First of all, replace every occurrence of Remote Settings server domain name -with URIs that point to built-in local files within omni.ja. - -Some links to json files may point to non-existing files, but that's OK -because it's better than leave them point to Remote Settings server. -If necessary, missing files can be added later. - -[1] https://remote-settings.readthedocs.io/en/latest/introduction.html -[2] https://www.gnu.org/distros/free-system-distribution-guidelines.en.html#license-rules ---- - .../components/ASRouterAdmin/ASRouterAdmin.jsx | 2 +- - .../newtab/data/content/activity-stream.bundle.js | 2 +- - modules/libpref/init/all.js | 2 +- - services/settings/Utils.jsm | 4 ++-- - .../periodic-updates/scripts/periodic_file_updates.sh | 2 +- - toolkit/components/search/SearchUtils.jsm | 8 ++++---- - toolkit/components/search/docs/DefaultSearchEngines.rst | 2 +- - .../components/search/docs/SearchEngineConfiguration.rst | 2 +- - toolkit/mozapps/defaultagent/RemoteSettings.cpp | 2 +- - 9 files changed, 13 insertions(+), 13 deletions(-) - -diff --git a/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx b/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx -index e0d8e45cc0..4cb5fca1c6 100644 ---- a/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx -+++ b/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx -@@ -1230,7 +1230,7 @@ export class ASRouterAdminInner extends React.PureComponent { - - nimbus-desktop-experiments -diff --git a/browser/components/newtab/data/content/activity-stream.bundle.js b/browser/components/newtab/data/content/activity-stream.bundle.js -index 5227e5af81..427759dcfe 100644 ---- a/browser/components/newtab/data/content/activity-stream.bundle.js -+++ b/browser/components/newtab/data/content/activity-stream.bundle.js -@@ -1841,7 +1841,7 @@ class ASRouterAdminInner extends react__WEBPACK_IMPORTED_MODULE_3___default.a.Pu - label = /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_3___default.a.createElement("span", null, "remote settings (", /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_3___default.a.createElement("a", { - className: "providerUrl", - target: "_blank", -- href: "https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/records", -+ href: "resource://app/defaults/settings/main/nimbus-desktop-experiments.json", - rel: "noopener noreferrer" - }, "nimbus-desktop-experiments"), ")"); - } -diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js -index 1ed81b6f53..edca292681 100644 ---- a/modules/libpref/init/all.js -+++ b/modules/libpref/init/all.js -@@ -2210,7 +2210,7 @@ pref("security.cert_pinning.hpkp.enabled", false); - // Remote settings preferences - // Note: if you change this, make sure to also review security.onecrl.maximum_staleness_in_seconds - pref("services.settings.poll_interval", 86400); // 24H --pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1"); -+pref("services.settings.server", "resource://app/defaults/settings"); - pref("services.settings.default_bucket", "main"); - - // The percentage of clients who will report uptake telemetry as -diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm -index ee23591a6a..ef91781ac6 100644 ---- a/services/settings/Utils.jsm -+++ b/services/settings/Utils.jsm -@@ -60,11 +60,11 @@ var Utils = { - !Cu.isInAutomation && - !isXpcshell && - isNotThunderbird -- ? "https://firefox.settings.services.mozilla.com/v1" -+ ? "resource://app/defaults/settings" - : gServerURL; - }, - -- CHANGES_PATH: "/buckets/monitor/collections/changes/changeset", -+ CHANGES_PATH: "/monitor/changes.json", - - /** - * Logger instance. -diff --git a/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh b/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh -index 7764777c1a..3c8db49743 100755 ---- a/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh -+++ b/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh -@@ -279,7 +279,7 @@ function compare_suffix_lists { - } - - function compare_remote_settings_files { -- REMOTE_SETTINGS_SERVER="https://firefox.settings.services.mozilla.com/v1" -+ REMOTE_SETTINGS_SERVER="resource://app/defaults/settings" - - # 1. List remote settings collections from server. - echo "INFO: fetch remote settings list from server" -diff --git a/toolkit/components/search/SearchUtils.jsm b/toolkit/components/search/SearchUtils.jsm -index 8a3c6acb84..b0a9c4b86f 100644 ---- a/toolkit/components/search/SearchUtils.jsm -+++ b/toolkit/components/search/SearchUtils.jsm -@@ -159,13 +159,13 @@ var SearchUtils = { - - ENGINES_URLS: { - "prod-main": -- "https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records", -+ "resource://app/defaults/settings/main/search-config.json", - "prod-preview": -- "https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/records", -+ "resource://app/defaults/settings/main/search-config.json", - "stage-main": -- "https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records", -+ "resource://app/defaults/settings/main/search-config.json", - "stage-preview": -- "https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records", -+ "resource://app/defaults/settings/main/search-config.json", - }, - - // The following constants are left undocumented in nsISearchService.idl -diff --git a/toolkit/components/search/docs/DefaultSearchEngines.rst b/toolkit/components/search/docs/DefaultSearchEngines.rst -index 0648471396..37948dca31 100644 ---- a/toolkit/components/search/docs/DefaultSearchEngines.rst -+++ b/toolkit/components/search/docs/DefaultSearchEngines.rst -@@ -86,4 +86,4 @@ is updated. - - .. _configuration schema: SearchConfigurationSchema.html - .. _remote settings: /services/common/services/RemoteSettings.html --.. _search-default-override-allowlist bucket: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist/records -+.. _search-default-override-allowlist bucket: resource://app/defaults/settings/main/search-default-override-allowlist.json -diff --git a/toolkit/components/search/docs/SearchEngineConfiguration.rst b/toolkit/components/search/docs/SearchEngineConfiguration.rst -index e9041affb8..7a9466d294 100644 ---- a/toolkit/components/search/docs/SearchEngineConfiguration.rst -+++ b/toolkit/components/search/docs/SearchEngineConfiguration.rst -@@ -68,5 +68,5 @@ related. As a result several situations may occur: - .. _JSON schema: https://json-schema.org/ - .. _stored in mozilla-central: https://searchfox.org/mozilla-central/source/toolkit/components/search/schema/ - .. _Search Configuration Schema: SearchConfigurationSchema.html --.. _viewed live: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records -+.. _viewed live: resource://app/defaults/settings/main/search-config.json - .. _Normandy: /toolkit/components/normandy/normandy/services.html -diff --git a/toolkit/mozapps/defaultagent/RemoteSettings.cpp b/toolkit/mozapps/defaultagent/RemoteSettings.cpp -index 667d9fc628..b2bf628f29 100644 ---- a/toolkit/mozapps/defaultagent/RemoteSettings.cpp -+++ b/toolkit/mozapps/defaultagent/RemoteSettings.cpp -@@ -23,7 +23,7 @@ extern "C" { - HRESULT IsAgentRemoteDisabledRust(const char* szUrl, DWORD* lpdwDisabled); - } - --#define PROD_ENDPOINT "https://firefox.settings.services.mozilla.com/v1" -+#define PROD_ENDPOINT "resource://app/defaults/settings" - #define PROD_BID "main" - #define PROD_CID "windows-default-browser-agent" - #define PROD_ID "state" --- -2.31.1 - - -From f1e92b5fb7844a57ad63d8a52b4867db9817fc14 Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:34:08 +0200 -Subject: [PATCH 02/13] Remove polling triggered by push broadcasts - -When initialized, remote-settings.js adds a listener to push broadcasts, -that let Remote Settings server send push messages to trigger polling -for changes from the client side. This is not needed for local-only -setup. Remove the record from broadcast-listeners.json file stored in -the user profile, so that it doesn't get picked up by push broadcast -service. ---- - dom/push/PushBroadcastService.jsm | 13 +++++++++++++ - services/settings/remote-settings.js | 7 ++----- - 2 files changed, 15 insertions(+), 5 deletions(-) - -diff --git a/dom/push/PushBroadcastService.jsm b/dom/push/PushBroadcastService.jsm -index aa1504211d..d635a2c3aa 100644 ---- a/dom/push/PushBroadcastService.jsm -+++ b/dom/push/PushBroadcastService.jsm -@@ -178,6 +178,19 @@ var BroadcastService = class { - } - } - -+ async deleteListener(broadcastId) { -+ await this.initializePromise; -+ -+ if (this.jsonFile.data.listeners.hasOwnProperty(broadcastId)) { -+ console.info( -+ "deleteListener: deleting listener", -+ broadcastId -+ ); -+ delete this.jsonFile.data.listeners[broadcastId]; -+ this.jsonFile.saveSoon(); -+ } -+ } -+ - /** - * Call the listeners of the specified broadcasts. - * -diff --git a/services/settings/remote-settings.js b/services/settings/remote-settings.js -index 6d0185faf9..aae93fa440 100644 ---- a/services/settings/remote-settings.js -+++ b/services/settings/remote-settings.js -@@ -441,7 +441,7 @@ function remoteSettingsFunction() { - moduleURI: __URI__, - symbolName: "remoteSettingsBroadcastHandler", - }; -- pushBroadcastService.addListener(BROADCAST_ID, currentVersion, moduleInfo); -+ pushBroadcastService.deleteListener(BROADCAST_ID); - }; - - return remoteSettings; -@@ -461,9 +461,6 @@ var remoteSettingsBroadcastHandler = { - `Push notification received (version=${version} phase=${phase})` - ); - -- return RemoteSettings.pollChanges({ -- expectedTimestamp: version, -- trigger: isStartup ? "startup" : "broadcast", -- }); -+ return; - }, - }; --- -2.31.1 - - -From 3054d3efe22802ab5503dd812e0a0283bbd791f1 Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:41:54 +0200 -Subject: [PATCH 03/13] Remove timer that triggers polling for changes - -That is not needed for local-only setup. ---- - services/settings/components.conf | 9 +-------- - services/settings/servicesSettings.manifest | 4 ---- - 2 files changed, 1 insertion(+), 12 deletions(-) - -diff --git a/services/settings/components.conf b/services/settings/components.conf -index 9a737802ee..25109415a7 100644 ---- a/services/settings/components.conf -+++ b/services/settings/components.conf -@@ -4,11 +4,4 @@ - # License, v. 2.0. If a copy of the MPL was not distributed with this - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - --Classes = [ -- { -- 'cid': '{5e756573-234a-49ea-bbe4-59ec7a70657d}', -- 'contract_ids': ['@mozilla.org/services/settings;1'], -- 'jsm': 'resource://services-settings/RemoteSettingsComponents.jsm', -- 'constructor': 'RemoteSettingsTimer', -- }, --] -+Classes = [] -diff --git a/services/settings/servicesSettings.manifest b/services/settings/servicesSettings.manifest -index 3bfed26ea4..807eb220ec 100644 ---- a/services/settings/servicesSettings.manifest -+++ b/services/settings/servicesSettings.manifest -@@ -1,7 +1,3 @@ - # Register resource aliases - resource services-settings resource://gre/modules/services-settings/ - --# Schedule polling of remote settings changes --# (default 24H, max 72H) --# see syntax https://searchfox.org/mozilla-central/rev/cc280c4be94ff8cf64a27cc9b3d6831ffa49fa45/toolkit/components/timermanager/UpdateTimerManager.jsm#155 --category update-timer RemoteSettingsComponents @mozilla.org/services/settings;1,getService,services-settings-poll-changes,services.settings.poll_interval,86400,259200 --- -2.31.1 - - -From c856641861ca70da2d5aa720e402f2e505ebe5ac Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:47:41 +0200 -Subject: [PATCH 04/13] Utils: fetch timestamps of each collection locally - -Utils.CHANGES_PATH points to -services/settings/dumps/monitor/changes.json -which will be generated later by JSON processing script. Fetch the -timestamps from that file and mock response headers to not confuse any -code that expects them. ---- - browser/installer/package-manifest.in | 1 + - services/settings/Utils.jsm | 13 ++++++++++++- - services/settings/dumps/monitor/moz.build | 8 ++++++++ - services/settings/dumps/moz.build | 1 + - 4 files changed, 22 insertions(+), 1 deletion(-) - create mode 100644 services/settings/dumps/monitor/moz.build - -diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in -index ec20499166..c618c02a8f 100644 ---- a/browser/installer/package-manifest.in -+++ b/browser/installer/package-manifest.in -@@ -298,6 +298,7 @@ - @RESPATH@/browser/defaults/settings/blocklists - @RESPATH@/browser/defaults/settings/pinning - @RESPATH@/browser/defaults/settings/main -+@RESPATH@/browser/defaults/settings/monitor - @RESPATH@/browser/defaults/settings/security-state - - ; Warning: changing the path to channel-prefs.js can cause bugs (Bug 756325) -diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm -index ef91781ac6..8736951968 100644 ---- a/services/settings/Utils.jsm -+++ b/services/settings/Utils.jsm -@@ -150,7 +150,7 @@ var Utils = { - async fetchLatestChanges(serverUrl, options = {}) { - const { expectedTimestamp, lastEtag = "", filters = {} } = options; - -- let url = serverUrl + Utils.CHANGES_PATH; -+ let url = Utils.SERVER_URL + Utils.CHANGES_PATH; - const params = { - ...filters, - _expected: expectedTimestamp ?? 0, -@@ -273,7 +264,10 @@ var Utils = { - .map(([k, v]) => `${k}=${encodeURIComponent(v)}`) - .join("&"); - } -- const response = await Utils.fetch(url); -+ const response = await fetch(url); -+ const responseDate = new Date().toUTCString() -+ response.headers.set("Date", responseDate); -+ response.headers.set("Last-Modified", responseDate); - - if (response.status >= 500) { - throw new Error(`Server error ${response.status} ${response.statusText}`); -@@ -200,7 +194,15 @@ var Utils = { - } - } - -- const { changes = [], timestamp } = payload; -+ const { timestamp } = payload; -+ const { bucket, collection } = filters; -+ if (!bucket || !collection) { -+ throw new Error('Unable to fetch latest change without bucket or collection'); -+ } -+ const change = payload.changes.find( -+ change => change.bucket === bucket && change.collection === collection -+ ) ?? { last_modified: 0, bucket, collection }; -+ const changes = [change]; - - let serverTimeMillis = Date.parse(response.headers.get("Date")); - // Since the response is served via a CDN, the Date header value could have been cached. -diff --git a/services/settings/dumps/monitor/moz.build b/services/settings/dumps/monitor/moz.build -new file mode 100644 -index 0000000000..d3d017fda5 ---- /dev/null -+++ b/services/settings/dumps/monitor/moz.build -@@ -0,0 +1,8 @@ -+# This Source Code Form is subject to the terms of the Mozilla Public -+# License, v. 2.0. If a copy of the MPL was not distributed with this -+# file, You can obtain one at http://mozilla.org/MPL/2.0/. -+ -+FINAL_TARGET_FILES.defaults.settings.monitor += ["changes.json"] -+ -+if CONFIG["MOZ_BUILD_APP"] == "browser": -+ DIST_SUBDIR = "browser" -diff --git a/services/settings/dumps/moz.build b/services/settings/dumps/moz.build -index 3cc9436f61..3742da5667 100644 ---- a/services/settings/dumps/moz.build -+++ b/services/settings/dumps/moz.build -@@ -5,6 +5,7 @@ - DIRS += [ - "blocklists", - "main", -+ "monitor", - "security-state", - ] - --- -2.31.1 - - -From a0f311bed359d484fbf85e696b5b7e3a288292f8 Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:52:10 +0200 -Subject: [PATCH 05/13] Utils: disable offline checking - -Since only local data is read now, it should always return false for the -current and any future code that relies on it. ---- - services/settings/Utils.jsm | 9 --------- - 1 file changed, 9 deletions(-) - -diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm -index 8736951968..8ac085feea 100644 ---- a/services/settings/Utils.jsm -+++ b/services/settings/Utils.jsm -@@ -80,15 +80,6 @@ var Utils = { - * @return {bool} Whether network is down or not. - */ - get isOffline() { -- try { -- return ( -- Services.io.offline || -- CaptivePortalService.state == CaptivePortalService.LOCKED_PORTAL || -- !gNetworkLinkService.isLinkUp -- ); -- } catch (ex) { -- log.warn("Could not determine network status.", ex); -- } - return false; - }, - --- -2.31.1 - - -From 95e4979573c79c987160a71e913c7564de22127f Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 17:56:02 +0200 -Subject: [PATCH 06/13] Refactor hashing logic to a separate function - -It is used instead of internal signature validation mechanism, for -integrity checking of the locally cached data. ---- - services/settings/RemoteSettingsWorker.jsm | 4 ++++ - services/settings/SharedUtils.jsm | 9 +++++++-- - 2 files changed, 11 insertions(+), 2 deletions(-) - -diff --git a/services/settings/RemoteSettingsWorker.jsm b/services/settings/RemoteSettingsWorker.jsm -index 147ebb6b13..c86e218fd3 100644 ---- a/services/settings/RemoteSettingsWorker.jsm -+++ b/services/settings/RemoteSettingsWorker.jsm -@@ -189,6 +189,10 @@ class Worker { - // task on the current thread instead of the worker thread. - return SharedUtils.checkContentHash(buffer, size, hash); - } -+ -+ async getContentHash(bytes) { -+ return SharedUtils.getContentHash(bytes); -+ } - } - - // Now, first add a shutdown blocker. If that fails, we must have -diff --git a/services/settings/SharedUtils.jsm b/services/settings/SharedUtils.jsm -index db5017a742..1a8e83c2e8 100644 ---- a/services/settings/SharedUtils.jsm -+++ b/services/settings/SharedUtils.jsm -@@ -28,11 +28,16 @@ var SharedUtils = { - return false; - } - // Has expected content? -+ const hashStr = await this.getContentHash(bytes); -+ return hashStr == hash; -+ }, -+ -+ async getContentHash(bytes) { - const hashBuffer = await crypto.subtle.digest("SHA-256", bytes); - const hashBytes = new Uint8Array(hashBuffer); - const toHex = b => b.toString(16).padStart(2, "0"); -- const hashStr = Array.from(hashBytes, toHex).join(""); -- return hashStr == hash; -+ -+ return Array.from(hashBytes, toHex).join(""); - }, - - /** --- -2.31.1 - - -From daac032f8a4e12451cda9ec6b1eca29f5a35521f Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 18:05:02 +0200 -Subject: [PATCH 07/13] Client: Fetch and hash records from local dump - -Read the records from local dumps. See [1] for details on how to prepare -custom dumps). Records are cached in the local IndexedDB, and the client -updates cached records each time there's a change. Also it verifies -integrity of the data. Then the list of current / created / updated / -deleted records is generated and emitted to every registered listener. - -Change upstream signature validation mechanism to a simpler one. -Otherwise, it'd be necessary to sign local records, which is redundant, -because the application package should be signed already by the distro. - -Instead of signature property from metadata records, json_dump_metadata -has been introduced. It contains the checksum of the records and size in -bytes. Also added app_build_id property for version checking and updates -of cached data. - -Although it's possible to disable integrity checking via preference, it -seems to be not a good idea, because the logic that detects invalid -local data relies on it. In the context of local-only setup, data that -has been received from real Remote Settings server will not contain the -custom metadata, and thus will be considered invalid and then discarded, -while the client gets a chance to gracefully inform registered listeners -about these changes so that they can discard the data received before -the upgrade to local-only setup. - -[1] https://firefox-source-docs.mozilla.org/services/common/services/RemoteSettings.html#initial-data ---- - services/settings/RemoteSettingsClient.jsm | 62 ++++++++++------------ - 1 file changed, 27 insertions(+), 35 deletions(-) - -diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm -index 80dd563e11..1025ab33a2 100644 ---- a/services/settings/RemoteSettingsClient.jsm -+++ b/services/settings/RemoteSettingsClient.jsm -@@ -556,11 +556,9 @@ class RemoteSettingsClient extends EventEmitter { - - // If the data is up-to-date but don't have metadata (records loaded from dump), - // we fetch them and validate the signature immediately. -- if (this.verifySignature && ObjectUtils.isEmpty(localMetadata)) { -+ if (this.verifySignature && ObjectUtils.isEmpty(localMetadata?.json_dump_metadata)) { - console.debug(`${this.identifier} pull collection metadata`); -- const metadata = await this.httpClient().getData({ -- query: { _expected: expectedTimestamp }, -- }); -+ const { metadata } = await this._fetchChangeset(expectedTimestamp); - await this.db.importChanges(metadata); - // We don't bother validating the signature if the dump was just loaded. We do - // if the dump was loaded at some other point (eg. from .get()). -@@ -813,32 +811,23 @@ class RemoteSettingsClient extends EventEmitter { - async _validateCollectionSignature(records, timestamp, metadata) { - const start = Cu.now() * 1000; - -- if (!metadata?.signature) { -+ if (!metadata?.json_dump_metadata) { - throw new MissingSignatureError(this.identifier); - } - -- if (!this._verifier) { -- this._verifier = Cc[ -- "@mozilla.org/security/contentsignatureverifier;1" -- ].createInstance(Ci.nsIContentSignatureVerifier); -- } -- -- // This is a content-signature field from an autograph response. - const { -- signature: { x5u, signature }, -+ json_dump_metadata: { hash, size }, - } = metadata; -- const certChain = await (await Utils.fetch(x5u)).text(); - // Merge remote records with local ones and serialize as canonical JSON. - const serialized = await RemoteSettingsWorker.canonicalStringify( - records, - timestamp - ); - if ( -- !(await this._verifier.asyncVerifyContentSignature( -- serialized, -- "p384ecdsa=" + signature, -- certChain, -- this.signerName -+ !(await RemoteSettingsWorker.checkContentHash( -+ new TextEncoder().encode(serialized), -+ size, -+ hash - )) - ) { - throw new InvalidSignatureError(this.identifier); -@@ -1030,24 +1019,27 @@ class RemoteSettingsClient extends EventEmitter { - * @param since timestamp of last sync (optional) - */ - async _fetchChangeset(expectedTimestamp, since) { -- const client = this.httpClient(); -- const { -- metadata, -- timestamp: remoteTimestamp, -- changes: remoteRecords, -- } = await client.execute( -- { -- path: `/buckets/${this.bucketName}/collections/${this.collectionName}/changeset`, -- }, -- { -- query: { -- _expected: expectedTimestamp, -- _since: since, -- }, -- } -+ const { data } = await SharedUtils.loadJSONDump( -+ this.bucketName, -+ this.collectionName - ); -+ const remoteRecords = data ?? []; -+ -+ const serialized = await RemoteSettingsWorker.canonicalStringify( -+ remoteRecords, -+ expectedTimestamp -+ ); -+ const bytes = new TextEncoder().encode(serialized); -+ const metadata = { -+ app_build_id: Services.appinfo.appBuildID, -+ json_dump_metadata: { -+ hash: await RemoteSettingsWorker.getContentHash(bytes), -+ size: bytes.length, -+ }, -+ } -+ - return { -- remoteTimestamp, -+ remoteTimestamp: expectedTimestamp, - metadata, - remoteRecords, - }; --- -2.31.1 - - -From 4d36e599e6b24e10960ebb978c038c66c5ade06d Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 18:42:56 +0200 -Subject: [PATCH 08/13] Client: start deferred sync on get() or on() - -The users of the RemoteSettingsClient.jsm can receive records from it in -two ways: by calling get(), and by subscribing to events by calling -on(). - -So hook a deferred sync whenever something calls these methods. Because -multiple of those calls can be made quite early and in very short time, -set up a deferred task that will be armed only when needed and only once -in a second. When the task is running it first checks if the local data -came from the dump of the current app build, and no-ops if true. If -false, it triggers a sync. Then adds a flag if the client has been -correctly synchronized with the dump, so that no metadata checking -occurs during the session. ---- - services/settings/RemoteSettingsClient.jsm | 30 +++++++++++++++++++++- - 1 file changed, 29 insertions(+), 1 deletion(-) - -diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm -index 1025ab33a2..1cebf2bc29 100644 ---- a/services/settings/RemoteSettingsClient.jsm -+++ b/services/settings/RemoteSettingsClient.jsm -@@ -16,6 +16,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { - ClientEnvironmentBase: - "resource://gre/modules/components-utils/ClientEnvironment.jsm", - Database: "resource://services-settings/Database.jsm", -+ DeferredTask: "resource://gre/modules/DeferredTask.jsm", - Downloader: "resource://services-settings/Attachments.jsm", - IDBHelpers: "resource://services-settings/IDBHelpers.jsm", - KintoHttpClient: "resource://services-common/kinto-http-client.js", -@@ -30,6 +31,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { - }); - - const TELEMETRY_COMPONENT = "remotesettings"; -+const DEFERRED_SYNC_DELAY_MILLISECONDS = 1000; - - XPCOMUtils.defineLazyGetter(this, "console", () => Utils.log); - -@@ -259,6 +261,14 @@ class RemoteSettingsClient extends EventEmitter { - this._lastCheckTimePref = lastCheckTimePref; - this._verifier = null; - this._syncRunning = false; -+ this._deferredSync = new DeferredTask( -+ async () => { -+ if (!this._syncRunning && !(await this._isSynced())) { -+ await this.sync(); -+ } -+ }, -+ DEFERRED_SYNC_DELAY_MILLISECONDS -+ ); - - // This attribute allows signature verification to be disabled, when running tests - // or when pulling data from a dev server. -@@ -290,6 +300,11 @@ class RemoteSettingsClient extends EventEmitter { - ); - } - -+ on(event, callback) { -+ super.on(event, callback); -+ this._deferredSync.arm(); -+ } -+ - get identifier() { - return `${this.bucketName}/${this.collectionName}`; - } -@@ -353,6 +368,10 @@ class RemoteSettingsClient extends EventEmitter { - let lastModified = await this.db.getLastModified(); - let hasLocalData = lastModified !== null; - -+ if (!(await this._isSynced())) { -+ throw new MissingSignatureError(this.identifier); -+ } -+ - if (syncIfEmpty && !hasLocalData) { - // .get() was called before we had the chance to synchronize the local database. - // We'll try to avoid returning an empty list. -@@ -414,7 +433,10 @@ class RemoteSettingsClient extends EventEmitter { - // No need to verify signature on JSON dumps. - // If local DB cannot be read, then we don't even try to do anything, - // we return results early. -- return this._filterEntries(data); -+ const filtered = this._filterEntries(data); -+ this._deferredSync.arm(); -+ -+ return filtered; - } - - console.debug( -@@ -452,6 +474,12 @@ class RemoteSettingsClient extends EventEmitter { - return final; - } - -+ async _isSynced() { -+ this._synced ||= -+ Services.appinfo.appBuildID === (await this.db.getMetadata())?.app_build_id; -+ return this._synced; -+ } -+ - /** - * Synchronize the local database with the remote server. - * --- -2.31.1 - - -From defc4080596f5407a98f0c9f1a456f685226054f Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 18:53:51 +0200 -Subject: [PATCH 09/13] Client: deep compare records if timestamps match - -When the list of current / updated / deleted records is generated, their -modification timestamps are compared to detect the updates. - -Although in practice this is unlikely to happen, in theory the -timestamp of some older record received from Remote Settings can match -with the modified record in the dump. Although JSON processing script -makes sure to add unique timestamps to each of the modified records, -it's still possible to update dumps manually and simply forget to update -timestamps. So serialize the records and compare them as strings to be -on the safe side. This should happen only once after upgrading to each -new version of the application, so is not likely to introduce any -noticeable performance issues. ---- - services/settings/RemoteSettingsClient.jsm | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm -index 1cebf2bc29..2c18c5cfb6 100644 ---- a/services/settings/RemoteSettingsClient.jsm -+++ b/services/settings/RemoteSettingsClient.jsm -@@ -13,6 +13,7 @@ const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); - - XPCOMUtils.defineLazyModuleGetters(this, { - AppConstants: "resource://gre/modules/AppConstants.jsm", -+ CanonicalJSON: "resource://gre/modules/CanonicalJSON.jsm", - ClientEnvironmentBase: - "resource://gre/modules/components-utils/ClientEnvironment.jsm", - Database: "resource://services-settings/Database.jsm", -@@ -1022,7 +1023,10 @@ class RemoteSettingsClient extends EventEmitter { - const old = oldById.get(r.id); - if (old) { - oldById.delete(r.id); -- if (r.last_modified != old.last_modified) { -+ if ( -+ r.last_modified != old.last_modified || -+ CanonicalJSON.stringify(r) != CanonicalJSON.stringify(old) -+ ) { - syncResult.updated.push({ old, new: r }); - } - } else { --- -2.31.1 - - -From c2ee19f01bc37e15c7742af8a502ffaa10745a52 Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 19:01:39 +0200 -Subject: [PATCH 10/13] Client: delete more data on cleanup - -When the client detects the local data is invalid (i.e. it came from -real Remote Settings and can have unwanted records), delete not only -the records, but also the attachments that came with them, because they -too can be problematic. And last check time preference, because it's not -useful anyway when remote-settings.js doesn't do any polling for changes. - -Note that attachments should be deleted before the records, because the -logic gets the data about the attachments from those records. ---- - services/settings/RemoteSettingsClient.jsm | 15 ++++++++++++--- - 1 file changed, 12 insertions(+), 3 deletions(-) - -diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm -index 2c18c5cfb6..8b65dc0cba 100644 ---- a/services/settings/RemoteSettingsClient.jsm -+++ b/services/settings/RemoteSettingsClient.jsm -@@ -221,7 +221,10 @@ class AttachmentDownloader extends Downloader { - async deleteAll() { - let allRecords = await this._client.db.list(); - return Promise.all( -- allRecords.filter(r => !!r.attachment).map(r => this.delete(r)) -+ allRecords.filter(r => !!r.attachment).map(r => { -+ this.delete(r); -+ this.deleteCached(r.id); -+ }) - ); - } - } -@@ -982,7 +985,7 @@ class RemoteSettingsClient extends EventEmitter { - // Signature failed, clear local DB because it contains - // bad data (local + remote changes). - console.debug(`${this.identifier} clear local data`); -- await this.db.clear(); -+ await this._clearAll(); - // Local data was tampered, throw and it will retry from empty DB. - console.error(`${this.identifier} local data was corrupted`); - throw new CorruptedDataError(this.identifier); -@@ -1004,7 +1007,7 @@ class RemoteSettingsClient extends EventEmitter { - // _importJSONDump() only clears DB if dump is available, - // therefore do it here! - if (imported < 0) { -- await this.db.clear(); -+ await this._clearAll(); - } - } - } -@@ -1044,6 +1047,12 @@ class RemoteSettingsClient extends EventEmitter { - return syncResult; - } - -+ async _clearAll() { -+ await this.attachments.deleteAll(); -+ await this.db.clear(); -+ Services.prefs.clearUserPref(this.lastCheckTimePref); -+ } -+ - /** - * Fetch information from changeset endpoint. - * --- -2.31.1 - - -From 56d2af487f7077753ea4df6bd0b1e6c91ed7ab9f Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 19:07:56 +0200 -Subject: [PATCH 11/13] Client: remove comparison of collection timestamps - -In case if the cached data that came from real Remote Settings server -(before the upgrade to local-only setup) has collection timestamp, that -is newer than the packaged local dump, then this comparison logic can -lead to early return of old data, skipping the integrity checking and -necessary cleanup. So remove the checks. ---- - services/settings/RemoteSettingsClient.jsm | 5 ----- - 1 file changed, 5 deletions(-) - -diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm -index 8b65dc0cba..6274596591 100644 ---- a/services/settings/RemoteSettingsClient.jsm -+++ b/services/settings/RemoteSettingsClient.jsm -@@ -917,14 +917,9 @@ class RemoteSettingsClient extends EventEmitter { - updated: [], - deleted: [], - }; -- // If data wasn't changed, return empty sync result. -- // This can happen when we update the signature but not the data. - console.debug( - `${this.identifier} local timestamp: ${localTimestamp}, remote: ${remoteTimestamp}` - ); -- if (localTimestamp && remoteTimestamp < localTimestamp) { -- return syncResult; -- } - - const start = Cu.now() * 1000; - await this.db.importChanges(metadata, remoteTimestamp, remoteRecords, { --- -2.31.1 - - -From c009c1a9ba2477c9335921b706256f115ecfd498 Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 19:15:44 +0200 -Subject: [PATCH 12/13] Attachments: load only from dump and drop cached - ---- - services/settings/Attachments.jsm | 35 +++++++------------------------ - 1 file changed, 8 insertions(+), 27 deletions(-) - -diff --git a/services/settings/Attachments.jsm b/services/settings/Attachments.jsm -index 0eeb632799..eaa7db8c81 100644 ---- a/services/settings/Attachments.jsm -+++ b/services/settings/Attachments.jsm -@@ -143,10 +143,11 @@ class Downloader { - checkHash, - attachmentId = record?.id, - useCache = false, -- fallbackToCache = false, - fallbackToDump = false, - } = options || {}; - -+ const fallbackToCache = false; -+ - if (!useCache) { - // For backwards compatibility. - // WARNING: Its return type is different from what's documented. -@@ -206,6 +207,7 @@ class Downloader { - const newBuffer = await this.downloadAsBytes(record, { - retries, - checkHash, -+ dumpInfo, - }); - const blob = new Blob([newBuffer]); - if (useCache) { -@@ -241,7 +243,7 @@ class Downloader { - } - - try { -- return { ...(await cacheInfo.getResult()), _source: "cache_fallback" }; -+ await this.cacheImpl.delete(attachmentId); - } catch (e) { - // Failed to read from cache, e.g. IndexedDB unusable. - Cu.reportError(e); -@@ -278,7 +280,7 @@ class Downloader { - * @returns {String} the absolute file path to the downloaded attachment. - */ - async downloadToDisk(record, options = {}) { -- const { retries = 3 } = options; -+ const retries = 0; - const { - attachment: { filename, size, hash }, - } = record; -@@ -335,31 +337,10 @@ class Downloader { - */ - async downloadAsBytes(record, options = {}) { - const { -- attachment: { location, hash, size }, -- } = record; -- -- const remoteFileUrl = (await this._baseAttachmentsURL()) + location; -+ dumpInfo = new LazyRecordAndBuffer(() => this._readAttachmentDump(attachmentId)) -+ } = options; - -- const { retries = 3, checkHash = true } = options; -- let retried = 0; -- while (true) { -- try { -- const buffer = await this._fetchAttachment(remoteFileUrl); -- if (!checkHash) { -- return buffer; -- } -- if (await RemoteSettingsWorker.checkContentHash(buffer, size, hash)) { -- return buffer; -- } -- // Content is corrupted. -- throw new Downloader.BadContentError(location); -- } catch (e) { -- if (retried >= retries) { -- throw e; -- } -- } -- retried++; -- } -+ return (await dumpInfo.getResult()).buffer; - } - - /** --- -2.31.1 - - -From 2035bd7a6ce1816417b619d3f1ce994a8b44ce9d Mon Sep 17 00:00:00 2001 -From: grizzlyuser -Date: Wed, 30 Dec 2020 19:22:20 +0200 -Subject: [PATCH 13/13] Disable CRLite entirely for now - -It's designed to fetch the data from Remote Settings. One of the main -selling points is that new revocations can be pushed to the clients -within minutes. That won't work with local-only setup. Although (some?) -of the JSON dumps for it are in place, obviously the updates won't -happen that fast. - -Right now CRLite doesn't enforce anything, and works just for telemetry -collection (which is hopefully disabled anyway). So disable the -preference right in the source code, so that the patch fails to apply -when the upstream decides to set it to enforcing mode by default. - -The solution with CRLite is up for discussion. If necessary, it's -possible to make clients for blessed collections to communicate to real -Remote Settings server. For example, for collections related to -certificate revocations. ---- - modules/libpref/init/all.js | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js -index edca292681..da7e23d674 100644 ---- a/modules/libpref/init/all.js -+++ b/modules/libpref/init/all.js -@@ -172,7 +172,7 @@ pref("security.cert_pinning.max_max_age_seconds", 5184000); - // 0: Disable CRLite entirely - // 1: Enable and check revocations via CRLite, but only collect telemetry - // 2: Enable and enforce revocations via CRLite --pref("security.pki.crlite_mode", 1); -+pref("security.pki.crlite_mode", 0); - - // Represents the expected certificate transparency log merge delay (including - // the time to generate a CRLite filter). Currently 28 hours in seconds. --- -2.31.1 - diff --git a/libre/iceweasel/9001-FSDG-sync-remote-settings-with-local-dump.patch b/libre/iceweasel/9001-FSDG-sync-remote-settings-with-local-dump.patch new file mode 100644 index 000000000..d4e4ef5d3 --- /dev/null +++ b/libre/iceweasel/9001-FSDG-sync-remote-settings-with-local-dump.patch @@ -0,0 +1,1000 @@ +From 15cacd9bfdb9c08def24e780d83bb8dd672c711f Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:20:39 +0200 +Subject: [PATCH 01/13] Point to local omni.ja files, not remote server + +This patch series tries to remove any network communication with Remote +Settings [1], which can be used by Mozilla to silently push data to client +browsers. This data can include references to nonfree software, for example, +to search engines or other websites that contain nonfree JavaScript code. +Without this patching, it would be hard to make sure the browser does not +violate paragraph 4 of [2]: "Programs in the system should not suggest +installing nonfree plugins, documentation, and so on." + +Changes in the current patch: +First of all, replace every occurrence of Remote Settings server domain name +with URIs that point to built-in local files within omni.ja. + +Some links to json files may point to non-existing files, but that's OK +because it's better than leave them point to Remote Settings server. +If necessary, missing files can be added later. + +[1] https://remote-settings.readthedocs.io/en/latest/introduction.html +[2] https://www.gnu.org/distros/free-system-distribution-guidelines.en.html#license-rules +--- + .../components/ASRouterAdmin/ASRouterAdmin.jsx | 2 +- + .../newtab/data/content/activity-stream.bundle.js | 2 +- + modules/libpref/init/all.js | 2 +- + services/settings/Utils.jsm | 4 ++-- + .../periodic-updates/scripts/periodic_file_updates.sh | 2 +- + toolkit/components/search/SearchUtils.jsm | 8 ++++---- + toolkit/components/search/docs/DefaultSearchEngines.rst | 2 +- + .../components/search/docs/SearchEngineConfiguration.rst | 2 +- + toolkit/mozapps/defaultagent/RemoteSettings.cpp | 2 +- + 9 files changed, 13 insertions(+), 13 deletions(-) + +diff --git a/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx b/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx +index e0d8e45cc0..4cb5fca1c6 100644 +--- a/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx ++++ b/browser/components/newtab/content-src/components/ASRouterAdmin/ASRouterAdmin.jsx +@@ -1230,7 +1230,7 @@ export class ASRouterAdminInner extends React.PureComponent { + + nimbus-desktop-experiments +diff --git a/browser/components/newtab/data/content/activity-stream.bundle.js b/browser/components/newtab/data/content/activity-stream.bundle.js +index 5227e5af81..427759dcfe 100644 +--- a/browser/components/newtab/data/content/activity-stream.bundle.js ++++ b/browser/components/newtab/data/content/activity-stream.bundle.js +@@ -1841,7 +1841,7 @@ class ASRouterAdminInner extends react__WEBPACK_IMPORTED_MODULE_3___default.a.Pu + label = /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_3___default.a.createElement("span", null, "remote settings (", /*#__PURE__*/react__WEBPACK_IMPORTED_MODULE_3___default.a.createElement("a", { + className: "providerUrl", + target: "_blank", +- href: "https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments/records", ++ href: "resource://app/defaults/settings/main/nimbus-desktop-experiments.json", + rel: "noopener noreferrer" + }, "nimbus-desktop-experiments"), ")"); + } +diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js +index 1ed81b6f53..edca292681 100644 +--- a/modules/libpref/init/all.js ++++ b/modules/libpref/init/all.js +@@ -2210,7 +2210,7 @@ pref("security.cert_pinning.hpkp.enabled", false); + // Remote settings preferences + // Note: if you change this, make sure to also review security.onecrl.maximum_staleness_in_seconds + pref("services.settings.poll_interval", 86400); // 24H +-pref("services.settings.server", "https://firefox.settings.services.mozilla.com/v1"); ++pref("services.settings.server", "resource://app/defaults/settings"); + pref("services.settings.default_bucket", "main"); + + // The percentage of clients who will report uptake telemetry as +diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm +index ee23591a6a..ef91781ac6 100644 +--- a/services/settings/Utils.jsm ++++ b/services/settings/Utils.jsm +@@ -60,11 +60,11 @@ var Utils = { + !Cu.isInAutomation && + !isXpcshell && + isNotThunderbird +- ? "https://firefox.settings.services.mozilla.com/v1" ++ ? "resource://app/defaults/settings" + : gServerURL; + }, + +- CHANGES_PATH: "/buckets/monitor/collections/changes/changeset", ++ CHANGES_PATH: "/monitor/changes.json", + + /** + * Logger instance. +diff --git a/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh b/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh +index 7764777c1a..3c8db49743 100755 +--- a/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh ++++ b/taskcluster/docker/periodic-updates/scripts/periodic_file_updates.sh +@@ -279,7 +279,7 @@ function compare_suffix_lists { + } + + function compare_remote_settings_files { +- REMOTE_SETTINGS_SERVER="https://firefox.settings.services.mozilla.com/v1" ++ REMOTE_SETTINGS_SERVER="resource://app/defaults/settings" + + # 1. List remote settings collections from server. + echo "INFO: fetch remote settings list from server" +diff --git a/toolkit/components/search/SearchUtils.jsm b/toolkit/components/search/SearchUtils.jsm +index 8a3c6acb84..b0a9c4b86f 100644 +--- a/toolkit/components/search/SearchUtils.jsm ++++ b/toolkit/components/search/SearchUtils.jsm +@@ -159,13 +159,13 @@ var SearchUtils = { + + ENGINES_URLS: { + "prod-main": +- "https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records", ++ "resource://app/defaults/settings/main/search-config.json", + "prod-preview": +- "https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/records", ++ "resource://app/defaults/settings/main/search-config.json", + "stage-main": +- "https://settings.stage.mozaws.net/v1/buckets/main/collections/search-config/records", ++ "resource://app/defaults/settings/main/search-config.json", + "stage-preview": +- "https://settings.stage.mozaws.net/v1/buckets/main-preview/collections/search-config/records", ++ "resource://app/defaults/settings/main/search-config.json", + }, + + // The following constants are left undocumented in nsISearchService.idl +diff --git a/toolkit/components/search/docs/DefaultSearchEngines.rst b/toolkit/components/search/docs/DefaultSearchEngines.rst +index 0648471396..37948dca31 100644 +--- a/toolkit/components/search/docs/DefaultSearchEngines.rst ++++ b/toolkit/components/search/docs/DefaultSearchEngines.rst +@@ -86,4 +86,4 @@ is updated. + + .. _configuration schema: SearchConfigurationSchema.html + .. _remote settings: /services/common/services/RemoteSettings.html +-.. _search-default-override-allowlist bucket: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-default-override-allowlist/records ++.. _search-default-override-allowlist bucket: resource://app/defaults/settings/main/search-default-override-allowlist.json +diff --git a/toolkit/components/search/docs/SearchEngineConfiguration.rst b/toolkit/components/search/docs/SearchEngineConfiguration.rst +index e9041affb8..7a9466d294 100644 +--- a/toolkit/components/search/docs/SearchEngineConfiguration.rst ++++ b/toolkit/components/search/docs/SearchEngineConfiguration.rst +@@ -68,5 +68,5 @@ related. As a result several situations may occur: + .. _JSON schema: https://json-schema.org/ + .. _stored in mozilla-central: https://searchfox.org/mozilla-central/source/toolkit/components/search/schema/ + .. _Search Configuration Schema: SearchConfigurationSchema.html +-.. _viewed live: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/records ++.. _viewed live: resource://app/defaults/settings/main/search-config.json + .. _Normandy: /toolkit/components/normandy/normandy/services.html +diff --git a/toolkit/mozapps/defaultagent/RemoteSettings.cpp b/toolkit/mozapps/defaultagent/RemoteSettings.cpp +index 667d9fc628..b2bf628f29 100644 +--- a/toolkit/mozapps/defaultagent/RemoteSettings.cpp ++++ b/toolkit/mozapps/defaultagent/RemoteSettings.cpp +@@ -23,7 +23,7 @@ extern "C" { + HRESULT IsAgentRemoteDisabledRust(const char* szUrl, DWORD* lpdwDisabled); + } + +-#define PROD_ENDPOINT "https://firefox.settings.services.mozilla.com/v1" ++#define PROD_ENDPOINT "resource://app/defaults/settings" + #define PROD_BID "main" + #define PROD_CID "windows-default-browser-agent" + #define PROD_ID "state" +-- +2.31.1 + + +From f1e92b5fb7844a57ad63d8a52b4867db9817fc14 Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:34:08 +0200 +Subject: [PATCH 02/13] Remove polling triggered by push broadcasts + +When initialized, remote-settings.js adds a listener to push broadcasts, +that let Remote Settings server send push messages to trigger polling +for changes from the client side. This is not needed for local-only +setup. Remove the record from broadcast-listeners.json file stored in +the user profile, so that it doesn't get picked up by push broadcast +service. +--- + dom/push/PushBroadcastService.jsm | 13 +++++++++++++ + services/settings/remote-settings.js | 7 ++----- + 2 files changed, 15 insertions(+), 5 deletions(-) + +diff --git a/dom/push/PushBroadcastService.jsm b/dom/push/PushBroadcastService.jsm +index aa1504211d..d635a2c3aa 100644 +--- a/dom/push/PushBroadcastService.jsm ++++ b/dom/push/PushBroadcastService.jsm +@@ -178,6 +178,19 @@ var BroadcastService = class { + } + } + ++ async deleteListener(broadcastId) { ++ await this.initializePromise; ++ ++ if (this.jsonFile.data.listeners.hasOwnProperty(broadcastId)) { ++ console.info( ++ "deleteListener: deleting listener", ++ broadcastId ++ ); ++ delete this.jsonFile.data.listeners[broadcastId]; ++ this.jsonFile.saveSoon(); ++ } ++ } ++ + /** + * Call the listeners of the specified broadcasts. + * +diff --git a/services/settings/remote-settings.js b/services/settings/remote-settings.js +index 6d0185faf9..aae93fa440 100644 +--- a/services/settings/remote-settings.js ++++ b/services/settings/remote-settings.js +@@ -441,7 +441,7 @@ function remoteSettingsFunction() { + moduleURI: __URI__, + symbolName: "remoteSettingsBroadcastHandler", + }; +- pushBroadcastService.addListener(BROADCAST_ID, currentVersion, moduleInfo); ++ pushBroadcastService.deleteListener(BROADCAST_ID); + }; + + return remoteSettings; +@@ -461,9 +461,6 @@ var remoteSettingsBroadcastHandler = { + `Push notification received (version=${version} phase=${phase})` + ); + +- return RemoteSettings.pollChanges({ +- expectedTimestamp: version, +- trigger: isStartup ? "startup" : "broadcast", +- }); ++ return; + }, + }; +-- +2.31.1 + + +From 3054d3efe22802ab5503dd812e0a0283bbd791f1 Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:41:54 +0200 +Subject: [PATCH 03/13] Remove timer that triggers polling for changes + +That is not needed for local-only setup. +--- + services/settings/components.conf | 9 +-------- + services/settings/servicesSettings.manifest | 4 ---- + 2 files changed, 1 insertion(+), 12 deletions(-) + +diff --git a/services/settings/components.conf b/services/settings/components.conf +index 9a737802ee..25109415a7 100644 +--- a/services/settings/components.conf ++++ b/services/settings/components.conf +@@ -4,11 +4,4 @@ + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + +-Classes = [ +- { +- 'cid': '{5e756573-234a-49ea-bbe4-59ec7a70657d}', +- 'contract_ids': ['@mozilla.org/services/settings;1'], +- 'jsm': 'resource://services-settings/RemoteSettingsComponents.jsm', +- 'constructor': 'RemoteSettingsTimer', +- }, +-] ++Classes = [] +diff --git a/services/settings/servicesSettings.manifest b/services/settings/servicesSettings.manifest +index 3bfed26ea4..807eb220ec 100644 +--- a/services/settings/servicesSettings.manifest ++++ b/services/settings/servicesSettings.manifest +@@ -1,7 +1,3 @@ + # Register resource aliases + resource services-settings resource://gre/modules/services-settings/ + +-# Schedule polling of remote settings changes +-# (default 24H, max 72H) +-# see syntax https://searchfox.org/mozilla-central/rev/cc280c4be94ff8cf64a27cc9b3d6831ffa49fa45/toolkit/components/timermanager/UpdateTimerManager.jsm#155 +-category update-timer RemoteSettingsComponents @mozilla.org/services/settings;1,getService,services-settings-poll-changes,services.settings.poll_interval,86400,259200 +-- +2.31.1 + + +From c856641861ca70da2d5aa720e402f2e505ebe5ac Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:47:41 +0200 +Subject: [PATCH 04/13] Utils: fetch timestamps of each collection locally + +Utils.CHANGES_PATH points to +services/settings/dumps/monitor/changes.json +which will be generated later by JSON processing script. Fetch the +timestamps from that file and mock response headers to not confuse any +code that expects them. +--- + browser/installer/package-manifest.in | 1 + + services/settings/Utils.jsm | 13 ++++++++++++- + services/settings/dumps/monitor/moz.build | 8 ++++++++ + services/settings/dumps/moz.build | 1 + + 4 files changed, 22 insertions(+), 1 deletion(-) + create mode 100644 services/settings/dumps/monitor/moz.build + +diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in +index ec20499166..c618c02a8f 100644 +--- a/browser/installer/package-manifest.in ++++ b/browser/installer/package-manifest.in +@@ -298,6 +298,7 @@ + @RESPATH@/browser/defaults/settings/blocklists + @RESPATH@/browser/defaults/settings/pinning + @RESPATH@/browser/defaults/settings/main ++@RESPATH@/browser/defaults/settings/monitor + @RESPATH@/browser/defaults/settings/security-state + + ; Warning: changing the path to channel-prefs.js can cause bugs (Bug 756325) +diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm +index ef91781ac6..8736951968 100644 +--- a/services/settings/Utils.jsm ++++ b/services/settings/Utils.jsm +@@ -150,7 +150,7 @@ var Utils = { + async fetchLatestChanges(serverUrl, options = {}) { + const { expectedTimestamp, lastEtag = "", filters = {} } = options; + +- let url = serverUrl + Utils.CHANGES_PATH; ++ let url = Utils.SERVER_URL + Utils.CHANGES_PATH; + const params = { + ...filters, + _expected: expectedTimestamp ?? 0, +@@ -273,7 +264,10 @@ var Utils = { + .map(([k, v]) => `${k}=${encodeURIComponent(v)}`) + .join("&"); + } +- const response = await Utils.fetch(url); ++ const response = await fetch(url); ++ const responseDate = new Date().toUTCString() ++ response.headers.set("Date", responseDate); ++ response.headers.set("Last-Modified", responseDate); + + if (response.status >= 500) { + throw new Error(`Server error ${response.status} ${response.statusText}`); +@@ -200,7 +194,15 @@ var Utils = { + } + } + +- const { changes = [], timestamp } = payload; ++ const { timestamp } = payload; ++ const { bucket, collection } = filters; ++ if (!bucket || !collection) { ++ throw new Error('Unable to fetch latest change without bucket or collection'); ++ } ++ const change = payload.changes.find( ++ change => change.bucket === bucket && change.collection === collection ++ ) ?? { last_modified: 0, bucket, collection }; ++ const changes = [change]; + + let serverTimeMillis = Date.parse(response.headers.get("Date")); + // Since the response is served via a CDN, the Date header value could have been cached. +diff --git a/services/settings/dumps/monitor/moz.build b/services/settings/dumps/monitor/moz.build +new file mode 100644 +index 0000000000..d3d017fda5 +--- /dev/null ++++ b/services/settings/dumps/monitor/moz.build +@@ -0,0 +1,8 @@ ++# This Source Code Form is subject to the terms of the Mozilla Public ++# License, v. 2.0. If a copy of the MPL was not distributed with this ++# file, You can obtain one at http://mozilla.org/MPL/2.0/. ++ ++FINAL_TARGET_FILES.defaults.settings.monitor += ["changes.json"] ++ ++if CONFIG["MOZ_BUILD_APP"] == "browser": ++ DIST_SUBDIR = "browser" +diff --git a/services/settings/dumps/moz.build b/services/settings/dumps/moz.build +index 3cc9436f61..3742da5667 100644 +--- a/services/settings/dumps/moz.build ++++ b/services/settings/dumps/moz.build +@@ -5,6 +5,7 @@ + DIRS += [ + "blocklists", + "main", ++ "monitor", + "security-state", + ] + +-- +2.31.1 + + +From a0f311bed359d484fbf85e696b5b7e3a288292f8 Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:52:10 +0200 +Subject: [PATCH 05/13] Utils: disable offline checking + +Since only local data is read now, it should always return false for the +current and any future code that relies on it. +--- + services/settings/Utils.jsm | 9 --------- + 1 file changed, 9 deletions(-) + +diff --git a/services/settings/Utils.jsm b/services/settings/Utils.jsm +index 8736951968..8ac085feea 100644 +--- a/services/settings/Utils.jsm ++++ b/services/settings/Utils.jsm +@@ -80,15 +80,6 @@ var Utils = { + * @return {bool} Whether network is down or not. + */ + get isOffline() { +- try { +- return ( +- Services.io.offline || +- CaptivePortalService.state == CaptivePortalService.LOCKED_PORTAL || +- !gNetworkLinkService.isLinkUp +- ); +- } catch (ex) { +- log.warn("Could not determine network status.", ex); +- } + return false; + }, + +-- +2.31.1 + + +From 95e4979573c79c987160a71e913c7564de22127f Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 17:56:02 +0200 +Subject: [PATCH 06/13] Refactor hashing logic to a separate function + +It is used instead of internal signature validation mechanism, for +integrity checking of the locally cached data. +--- + services/settings/RemoteSettingsWorker.jsm | 4 ++++ + services/settings/SharedUtils.jsm | 9 +++++++-- + 2 files changed, 11 insertions(+), 2 deletions(-) + +diff --git a/services/settings/RemoteSettingsWorker.jsm b/services/settings/RemoteSettingsWorker.jsm +index 147ebb6b13..c86e218fd3 100644 +--- a/services/settings/RemoteSettingsWorker.jsm ++++ b/services/settings/RemoteSettingsWorker.jsm +@@ -189,6 +189,10 @@ class Worker { + // task on the current thread instead of the worker thread. + return SharedUtils.checkContentHash(buffer, size, hash); + } ++ ++ async getContentHash(bytes) { ++ return SharedUtils.getContentHash(bytes); ++ } + } + + // Now, first add a shutdown blocker. If that fails, we must have +diff --git a/services/settings/SharedUtils.jsm b/services/settings/SharedUtils.jsm +index db5017a742..1a8e83c2e8 100644 +--- a/services/settings/SharedUtils.jsm ++++ b/services/settings/SharedUtils.jsm +@@ -28,11 +28,16 @@ var SharedUtils = { + return false; + } + // Has expected content? ++ const hashStr = await this.getContentHash(bytes); ++ return hashStr == hash; ++ }, ++ ++ async getContentHash(bytes) { + const hashBuffer = await crypto.subtle.digest("SHA-256", bytes); + const hashBytes = new Uint8Array(hashBuffer); + const toHex = b => b.toString(16).padStart(2, "0"); +- const hashStr = Array.from(hashBytes, toHex).join(""); +- return hashStr == hash; ++ ++ return Array.from(hashBytes, toHex).join(""); + }, + + /** +-- +2.31.1 + + +From daac032f8a4e12451cda9ec6b1eca29f5a35521f Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 18:05:02 +0200 +Subject: [PATCH 07/13] Client: Fetch and hash records from local dump + +Read the records from local dumps. See [1] for details on how to prepare +custom dumps). Records are cached in the local IndexedDB, and the client +updates cached records each time there's a change. Also it verifies +integrity of the data. Then the list of current / created / updated / +deleted records is generated and emitted to every registered listener. + +Change upstream signature validation mechanism to a simpler one. +Otherwise, it'd be necessary to sign local records, which is redundant, +because the application package should be signed already by the distro. + +Instead of signature property from metadata records, json_dump_metadata +has been introduced. It contains the checksum of the records and size in +bytes. Also added app_build_id property for version checking and updates +of cached data. + +Although it's possible to disable integrity checking via preference, it +seems to be not a good idea, because the logic that detects invalid +local data relies on it. In the context of local-only setup, data that +has been received from real Remote Settings server will not contain the +custom metadata, and thus will be considered invalid and then discarded, +while the client gets a chance to gracefully inform registered listeners +about these changes so that they can discard the data received before +the upgrade to local-only setup. + +[1] https://firefox-source-docs.mozilla.org/services/common/services/RemoteSettings.html#initial-data +--- + services/settings/RemoteSettingsClient.jsm | 62 ++++++++++------------ + 1 file changed, 27 insertions(+), 35 deletions(-) + +diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm +index 80dd563e11..1025ab33a2 100644 +--- a/services/settings/RemoteSettingsClient.jsm ++++ b/services/settings/RemoteSettingsClient.jsm +@@ -556,11 +556,9 @@ class RemoteSettingsClient extends EventEmitter { + + // If the data is up-to-date but don't have metadata (records loaded from dump), + // we fetch them and validate the signature immediately. +- if (this.verifySignature && ObjectUtils.isEmpty(localMetadata)) { ++ if (this.verifySignature && ObjectUtils.isEmpty(localMetadata?.json_dump_metadata)) { + console.debug(`${this.identifier} pull collection metadata`); +- const metadata = await this.httpClient().getData({ +- query: { _expected: expectedTimestamp }, +- }); ++ const { metadata } = await this._fetchChangeset(expectedTimestamp); + await this.db.importChanges(metadata); + // We don't bother validating the signature if the dump was just loaded. We do + // if the dump was loaded at some other point (eg. from .get()). +@@ -813,32 +811,23 @@ class RemoteSettingsClient extends EventEmitter { + async _validateCollectionSignature(records, timestamp, metadata) { + const start = Cu.now() * 1000; + +- if (!metadata?.signature) { ++ if (!metadata?.json_dump_metadata) { + throw new MissingSignatureError(this.identifier); + } + +- if (!this._verifier) { +- this._verifier = Cc[ +- "@mozilla.org/security/contentsignatureverifier;1" +- ].createInstance(Ci.nsIContentSignatureVerifier); +- } +- +- // This is a content-signature field from an autograph response. + const { +- signature: { x5u, signature }, ++ json_dump_metadata: { hash, size }, + } = metadata; +- const certChain = await (await Utils.fetch(x5u)).text(); + // Merge remote records with local ones and serialize as canonical JSON. + const serialized = await RemoteSettingsWorker.canonicalStringify( + records, + timestamp + ); + if ( +- !(await this._verifier.asyncVerifyContentSignature( +- serialized, +- "p384ecdsa=" + signature, +- certChain, +- this.signerName ++ !(await RemoteSettingsWorker.checkContentHash( ++ new TextEncoder().encode(serialized), ++ size, ++ hash + )) + ) { + throw new InvalidSignatureError(this.identifier); +@@ -1030,24 +1019,27 @@ class RemoteSettingsClient extends EventEmitter { + * @param since timestamp of last sync (optional) + */ + async _fetchChangeset(expectedTimestamp, since) { +- const client = this.httpClient(); +- const { +- metadata, +- timestamp: remoteTimestamp, +- changes: remoteRecords, +- } = await client.execute( +- { +- path: `/buckets/${this.bucketName}/collections/${this.collectionName}/changeset`, +- }, +- { +- query: { +- _expected: expectedTimestamp, +- _since: since, +- }, +- } ++ const { data } = await SharedUtils.loadJSONDump( ++ this.bucketName, ++ this.collectionName + ); ++ const remoteRecords = data ?? []; ++ ++ const serialized = await RemoteSettingsWorker.canonicalStringify( ++ remoteRecords, ++ expectedTimestamp ++ ); ++ const bytes = new TextEncoder().encode(serialized); ++ const metadata = { ++ app_build_id: Services.appinfo.appBuildID, ++ json_dump_metadata: { ++ hash: await RemoteSettingsWorker.getContentHash(bytes), ++ size: bytes.length, ++ }, ++ } ++ + return { +- remoteTimestamp, ++ remoteTimestamp: expectedTimestamp, + metadata, + remoteRecords, + }; +-- +2.31.1 + + +From 4d36e599e6b24e10960ebb978c038c66c5ade06d Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 18:42:56 +0200 +Subject: [PATCH 08/13] Client: start deferred sync on get() or on() + +The users of the RemoteSettingsClient.jsm can receive records from it in +two ways: by calling get(), and by subscribing to events by calling +on(). + +So hook a deferred sync whenever something calls these methods. Because +multiple of those calls can be made quite early and in very short time, +set up a deferred task that will be armed only when needed and only once +in a second. When the task is running it first checks if the local data +came from the dump of the current app build, and no-ops if true. If +false, it triggers a sync. Then adds a flag if the client has been +correctly synchronized with the dump, so that no metadata checking +occurs during the session. +--- + services/settings/RemoteSettingsClient.jsm | 30 +++++++++++++++++++++- + 1 file changed, 29 insertions(+), 1 deletion(-) + +diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm +index 1025ab33a2..1cebf2bc29 100644 +--- a/services/settings/RemoteSettingsClient.jsm ++++ b/services/settings/RemoteSettingsClient.jsm +@@ -16,6 +16,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { + ClientEnvironmentBase: + "resource://gre/modules/components-utils/ClientEnvironment.jsm", + Database: "resource://services-settings/Database.jsm", ++ DeferredTask: "resource://gre/modules/DeferredTask.jsm", + Downloader: "resource://services-settings/Attachments.jsm", + IDBHelpers: "resource://services-settings/IDBHelpers.jsm", + KintoHttpClient: "resource://services-common/kinto-http-client.js", +@@ -30,6 +31,7 @@ XPCOMUtils.defineLazyModuleGetters(this, { + }); + + const TELEMETRY_COMPONENT = "remotesettings"; ++const DEFERRED_SYNC_DELAY_MILLISECONDS = 1000; + + XPCOMUtils.defineLazyGetter(this, "console", () => Utils.log); + +@@ -259,6 +261,14 @@ class RemoteSettingsClient extends EventEmitter { + this._lastCheckTimePref = lastCheckTimePref; + this._verifier = null; + this._syncRunning = false; ++ this._deferredSync = new DeferredTask( ++ async () => { ++ if (!this._syncRunning && !(await this._isSynced())) { ++ await this.sync(); ++ } ++ }, ++ DEFERRED_SYNC_DELAY_MILLISECONDS ++ ); + + // This attribute allows signature verification to be disabled, when running tests + // or when pulling data from a dev server. +@@ -290,6 +300,11 @@ class RemoteSettingsClient extends EventEmitter { + ); + } + ++ on(event, callback) { ++ super.on(event, callback); ++ this._deferredSync.arm(); ++ } ++ + get identifier() { + return `${this.bucketName}/${this.collectionName}`; + } +@@ -353,6 +368,10 @@ class RemoteSettingsClient extends EventEmitter { + let lastModified = await this.db.getLastModified(); + let hasLocalData = lastModified !== null; + ++ if (!(await this._isSynced())) { ++ throw new MissingSignatureError(this.identifier); ++ } ++ + if (syncIfEmpty && !hasLocalData) { + // .get() was called before we had the chance to synchronize the local database. + // We'll try to avoid returning an empty list. +@@ -414,7 +433,10 @@ class RemoteSettingsClient extends EventEmitter { + // No need to verify signature on JSON dumps. + // If local DB cannot be read, then we don't even try to do anything, + // we return results early. +- return this._filterEntries(data); ++ const filtered = this._filterEntries(data); ++ this._deferredSync.arm(); ++ ++ return filtered; + } + + console.debug( +@@ -452,6 +474,12 @@ class RemoteSettingsClient extends EventEmitter { + return final; + } + ++ async _isSynced() { ++ this._synced ||= ++ Services.appinfo.appBuildID === (await this.db.getMetadata())?.app_build_id; ++ return this._synced; ++ } ++ + /** + * Synchronize the local database with the remote server. + * +-- +2.31.1 + + +From defc4080596f5407a98f0c9f1a456f685226054f Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 18:53:51 +0200 +Subject: [PATCH 09/13] Client: deep compare records if timestamps match + +When the list of current / updated / deleted records is generated, their +modification timestamps are compared to detect the updates. + +Although in practice this is unlikely to happen, in theory the +timestamp of some older record received from Remote Settings can match +with the modified record in the dump. Although JSON processing script +makes sure to add unique timestamps to each of the modified records, +it's still possible to update dumps manually and simply forget to update +timestamps. So serialize the records and compare them as strings to be +on the safe side. This should happen only once after upgrading to each +new version of the application, so is not likely to introduce any +noticeable performance issues. +--- + services/settings/RemoteSettingsClient.jsm | 6 +++++- + 1 file changed, 5 insertions(+), 1 deletion(-) + +diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm +index 1cebf2bc29..2c18c5cfb6 100644 +--- a/services/settings/RemoteSettingsClient.jsm ++++ b/services/settings/RemoteSettingsClient.jsm +@@ -13,6 +13,7 @@ const { Services } = ChromeUtils.import("resource://gre/modules/Services.jsm"); + + XPCOMUtils.defineLazyModuleGetters(this, { + AppConstants: "resource://gre/modules/AppConstants.jsm", ++ CanonicalJSON: "resource://gre/modules/CanonicalJSON.jsm", + ClientEnvironmentBase: + "resource://gre/modules/components-utils/ClientEnvironment.jsm", + Database: "resource://services-settings/Database.jsm", +@@ -1022,7 +1023,10 @@ class RemoteSettingsClient extends EventEmitter { + const old = oldById.get(r.id); + if (old) { + oldById.delete(r.id); +- if (r.last_modified != old.last_modified) { ++ if ( ++ r.last_modified != old.last_modified || ++ CanonicalJSON.stringify(r) != CanonicalJSON.stringify(old) ++ ) { + syncResult.updated.push({ old, new: r }); + } + } else { +-- +2.31.1 + + +From c2ee19f01bc37e15c7742af8a502ffaa10745a52 Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 19:01:39 +0200 +Subject: [PATCH 10/13] Client: delete more data on cleanup + +When the client detects the local data is invalid (i.e. it came from +real Remote Settings and can have unwanted records), delete not only +the records, but also the attachments that came with them, because they +too can be problematic. And last check time preference, because it's not +useful anyway when remote-settings.js doesn't do any polling for changes. + +Note that attachments should be deleted before the records, because the +logic gets the data about the attachments from those records. +--- + services/settings/RemoteSettingsClient.jsm | 15 ++++++++++++--- + 1 file changed, 12 insertions(+), 3 deletions(-) + +diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm +index 2c18c5cfb6..8b65dc0cba 100644 +--- a/services/settings/RemoteSettingsClient.jsm ++++ b/services/settings/RemoteSettingsClient.jsm +@@ -221,7 +221,10 @@ class AttachmentDownloader extends Downloader { + async deleteAll() { + let allRecords = await this._client.db.list(); + return Promise.all( +- allRecords.filter(r => !!r.attachment).map(r => this.delete(r)) ++ allRecords.filter(r => !!r.attachment).map(r => { ++ this.delete(r); ++ this.deleteCached(r.id); ++ }) + ); + } + } +@@ -982,7 +985,7 @@ class RemoteSettingsClient extends EventEmitter { + // Signature failed, clear local DB because it contains + // bad data (local + remote changes). + console.debug(`${this.identifier} clear local data`); +- await this.db.clear(); ++ await this._clearAll(); + // Local data was tampered, throw and it will retry from empty DB. + console.error(`${this.identifier} local data was corrupted`); + throw new CorruptedDataError(this.identifier); +@@ -1004,7 +1007,7 @@ class RemoteSettingsClient extends EventEmitter { + // _importJSONDump() only clears DB if dump is available, + // therefore do it here! + if (imported < 0) { +- await this.db.clear(); ++ await this._clearAll(); + } + } + } +@@ -1044,6 +1047,12 @@ class RemoteSettingsClient extends EventEmitter { + return syncResult; + } + ++ async _clearAll() { ++ await this.attachments.deleteAll(); ++ await this.db.clear(); ++ Services.prefs.clearUserPref(this.lastCheckTimePref); ++ } ++ + /** + * Fetch information from changeset endpoint. + * +-- +2.31.1 + + +From 56d2af487f7077753ea4df6bd0b1e6c91ed7ab9f Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 19:07:56 +0200 +Subject: [PATCH 11/13] Client: remove comparison of collection timestamps + +In case if the cached data that came from real Remote Settings server +(before the upgrade to local-only setup) has collection timestamp, that +is newer than the packaged local dump, then this comparison logic can +lead to early return of old data, skipping the integrity checking and +necessary cleanup. So remove the checks. +--- + services/settings/RemoteSettingsClient.jsm | 5 ----- + 1 file changed, 5 deletions(-) + +diff --git a/services/settings/RemoteSettingsClient.jsm b/services/settings/RemoteSettingsClient.jsm +index 8b65dc0cba..6274596591 100644 +--- a/services/settings/RemoteSettingsClient.jsm ++++ b/services/settings/RemoteSettingsClient.jsm +@@ -917,14 +917,9 @@ class RemoteSettingsClient extends EventEmitter { + updated: [], + deleted: [], + }; +- // If data wasn't changed, return empty sync result. +- // This can happen when we update the signature but not the data. + console.debug( + `${this.identifier} local timestamp: ${localTimestamp}, remote: ${remoteTimestamp}` + ); +- if (localTimestamp && remoteTimestamp < localTimestamp) { +- return syncResult; +- } + + const start = Cu.now() * 1000; + await this.db.importChanges(metadata, remoteTimestamp, remoteRecords, { +-- +2.31.1 + + +From c009c1a9ba2477c9335921b706256f115ecfd498 Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 19:15:44 +0200 +Subject: [PATCH 12/13] Attachments: load only from dump and drop cached + +--- + services/settings/Attachments.jsm | 35 +++++++------------------------ + 1 file changed, 8 insertions(+), 27 deletions(-) + +diff --git a/services/settings/Attachments.jsm b/services/settings/Attachments.jsm +index 0eeb632799..eaa7db8c81 100644 +--- a/services/settings/Attachments.jsm ++++ b/services/settings/Attachments.jsm +@@ -143,10 +143,11 @@ class Downloader { + checkHash, + attachmentId = record?.id, + useCache = false, +- fallbackToCache = false, + fallbackToDump = false, + } = options || {}; + ++ const fallbackToCache = false; ++ + if (!useCache) { + // For backwards compatibility. + // WARNING: Its return type is different from what's documented. +@@ -206,6 +207,7 @@ class Downloader { + const newBuffer = await this.downloadAsBytes(record, { + retries, + checkHash, ++ dumpInfo, + }); + const blob = new Blob([newBuffer]); + if (useCache) { +@@ -241,7 +243,7 @@ class Downloader { + } + + try { +- return { ...(await cacheInfo.getResult()), _source: "cache_fallback" }; ++ await this.cacheImpl.delete(attachmentId); + } catch (e) { + // Failed to read from cache, e.g. IndexedDB unusable. + Cu.reportError(e); +@@ -278,7 +280,7 @@ class Downloader { + * @returns {String} the absolute file path to the downloaded attachment. + */ + async downloadToDisk(record, options = {}) { +- const { retries = 3 } = options; ++ const retries = 0; + const { + attachment: { filename, size, hash }, + } = record; +@@ -335,31 +337,10 @@ class Downloader { + */ + async downloadAsBytes(record, options = {}) { + const { +- attachment: { location, hash, size }, +- } = record; +- +- const remoteFileUrl = (await this._baseAttachmentsURL()) + location; ++ dumpInfo = new LazyRecordAndBuffer(() => this._readAttachmentDump(attachmentId)) ++ } = options; + +- const { retries = 3, checkHash = true } = options; +- let retried = 0; +- while (true) { +- try { +- const buffer = await this._fetchAttachment(remoteFileUrl); +- if (!checkHash) { +- return buffer; +- } +- if (await RemoteSettingsWorker.checkContentHash(buffer, size, hash)) { +- return buffer; +- } +- // Content is corrupted. +- throw new Downloader.BadContentError(location); +- } catch (e) { +- if (retried >= retries) { +- throw e; +- } +- } +- retried++; +- } ++ return (await dumpInfo.getResult()).buffer; + } + + /** +-- +2.31.1 + + +From 2035bd7a6ce1816417b619d3f1ce994a8b44ce9d Mon Sep 17 00:00:00 2001 +From: grizzlyuser +Date: Wed, 30 Dec 2020 19:22:20 +0200 +Subject: [PATCH 13/13] Disable CRLite entirely for now + +It's designed to fetch the data from Remote Settings. One of the main +selling points is that new revocations can be pushed to the clients +within minutes. That won't work with local-only setup. Although (some?) +of the JSON dumps for it are in place, obviously the updates won't +happen that fast. + +Right now CRLite doesn't enforce anything, and works just for telemetry +collection (which is hopefully disabled anyway). So disable the +preference right in the source code, so that the patch fails to apply +when the upstream decides to set it to enforcing mode by default. + +The solution with CRLite is up for discussion. If necessary, it's +possible to make clients for blessed collections to communicate to real +Remote Settings server. For example, for collections related to +certificate revocations. +--- + modules/libpref/init/all.js | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/modules/libpref/init/all.js b/modules/libpref/init/all.js +index edca292681..da7e23d674 100644 +--- a/modules/libpref/init/all.js ++++ b/modules/libpref/init/all.js +@@ -172,7 +172,7 @@ pref("security.cert_pinning.max_max_age_seconds", 5184000); + // 0: Disable CRLite entirely + // 1: Enable and check revocations via CRLite, but only collect telemetry + // 2: Enable and enforce revocations via CRLite +-pref("security.pki.crlite_mode", 1); ++pref("security.pki.crlite_mode", 0); + + // Represents the expected certificate transparency log merge delay (including + // the time to generate a CRLite filter). Currently 28 hours in seconds. +-- +2.31.1 + diff --git a/libre/iceweasel/9003-FSDG-misc.patch b/libre/iceweasel/9003-FSDG-misc.patch deleted file mode 100644 index b9e5c4224..000000000 --- a/libre/iceweasel/9003-FSDG-misc.patch +++ /dev/null @@ -1,323 +0,0 @@ -diff --git a/browser/app/permissions b/browser/app/permissions -index 991284081d..888cc811ce 100644 ---- a/browser/app/permissions -+++ b/browser/app/permissions -@@ -15,11 +15,5 @@ origin uitour 1 https://support.mozilla.org - origin uitour 1 about:home - origin uitour 1 about:newtab - --# XPInstall --origin install 1 https://addons.mozilla.org -- - # Remote troubleshooting - origin remote-troubleshooting 1 https://support.mozilla.org -- --# addon install --origin install 1 https://fpn.firefox.com -diff --git a/browser/components/preferences/sync.inc.xhtml b/browser/components/preferences/sync.inc.xhtml -index 7d37d26..4ebbc06 100644 ---- a/browser/components/preferences/sync.inc.xhtml -+++ b/browser/components/preferences/sync.inc.xhtml -@@ -35,22 +35,6 @@ - - - -- - - - -diff --git a/browser/locales/en-US/browser/policies/policies-descriptions.ftl b/browser/locales/en-US/browser/policies/policies-descriptions.ftl -index dabfadc..3ce732e 100644 ---- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl -+++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl -@@ -96,7 +96,7 @@ policy-ExtensionSettings = Manage all aspects of extension installation. - - policy-ExtensionUpdate = Enable or disable automatic extension updates. - --policy-FirefoxHome = Configure Firefox Home. -+policy-FirefoxHome = Configure Iceweasel Home. - - policy-FlashPlugin = Allow or deny usage of the Flash plugin. - -diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl -index 1b29e8d..6f7566c 100644 ---- a/browser/locales/en-US/browser/preferences/preferences.ftl -+++ b/browser/locales/en-US/browser/preferences/preferences.ftl -@@ -550,7 +550,7 @@ home-restore-defaults = - # "Firefox" should be treated as a brand and kept in English, - # while "Home" and "(Default)" can be localized. - home-mode-choice-default = -- .label = Firefox Home (Default) -+ .label = Iceweasel Home (Default) - - home-mode-choice-custom = - .label = Custom URLs… -@@ -577,10 +577,10 @@ choose-bookmark = - .label = Use Bookmark… - .accesskey = B - --## Home Section - Firefox Home Content Customization -+## Home Section - Iceweasel Home Content Customization - --home-prefs-content-header = Firefox Home Content --home-prefs-content-description = Choose what content you want on your Firefox Home screen. -+home-prefs-content-header = Iceweasel Home Content -+home-prefs-content-description = Choose what content you want on your Iceweasel Home screen. - - home-prefs-search-header = - .label = Web Search -@@ -714,16 +714,6 @@ sync-signedout-account-signin2 = - .label = Sign in to { -sync-brand-short-name }… - .accesskey = i - --# This message contains two links and two icon images. --# `` - Android logo icon --# `` - Link to Android Download --# `` - iOS logo icon --# `` - Link to iOS Download --# --# They can be moved within the sentence as needed to adapt --# to your language, but should not be changed or translated. --sync-mobile-promo = Download Firefox for Android or iOS to sync with your mobile device. -- - ## Firefox Account - Signed in - - sync-profile-picture = -diff --git a/browser/locales/generic/profile/bookmarks.html.in b/browser/locales/generic/profile/bookmarks.html.in -index 2d3c7b4..00221d3 100644 ---- a/browser/locales/generic/profile/bookmarks.html.in -+++ b/browser/locales/generic/profile/bookmarks.html.in -@@ -1,15 +1,15 @@ - #filter substitution - #include @BOOKMARKS_INCLUDE_PATH@ - --#define mozilla_icon data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16'%3E %3Cpath d='M0 0h16v16H0z'/%3E %3Cpath d='M13.994 10.356H15V12h-3.171V7.741c0-1.308-.435-1.81-1.29-1.81-1.04 0-1.46.737-1.46 1.8v2.63h1.006V12H6.918V7.741c0-1.308-.435-1.81-1.291-1.81-1.039 0-1.459.737-1.459 1.8v2.63h1.441V12H1v-1.644h1.006V6.079H1V4.435h3.168v1.139a2.507 2.507 0 0 1 2.3-1.29A2.452 2.452 0 0 1 8.931 5.91 2.535 2.535 0 0 1 11.4 4.284 2.448 2.448 0 0 1 14 6.9v3.458z' fill='%23fff'/%3E %3C/svg%3E -+#define parabola_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABL0lEQVQ4jWNgoCcoq16VU1GzygnEBtEVDWuV8GooKFuhWVG3uiM3d5UokG4qr1szAaa5vGbVt4ralacwNDU0rGIrr10VBVG0+lxhwyqVsqqVtRW1q6eD5IvL19oB2V+B+D9QzQu4xtDQVZylVavygRKHqurWOlbUrknKK12qWlCwWLK8elUFA8N/xvLy5VYVtas+gzWDDVi9E2QjT1XdcufymjWpQJt1cXmnvHwVP1DzR7hmIC6vW+kOtpnYQKysW30arrlm9RVi9cFBRfXKJTADympWJZNsQFnN6rUQA1adAQU2SZqBXmUGBtozUDiU1qxQJtl2oCY3kO2l1avCSdYMAsBAWwyM2plkaS4p6eYGOv1YQ0MDB1kGlFWuDChuWKZBlmYQqK5eJU22ZkIAAEIlnQZQkzITAAAAAElFTkSuQmCC - --#define firefox_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAHY0lEQVR4Aa3VA5RrSdfG8f+uOidJp/umczm2ffFhbNvG9722bdv22LZt+3I81+04B1XvfpPmWHut3yk06smus1Z4L8uXDv6MHzpowA8eWFS8FaY9eU+cCvxaFfF8W/FWGDy8a6n7DM7/H96DR3ldu0MVb8a0J+9CI1qXJP11a+79GOdP1f11FW/EtCfvQpx8mziFxMHEEEV1KYkrKl6Pea1Nbnrs/7hz7q2KUQsqRcUE/eV1acb/pyFQ7b9N3fguzNTxVsXrMa/avFgPb6SnukY8W6EgXvszrszjivH08F0VLZFK0rbUgRt9H2aS+lORznUxnTMV45kJG6fNPZSGnEodTJwUFGbphqdSll/H/SxWjEc92kYxSoO0uzEcwo90g/9rlKpHpCmX491MxQgzuvjtE0UieyqxhYZA3UGp8CjUtSMR2YrkFdf+/szi9X88+zM3/uncSx/81/f+7/HzPsu8q09i8MUNcCUHUTImceAAL+RC+UW1nMzHuUvxSVGBCloTgMT+GuOLipaGyg/OpLuE/jVI58wHb/zsdxD5tBVbDMQwOPe/8UDqHYuuPJjCZnP5nw/+mfyUPhADRtkAaIfosum23klBxH8b+KzCfuczG8IPXi4C5yHQwvDoPYhCBSkz1n9y1+WLd8xFzVUxxmIRjBIBVHXFZF58aEtW3exxsp0V8Aac8gpBnGQBRNymkP4VXKPdgdj8H2JB/DgMVwreATFhdoCdj/wY8x7+GM8/djyJ81hlnCPTUWfHb/0QlyRUelalEPcCHswIQARJPd64ohh/KHBagPcQB7sggHgIVHcM0wUyWWUAoNaEuobI9bP1dj9lw1nnMvehj/LS0wdinYO4wM1f/h6z3v9n1t3pTnAWBj04ZQA7LFROwMsu7QCpgcjuCh4Asg5Wa0ImgNDqqHTOtDyIgPPKkZ/cZOstzmT+Nw4jcA5JBO9SHjzzWKZt8CRd03ohD/RZALCigIwHawBmKgKSVoAiAi2VDCzsgo0bYB04lSojEAaQDyETsmTZf3PPdZ+irvMgTTF4SAVX7+SRC/dj5/f/C6D9d5UQLBAIFBJILIhtB1g2a8uZq+1+LwiAV8CSTujPwqoRbJjCJMdAeRVue+j/WLh4T2I3jcCEhN4ShmDFYR2IAXC8OHdDaMYAYBxU82AFAgPShHoejAEgUEViy2h5UbS9LLBajf5oMr866wc0wlWQvEEyNQKbIcSSwZBNIfAO41NQ9ZXd0IgBAQdUDAQWpjQhcfi6gCgguDtTm3vIUBdhdwUA/Pggqmy49/n/pr/q8ZMq4DziEwI0QOtpiT1kXUqQRqC8ohaDy0BqoGzxOUE6q9DwMBiOvtzm5OLi3migAFEwpjnOCzmKhZXUkyr1uEwtLqky1aStNk4jqhFFDVZb6ykYMjBodQxw5RAKZUgSqAq+YmmWzFxF0P8L61Z8pHhf5/S+bfHQJm1OLcuzw4YPcWH3/qysTcebFHyESTOkhLjUokt8M8VFCVYDbLXhvdCfARfiG3lkykDr2qhbXJTRUZBAngMwootGI3tbrbcIsR3ugp3Yhbun89l9/ko+qCDVGpQruHKJqDakBmnq2KyXaDZKrDX1KWau+ij0ZqAvgwR1JFuFmihwPTkdDQN9co3C6IMnwujs0sppELcOV+NHVc2wzv2eb+74J6ZP6kGazeEgZZJqiaRWJo6qbDb5MU7c4ixYmYUhC7YJaQxVgYrgSxa3sgNftdww31+usFuvuykfWDzU/4HytL0llTVz+SbiAScTryKxFFc6dlnnQVZP+wEo2grT7ACb5V7g2BnXsVfxHsLEgfGQTYb/1kJqWpKV3VDLM1iXi/a8PDrtqmecl451DwLg8oG1DtnMmcsKq/bQ1V3BmBTsfzgIfHucwINxICivADt8eADkBLJGtcc0ydHsmU7QEXBFfzwTeFwRnLFtDoBD7nv5+vv61v2XXzHlfR7oKtQxLkFcCqkDK8qMHdIex4gSMxaoKZBtS8lQ18NtJsPSmv/Nyfc3nma4RjsA8Jnq1HU+WC9cY01z865pJQrdDcQkrW6IpGOfun3oxLnw6m/SEBIyVFbOIMhmiXJy35oL+vYDBhkuGxY3YaTuy9TLA+Jv2inu2j2ph9NrTUMmCyIGjwEnyiCtUaUWnGlLR1hIlM6rKwpUX5qBiTuI02Du94aqx8zJhEsVI4IPduUZV+7vDC0CDv9GdeolUjObL18ckutqMKkQkc2kiFHOITLCwyiUp1bNUhuYRFrrxPoMzdDM/XbUf/gZvvYsozX+Cl5d5vh690afrk3+0hR4XyoxqYmQICaTSwjClI6cA3EIvhWi0QiIm6rRgaQh1ikfsMK43/xv8YWfASuUe6sBAIzqPmNwjb1nJdnP5PDbOpPgJMXjWhDAC4JgvEWUaQkoib/o/NzQb37S1fP0+Dt/6wHGKqe6v1yZvuG+zc69p3m7d4dnW8TjAaEdwmFKEcztkfSG67KVG346aeV8YEglincRYLQClVcdKsery6lI1VVNJbyF+jdp8gPG4E08mAAAAABJRU5ErkJggg== -+#define fsf_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAAsTAAALEwEAmpwYAAADG0lEQVQoFQEQA+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQECAAAAAAAAAAAAAAAAAAAA2qOp7tTXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP///wAAAAAAAOCyt7pUXQcSEgcQDwAAAP///wAAAAAAAAD//x9NSDqNhQEBAQQAAAAAAAAAAAAAAAAQJiQGDQ0aPToZPjoAAQEAAAAAAAAAAAABAQEpZV4AAAAAAAAAAAAA////////////////pSIv05KZ////////////////////////////////AAAAAQAAAP///6krNwAAAAAAAPHc3ggSEQcSEQAAAAAAAAAAABY3NEGelQAAAAAAAAEBAQEAAAD///+YARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDg1g690CBgYAAAABAQEEAAAAAAAAS7etAAAAAAAAwGVtHklFIlJOAAAAAAAAAAAAAAAA+/X2BwYGAAAAAAAABAAAAAAAAB1IQwAAAAAAAAYNDBAmJB1IQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAgL//v4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAQEB//7/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAECAv/+/gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD////////////////cqK3qzM////////////////////////////////8AAAABAAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGuLjDf9F8oBAAAAAElFTkSuQmCC - --#define bugzilla_icon data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnYCL7J0pY9wwETY9kYEM9AAAAAEBAYAhVVVUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1bjTOS1Vb/wAA2/8JEqT/Q0g8kQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJnMqoiJtJ/0haST/NEkp/yQnW/8AAPD8AAHY/RsgP/JZUI+GKitih4ObUEAAAAAAAAAAAAAAAAAAAAAAKnouwip5Lv9ooW//a6Jz/y9GIv8JBXb/AADO/gEBvf8AAK7/FRJp/z9BfP8iLGj1AAAAAAAAAAAAAAAAL4YzwiB0I/+UwJ3/bK+C/02eZ/9CTjz/DBa1/wABxf8BAOj/AACp/w8Oc/sJCv//EhCN9AAAAAAAAAAANJA6iC2MMv93tYL/TZ5U/3mzjP9NoWr/NEss/wYIU/8CBOn/ARCX/wwNqP0TD6X/Cgyex5qacDAAAAAAAAAAADKUN/ZirWj/d76R/0SgXf9Ln1P/eLSM/1mda/8rOkb/CQiD/wMQvf8UEnT/MTAt4P//MwUhZyN8AAAAAAAAAAAznDf5UqlZ/228jP9NqnD/Qp9c/0yiVP+Dv5b/VaVw/0VxXf9PZXD/S3pQ/y54Nf8jcCf/I2wn/wAAAAA0ozjIM6E4/zOeOP+Uz6z/XLR+/06scv9BoV3/TqZX/4XBmP9XqHP/hr6Z/yp+Lf8leSr1JXUqbQAAAAA3rTz7Nqo7/zWmOqM3oz7rUK1W/43Mpf9etYD/T61z/0KjXf9Rqln/msup/46/lf8pgy7/JFg6sAAAAAAAAAAAOK8+8jqvOiMAAAAAAAAAADSlOv85pT//kM6o/2K5hP9Ysnv/YLJ2/ziXPv8piS3/V6Ri/yZQQ9wAAAAAAAAAAAAAAAAAAAAAAAAAADetP0E2qzz/OKg98UWsS/+e1K3/pNe4/4XDjv8ojy3/T7df/5fIqv8sjTH/K4kw/yqFLv8AAAAAAAAAAAAAAAA4sT3xN7A8+QAAAAA4qz3yNag6/zSlOf80oTn/csJ+/6/jwv9fjHj/MmRMdQAAAAAAAAAAAAAAAAAAAAAAAAAAOrdA/zm0QHQAAAAAAAAAADasO/k2qTvuRX5lpjqGT/gznDr/O3FXigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq9QiMAAAAAAAAAAAAAAAA4sj7/Nq09s0uOaSI1qTplM6U68wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOrc//zu0P0EAAAAAOK4+UjWsPPgAAAAAAAAAAAAAAAAAAAAA/48AAP8HAAD4AQAA8AAAAOAAAADAAQAAwAMAAMAAAACAAwAAAAMAAHADAADwAAAA5AcAAO4HAAD+bwAA/u8AAA== -+#define gnu_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAGFBMVEVFRUV+fn6mpqa/v7/Ozs7Y2Njg4OD8/Pwuhn+TAAAAAWJLR0QAiAUdSAAAAAlwSFlzAAALEQAACxEBf2RfkQAAAAd0SU1FB9MBDhQ6Gd8s57cAAAEVSURBVBgZBcGxVtpgGADQL9gHSBzqSognzMixmcWWzB6pmRHhnyvku6/fewMAIPD3TwHmQxHs6vr+A16bphNum/vV0x429201hcPjAGBTDZGnR/Kw1U181+u4HXvOdSxjUcztz8jjg1xGVBG9XPYxt4PviKiaWLg168iXtbrq+mPT1utjNcR1U73deRnL43M2sRgj3+oYs8uL3rLphPd2QWmHbMu/VS/cnk6UdtSW657g9yBlcZ0UAkUWzPvyRaAYmfd+HT4IZtvC59ibEJxXiqJjQpBpNEufBYE0McoOAunGhRMEFIPc7h4goJigQEBxk8u7AgEpL3IEAUZfcgAByGFXQACm5+4MAuB19QMEgI8CAgDgP4rivVgoKP6ZAAAAAElFTkSuQmCC - --#define mdn_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAABgElEQVR4AWPouPiRpmjUAjgatSBj+aG0OVuyVhymsgWl2y475zXySikwwIC4lpFDVk3avG0BrXP9mmeV7bhCvgXuxW3M7JwMeAGfpByZFpjHFzAQB2KmrSfZAtuMKgaiAZ+MUuLc7SRY4FbYwkA60HAJiJm8uubQAwIWeJV1MlAAOAREHDJrcFqQMG+ngIK6oKyykLwqAyMjeXZwiUjgtKD+yGMIwyGzmoGBTAs4hcXrgObgi4OiVkpCiUtYov7YU5wW1B194t0ww69ldvjktYouwWRYIGdkQ1Q+iJ28hp2Xn7B5zKzIPAlNw6S52wlbkL3mJJecOq+CBqeIJC6TjUJTMlcdz9lwLmriSuPgJBVbj/D+5SSXRequQVhNN4nIoEJhV77jKgs7B6bprJw85XtuU8GCpNlbSS3gSA4ii4QiTAvElDWpWeH41kxg5eZDSypUrtFKd1zTcA1EpHRDS5rUyQEts+VN7JjYOGR0TWhY6RdsOhc/Y9NoswUJjVoAAE+h555Rgcg2AAAAAElFTkSuQmCC -+#define libreplanet_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACfElEQVQ4jZXTS0hUcRTH8f+9M3fGd0gRRq1a2bZdBAotWtS6TQtB6IHgKzRy0UKqjRaRCAq+R21MDMsUR83JR5fJxhmaK2lzsWAWw+ToEHJxgnFm7reFIgza66z/58P/dzhHcESZpsluIsFPwyCVSmGa5lHPEEIIkdGYTqPPvqUlP4fK8nJ2DINYNEq71YJ3fv4QlAGkUynaj+VRdfUK7580M52rEN/ZYWNjg2GrjEMSPFXsmOn0YcA0TZ4V5tNZUkJTTTWfJiZIJhJ8U1VczwcZs0o4JUHzufM0ZGcf/OQASCaTxGIxDMNA00P8iEbpuXyJ8Tw77+wWJhWZQYuVbiHoFIKwpmUC4XCYzc1NDMMgHo9z8+IFvl6/xsf7D9ArbjOpyAxLEt1C0CUErfvJDwBd14lEImxvb/N9fR1fgY3egmyWsq0sO/poUyw4pb3mLiFolyRM09wDEokEfr+fUChEJBJh4HgBS7kKn92zLIy9ZriqklFZwiEEHfsRRp1O0un0HpDa3cU9M8PKygp3Tp5AzbKgZlmYt1uYtkn02q0MyYKmnBxWNI27Nhtut5tkMrkHmKZJbWkpqqryQpFxKTJTisyEVeaVRWJIlqgpLuZRWRkejwe/34/P58ucwZvWVhYXF5l2uejIzeHGqbM4ZYmB/dy1hUV8mJpibm4On8/H1tbW4T1YXV3F6/WysLDA5Pg4nfsDe5yfz8OiIjweD5qmEQwGf7/KwWCQtbU1NE2jRZbpEoI2SWKqr49lVUXX9T/fAkAgEKC/e5SW6mo6hKD+zGn6e0bw+/x/PyaA9S/rvOwfobGukfpbddyraMDR7iCwHPg34H9KCCF+Abts3KCj/p6aAAAAAElFTkSuQmCC - --#define addon_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAABOFBMVEUAAAAAzdwAydcAyNgA//8AzOYAydcAyNgAyNgA2NgAytoAzNkAytgAydgA29sA0egAyNgAyNgA//8AyNgAydgA//8Ay9cAydcAytkAz90Ay9gA1eoAydgAytsAyNgAytgAydkAydgAydgAyNgAydgAyNcAy9oAydgA//8AytsAy9kAytkAyNgAydgAydkAy9kAzP8AydgAydgAydgAz98AzN0AyNcAyNsAydcAydgAydgAydcAytgAytcAydcAydcAytcAydcAyNcAydcAy9gAztgAydcAydgAzOAAydcAyNgAyNgAytwAyNcAyNgAy9wAyNcAyNcAyNgAydgAyNcAydcAydgA0uEAydkAyNgAyeQA4+MAyNgAydkAzN0AyNsA1f8AyNgAydgAydcA1eMAydgAydcAyNdj6PGJAAAAZ3RSTlMAJFpBAQqm8qwNPiiPygcLv8QEw5cDQMA1JU4MwiuDbl/+6+m4+0XLAj9KePz9cjYFvervEA/IDsfFr+xcgeaOYIDo+ica1OMZ9bXlHe73LM3M35itxs8Rf5ATCbFeHjgGttC5ErzO3WvwaAAAAWxJREFUOMt9kudCwkAQhFcITQWCoaggiBqxoaixYUVsYMMGCmLXff838LIXCJAL84fvmCHsTg4AYMDhlIDkcnu8Po4w6BjiIA0joj+gY1BmGKLEiMIwHNFR9xGjuh8jpMQoYZjRGBGOA8QTHDEUB4hynABwcEqCT8GW2DNSnCYBnJzSoSk0NT2jcphlM/rRXpk5NkRgfmFxSWBml6MrOWNlWBUEEmDKtyYIrGttP66gSP4Nww8mUKzNLd5/zHaJbb1Tl9xnzR2WcGM/5QE8BLvJvf0Dc4HDo8IxUVECL5Vywv7s9Mzwz/WLcFHSsWy8w0sa9+qa/JtbOlUY3mnGLbjnCz9Q4JEfnhCrNb5nXi3w754p8MIPKVWpt6psGJ+vFJBbBUO3GlozzYdsSmCV1NlntiTnegNvPQ29Wx7h7fKrEUvg47PD/6oLpgh8m7//AZEav4b/J/bbb75SAzvR3crY+6y8fLGsQV9ZSvwHF4LQIhDjT+8AAAAASUVORK5CYII= -+#define hnode_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABgElEQVQ4jaXRz2uSARzHcb0vlRGEzTVWISU1BVkFYTIyjNK1pKcxHA+yhWMWIamHYikFgpoLIi9jwegi3QbL9SzdLmMbM9J+DkJBgm5RDvEPeHeQHOyQz0OH9+V7ePGBr0pqpPmfVPsP8a0AR4MnMEwf48x9K0s/E8oAY9iEMOvD+8yP2qVjrhhRBnSN61n5sIpULqC+pGHh8wNlgEY8jPQXcGh4VXukDND5evYAl46odIuXtYdKAANSudAChO52/XeMZMohecCbcoGdH99Y+7LO72adT9+/4nh8nYOjBl7/SsoB8gBkpHk8T0S2K++pN3fRin3cfnFDHvCuWkI9rEMvHGEo5gbAHnXhnLF1BpZLeRaLOVT2A8Q3A5wMngXgWtKLxX9KPqC+rCWQvYkpeK4NWKcGOgO50ts2MJJ0cPreeQDciTHMchZYIhcwh2wcuqjn+ccwGm9v6wsTxxn0dVgQXZ7Ek3Agpq6QrcaQGmmebtxFSDkRU1fJVmL/BpT2ByV/3eDMhinRAAAAAElFTkSuQmCC - -@@ -21,29 +21,21 @@ -

-

@bookmarks_toolbarfolder@

-
@bookmarks_toolbarfolder_description@ --#ifndef NIGHTLY_BUILD -
--

@getting_started@
-+

Parabola GNU/Linux-libre
-
--

@firefox_heading@

-+

Parabola GNU/Linux-libre

-

--

@firefox_get_help@ --
@firefox_customize@ --
@firefox_community@ --
@firefox_about@ -+
Parabola GNU/Linux-libre -+
Parabola GNU/Linux-libre Packages -+
Parabola GNU/Linux-libre Wiki -+
Parabola GNU/Linux-libre Labs -
--#else --
--

@firefox_community@ --
--

@nightly_heading@

-+

Free Software Foundation

-

--

@nightly_blog@ --
@bugzilla@ --
@mdn@ --
@nightly_tester_tools@ --
@crashes@ --
@planet@ -+
Free Software Foundation -+
The GNU Operating System and the Free Software Movement -+
LibrePlanet -+
h-node -
--#endif -
-diff --git a/devtools/startup/aboutdevtools/aboutdevtools.xhtml b/devtools/startup/aboutdevtools/aboutdevtools.xhtml -index 5b0709e..38ea275 100644 ---- a/devtools/startup/aboutdevtools/aboutdevtools.xhtml -+++ b/devtools/startup/aboutdevtools/aboutdevtools.xhtml -@@ -89,19 +89,6 @@ -
    -
- -- --
-- --
--

--

-- --
--
- - - -diff --git a/devtools/startup/locales/en-US/aboutDevTools.ftl b/devtools/startup/locales/en-US/aboutDevTools.ftl -index db2146d..e02ab58 100644 ---- a/devtools/startup/locales/en-US/aboutDevTools.ftl -+++ b/devtools/startup/locales/en-US/aboutDevTools.ftl -@@ -3,18 +3,18 @@ - # file, You can obtain one at http://mozilla.org/MPL/2.0/. - - head-title = About Developer Tools --enable-title = Enable Firefox Developer Tools --enable-inspect-element-title = Enable Firefox Developer Tools to use Inspect Element -+enable-title = Enable Iceweasel Developer Tools -+enable-inspect-element-title = Enable Iceweasel Developer Tools to use Inspect Element - enable-inspect-element-message = Examine and edit HTML and CSS with the Developer Tools’ Inspector. --enable-about-debugging-message = Develop and debug WebExtensions, web workers, service workers and more with Firefox Developer Tools. -+enable-about-debugging-message = Develop and debug WebExtensions, web workers, service workers and more with Iceweasel Developer Tools. - enable-key-shortcut-message = You activated a Developer Tools shortcut. If that was a mistake, you can close this Tab. - enable-menu-message = Perfect your website’s HTML, CSS, and JavaScript with tools like Inspector and Debugger. --enable-common-message = Firefox Developer Tools are disabled by default to give you more control over your browser. -+enable-common-message = Iceweasel Developer Tools are disabled by default to give you more control over your browser. - enable-learn-more-link = Learn more about Developer Tools - enable-enable-button = Enable Developer Tools - enable-close-button = Close this Tab - --welcome-title = Welcome to Firefox Developer Tools! -+welcome-title = Welcome to Iceweasel Developer Tools! - newsletter-title = Mozilla Developer Newsletter - newsletter-message = Get developer news, tricks and resources sent straight to your inbox. - newsletter-email-placeholder = -@@ -24,8 +24,6 @@ newsletter-subscribe-button = Subscribe - newsletter-thanks-title = Thanks! - newsletter-thanks-message = If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an email from us. - --footer-title = Firefox Developer Edition --footer-message = Looking for more than just Developer Tools? Check out the Firefox browser that is built specifically for developers and modern workflows. - footer-learn-more-link = Learn more - - features-learn-more = Learn more -diff --git a/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl b/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl -index edd871b..77870fe 100644 ---- a/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl -+++ b/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl -@@ -7,7 +7,7 @@ addons-window = - addons-page-title = Add-ons Manager - - search-header = -- .placeholder = Search addons.mozilla.org -+ .placeholder = Search www.parabola.nu/packages - .searchbuttonlabel = Search - - search-header-shortcut = -@@ -482,7 +482,7 @@ theme-heading-search-label = Find more themes - - default-heading-search-label = Find more add-ons - addons-heading-search-input = -- .placeholder = Search addons.mozilla.org -+ .placeholder = Search www.parabola.nu/packages - - addon-page-options-button = - .title = Tools for all add-ons -diff --git a/browser/locales/en-US/chrome/browser-region/region.properties b/browser/locales/en-US/chrome/browser-region/region.properties -index 4c4ea76..e0f2880 100644 ---- a/browser/locales/en-US/chrome/browser-region/region.properties -+++ b/browser/locales/en-US/chrome/browser-region/region.properties -@@ -9,16 +9,3 @@ - # don't make any spelling errors here. - gecko.handlerService.defaultHandlersVersion=4 - --# The default set of protocol handlers for mailto: --gecko.handlerService.schemes.mailto.0.name=Yahoo! Mail --gecko.handlerService.schemes.mailto.0.uriTemplate=https://compose.mail.yahoo.com/?To=%s --gecko.handlerService.schemes.mailto.1.name=Gmail --gecko.handlerService.schemes.mailto.1.uriTemplate=https://mail.google.com/mail/?extsrc=mailto&url=%s -- --# The default set of protocol handlers for irc: --gecko.handlerService.schemes.irc.0.name=Mibbit --gecko.handlerService.schemes.irc.0.uriTemplate=https://www.mibbit.com/?url=%s -- --# The default set of protocol handlers for ircs: --gecko.handlerService.schemes.ircs.0.name=Mibbit --gecko.handlerService.schemes.ircs.0.uriTemplate=https://www.mibbit.com/?url=%s -diff --git a/browser/components/protections/content/protections.ftl b/browser/components/protections/content/protections.ftl -index 5ac8a7b08c..fec81698e3 100644 ---- a/browser/components/protections/content/protections.ftl -+++ b/browser/components/protections/content/protections.ftl -@@ -18,7 +18,7 @@ get-vpn-link = Get { -mozilla-vpn-brand-name } - - vpn-title-subscribed = VPN: Subscribed - # Note This text is not being translated, and the
will need to be removed if or when it does get translated --vpn-header-content-subscribed = Using the { -mozilla-vpn-brand-name } encrypts all your traffic and hides your location — on up to 5 devices. Get the most from your subscription — add it from
the Google Play Store or Apple App Store. -+vpn-header-content-subscribed = Using the { -mozilla-vpn-brand-name } encrypts all your traffic and hides your location — on up to 5 devices. - - vpn-banner-header = Protection that extends beyond the browser - # Note This text is not being translated, and the
will need to be removed if or when it does get translated -diff --git a/browser/components/protections/content/protections.html b/browser/components/protections/content/protections.html -index e33c814f62..5698f2b3e9 100644 ---- a/browser/components/protections/content/protections.html -+++ b/browser/components/protections/content/protections.html -@@ -303,8 +303,6 @@ - -

-

-- -- -

- - -diff --git a/browser/components/protections/content/vpn-card.js b/browser/components/protections/content/vpn-card.js -index 2417f1a641..698c48ccc3 100644 ---- a/browser/components/protections/content/vpn-card.js -+++ b/browser/components/protections/content/vpn-card.js -@@ -23,22 +23,6 @@ export default class VPNCard { - vpnLink.addEventListener("click", () => { - this.doc.sendTelemetryEvent("click", "vpn_card_link"); - }); -- let androidVPNAppLink = document.getElementById( -- "vpn-google-playstore-link" -- ); -- androidVPNAppLink.href = RPMGetStringPref( -- "browser.contentblocking.report.vpn-android.url" -- ); -- androidVPNAppLink.addEventListener("click", () => { -- document.sendTelemetryEvent("click", "vpn_app_link_android"); -- }); -- let iosVPNAppLink = document.getElementById("vpn-app-store-link"); -- iosVPNAppLink.href = RPMGetStringPref( -- "browser.contentblocking.report.vpn-ios.url" -- ); -- iosVPNAppLink.addEventListener("click", () => { -- document.sendTelemetryEvent("click", "vpn_app_link_ios"); -- }); - - const vpnBanner = this.doc.querySelector(".vpn-banner"); - const exitIcon = vpnBanner.querySelector(".exit-icon"); diff --git a/libre/iceweasel/9003-FSDG-urihandlers.patch b/libre/iceweasel/9003-FSDG-urihandlers.patch new file mode 100644 index 000000000..504d18b36 --- /dev/null +++ b/libre/iceweasel/9003-FSDG-urihandlers.patch @@ -0,0 +1,240 @@ +diff --git a/uriloader/exthandler/HandlerList.jsm b/uriloader/exthandler/HandlerList.jsm +index 04b9205..ff3aec5 100644 +--- a/uriloader/exthandler/HandlerList.jsm ++++ b/uriloader/exthandler/HandlerList.jsm +@@ -11,229 +11,25 @@ this.kHandlerListVersion = 1; + this.kHandlerList = { + default: { + schemes: { +- mailto: { ++ irc: { + handlers: [ + { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", ++ name: "KiwiIRC", ++ uriTemplate: "https://web.libera.chat/?url=%s", + }, + ], + }, +- }, +- }, +- cs: { +- schemes: { +- mailto: { ++ ircs: { + handlers: [ + { +- name: "Seznam", +- uriTemplate: "https://email.seznam.cz/newMessageScreen?mailto=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", ++ name: "KiwiIRC", ++ uriTemplate: "https://web.libera.chat/?url=%s", + }, + ], + }, +- }, +- }, +- csb: { +- schemes: { + mailto: { + handlers: [ + { +- name: "Poczta Interia.pl", +- uriTemplate: "http://poczta.interia.pl/mh/?mailto=%s", +- }, +- { +- name: "OnetPoczta", +- uriTemplate: "http://poczta.onet.pl/napisz.html?uri=%s", +- }, +- ], +- }, +- }, +- }, +- "es-CL": { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- { +- name: "Outlook", +- uriTemplate: +- "https://outlook.live.com/default.aspx?rru=compose&to=%s", +- }, +- ], +- }, +- }, +- }, +- "ja-JP-mac": { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Yahoo!メール", +- uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- ], +- }, +- }, +- }, +- ja: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Yahoo!メール", +- uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- ], +- }, +- }, +- }, +- kk: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Яндекс.Почта", +- uriTemplate: "https://mail.yandex.ru/compose?mailto=%s", +- }, +- { +- name: "Mail.Ru", +- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- ], +- }, +- }, +- }, +- ltg: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- { +- name: "inbox.lv mail", +- uriTemplate: "https://mail.inbox.lv/compose?to=%s", +- }, +- ], +- }, +- }, +- }, +- lv: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- { +- name: "inbox.lv mail", +- uriTemplate: "https://mail.inbox.lv/compose?to=%s", +- }, +- ], +- }, +- }, +- }, +- pl: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Poczta Interia.pl", +- uriTemplate: "https://poczta.interia.pl/mh/?mailto=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- ], +- }, +- }, +- }, +- ru: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Яндекс.Почту", +- uriTemplate: "https://mail.yandex.ru/compose?mailto=%s", +- }, +- { +- name: "Mail.Ru", +- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s", +- }, +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- ], +- }, +- }, +- }, +- sah: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Яндекс.Почта", +- uriTemplate: "https://mail.yandex.ru/compose?mailto=%s", +- }, +- { +- name: "Mail.Ru", +- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s", +- }, +- ], +- }, +- }, +- }, +- uk: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- { +- name: "Outlook", +- uriTemplate: +- "https://outlook.live.com/default.aspx?rru=compose&to=%s", +- }, +- ], +- }, +- }, +- }, +- uz: { +- schemes: { +- mailto: { +- handlers: [ +- { +- name: "Gmail", +- uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s", +- }, +- { +- name: "Mail.Ru", +- uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s", + }, + ], + }, diff --git a/libre/iceweasel/9004-FSDG-misc.patch b/libre/iceweasel/9004-FSDG-misc.patch new file mode 100644 index 000000000..a42043ec5 --- /dev/null +++ b/libre/iceweasel/9004-FSDG-misc.patch @@ -0,0 +1,309 @@ +diff --git a/browser/app/permissions b/browser/app/permissions +index 991284081d..888cc811ce 100644 +--- a/browser/app/permissions ++++ b/browser/app/permissions +@@ -15,11 +15,5 @@ origin uitour 1 https://support.mozilla.org + origin uitour 1 about:home + origin uitour 1 about:newtab + +-# XPInstall +-origin install 1 https://addons.mozilla.org +- + # Remote troubleshooting + origin remote-troubleshooting 1 https://support.mozilla.org +- +-# addon install +-origin install 1 https://fpn.firefox.com +diff --git a/browser/components/preferences/sync.inc.xhtml b/browser/components/preferences/sync.inc.xhtml +index 7d37d26..4ebbc06 100644 +--- a/browser/components/preferences/sync.inc.xhtml ++++ b/browser/components/preferences/sync.inc.xhtml +@@ -35,22 +35,6 @@ + + + +- + + + +diff --git a/browser/locales/en-US/browser/policies/policies-descriptions.ftl b/browser/locales/en-US/browser/policies/policies-descriptions.ftl +index dabfadc..3ce732e 100644 +--- a/browser/locales/en-US/browser/policies/policies-descriptions.ftl ++++ b/browser/locales/en-US/browser/policies/policies-descriptions.ftl +@@ -96,7 +96,7 @@ policy-ExtensionSettings = Manage all aspects of extension installation. + + policy-ExtensionUpdate = Enable or disable automatic extension updates. + +-policy-FirefoxHome = Configure Firefox Home. ++policy-FirefoxHome = Configure Iceweasel Home. + + policy-FlashPlugin = Allow or deny usage of the Flash plugin. + +diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl +index 1b29e8d..6f7566c 100644 +--- a/browser/locales/en-US/browser/preferences/preferences.ftl ++++ b/browser/locales/en-US/browser/preferences/preferences.ftl +@@ -550,7 +550,7 @@ home-restore-defaults = + # "Firefox" should be treated as a brand and kept in English, + # while "Home" and "(Default)" can be localized. + home-mode-choice-default = +- .label = Firefox Home (Default) ++ .label = Iceweasel Home (Default) + + home-mode-choice-custom = + .label = Custom URLs… +@@ -577,10 +577,10 @@ choose-bookmark = + .label = Use Bookmark… + .accesskey = B + +-## Home Section - Firefox Home Content Customization ++## Home Section - Iceweasel Home Content Customization + +-home-prefs-content-header = Firefox Home Content +-home-prefs-content-description = Choose what content you want on your Firefox Home screen. ++home-prefs-content-header = Iceweasel Home Content ++home-prefs-content-description = Choose what content you want on your Iceweasel Home screen. + + home-prefs-search-header = + .label = Web Search +@@ -714,16 +714,6 @@ sync-signedout-account-signin2 = + .label = Sign in to { -sync-brand-short-name }… + .accesskey = i + +-# This message contains two links and two icon images. +-# `` - Android logo icon +-# `` - Link to Android Download +-# `` - iOS logo icon +-# `` - Link to iOS Download +-# +-# They can be moved within the sentence as needed to adapt +-# to your language, but should not be changed or translated. +-sync-mobile-promo = Download Firefox for Android or iOS to sync with your mobile device. +- + ## Firefox Account - Signed in + + sync-profile-picture = +diff --git a/browser/base/content/default-bookmarks.html b/browser/base/content/default-bookmarks.html +index b2d18d3..41cd27a 100644 +--- a/browser/base/content/default-bookmarks.html ++++ b/browser/base/content/default-bookmarks.html +@@ -1,14 +1,14 @@ + #filter substitution + +-#define mozilla_icon data:image/svg+xml,%3Csvg xmlns='http://www.w3.org/2000/svg' width='16' height='16'%3E %3Cpath d='M0 0h16v16H0z'/%3E %3Cpath d='M13.994 10.356H15V12h-3.171V7.741c0-1.308-.435-1.81-1.29-1.81-1.04 0-1.46.737-1.46 1.8v2.63h1.006V12H6.918V7.741c0-1.308-.435-1.81-1.291-1.81-1.039 0-1.459.737-1.459 1.8v2.63h1.441V12H1v-1.644h1.006V6.079H1V4.435h3.168v1.139a2.507 2.507 0 0 1 2.3-1.29A2.452 2.452 0 0 1 8.931 5.91 2.535 2.535 0 0 1 11.4 4.284 2.448 2.448 0 0 1 14 6.9v3.458z' fill='%23fff'/%3E %3C/svg%3E ++#define parabola_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABL0lEQVQ4jWNgoCcoq16VU1GzygnEBtEVDWuV8GooKFuhWVG3uiM3d5UokG4qr1szAaa5vGbVt4ralacwNDU0rGIrr10VBVG0+lxhwyqVsqqVtRW1q6eD5IvL19oB2V+B+D9QzQu4xtDQVZylVavygRKHqurWOlbUrknKK12qWlCwWLK8elUFA8N/xvLy5VYVtas+gzWDDVi9E2QjT1XdcufymjWpQJt1cXmnvHwVP1DzR7hmIC6vW+kOtpnYQKysW30arrlm9RVi9cFBRfXKJTADympWJZNsQFnN6rUQA1adAQU2SZqBXmUGBtozUDiU1qxQJtl2oCY3kO2l1avCSdYMAsBAWwyM2plkaS4p6eYGOv1YQ0MDB1kGlFWuDChuWKZBlmYQqK5eJU22ZkIAAEIlnQZQkzITAAAAAElFTkSuQmCC + +-#define firefox_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAYAAABzenr0AAAHY0lEQVR4Aa3VA5RrSdfG8f+uOidJp/umczm2ffFhbNvG9722bdv22LZt+3I81+04B1XvfpPmWHut3yk06smus1Z4L8uXDv6MHzpowA8eWFS8FaY9eU+cCvxaFfF8W/FWGDy8a6n7DM7/H96DR3ldu0MVb8a0J+9CI1qXJP11a+79GOdP1f11FW/EtCfvQpx8mziFxMHEEEV1KYkrKl6Pea1Nbnrs/7hz7q2KUQsqRcUE/eV1acb/pyFQ7b9N3fguzNTxVsXrMa/avFgPb6SnukY8W6EgXvszrszjivH08F0VLZFK0rbUgRt9H2aS+lORznUxnTMV45kJG6fNPZSGnEodTJwUFGbphqdSll/H/SxWjEc92kYxSoO0uzEcwo90g/9rlKpHpCmX491MxQgzuvjtE0UieyqxhYZA3UGp8CjUtSMR2YrkFdf+/szi9X88+zM3/uncSx/81/f+7/HzPsu8q09i8MUNcCUHUTImceAAL+RC+UW1nMzHuUvxSVGBCloTgMT+GuOLipaGyg/OpLuE/jVI58wHb/zsdxD5tBVbDMQwOPe/8UDqHYuuPJjCZnP5nw/+mfyUPhADRtkAaIfosum23klBxH8b+KzCfuczG8IPXi4C5yHQwvDoPYhCBSkz1n9y1+WLd8xFzVUxxmIRjBIBVHXFZF58aEtW3exxsp0V8Aac8gpBnGQBRNymkP4VXKPdgdj8H2JB/DgMVwreATFhdoCdj/wY8x7+GM8/djyJ81hlnCPTUWfHb/0QlyRUelalEPcCHswIQARJPd64ohh/KHBagPcQB7sggHgIVHcM0wUyWWUAoNaEuobI9bP1dj9lw1nnMvehj/LS0wdinYO4wM1f/h6z3v9n1t3pTnAWBj04ZQA7LFROwMsu7QCpgcjuCh4Asg5Wa0ImgNDqqHTOtDyIgPPKkZ/cZOstzmT+Nw4jcA5JBO9SHjzzWKZt8CRd03ohD/RZALCigIwHawBmKgKSVoAiAi2VDCzsgo0bYB04lSojEAaQDyETsmTZf3PPdZ+irvMgTTF4SAVX7+SRC/dj5/f/C6D9d5UQLBAIFBJILIhtB1g2a8uZq+1+LwiAV8CSTujPwqoRbJjCJMdAeRVue+j/WLh4T2I3jcCEhN4ShmDFYR2IAXC8OHdDaMYAYBxU82AFAgPShHoejAEgUEViy2h5UbS9LLBajf5oMr866wc0wlWQvEEyNQKbIcSSwZBNIfAO41NQ9ZXd0IgBAQdUDAQWpjQhcfi6gCgguDtTm3vIUBdhdwUA/Pggqmy49/n/pr/q8ZMq4DziEwI0QOtpiT1kXUqQRqC8ohaDy0BqoGzxOUE6q9DwMBiOvtzm5OLi3migAFEwpjnOCzmKhZXUkyr1uEwtLqky1aStNk4jqhFFDVZb6ykYMjBodQxw5RAKZUgSqAq+YmmWzFxF0P8L61Z8pHhf5/S+bfHQJm1OLcuzw4YPcWH3/qysTcebFHyESTOkhLjUokt8M8VFCVYDbLXhvdCfARfiG3lkykDr2qhbXJTRUZBAngMwootGI3tbrbcIsR3ugp3Yhbun89l9/ko+qCDVGpQruHKJqDakBmnq2KyXaDZKrDX1KWau+ij0ZqAvgwR1JFuFmihwPTkdDQN9co3C6IMnwujs0sppELcOV+NHVc2wzv2eb+74J6ZP6kGazeEgZZJqiaRWJo6qbDb5MU7c4ixYmYUhC7YJaQxVgYrgSxa3sgNftdww31+usFuvuykfWDzU/4HytL0llTVz+SbiAScTryKxFFc6dlnnQVZP+wEo2grT7ACb5V7g2BnXsVfxHsLEgfGQTYb/1kJqWpKV3VDLM1iXi/a8PDrtqmecl451DwLg8oG1DtnMmcsKq/bQ1V3BmBTsfzgIfHucwINxICivADt8eADkBLJGtcc0ydHsmU7QEXBFfzwTeFwRnLFtDoBD7nv5+vv61v2XXzHlfR7oKtQxLkFcCqkDK8qMHdIex4gSMxaoKZBtS8lQ18NtJsPSmv/Nyfc3nma4RjsA8Jnq1HU+WC9cY01z865pJQrdDcQkrW6IpGOfun3oxLnw6m/SEBIyVFbOIMhmiXJy35oL+vYDBhkuGxY3YaTuy9TLA+Jv2inu2j2ph9NrTUMmCyIGjwEnyiCtUaUWnGlLR1hIlM6rKwpUX5qBiTuI02Du94aqx8zJhEsVI4IPduUZV+7vDC0CDv9GdeolUjObL18ckutqMKkQkc2kiFHOITLCwyiUp1bNUhuYRFrrxPoMzdDM/XbUf/gZvvYsozX+Cl5d5vh690afrk3+0hR4XyoxqYmQICaTSwjClI6cA3EIvhWi0QiIm6rRgaQh1ikfsMK43/xv8YWfASuUe6sBAIzqPmNwjb1nJdnP5PDbOpPgJMXjWhDAC4JgvEWUaQkoib/o/NzQb37S1fP0+Dt/6wHGKqe6v1yZvuG+zc69p3m7d4dnW8TjAaEdwmFKEcztkfSG67KVG346aeV8YEglincRYLQClVcdKsery6lI1VVNJbyF+jdp8gPG4E08mAAAAABJRU5ErkJggg== ++#define fsf_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAIAAACQkWg2AAAACXBIWXMAAAsTAAALEwEAmpwYAAADG0lEQVQoFQEQA+/8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAAAD///8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAQECAAAAAAAAAAAAAAAAAAAA2qOp7tTXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQAAAP///wAAAAAAAOCyt7pUXQcSEgcQDwAAAP///wAAAAAAAAD//x9NSDqNhQEBAQQAAAAAAAAAAAAAAAAQJiQGDQ0aPToZPjoAAQEAAAAAAAAAAAABAQEpZV4AAAAAAAAAAAAA////////////////pSIv05KZ////////////////////////////////AAAAAQAAAP///6krNwAAAAAAAPHc3ggSEQcSEQAAAAAAAAAAABY3NEGelQAAAAAAAAEBAQEAAAD///+YARAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGDg1g690CBgYAAAABAQEEAAAAAAAAS7etAAAAAAAAwGVtHklFIlJOAAAAAAAAAAAAAAAA+/X2BwYGAAAAAAAABAAAAAAAAB1IQwAAAAAAAAYNDBAmJB1IQwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAAAAgL//v4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAQEB//7/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAAAAAAAAAAAAAAAAAAAAECAv/+/gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD////////////////cqK3qzM////////////////////////////////8AAAABAAAA////AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGuLjDf9F8oBAAAAAElFTkSuQmCC + +-#define bugzilla_icon data:image/x-icon;base64,AAABAAEAEBAAAAEAIABoBAAAFgAAACgAAAAQAAAAIAAAAAEAIAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnYCL7J0pY9wwETY9kYEM9AAAAAEBAYAhVVVUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1bjTOS1Vb/wAA2/8JEqT/Q0g8kQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJnMqoiJtJ/0haST/NEkp/yQnW/8AAPD8AAHY/RsgP/JZUI+GKitih4ObUEAAAAAAAAAAAAAAAAAAAAAAKnouwip5Lv9ooW//a6Jz/y9GIv8JBXb/AADO/gEBvf8AAK7/FRJp/z9BfP8iLGj1AAAAAAAAAAAAAAAAL4YzwiB0I/+UwJ3/bK+C/02eZ/9CTjz/DBa1/wABxf8BAOj/AACp/w8Oc/sJCv//EhCN9AAAAAAAAAAANJA6iC2MMv93tYL/TZ5U/3mzjP9NoWr/NEss/wYIU/8CBOn/ARCX/wwNqP0TD6X/Cgyex5qacDAAAAAAAAAAADKUN/ZirWj/d76R/0SgXf9Ln1P/eLSM/1mda/8rOkb/CQiD/wMQvf8UEnT/MTAt4P//MwUhZyN8AAAAAAAAAAAznDf5UqlZ/228jP9NqnD/Qp9c/0yiVP+Dv5b/VaVw/0VxXf9PZXD/S3pQ/y54Nf8jcCf/I2wn/wAAAAA0ozjIM6E4/zOeOP+Uz6z/XLR+/06scv9BoV3/TqZX/4XBmP9XqHP/hr6Z/yp+Lf8leSr1JXUqbQAAAAA3rTz7Nqo7/zWmOqM3oz7rUK1W/43Mpf9etYD/T61z/0KjXf9Rqln/msup/46/lf8pgy7/JFg6sAAAAAAAAAAAOK8+8jqvOiMAAAAAAAAAADSlOv85pT//kM6o/2K5hP9Ysnv/YLJ2/ziXPv8piS3/V6Ri/yZQQ9wAAAAAAAAAAAAAAAAAAAAAAAAAADetP0E2qzz/OKg98UWsS/+e1K3/pNe4/4XDjv8ojy3/T7df/5fIqv8sjTH/K4kw/yqFLv8AAAAAAAAAAAAAAAA4sT3xN7A8+QAAAAA4qz3yNag6/zSlOf80oTn/csJ+/6/jwv9fjHj/MmRMdQAAAAAAAAAAAAAAAAAAAAAAAAAAOrdA/zm0QHQAAAAAAAAAADasO/k2qTvuRX5lpjqGT/gznDr/O3FXigAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADq9QiMAAAAAAAAAAAAAAAA4sj7/Nq09s0uOaSI1qTplM6U68wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOrc//zu0P0EAAAAAOK4+UjWsPPgAAAAAAAAAAAAAAAAAAAAA/48AAP8HAAD4AQAA8AAAAOAAAADAAQAAwAMAAMAAAACAAwAAAAMAAHADAADwAAAA5AcAAO4HAAD+bwAA/u8AAA== ++#define gnu_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgBAMAAACBVGfHAAAAGFBMVEVFRUV+fn6mpqa/v7/Ozs7Y2Njg4OD8/Pwuhn+TAAAAAWJLR0QAiAUdSAAAAAlwSFlzAAALEQAACxEBf2RfkQAAAAd0SU1FB9MBDhQ6Gd8s57cAAAEVSURBVBgZBcGxVtpgGADQL9gHSBzqSognzMixmcWWzB6pmRHhnyvku6/fewMAIPD3TwHmQxHs6vr+A16bphNum/vV0x429201hcPjAGBTDZGnR/Kw1U181+u4HXvOdSxjUcztz8jjg1xGVBG9XPYxt4PviKiaWLg168iXtbrq+mPT1utjNcR1U73deRnL43M2sRgj3+oYs8uL3rLphPd2QWmHbMu/VS/cnk6UdtSW657g9yBlcZ0UAkUWzPvyRaAYmfd+HT4IZtvC59ibEJxXiqJjQpBpNEufBYE0McoOAunGhRMEFIPc7h4goJigQEBxk8u7AgEpL3IEAUZfcgAByGFXQACm5+4MAuB19QMEgI8CAgDgP4rivVgoKP6ZAAAAAElFTkSuQmCC + +-#define mdn_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAIAAAD8GO2jAAABgElEQVR4AWPouPiRpmjUAjgatSBj+aG0OVuyVhymsgWl2y475zXySikwwIC4lpFDVk3avG0BrXP9mmeV7bhCvgXuxW3M7JwMeAGfpByZFpjHFzAQB2KmrSfZAtuMKgaiAZ+MUuLc7SRY4FbYwkA60HAJiJm8uubQAwIWeJV1MlAAOAREHDJrcFqQMG+ngIK6oKyykLwqAyMjeXZwiUjgtKD+yGMIwyGzmoGBTAs4hcXrgObgi4OiVkpCiUtYov7YU5wW1B194t0ww69ldvjktYouwWRYIGdkQ1Q+iJ28hp2Xn7B5zKzIPAlNw6S52wlbkL3mJJecOq+CBqeIJC6TjUJTMlcdz9lwLmriSuPgJBVbj/D+5SSXRequQVhNN4nIoEJhV77jKgs7B6bprJw85XtuU8GCpNlbSS3gSA4ii4QiTAvElDWpWeH41kxg5eZDSypUrtFKd1zTcA1EpHRDS5rUyQEts+VN7JjYOGR0TWhY6RdsOhc/Y9NoswUJjVoAAE+h555Rgcg2AAAAAElFTkSuQmCC ++#define libreplanet_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAACfElEQVQ4jZXTS0hUcRTH8f+9M3fGd0gRRq1a2bZdBAotWtS6TQtB6IHgKzRy0UKqjRaRCAq+R21MDMsUR83JR5fJxhmaK2lzsWAWw+ToEHJxgnFm7reFIgza66z/58P/dzhHcESZpsluIsFPwyCVSmGa5lHPEEIIkdGYTqPPvqUlP4fK8nJ2DINYNEq71YJ3fv4QlAGkUynaj+VRdfUK7580M52rEN/ZYWNjg2GrjEMSPFXsmOn0YcA0TZ4V5tNZUkJTTTWfJiZIJhJ8U1VczwcZs0o4JUHzufM0ZGcf/OQASCaTxGIxDMNA00P8iEbpuXyJ8Tw77+wWJhWZQYuVbiHoFIKwpmUC4XCYzc1NDMMgHo9z8+IFvl6/xsf7D9ArbjOpyAxLEt1C0CUErfvJDwBd14lEImxvb/N9fR1fgY3egmyWsq0sO/poUyw4pb3mLiFolyRM09wDEokEfr+fUChEJBJh4HgBS7kKn92zLIy9ZriqklFZwiEEHfsRRp1O0un0HpDa3cU9M8PKygp3Tp5AzbKgZlmYt1uYtkn02q0MyYKmnBxWNI27Nhtut5tkMrkHmKZJbWkpqqryQpFxKTJTisyEVeaVRWJIlqgpLuZRWRkejwe/34/P58ucwZvWVhYXF5l2uejIzeHGqbM4ZYmB/dy1hUV8mJpibm4On8/H1tbW4T1YXV3F6/WysLDA5Pg4nfsDe5yfz8OiIjweD5qmEQwGf7/KwWCQtbU1NE2jRZbpEoI2SWKqr49lVUXX9T/fAkAgEKC/e5SW6mo6hKD+zGn6e0bw+/x/PyaA9S/rvOwfobGukfpbddyraMDR7iCwHPg34H9KCCF+Abts3KCj/p6aAAAAAElFTkSuQmCC + +-#define addon_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAgCAMAAABEpIrGAAABOFBMVEUAAAAAzdwAydcAyNgA//8AzOYAydcAyNgAyNgA2NgAytoAzNkAytgAydgA29sA0egAyNgAyNgA//8AyNgAydgA//8Ay9cAydcAytkAz90Ay9gA1eoAydgAytsAyNgAytgAydkAydgAydgAyNgAydgAyNcAy9oAydgA//8AytsAy9kAytkAyNgAydgAydkAy9kAzP8AydgAydgAydgAz98AzN0AyNcAyNsAydcAydgAydgAydcAytgAytcAydcAydcAytcAydcAyNcAydcAy9gAztgAydcAydgAzOAAydcAyNgAyNgAytwAyNcAyNgAy9wAyNcAyNcAyNgAydgAyNcAydcAydgA0uEAydkAyNgAyeQA4+MAyNgAydkAzN0AyNsA1f8AyNgAydgAydcA1eMAydgAydcAyNdj6PGJAAAAZ3RSTlMAJFpBAQqm8qwNPiiPygcLv8QEw5cDQMA1JU4MwiuDbl/+6+m4+0XLAj9KePz9cjYFvervEA/IDsfFr+xcgeaOYIDo+ica1OMZ9bXlHe73LM3M35itxs8Rf5ATCbFeHjgGttC5ErzO3WvwaAAAAWxJREFUOMt9kudCwkAQhFcITQWCoaggiBqxoaixYUVsYMMGCmLXff838LIXCJAL84fvmCHsTg4AYMDhlIDkcnu8Po4w6BjiIA0joj+gY1BmGKLEiMIwHNFR9xGjuh8jpMQoYZjRGBGOA8QTHDEUB4hynABwcEqCT8GW2DNSnCYBnJzSoSk0NT2jcphlM/rRXpk5NkRgfmFxSWBml6MrOWNlWBUEEmDKtyYIrGttP66gSP4Nww8mUKzNLd5/zHaJbb1Tl9xnzR2WcGM/5QE8BLvJvf0Dc4HDo8IxUVECL5Vywv7s9Mzwz/WLcFHSsWy8w0sa9+qa/JtbOlUY3mnGLbjnCz9Q4JEfnhCrNb5nXi3w754p8MIPKVWpt6psGJ+vFJBbBUO3GlozzYdsSmCV1NlntiTnegNvPQ29Wx7h7fKrEUvg47PD/6oLpgh8m7//AZEav4b/J/bbb75SAzvR3crY+6y8fLGsQV9ZSvwHF4LQIhDjT+8AAAAASUVORK5CYII= ++#define hnode_icon data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQCAYAAAAf8/9hAAABgElEQVQ4jaXRz2uSARzHcb0vlRGEzTVWISU1BVkFYTIyjNK1pKcxHA+yhWMWIamHYikFgpoLIi9jwegi3QbL9SzdLmMbM9J+DkJBgm5RDvEPeHeQHOyQz0OH9+V7ePGBr0pqpPmfVPsP8a0AR4MnMEwf48x9K0s/E8oAY9iEMOvD+8yP2qVjrhhRBnSN61n5sIpULqC+pGHh8wNlgEY8jPQXcGh4VXukDND5evYAl46odIuXtYdKAANSudAChO52/XeMZMohecCbcoGdH99Y+7LO72adT9+/4nh8nYOjBl7/SsoB8gBkpHk8T0S2K++pN3fRin3cfnFDHvCuWkI9rEMvHGEo5gbAHnXhnLF1BpZLeRaLOVT2A8Q3A5wMngXgWtKLxX9KPqC+rCWQvYkpeK4NWKcGOgO50ts2MJJ0cPreeQDciTHMchZYIhcwh2wcuqjn+ccwGm9v6wsTxxn0dVgQXZ7Ek3Agpq6QrcaQGmmebtxFSDkRU1fJVmL/BpT2ByV/3eDMhinRAAAAAElFTkSuQmCC + +@@ -29,31 +29,31 @@ +

+

default-bookmarks-toolbarfolder

+
default-bookmarks-toolbarfolder-description
+-#ifndef NIGHTLY_BUILD +

+-

default-bookmarks-getting-started
++
Parabola GNU/Linux-libre
+

+-

default-bookmarks-firefox-heading

++

Parabola GNU/Linux-libre

+

+-

default-bookmarks-firefox-get-help
+-
default-bookmarks-firefox-customize
+-
default-bookmarks-firefox-community
+-
default-bookmarks-firefox-about
++
Parabola GNU/Linux-libre
++
Parabola GNU/Linux-libre Packages
++
Parabola GNU/Linux-libre Wiki
++
Parabola GNU/Linux-libre Labs
+

+-#else ++ ++

Parabola GNU/Linux-libre

+

+-

default-bookmarks-firefox-community
++
Parabola GNU/Linux-libre
++
Parabola GNU/Linux-libre Packages
++
Parabola GNU/Linux-libre Wiki
++
Parabola GNU/Linux-libre Labs
+

+-

default-bookmarks-nightly-heading

++

Free Software Foundation

+

+-

default-bookmarks-nightly-blog
+-
default-bookmarks-bugzilla
+-
default-bookmarks-mdn
+-
default-bookmarks-nightly-tester-tools
+-
default-bookmarks-crashes
+-
default-bookmarks-planet
++
Free Software Foundation
++
The GNU Operating System and the Free Software Movement
++
LibrePlanet
++
h-node
+

+-#endif +

+ + +diff --git a/devtools/startup/aboutdevtools/aboutdevtools.xhtml b/devtools/startup/aboutdevtools/aboutdevtools.xhtml +index 5b0709e..38ea275 100644 +--- a/devtools/startup/aboutdevtools/aboutdevtools.xhtml ++++ b/devtools/startup/aboutdevtools/aboutdevtools.xhtml +@@ -89,19 +89,6 @@ +
    +
+ +- +-
+- +-
+-

+-

+- +-
+-
+ + + +diff --git a/devtools/startup/locales/en-US/aboutDevTools.ftl b/devtools/startup/locales/en-US/aboutDevTools.ftl +index db2146d..e02ab58 100644 +--- a/devtools/startup/locales/en-US/aboutDevTools.ftl ++++ b/devtools/startup/locales/en-US/aboutDevTools.ftl +@@ -3,18 +3,18 @@ + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + head-title = About Developer Tools +-enable-title = Enable Firefox Developer Tools +-enable-inspect-element-title = Enable Firefox Developer Tools to use Inspect Element ++enable-title = Enable Iceweasel Developer Tools ++enable-inspect-element-title = Enable Iceweasel Developer Tools to use Inspect Element + enable-inspect-element-message = Examine and edit HTML and CSS with the Developer Tools’ Inspector. +-enable-about-debugging-message = Develop and debug WebExtensions, web workers, service workers and more with Firefox Developer Tools. ++enable-about-debugging-message = Develop and debug WebExtensions, web workers, service workers and more with Iceweasel Developer Tools. + enable-key-shortcut-message = You activated a Developer Tools shortcut. If that was a mistake, you can close this Tab. + enable-menu-message = Perfect your website’s HTML, CSS, and JavaScript with tools like Inspector and Debugger. +-enable-common-message = Firefox Developer Tools are disabled by default to give you more control over your browser. ++enable-common-message = Iceweasel Developer Tools are disabled by default to give you more control over your browser. + enable-learn-more-link = Learn more about Developer Tools + enable-enable-button = Enable Developer Tools + enable-close-button = Close this Tab + +-welcome-title = Welcome to Firefox Developer Tools! ++welcome-title = Welcome to Iceweasel Developer Tools! + newsletter-title = Mozilla Developer Newsletter + newsletter-message = Get developer news, tricks and resources sent straight to your inbox. + newsletter-email-placeholder = +@@ -24,8 +24,6 @@ newsletter-subscribe-button = Subscribe + newsletter-thanks-title = Thanks! + newsletter-thanks-message = If you haven’t previously confirmed a subscription to a Mozilla-related newsletter you may have to do so. Please check your inbox or your spam filter for an email from us. + +-footer-title = Firefox Developer Edition +-footer-message = Looking for more than just Developer Tools? Check out the Firefox browser that is built specifically for developers and modern workflows. + footer-learn-more-link = Learn more + + features-learn-more = Learn more +diff --git a/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl b/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl +index edd871b..77870fe 100644 +--- a/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl ++++ b/toolkit/locales/en-US/toolkit/about/aboutAddons.ftl +@@ -7,7 +7,7 @@ addons-window = + addons-page-title = Add-ons Manager + + search-header = +- .placeholder = Search addons.mozilla.org ++ .placeholder = Search www.parabola.nu/packages + .searchbuttonlabel = Search + + search-header-shortcut = +@@ -482,7 +482,7 @@ theme-heading-search-label = Find more themes + + default-heading-search-label = Find more add-ons + addons-heading-search-input = +- .placeholder = Search addons.mozilla.org ++ .placeholder = Search www.parabola.nu/packages + + addon-page-options-button = + .title = Tools for all add-ons +diff --git a/browser/components/protections/content/protections.ftl b/browser/components/protections/content/protections.ftl +index 5ac8a7b08c..fec81698e3 100644 +--- a/browser/components/protections/content/protections.ftl ++++ b/browser/components/protections/content/protections.ftl +@@ -18,7 +18,7 @@ get-vpn-link = Get { -mozilla-vpn-brand-name } + + vpn-title-subscribed = VPN: Subscribed + # Note This text is not being translated, and the
will need to be removed if or when it does get translated +-vpn-header-content-subscribed = Using the { -mozilla-vpn-brand-name } encrypts all your traffic and hides your location — on up to 5 devices. Get the most from your subscription — add it from
the Google Play Store or Apple App Store. ++vpn-header-content-subscribed = Using the { -mozilla-vpn-brand-name } encrypts all your traffic and hides your location — on up to 5 devices. + + vpn-banner-header = Protection that extends beyond the browser + # Note This text is not being translated, and the
will need to be removed if or when it does get translated +diff --git a/browser/components/protections/content/protections.html b/browser/components/protections/content/protections.html +index e33c814f62..5698f2b3e9 100644 +--- a/browser/components/protections/content/protections.html ++++ b/browser/components/protections/content/protections.html +@@ -303,8 +303,6 @@ + +

+

+- +- +

+ + +diff --git a/browser/components/protections/content/vpn-card.js b/browser/components/protections/content/vpn-card.js +index 2417f1a641..698c48ccc3 100644 +--- a/browser/components/protections/content/vpn-card.js ++++ b/browser/components/protections/content/vpn-card.js +@@ -23,22 +23,6 @@ export default class VPNCard { + vpnLink.addEventListener("click", () => { + this.doc.sendTelemetryEvent("click", "vpn_card_link"); + }); +- let androidVPNAppLink = document.getElementById( +- "vpn-google-playstore-link" +- ); +- androidVPNAppLink.href = RPMGetStringPref( +- "browser.contentblocking.report.vpn-android.url" +- ); +- androidVPNAppLink.addEventListener("click", () => { +- document.sendTelemetryEvent("click", "vpn_app_link_android"); +- }); +- let iosVPNAppLink = document.getElementById("vpn-app-store-link"); +- iosVPNAppLink.href = RPMGetStringPref( +- "browser.contentblocking.report.vpn-ios.url" +- ); +- iosVPNAppLink.addEventListener("click", () => { +- document.sendTelemetryEvent("click", "vpn_app_link_ios"); +- }); + + const vpnBanner = this.doc.querySelector(".vpn-banner"); + const exitIcon = vpnBanner.querySelector(".exit-icon"); diff --git a/libre/iceweasel/PKGBUILD b/libre/iceweasel/PKGBUILD index 57a711174..3048a21d6 100644 --- a/libre/iceweasel/PKGBUILD +++ b/libre/iceweasel/PKGBUILD @@ -45,23 +45,36 @@ # (good manners because of all of the other patching we're doing) +# NOTE: This PKGBUILD is kept in-sync with arch{,arm,32}, as closely as possible, +# for the sake of documentation and cleaner diffs. +# That also helps to identify which changes were made by Parabola vs upstream. +# Therefore, this PKGBUILD may declare blacklisted dependencies, non-free sources, +# or include code for anti-features; but those will be filtered-out subsequently. +# Any code which implements an anti-feature should be commented-out; +# and include an 'anti-feature' comment, for clarity. +# Any blacklisted dependencies and non-free sources should be filtered. +# Without those over-rides, the resulting program may not be FSDG-fit. +# Do not circumvent those over-rides, if compiling for the Parabola repos. + + pkgname=iceweasel epoch=1 -pkgver=97.0.2 +pkgver=98.0 pkgrel=1 -pkgrel+=.parabola5 -_brandingver=97.0-1 # unreleased WIP +pkgrel+=.parabola1 +_brandingver=98.0-1 pkgdesc="Standalone web browser derived from Mozilla Firefox" arch=(x86_64) arch+=(armv7h i686) license=(MPL GPL LGPL) url="https://wiki.parabola.nu/Iceweasel" -depends=(gtk3 libxt mime-types dbus-glib ffmpeg nss ttf-font libpulse) +depends=(gtk3 libxt mime-types dbus-glib ffmpeg4.4 nss ttf-font libpulse) makedepends=(unzip zip diffutils yasm mesa imake inetutils xorg-server-xvfb autoconf2.13 rust clang llvm jack nodejs cbindgen nasm python-setuptools python-psutil python-zstandard lld dump_syms wasi-compiler-rt wasi-libc wasi-libc++ wasi-libc++abi) makedepends+=(quilt libxslt imagemagick git jq python-jsonschema) +depends=( ${depends[*]/ffmpeg4.4/ffmpeg} ) makedepends+=(libvpx=1.11.0-1) [[ "${CARCH}" == i686 ]] && makedepends=( ${makedepends[*]/jack/jack2} ) [[ "${CARCH}" == i686 ]] && makedepends=( ${makedepends[*]/llvm/llvm12} ) @@ -75,28 +88,29 @@ optdepends=('networkmanager: Location detection via available WiFi networks' 'xdg-desktop-portal: Screensharing with Wayland') replaces=('firefox') options=(!emptydirs !makeflags !strip !lto !debug) # FIXME: make debug package -source=(https://archive.mozilla.org/pub/firefox/releases/${pkgver}/source/firefox-${pkgver}.source.tar.xz{,.asc} - 0001-Use-remoting-name-for-GDK-application-names.patch - $pkgname.desktop) +source=(https://archive.mozilla.org/pub/firefox/releases/$pkgver/source/firefox-$pkgver.source.tar.xz{,.asc} + $pkgname.desktop identity-icons-brand.svg) +source=(${source[*]/identity-icons-brand.svg/}) source+=(https://repo.parabola.nu/other/iceweasel/${pkgname}_${_brandingver}.branding.tar.xz{,.sig} - 9001-FSDG-always-sync-remote-settings-with-local-dump.patch + 9001-FSDG-sync-remote-settings-with-local-dump.patch 9002-FSDG-preference-defaults.patch - 9003-FSDG-misc.patch + 9003-FSDG-urihandlers.patch + 9004-FSDG-misc.patch process-json-files.py vendor.js.in) source_armv7h=(build-arm-libopus.patch) source_i686=('avoid-libxul-OOM-python-check.patch' 'rust-static-disable-network-test-on-static-libraries.patch' 'firefox-93.0_x86_math_private_20211110.patch') -sha256sums=('c9f127741beabde78b021dc95b1740259d01677d461400682cb30e072126f075' +sha256sums=('fd0a4c11d007d9045706667eb0f99f9b7422945188424cb937bfef530cb6f4dd' 'SKIP' - '8de6c0ecc70d2763936be6df4b91a3d2e806765bf510f987d6f2ffa2377c3f01' '9cdc2602661717712092d28bb494e5b48e518cb930898aca85eaf21f91f7ef58') -sha256sums+=('f6013003a6bac275fc27d1c10d1f38a033fe888a4dc64a6ad50522de41aaa70b' +sha256sums+=('f3e89499909b172476e931d9ab18b856d0001e3042b3816d1728809536179768' 'SKIP' 'a4e3c3869085cb282cb5a0fcb64e816c0415f25d4792a62c4f1d599d3111b23c' 'cb3079a0dc30321183bf8e112532c6f2aad045f68103f8d422c9691137aa770e' - '39e3a5e1ad137e21f842a44d7e3bd24050292d2b41fe59b4e7c7dfed52a195dd' + 'e192458a2a9878483984e1400bb3c66df369adfbf6f144b90445f80973c32ed1' + 'e7b8d08bb9fa98f09290632f37d1453c52db56fa0d20acf9bc5d110d2d64a920' '9386f1c50506cd20ab6d212335d5e4417faeb2aea371dd46f2d107d171e80b83' 'c93ce98e1cb64033079343ff1f3037fab6a3bc6d3eb5bc14c5edb70e2d45965d') sha256sums_armv7h=('2d4d91f7e35d0860225084e37ec320ca6cae669f6c9c8fe7735cdbd542e3a7c9') @@ -108,6 +122,19 @@ validpgpkeys+=('BFA8008A8265677063B11BF47171986E4B745536') # Andreas Grapentin validpgpkeys+=('3954A7AB837D0EA9CFA9798925DB7D9B5A8D4B40') # bill-auger +# Google API keys (see http://www.chromium.org/developers/how-tos/api-keys) # anti-feature +# Note: These are for Arch Linux use ONLY. For your own distribution, please # anti-feature +# get your own set of keys. Feel free to contact foutrelis@archlinux.org for # anti-feature +# more information. # anti-feature +# _google_api_key=AIzaSyDwr302FpOSkGRpLlUpPThNTDPbXcIn_FM # anti-feature + +# Mozilla API keys (see https://location.services.mozilla.com/api) # anti-feature +# Note: These are for Arch Linux use ONLY. For your own distribution, please # anti-feature +# get your own set of keys. Feel free to contact heftig@archlinux.org for # anti-feature +# more information. # anti-feature +# _mozilla_api_key=e05d56db0a694edc8b5aaebda3f2db6a # anti-feature + + # PGO requires networking _should_skip_pgo_armv7h=1 # disable for armv7h - always _should_skip_pgo_i686=1 # disable for i686 - always @@ -115,8 +142,10 @@ _should_skip_pgo_x86_64=0 # disable for x86_64 - sometimes for libremakepkg eval "_should_skip_pgo=\$_should_skip_pgo_${CARCH}" +## helpers ## + _check_build_config() { - pushd "$srcdir/firefox-${pkgver%_*}" > /dev/null + pushd "${srcdir}"/firefox-${pkgver} > /dev/null echo "Checking build configuration..." @@ -144,12 +173,36 @@ _check_build_config() { popd > /dev/null } +_check_patching() { + pushd "${srcdir}"/firefox-${pkgver} > /dev/null + + # URI protocol handlers + local uri_handlers=uriloader/exthandler/HandlerList.jsm + local webmails='google|yahoo' + grep 'name:' $uri_handlers | grep '"KiwiIRC",' && \ + ! grep 'name:' $uri_handlers | grep -v '"KiwiIRC",' && \ + ! grep -E "($webmails)" $uri_handlers || \ + ! echo "9003-FSDG-misc.patch needs reworking" || \ + return 1 + + # Remote Settings + local settings_server='firefox.settings.services.mozilla.com' + ! grep -qr $settings_server || \ + ! echo '9001-FSDG-sync-remote-settings-with-local-dump.patch needs reworking' || \ + return 1 + + popd > /dev/null +} + + +## business ## + prepare() { mkdir mozbuild cd firefox-$pkgver - # https://bugzilla.mozilla.org/show_bug.cgi?id=1530052 - patch -Np1 -i ../0001-Use-remoting-name-for-GDK-application-names.patch + # echo -n "$_google_api_key" >google-api-key # anti-feature + # echo -n "$_mozilla_api_key" >mozilla-api-key # anti-feature cat >../mozconfig < content/blank.svg + popd + # custom new tab page # FIXME: the newtab page (aka "Start Page") has changed significantly # the new upstream start page ('activity-streams') is an add-on now @@ -321,6 +386,9 @@ END export QUILT_PC="${srcdir}"/.pc quilt push -av + # misc branding + sed -i "s|({ \$bits }-bit)|($CARCH)|" browser/locales/en-US/browser/aboutDialog.ftl + ## searchengines ## @@ -364,12 +432,8 @@ END rm testing/mozbase/mozproxy/tests/files/mitm5-linux-firefox-amazon.zip # Disable/neutralize Remote Settings (as best we can) - echo "applying 9001-FSDG-always-sync-remote-settings-with-local-dump.patch" - patch -Np1 --no-backup-if-mismatch -i ../9001-FSDG-always-sync-remote-settings-with-local-dump.patch - - # Verify Remote Settings patching - local settings_server='firefox.settings.services.mozilla.com' - ! grep -qr $settings_server || { echo 'Remote Settings patching needs rework'; return 1; } + echo "applying 9001-FSDG-sync-remote-settings-with-local-dump.patch" + patch -Np1 --no-backup-if-mismatch -i ../9001-FSDG-sync-remote-settings-with-local-dump.patch # Disable various components at the source level sed -i 's/;1/;0/' toolkit/components/telemetry/components.conf @@ -380,12 +444,22 @@ END python ../process-json-files.py "${srcdir}"/firefox-${pkgver} "${brandingsrcdir}" + # disable various phone-home/goelocation anti-featires echo "applying 9002-FSDG-preference-defaults.patch" patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9002-FSDG-preference-defaults.patch + # over-ride/install default URI protocol handlers + echo "applying 9003-FSDG-urihandlers.patch" + patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9003-FSDG-urihandlers.patch + # Remove remaining non-free bits - echo "applying 9003-FSDG-misc.patch" - patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9003-FSDG-misc.patch + echo "applying 9004-FSDG-misc.patch" + patch -Np1 --no-backup-if-mismatch -i "${srcdir}"/9004-FSDG-misc.patch + + + ## patching sanity checks ## + + _check_patching } build() { @@ -395,15 +469,12 @@ build() { export MOZ_NOSPAM=1 export MOZBUILD_STATE_PATH="$srcdir/mozbuild" + export MOZ_ENABLE_FULL_SYMBOLS=1 export MACH_USE_SYSTEM_PYTHON=1 # LTO needs more open files ulimit -n 4096 - # clang-{9,10,11} -> error: unknown argument: '-fvar-tracking-assignments' - CFLAGS="${CFLAGS/-fvar-tracking-assignments/}" - CXXFLAGS="${CXXFLAGS/-fvar-tracking-assignments/}" - ## [ARCH-SPECIFIC BUILD ENV] ## @@ -479,15 +550,11 @@ END xvfb-run -s "-screen 0 1920x1080x24 -nolisten local" \ ./mach python build/pgo/profileserver.py - if [[ ! -s merged.profdata ]]; then - echo "No profile data produced." - return 1 - fi + stat -c "Profile data found (%s bytes)" merged.profdata + test -s merged.profdata - if [[ ! -s jarlog ]]; then - echo "No jar log produced." - return 1 - fi + stat -c "Jar log found (%s bytes)" jarlog + test -s jarlog echo "Removing instrumented browser..." ./mach clobber @@ -504,7 +571,7 @@ END ## sanity checks ## # each of the [ARCH-SPECIFIC BUILD CONFIG] branches above should have created .mozconfig - [[ ! -f .mozconfig ]] && echo ".mozconfig file not found in source root" && return 1 + [[ ! -f .mozconfig ]] && echo "cannot continue without a .mozconfig file" && return 1 _check_build_config @@ -512,6 +579,9 @@ END echo "Building optimized browser..." ./mach build + + echo "Building symbol archive..." + ./mach buildsymbols } package() { @@ -554,13 +624,20 @@ app.distributor.channel=$pkgname app.partner.parabola=parabola END - local i - for i in 16 22 24 32 48 64 128 192 256 384; do - install -Dvm644 browser/branding/$pkgname/default$i.png \ + # NOTE: browser/branding/$theme is $brandingdestdir in configure() + local i theme=$pkgname + for i in 16 22 24 32 48 64 128 256; do + install -Dvm644 browser/branding/$theme/default$i.png \ "$pkgdir/usr/share/icons/hicolor/${i}x${i}/apps/$pkgname.png" done - install -Dvm644 "browser/branding/$pkgname/${pkgname}_icon.svg" \ + install -Dvm644 browser/branding/$theme/content/about-logo.png \ + "$pkgdir/usr/share/icons/hicolor/192x192/apps/$pkgname.png" + install -Dvm644 browser/branding/$theme/content/about-logo@2x.png \ + "$pkgdir/usr/share/icons/hicolor/384x384/apps/$pkgname.png" + install -Dvm644 browser/branding/$theme/content/about-logo.svg \ "$pkgdir/usr/share/icons/hicolor/scalable/apps/$pkgname.svg" + install -Dvm644 browser/branding/$theme/content/blank.svg \ + "$pkgdir/usr/share/icons/hicolor/symbolic/apps/$pkgname-symbolic.svg" install -Dvm644 ../$pkgname.desktop \ "$pkgdir/usr/share/applications/$pkgname.desktop" -- cgit v1.2.3