From b44ad96bf07b4b849f46a011a85ec6c2a8a245c8 Mon Sep 17 00:00:00 2001 From: André Fabian Silva Delgado Date: Tue, 25 Oct 2016 06:30:50 -0300 Subject: ice{dove,weasel}-hardening: add new package to [pcr] -> https://lists.parabola.nu/pipermail/dev/2016-October/004522.html --- pcr/iceweasel-hardening/PKGBUILD | 213 +++++++++++++ pcr/iceweasel-hardening/drm-free.png | Bin 0 -> 3213 bytes .../enable-object-directory-paths.patch | 13 + pcr/iceweasel-hardening/gnu_headshadow.png | Bin 0 -> 6785 bytes .../iceweasel-install-dir.patch | 13 + pcr/iceweasel-hardening/iceweasel.desktop | 310 ++++++++++++++++++ pcr/iceweasel-hardening/iceweasel.install | 31 ++ pcr/iceweasel-hardening/libre.patch | 338 ++++++++++++++++++++ pcr/iceweasel-hardening/mozconfig | 46 +++ pcr/iceweasel-hardening/mozilla-1253216.patch | 12 + pcr/iceweasel-hardening/mozilla-build-arm.patch | 24 ++ ...ult-and-shell-icons-in-packaging-manifest.patch | 34 ++ pcr/iceweasel-hardening/vendor.js | 351 +++++++++++++++++++++ 13 files changed, 1385 insertions(+) create mode 100644 pcr/iceweasel-hardening/PKGBUILD create mode 100644 pcr/iceweasel-hardening/drm-free.png create mode 100644 pcr/iceweasel-hardening/enable-object-directory-paths.patch create mode 100644 pcr/iceweasel-hardening/gnu_headshadow.png create mode 100644 pcr/iceweasel-hardening/iceweasel-install-dir.patch create mode 100644 pcr/iceweasel-hardening/iceweasel.desktop create mode 100644 pcr/iceweasel-hardening/iceweasel.install create mode 100644 pcr/iceweasel-hardening/libre.patch create mode 100644 pcr/iceweasel-hardening/mozconfig create mode 100644 pcr/iceweasel-hardening/mozilla-1253216.patch create mode 100644 pcr/iceweasel-hardening/mozilla-build-arm.patch create mode 100644 pcr/iceweasel-hardening/remove-default-and-shell-icons-in-packaging-manifest.patch create mode 100644 pcr/iceweasel-hardening/vendor.js (limited to 'pcr/iceweasel-hardening') diff --git a/pcr/iceweasel-hardening/PKGBUILD b/pcr/iceweasel-hardening/PKGBUILD new file mode 100644 index 000000000..790b18177 --- /dev/null +++ b/pcr/iceweasel-hardening/PKGBUILD @@ -0,0 +1,213 @@ +# Maintainer: André Silva +# Contributor: Márcio Silva +# Contributor (ConnochaetOS): Henry Jensen +# Contributor: Luke Shumaker +# Contributor: fauno +# Contributor: vando +# Contributor (Arch): Jakub Schmidtke +# Contributor: Figue +# Contributor: taro-k +# Contributor: Michał Masłowski +# Contributor: Luke R. +# Contributor: Isaac David +# Thank you very much to the older contributors: +# Contributor: evr +# Contributor: Muhammad 'MJ' Jassim + +_pgo=false + +# We're getting this from Debian Sid +_debname=firefox +_brandingver=49.0 +_brandingrel=1 +_debver=49.0 +_debrel=deb4 +_debrepo=http://ftp.debian.org/debian/pool/main/ +_parabolarepo=https://repo.parabola.nu/other/iceweasel +debfile() { echo $@|sed -r 's@(.).*@\1/&/&@'; } + +_pkgname=firefox +pkgname=iceweasel-hardening +epoch=1 +pkgver=$_debver.$_debrel +pkgrel=1 +pkgdesc="A libre version of Debian Iceweasel, the standalone web browser based on Mozilla Firefox, with several patches that were introduced to strengthen and protect the end user from security threats" +arch=(i686 x86_64 armv7h) +license=(MPL GPL LGPL) +depends=(alsa-lib dbus-glib ffmpeg gtk2 gtk3 hunspell icu=57.1 libevent libvpx=1.6.0 libxt mime-types mozilla-common nss sqlite startup-notification ttf-font) +makedepends=(autoconf2.13 diffutils gconf imagemagick imake inetutils libidl2 libpulse librsvg-stable libxslt mesa mozilla-searchplugins pkg-config python2 quilt unzip yasm zip) +makedepends_i686=(rust) +makedepends_x86_64=("${makedepends_i686[@]}") +options=(!emptydirs !makeflags debug) +if $_pgo; then + makedepends+=(xorg-server-xvfb) + options+=(!ccache) +fi +optdepends=('networkmanager: Location detection via available WiFi networks' + 'libnotify: Notification integration' + 'upower: Battery API') +url="https://wiki.parabola.nu/${pkgname%-*}" +replaces=("${pkgname%-*}-libre" "$_pkgname") +conflicts=("${pkgname%-*}-libre" "${pkgname%-*}") +provides=("${pkgname%-*}") +install=${pkgname%-*}.install +source=("$_debrepo/`debfile $_debname`_$_debver.orig.tar.xz" + "$_debrepo/`debfile $_debname`_$_debver-${_debrel#deb}.debian.tar.xz" + "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz" + "$_parabolarepo/${pkgname}_$_brandingver-$_brandingrel.branding.tar.xz.sig" + mozconfig + libre.patch + remove-default-and-shell-icons-in-packaging-manifest.patch + gnu_headshadow.png + drm-free.png + ${pkgname%-*}.desktop + ${pkgname%-*}-install-dir.patch + vendor.js + enable-object-directory-paths.patch + mozilla-1253216.patch + mozilla-build-arm.patch) +sha256sums=('2f463afd3c74eb9477f58525214f06498357ff90f01b45fb2675fc77c57bcffe' + '8e4051a587e380849226fa0de89a02468c45133a758665dc2a7064a248f138a8' + 'c0fd88e37187298a7658919cf2e4b6d024425b781d6aff5bdba49dc991f379d3' + 'SKIP' + '8212fd5e341a251c97871c0f114f6332c78326f707f9d20eddc8d644e0c5c988' + '013af398e97da9e855a143582816bf819e0d9d8d2b0e323d6b832f3df1157fdd' + '32f1fe3ad4f80d0ae419064db2abe49b97cd7cb18c35d68be1a2befb60172a2a' + '93e3001ce152e1d142619e215a9ef07dd429943b99d21726c25da9ceb31e31cd' + '56eba484179c7f498076f8dc603d8795e99dce8c6ea1da9736318c59d666bff6' + '87034dbb640f70454b27d1695a6f03b6fd1ab81c82eb4d8c771db925ae03d408' + '3aea6676f1e53a09673b6ae219d281fc28054beb6002b09973611c02f827651d' + 'aec1e2c3a1f5626c39d5d71000a45033de5b67b5fb9cb437a45f16ee5c5d2dc3' + 'e260e555b261aabab1e48786dd514eeea056e4402af7cfd4dfd1d32858441484' + 'fbb6011501a74a8ea6d01c041870fcefb7ef2859c134aedc676e5f6452833f65' + '56eecee8162c138c442773d66483886f1242c8dd2b16eed5711ae5e63d9b0e3a') +validpgpkeys=( + 'C92BAA713B8D53D3CAE63FC9E6974752F9704456' # André Silva + '684D54A189305A9CC95446D36B888913DDB59515' # Márcio Silva +) + +prepare() { + cd "$srcdir/$_pkgname-$_debver" + mv "$srcdir/debian" . + mv "$srcdir/${pkgname%-*}-$_brandingver/branding" debian + mv "$srcdir/${pkgname%-*}-$_brandingver/patches/iceweasel-branding" debian/patches + cat "$srcdir/${pkgname%-*}-$_brandingver/patches/series" >> debian/patches/series + + export QUILT_PATCHES=debian/patches + export QUILT_REFRESH_ARGS='-p ab --no-timestamps --no-index' + export QUILT_DIFF_ARGS='--no-timestamps' + + quilt push -av + + # Put gnu_headshadow.png and drm-free.png in the source code + install -m644 "$srcdir/"{gnu_headshadow,drm-free}.png \ + browser/base/content/abouthome + + # Useless since we are doing it ourselves + patch -Np1 -i "$srcdir/remove-default-and-shell-icons-in-packaging-manifest.patch" + + # Enable object directory paths for Iceweasel rebranding + patch -Np1 -i "$srcdir/enable-object-directory-paths.patch" + + # Install to /usr/lib/${pkgname%-*} + patch -Np1 -i "$srcdir/${pkgname%-*}-install-dir.patch" + + # Patch and remove anything that's left + patch -Np1 -i "$srcdir/libre.patch" + sed -i 's|Adobe Flash|SWF Player|g; + ' browser/base/content/pageinfo/permissions.js \ + browser/base/content/browser-plugins.js + sed -i '\|["]displayName["][:] ["]Flash["]| s|Flash|SWF Player| + \|["]displayName["][:] ["]Shockwave["]| s|Shockwave|DCR Player| + \|["]displayName["][:] ["]QuickTime["]| s|QuickTime|MOV Player| + \|installLinux| s|true|false| + ' browser/base/content/browser-plugins.js + + # Load our build config, disable SafeSearch + cp "$srcdir/mozconfig" .mozconfig + + mkdir "$srcdir/path" + ln -s /usr/bin/python2 "$srcdir/path/python" + + # Load our searchplugins + rm -rv browser/locales/en-US/searchplugins + cp -av /usr/lib/mozilla/searchplugins browser/locales/en-US + + # Disable various components at the source level + sed -i 's|[;]1|;0|' toolkit/components/telemetry/TelemetryStartup.manifest || die "failed break telemetry startup" + sed -i 's|[;]1|;0|' browser/experiments/Experiments.manifest || die "failed to break ExperimentsService" + sed -i '/pocket/d' browser/extensions/moz.build || die "failed to wipe pocket" + + # ARM-specific changes: + if [[ "$CARCH" == arm* ]]; then + sed -i '/ac_add_options --enable-rust/d' .mozconfig + echo "ac_add_options --disable-ion" >> .mozconfig + echo "ac_add_options --disable-elf-hack" >> .mozconfig + echo "ac_add_options --disable-webrtc" >> .mozconfig + + # Disable gold linker, reduce memory consumption at link time + sed -i '/ac_add_options --enable-gold/d' .mozconfig + LDFLAGS+=" -Wl,--no-keep-memory -Wl,--reduce-memory-overheads" + echo "ac_add_options --disable-tests" >> .mozconfig + echo "ac_add_options --disable-debug" >> .mozconfig + + patch -p1 -i ../mozilla-1253216.patch + patch -p1 -i ../mozilla-build-arm.patch + fi +} + +build() { + cd "$srcdir/$_pkgname-$_debver" + + # _FORTIFY_SOURCE causes configure failures + CPPFLAGS+=" -O2" + + # Hardening + LDFLAGS+=" -Wl,-z,now" + + # GCC 6 + CXXFLAGS+=" -fno-delete-null-pointer-checks -fno-schedule-insns2" + + export PATH="$srcdir/path:$PATH" + + if $_pgo; then + # Do PGO + xvfb-run -a -s "-extension GLX -screen 0 1280x1024x24" \ + make -f client.mk build MOZ_PGO=1 + else + make -f client.mk build + fi +} + +package() { + cd "$srcdir/$_pkgname-$_debver" + make -f client.mk DESTDIR="$pkgdir" INSTALL_SDK= install + + install -Dm644 ../vendor.js "$pkgdir/usr/lib/${pkgname%-*}/browser/defaults/preferences/vendor.js" + + _brandingdir=debian/branding + brandingdir=moz-objdir/$_brandingdir + icondir="$pkgdir/usr/share/icons/hicolor" + for i in 16 22 24 32 48 64 128 192 256 384; do + rsvg-convert -w $i -h $i "$_brandingdir/${pkgname}_icon.svg" \ + -o "$brandingdir/default$i.png" + install -Dm644 "$brandingdir/default$i.png" \ + "$icondir/${i}x${i}/apps/${pkgname%-*}.png" + done + + install -Dm644 "$_brandingdir/${pkgname}_icon.svg" \ + "$icondir/scalable/apps/${pkgname%-*}.svg" + + install -d "$pkgdir/usr/share/applications" + install -m644 "$srcdir/${pkgname%-*}.desktop" \ + "$pkgdir/usr/share/applications" + + # Use system-provided dictionaries + rm -rf "$pkgdir/usr/lib/${pkgname%-*}/"{dictionaries,hyphenation} + ln -s /usr/share/hunspell "$pkgdir/usr/lib/${pkgname%-*}/dictionaries" + ln -s /usr/share/hyphen "$pkgdir/usr/lib/${pkgname%-*}/hyphenation" + + # Replace duplicate binary with symlink + # https://bugzilla.mozilla.org/show_bug.cgi?id=658850 + ln -sf ${pkgname%-*} "$pkgdir/usr/lib/${pkgname%-*}/${pkgname%-*}-bin" +} diff --git a/pcr/iceweasel-hardening/drm-free.png b/pcr/iceweasel-hardening/drm-free.png new file mode 100644 index 000000000..e30994e67 Binary files /dev/null and b/pcr/iceweasel-hardening/drm-free.png differ diff --git a/pcr/iceweasel-hardening/enable-object-directory-paths.patch b/pcr/iceweasel-hardening/enable-object-directory-paths.patch new file mode 100644 index 000000000..bc938c66e --- /dev/null +++ b/pcr/iceweasel-hardening/enable-object-directory-paths.patch @@ -0,0 +1,13 @@ +diff --git a/python/mozbuild/mozbuild/frontend/context.py b/python/mozbuild/mozbuild/frontend/context.py +index 41ae8ae..dcc3263 100644 +--- a/python/mozbuild/mozbuild/frontend/context.py ++++ b/python/mozbuild/mozbuild/frontend/context.py +@@ -408,8 +408,6 @@ class Path(ContextDerivedValue, unicode): + class SourcePath(Path): + """Like Path, but limited to paths in the source directory.""" + def __init__(self, context, value): +- if value.startswith('!'): +- raise ValueError('Object directory paths are not allowed') + if value.startswith('%'): + raise ValueError('Filesystem absolute paths are not allowed') + super(SourcePath, self).__init__(context, value) diff --git a/pcr/iceweasel-hardening/gnu_headshadow.png b/pcr/iceweasel-hardening/gnu_headshadow.png new file mode 100644 index 000000000..e0f73a3bf Binary files /dev/null and b/pcr/iceweasel-hardening/gnu_headshadow.png differ diff --git a/pcr/iceweasel-hardening/iceweasel-install-dir.patch b/pcr/iceweasel-hardening/iceweasel-install-dir.patch new file mode 100644 index 000000000..af113fa85 --- /dev/null +++ b/pcr/iceweasel-hardening/iceweasel-install-dir.patch @@ -0,0 +1,13 @@ +diff --git a/config/baseconfig.mk b/config/baseconfig.mk +index 7ca8e35..6e92846 100644 +--- a/config/baseconfig.mk ++++ b/config/baseconfig.mk +@@ -5,7 +5,7 @@ + MOZ_APP_BASE_VERSION = $(firstword $(subst ., ,$(MOZ_APP_VERSION))).$(word 2,$(subst ., ,$(MOZ_APP_VERSION))) + includedir := $(includedir)/$(MOZ_APP_NAME)-$(MOZ_APP_BASE_VERSION) + idldir = $(datadir)/idl/$(MOZ_APP_NAME)-$(MOZ_APP_BASE_VERSION) +-installdir = $(libdir)/$(MOZ_APP_NAME)-$(MOZ_APP_BASE_VERSION) ++installdir = $(libdir)/$(MOZ_APP_NAME) + sdkdir = $(libdir)/$(MOZ_APP_NAME)-devel-$(MOZ_APP_BASE_VERSION) + ifndef TOP_DIST + TOP_DIST = dist diff --git a/pcr/iceweasel-hardening/iceweasel.desktop b/pcr/iceweasel-hardening/iceweasel.desktop new file mode 100644 index 000000000..028aeffde --- /dev/null +++ b/pcr/iceweasel-hardening/iceweasel.desktop @@ -0,0 +1,310 @@ +[Desktop Entry] +Version=1.0 +Name=Iceweasel +GenericName=Web Browser +GenericName[ar]=متصفح ويب +GenericName[ast]=Restolador Web +GenericName[bn]=ওয়েব ব্রাউজার +GenericName[ca]=Navegador web +GenericName[cs]=Webový prohlížeč +GenericName[da]=Webbrowser +GenericName[de]=Webbrowser +GenericName[el]=Περιηγητής διαδικτύου +GenericName[es]=Navegador web +GenericName[et]=Veebibrauser +GenericName[fa]=مرورگر اینترنتی +GenericName[fi]=WWW-selain +GenericName[fr]=Navigateur Web +GenericName[gl]=Navegador Web +GenericName[he]=דפדפן אינטרנט +GenericName[hr]=Web preglednik +GenericName[hu]=Webböngésző +GenericName[it]=Browser Web +GenericName[ja]=ウェブ・ブラウザ +GenericName[ko]=웹 브라우저 +GenericName[ku]=Geroka torê +GenericName[lt]=Interneto naršyklė +GenericName[nb]=Nettleser +GenericName[nl]=Webbrowser +GenericName[nn]=Nettlesar +GenericName[no]=Nettleser +GenericName[pl]=Przeglądarka WWW +GenericName[pt]=Navegador Web +GenericName[pt_BR]=Navegador Web +GenericName[ro]=Navigator Internet +GenericName[ru]=Веб-браузер +GenericName[sk]=Internetový prehliadač +GenericName[sl]=Spletni brskalnik +GenericName[sv]=Webbläsare +GenericName[tr]=Web Tarayıcı +GenericName[ug]=توركۆرگۈ +GenericName[uk]=Веб-браузер +GenericName[vi]=Trình duyệt Web +GenericName[zh_CN]=网络浏览器 +GenericName[zh_TW]=網路瀏覽器 +Comment=Browse the Web +Comment[ar]=تصفح الشبكة العنكبوتية العالمية +Comment[ast]=Restola pela Rede +Comment[bn]=ইন্টারনেট ব্রাউজ করুন +Comment[ca]=Navegueu per el web +Comment[cs]=Prohlížení stránek World Wide Webu +Comment[da]=Surf på internettet +Comment[de]=Im Internet surfen +Comment[el]=Μπορείτε να περιηγηθείτε στο διαδίκτυο (Web) +Comment[es]=Navegue por la web +Comment[et]=Lehitse veebi +Comment[fa]=صفحات شبکه جهانی اینترنت را مرور نمایید +Comment[fi]=Selaa Internetin WWW-sivuja +Comment[fr]=Naviguer sur le Web +Comment[gl]=Navegar pola rede +Comment[he]=גלישה ברחבי האינטרנט +Comment[hr]=Pretražite web +Comment[hu]=A világháló böngészése +Comment[it]=Esplora il web +Comment[ja]=ウェブを閲覧します +Comment[ko]=웹을 돌아 다닙니다 +Comment[ku]=Li torê bigere +Comment[lt]=Naršykite internete +Comment[nb]=Surf på nettet +Comment[nl]=Verken het internet +Comment[nn]=Surf på nettet +Comment[no]=Surf på nettet +Comment[pl]=Przeglądanie stron WWW +Comment[pt]=Navegue na Internet +Comment[pt_BR]=Navegue na Internet +Comment[ro]=Navigați pe Internet +Comment[ru]=Доступ в Интернет +Comment[sk]=Prehliadanie internetu +Comment[sl]=Brskajte po spletu +Comment[sv]=Surfa på webben +Comment[tr]=İnternet'te Gezinin +Comment[ug]=دۇنيادىكى توربەتلەرنى كۆرگىلى بولىدۇ +Comment[uk]=Перегляд сторінок Інтернету +Comment[vi]=Để duyệt các trang web +Comment[zh_CN]=浏览互联网 +Comment[zh_TW]=瀏覽網際網路 +Exec=iceweasel %u +Icon=iceweasel +Terminal=false +Type=Application +MimeType=text/html;text/xml;application/xhtml+xml;application/vnd.mozilla.xul+xml;text/mml;x-scheme-handler/http;x-scheme-handler/https; +StartupNotify=true +Categories=Network;WebBrowser; +Keywords=web;browser;internet; +Actions=new-window;new-private-window; + +[Desktop Action new-window] +Name=New Window +Name[ach]=Dirica manyen +Name[af]=Nuwe venster +Name[an]=Nueva finestra +Name[ar]=نافذة جديدة +Name[as]=নতুন উইন্ডো +Name[ast]=Ventana nueva +Name[az]=Yeni Pəncərə +Name[be]=Новае акно +Name[bg]=Нов прозорец +Name[bn_BD]=নতুন উইন্ডো (N) +Name[bn_IN]=নতুন উইন্ডো +Name[br]=Prenestr nevez +Name[brx]=गोदान उइन्ड'(N) +Name[bs]=Novi prozor +Name[ca]=Finestra nova +Name[cak]=K'ak'a' tzuwäch +Name[cs]=Nové okno +Name[cy]=Ffenestr Newydd +Name[da]=Nyt vindue +Name[de]=Neues Fenster +Name[dsb]=Nowe wokno +Name[el]=Νέο παράθυρο +Name[en_GB]=New Window +Name[en_US]=New Window +Name[en_ZA]=New Window +Name[eo]=Nova fenestro +Name[es_AR]=Nueva ventana +Name[es_CL]=Nueva ventana +Name[es_ES]=Nueva ventana +Name[es_MX]=Nueva ventana +Name[et]=Uus aken +Name[eu]=Leiho berria +Name[fa]=پنجره جدید +Name[ff]=Henorde Hesere +Name[fi]=Uusi ikkuna +Name[fr]=Nouvelle fenêtre +Name[fy_NL]=Nij finster +Name[ga_IE]=Fuinneog Nua +Name[gd]=Uinneag ùr +Name[gl]=Nova xanela +Name[gn]=Ovetã pyahu +Name[gu_IN]=નવી વિન્ડો +Name[he]=חלון חדש +Name[hi_IN]=नया विंडो +Name[hr]=Novi prozor +Name[hsb]=Nowe wokno +Name[hu]=Új ablak +Name[hy_AM]=Նոր Պատուհան +Name[id]=Jendela Baru +Name[is]=Nýr gluggi +Name[it]=Nuova finestra +Name[ja]=新しいウィンドウ +Name[ja_JP-mac]=新規ウインドウ +Name[ka]=ახალი ფანჯარა +Name[kk]=Жаңа терезе +Name[km]=បង្អួចថ្មី +Name[kn]=ಹೊಸ ಕಿಟಕಿ +Name[ko]=새 창 +Name[kok]=नवें जनेल +Name[ks]=نئئ وِنڈو +Name[lij]=Neuvo barcon +Name[lo]=ຫນ້າຕ່າງໃຫມ່ +Name[lt]=Naujas langas +Name[ltg]=Jauns lūgs +Name[lv]=Jauns logs +Name[mai]=नव विंडो +Name[mk]=Нов прозорец +Name[ml]=പുതിയ ജാലകം +Name[mr]=नवीन पटल +Name[ms]=Tetingkap Baru +Name[my]=ဝင်းဒိုးအသစ် +Name[nb_NO]=Nytt vindu +Name[ne_NP]=नयाँ सञ्झ्याल +Name[nl]=Nieuw venster +Name[nn_NO]=Nytt vindauge +Name[or]=ନୂତନ ୱିଣ୍ଡୋ +Name[pa_IN]=ਨਵੀਂ ਵਿੰਡੋ +Name[pl]=Nowe okno +Name[pt_BR]=Nova janela +Name[pt_PT]=Nova janela +Name[rm]=Nova fanestra +Name[ro]=Fereastră nouă +Name[ru]=Новое окно +Name[sat]=नावा विंडो (N) +Name[si]=නව කවුළුවක් +Name[sk]=Nové okno +Name[sl]=Novo okno +Name[son]=Zanfun taaga +Name[sq]=Dritare e Re +Name[sr]=Нови прозор +Name[sv_SE]=Nytt fönster +Name[ta]=புதிய சாளரம் +Name[te]=కొత్త విండో +Name[th]=หน้าต่างใหม่ +Name[tr]=Yeni pencere +Name[tsz]=Eraatarakua jimpani +Name[uk]=Нове вікно +Name[ur]=نیا دریچہ +Name[uz]=Yangi oyna +Name[vi]=Cửa sổ mới +Name[wo]=Palanteer bu bees +Name[xh]=Ifestile entsha +Name[zh_CN]=新建窗口 +Name[zh_TW]=開新視窗 +Exec=iceweasel --new-window %u + +[Desktop Action new-private-window] +Name=New Private Window +Name[ach]=Dirica manyen me mung +Name[af]=Nuwe privaatvenster +Name[an]=Nueva finestra privada +Name[ar]=نافذة خاصة جديدة +Name[as]=নতুন ব্যক্তিগত উইন্ডো +Name[ast]=Ventana privada nueva +Name[az]=Yeni Məxfi Pəncərə +Name[be]=Новае акно адасаблення +Name[bg]=Нов прозорец за поверително сърфиране +Name[bn_BD]=নতুন ব্যক্তিগত উইন্ডো +Name[bn_IN]=নতুন ব্যক্তিগত উইন্ডো +Name[br]=Prenestr merdeiñ prevez nevez +Name[brx]=गोदान प्राइभेट उइन्ड' +Name[bs]=Novi privatni prozor +Name[ca]=Finestra privada nova +Name[cak]=K'ak'a' ichinan tzuwäch +Name[cs]=Nové anonymní okno +Name[cy]=Ffenestr Breifat Newydd +Name[da]=Nyt privat vindue +Name[de]=Neues privates Fenster +Name[dsb]=Nowe priwatne wokno +Name[el]=Νέο παράθυρο ιδιωτικής περιήγησης +Name[en_GB]=New Private Window +Name[en_US]=New Private Window +Name[en_ZA]=New Private Window +Name[eo]=Nova privata fenestro +Name[es_AR]=Nueva ventana privada +Name[es_CL]=Nueva ventana privada +Name[es_ES]=Nueva ventana privada +Name[es_MX]=Nueva ventana privada +Name[et]=Uus privaatne aken +Name[eu]=Leiho pribatu berria +Name[fa]=پنجره ناشناس جدید +Name[ff]=Henorde Suturo Hesere +Name[fi]=Uusi yksityinen ikkuna +Name[fr]=Nouvelle fenêtre de navigation privée +Name[fy_NL]=Nij priveefinster +Name[ga_IE]=Fuinneog Nua Phríobháideach +Name[gd]=Uinneag phrìobhaideach ùr +Name[gl]=Nova xanela privada +Name[gn]=Ovetã ñemi pyahu +Name[gu_IN]=નવી ખાનગી વિન્ડો +Name[he]=חלון פרטי חדש +Name[hi_IN]=नयी निजी विंडो +Name[hr]=Novi privatni prozor +Name[hsb]=Nowe priwatne wokno +Name[hu]=Új privát ablak +Name[hy_AM]=Սկսել Գաղտնի դիտարկում +Name[id]=Jendela Mode Pribadi Baru +Name[is]=Nýr huliðsgluggi +Name[it]=Nuova finestra anonima +Name[ja]=新しいプライベートウィンドウ +Name[ja_JP-mac]=新規プライベートウインドウ +Name[ka]=ახალი პირადი ფანჯარა +Name[kk]=Жаңа жекелік терезе +Name[km]=បង្អួចឯកជនថ្មី +Name[kn]=ಹೊಸ ಖಾಸಗಿ ಕಿಟಕಿ +Name[ko]=새 사생활 보호 모드 +Name[kok]=नवो खाजगी विंडो +Name[ks]=نْو پرایوٹ وینڈو +Name[lij]=Nêuvo barcón privòu +Name[lo]=ເປີດຫນ້າຕ່າງສວນຕົວຂື້ນມາໃຫມ່ +Name[lt]=Naujas privataus naršymo langas +Name[ltg]=Jauns privatais lūgs +Name[lv]=Jauns privātais logs +Name[mai]=नया निज विंडो (W) +Name[mk]=Нов приватен прозорец +Name[ml]=പുതിയ സ്വകാര്യ ജാലകം +Name[mr]=नवीन वैयक्तिक पटल +Name[ms]=Tetingkap Persendirian Baharu +Name[my]=New Private Window +Name[nb_NO]=Nytt privat vindu +Name[ne_NP]=नयाँ निजी सञ्झ्याल +Name[nl]=Nieuw privévenster +Name[nn_NO]=Nytt privat vindauge +Name[or]=ନୂତନ ବ୍ୟକ୍ତିଗତ ୱିଣ୍ଡୋ +Name[pa_IN]=ਨਵੀਂ ਪ੍ਰਾਈਵੇਟ ਵਿੰਡੋ +Name[pl]=Nowe okno prywatne +Name[pt_BR]=Nova janela privativa +Name[pt_PT]=Nova janela privada +Name[rm]=Nova fanestra privata +Name[ro]=Fereastră privată nouă +Name[ru]=Новое приватное окно +Name[sat]=नावा निजेराक् विंडो (W ) +Name[si]=නව පුද්ගලික කවුළුව (W) +Name[sk]=Nové okno v režime Súkromné prehliadanie +Name[sl]=Novo zasebno okno +Name[son]=Sutura zanfun taaga +Name[sq]=Dritare e Re Private +Name[sr]=Нови приватан прозор +Name[sv_SE]=Nytt privat fönster +Name[ta]=புதிய தனிப்பட்ட சாளரம் +Name[te]=కొత్త ఆంతరంగిక విండో +Name[th]=หน้าต่างส่วนตัวใหม่ +Name[tr]=Yeni gizli pencere +Name[tsz]=Juchiiti eraatarakua jimpani +Name[uk]=Приватне вікно +Name[ur]=نیا نجی دریچہ +Name[uz]=Yangi maxfiy oyna +Name[vi]=Cửa sổ riêng tư mới +Name[wo]=Panlanteeru biir bu bees +Name[xh]=Ifestile yangasese entsha +Name[zh_CN]=新建隐私浏览窗口 +Name[zh_TW]=新增隱私視窗 +Exec=iceweasel --private-window %u diff --git a/pcr/iceweasel-hardening/iceweasel.install b/pcr/iceweasel-hardening/iceweasel.install new file mode 100644 index 000000000..574e0d3db --- /dev/null +++ b/pcr/iceweasel-hardening/iceweasel.install @@ -0,0 +1,31 @@ +notice() { + cat < for it in aboutHome.xhtml + // * add an entry here in the proper ordering (based on spans) + // The part of the snippet will be linked to the corresponding url. +-const DEFAULT_SNIPPETS_URLS = [ +- "https://www.mozilla.org/firefox/features/?utm_source=snippet&utm_medium=snippet&utm_campaign=default+feature+snippet" +-, "https://addons.mozilla.org/firefox/?utm_source=snippet&utm_medium=snippet&utm_campaign=addons" +-]; ++const DEFAULT_SNIPPETS_URLS = [ "" ]; + +-const SNIPPETS_UPDATE_INTERVAL_MS = 14400000; // 4 hours. ++const SNIPPETS_UPDATE_INTERVAL_MS = 86400000; // 1 Day. + + // IndexedDB storage constants. + const DATABASE_NAME = "abouthome"; + const DATABASE_VERSION = 1; +-const DATABASE_STORAGE = "persistent"; + const SNIPPETS_OBJECTSTORE_NAME = "snippets"; + var searchText; + +diff --git a/browser/base/content/abouthome/aboutHome.xhtml b/browser/base/content/abouthome/aboutHome.xhtml +index 655f64b..6dd78e5 100644 +--- a/browser/base/content/abouthome/aboutHome.xhtml ++++ b/browser/base/content/abouthome/aboutHome.xhtml +@@ -49,10 +49,6 @@ + + +
+- + +
+
+@@ -74,7 +70,7 @@ + +
+ +-
++ ++ + + +diff --git a/browser/base/jar.mn b/browser/base/jar.mn +index c9a70fc..ab0f1dd 100644 +--- a/browser/base/jar.mn ++++ b/browser/base/jar.mn +@@ -32,7 +32,8 @@ browser.jar: + content/browser/abouthome/settings.png (content/abouthome/settings.png) + content/browser/abouthome/restore.png (content/abouthome/restore.png) + content/browser/abouthome/restore-large.png (content/abouthome/restore-large.png) +- content/browser/abouthome/mozilla.png (content/abouthome/mozilla.png) ++ content/browser/abouthome/gnu_headshadow.png (content/abouthome/gnu_headshadow.png) ++ content/browser/abouthome/drm-free.png (content/abouthome/drm-free.png) + content/browser/abouthome/snippet1@2x.png (content/abouthome/snippet1@2x.png) + content/browser/abouthome/snippet2@2x.png (content/abouthome/snippet2@2x.png) + content/browser/abouthome/downloads@2x.png (content/abouthome/downloads@2x.png) +@@ -43,7 +44,6 @@ browser.jar: + content/browser/abouthome/settings@2x.png (content/abouthome/settings@2x.png) + content/browser/abouthome/restore@2x.png (content/abouthome/restore@2x.png) + content/browser/abouthome/restore-large@2x.png (content/abouthome/restore-large@2x.png) +- content/browser/abouthome/mozilla@2x.png (content/abouthome/mozilla@2x.png) + + content/browser/aboutNetError.xhtml (content/aboutNetError.xhtml) + +diff --git a/browser/locales/en-US/chrome/browser/aboutHome.dtd b/browser/locales/en-US/chrome/browser/aboutHome.dtd +index 7e3b57a..6edc89d 100644 +--- a/browser/locales/en-US/chrome/browser/aboutHome.dtd ++++ b/browser/locales/en-US/chrome/browser/aboutHome.dtd +@@ -11,14 +11,6 @@ + + + +- +-latest features."> +- +-Choose from thousands of add-ons."> + + Know your rights…"> + +diff --git a/browser/locales/en-US/chrome/browser-region/region.properties b/browser/locales/en-US/chrome/browser-region/region.properties +index e078ed5..ce2c5ed 100644 +--- a/browser/locales/en-US/chrome/browser-region/region.properties ++++ b/browser/locales/en-US/chrome/browser-region/region.properties +@@ -3,17 +3,12 @@ + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + + # Default search engine +-browser.search.defaultenginename=Google ++browser.search.defaultenginename=searx + + # Search engine order (order displayed in the search bar dropdown)s +-browser.search.order.1=Google +-browser.search.order.2=Yahoo +-browser.search.order.3=Bing +- +-# This is the default set of web based feed handlers shown in the reader +-# selection UI +-browser.contentHandlers.types.0.title=My Yahoo! +-browser.contentHandlers.types.0.uri=https://add.my.yahoo.com/rss?url=%s ++browser.search.order.1=searx ++browser.search.order.2=DuckDuckGo HTML ++browser.search.order.3=DuckDuckGo Lite + + # increment this number when anything gets changed in the list below. This will + # cause Firefox to re-read these prefs and inject any new handlers into the +@@ -22,20 +17,10 @@ browser.contentHandlers.types.0.uri=https://add.my.yahoo.com/rss?url=%s + # don't make any spelling errors here. + gecko.handlerService.defaultHandlersVersion=4 + +-# The default set of protocol handlers for webcal: +-gecko.handlerService.schemes.webcal.0.name=30 Boxes +-gecko.handlerService.schemes.webcal.0.uriTemplate=https://30boxes.com/external/widget?refer=ff&url=%s +- +-# The default set of protocol handlers for mailto: +-gecko.handlerService.schemes.mailto.0.name=Yahoo! Mail +-gecko.handlerService.schemes.mailto.0.uriTemplate=https://compose.mail.yahoo.com/?To=%s +-gecko.handlerService.schemes.mailto.1.name=Gmail +-gecko.handlerService.schemes.mailto.1.uriTemplate=https://mail.google.com/mail/?extsrc=mailto&url=%s +- + # The default set of protocol handlers for irc: +-gecko.handlerService.schemes.irc.0.name=Mibbit +-gecko.handlerService.schemes.irc.0.uriTemplate=https://www.mibbit.com/?url=%s ++gecko.handlerService.schemes.irc.0.name=Freenode Web IRC ++gecko.handlerService.schemes.irc.0.uriTemplate=https://webchat.freenode.net + + # The default set of protocol handlers for ircs: +-gecko.handlerService.schemes.ircs.0.name=Mibbit +-gecko.handlerService.schemes.ircs.0.uriTemplate=https://www.mibbit.com/?url=%s ++gecko.handlerService.schemes.ircs.0.name=Freenode Web IRC ++gecko.handlerService.schemes.ircs.0.uriTemplate=https://webchat.freenode.net +diff --git a/browser/locales/generic/profile/bookmarks.html.in b/browser/locales/generic/profile/bookmarks.html.in +index cba600e..cd4e711 100644 +--- a/browser/locales/generic/profile/bookmarks.html.in ++++ b/browser/locales/generic/profile/bookmarks.html.in +@@ -20,13 +20,20 @@ +

@bookmarks_toolbarfolder@

+
@bookmarks_toolbarfolder_description@ +

+-

@getting_started@ ++
Parabola GNU/Linux-libre +

+-

@firefox_heading@

++

Parabola GNU/Linux-libre

+

+-

@firefox_help@ +-
@firefox_customize@ +-
@firefox_community@ +-
@firefox_about@ ++
Parabola GNU/Linux-libre ++
Parabola GNU/Linux-libre Packages ++
Parabola GNU/Linux-libre Wiki ++
Parabola GNU/Linux-libre Labs ++

++

Free Software Foundation

++

++

Free Software Foundation ++
The GNU Operating System and the Free Software Movement ++
LibrePlanet ++
h-node +

+

+diff --git a/devtools/client/locales/en-US/connection-screen.dtd b/devtools/client/locales/en-US/connection-screen.dtd +index 674a408..d27e97f 100644 +--- a/devtools/client/locales/en-US/connection-screen.dtd ++++ b/devtools/client/locales/en-US/connection-screen.dtd +@@ -24,7 +24,7 @@ + +- ++ + + + +diff --git a/devtools/client/locales/en-US/sourceeditor.properties b/devtools/client/locales/en-US/sourceeditor.properties +index 01447e3..0bc043e 100644 +--- a/devtools/client/locales/en-US/sourceeditor.properties ++++ b/devtools/client/locales/en-US/sourceeditor.properties +@@ -4,7 +4,7 @@ + + # LOCALIZATION NOTE These strings are used inside the Source Editor component. + # This component is used whenever source code is displayed for the purpose of +-# being edited, inside the Firefox developer tools - current examples are the ++# being edited, inside the Iceweasel developer tools - current examples are the + # Scratchpad and the Style Editor tools. + + # LOCALIZATION NOTE The correct localization of this file might be to keep it +diff --git a/devtools/client/locales/en-US/toolbox.dtd b/devtools/client/locales/en-US/toolbox.dtd +index 53385de..fb9a95a 100644 +--- a/devtools/client/locales/en-US/toolbox.dtd ++++ b/devtools/client/locales/en-US/toolbox.dtd +@@ -117,7 +117,7 @@ values from browser.dtd. --> + - checkbox that toggles remote debugging, i.e. devtools.debugger.remote-enabled + - boolean preference in about:config, in the options panel. --> + +- ++ + + + +- ++ + + + +- ++ + + + +@@ -59,7 +59,7 @@ + + + +- ++ + + + +diff --git a/devtools/client/locales/en-US/webide.properties b/devtools/client/locales/en-US/webide.properties +index 2368ad7..05e39c7 100644 +--- a/devtools/client/locales/en-US/webide.properties ++++ b/devtools/client/locales/en-US/webide.properties +@@ -2,8 +2,8 @@ + # License, v. 2.0. If a copy of the MPL was not distributed with this + # file, You can obtain one at http://mozilla.org/MPL/2.0/. + +-title_noApp=Firefox WebIDE +-title_app=Firefox WebIDE: %S ++title_noApp=Iceweasel WebIDE ++title_app=Iceweasel WebIDE: %S + + runtimeButton_label=Select Runtime + projectButton_label=Open App +@@ -54,10 +54,10 @@ error_runtimeVersionTooRecent=The connected runtime has a more recent build date + addons_stable=stable + addons_unstable=unstable + # LOCALIZATION NOTE (addons_simulator_label): This label is shown as the name of +-# a given simulator version in the "Manage Simulators" pane. %1$S: Firefox OS ++# a given simulator version in the "Manage Simulators" pane. %1$S: Iceweasel OS + # version in the simulator, ex. 1.3. %2$S: Simulator stability label, ex. + # "stable" or "unstable". +-addons_simulator_label=Firefox OS %1$S Simulator (%2$S) ++addons_simulator_label=Iceweasel OS %1$S Simulator (%2$S) + addons_install_button=install + addons_uninstall_button=uninstall + addons_adb_label=ADB Helper Add-on diff --git a/pcr/iceweasel-hardening/mozconfig b/pcr/iceweasel-hardening/mozconfig new file mode 100644 index 000000000..7349e3ccd --- /dev/null +++ b/pcr/iceweasel-hardening/mozconfig @@ -0,0 +1,46 @@ +ac_add_options --enable-application=browser + +ac_add_options --prefix=/usr +ac_add_options --enable-release +ac_add_options --enable-gold +ac_add_options --enable-pie +ac_add_options --enable-rust + +# Release Iceweasel branding +ac_add_options --disable-official-branding +ac_add_options --with-branding=debian/branding +ac_add_options --enable-update-channel=release +MOZ_ADDON_SIGNING=1 +MOZ_REQUIRE_SIGNING=1 + +# System libraries +ac_add_options --with-system-nspr +ac_add_options --with-system-nss +ac_add_options --with-system-icu +ac_add_options --with-system-jpeg +ac_add_options --with-system-zlib +ac_add_options --with-system-bz2 +ac_add_options --with-system-libevent +ac_add_options --with-system-libvpx +ac_add_options --enable-system-hunspell +ac_add_options --enable-system-sqlite +ac_add_options --enable-system-ffi +ac_add_options --enable-system-pixman + +# Features +ac_add_options --enable-startup-notification +ac_add_options --disable-updater +ac_add_options --disable-crashreporter + +STRIP_FLAGS="--strip-debug" + +# Parabola features +ac_add_options --disable-safe-browsing +ac_add_options --disable-url-classifier +ac_add_options --disable-eme +ac_add_options --disable-gamepad + +# Other +mk_add_options MOZ_OBJDIR=@TOPSRCDIR@/moz-objdir + +# vim:set ft=sh: diff --git a/pcr/iceweasel-hardening/mozilla-1253216.patch b/pcr/iceweasel-hardening/mozilla-1253216.patch new file mode 100644 index 000000000..c9252da5f --- /dev/null +++ b/pcr/iceweasel-hardening/mozilla-1253216.patch @@ -0,0 +1,12 @@ +diff -up firefox-48.0/js/src/jit/AtomicOperations.h.old firefox-48.0/js/src/jit/AtomicOperations.h +--- firefox-48.0/js/src/jit/AtomicOperations.h.old 2016-07-27 09:42:43.148175449 +0200 ++++ firefox-48.0/js/src/jit/AtomicOperations.h 2016-07-27 09:41:13.000000000 +0200 +@@ -340,7 +340,7 @@ AtomicOperations::isLockfree(int32_t siz + # elif defined(__aarch64__) + # include "jit/arm64/AtomicOperations-arm64.h" + # else +-# include "jit/none/AtomicOperations-none.h" // These MOZ_CRASH() always ++# include "jit/none/AtomicOperations-ppc.h" + # endif + #elif defined(JS_CODEGEN_X86) || defined(JS_CODEGEN_X64) + # include "jit/x86-shared/AtomicOperations-x86-shared.h" diff --git a/pcr/iceweasel-hardening/mozilla-build-arm.patch b/pcr/iceweasel-hardening/mozilla-build-arm.patch new file mode 100644 index 000000000..774147bbb --- /dev/null +++ b/pcr/iceweasel-hardening/mozilla-build-arm.patch @@ -0,0 +1,24 @@ +diff -up firefox-46.0/media/webrtc/trunk/webrtc/build/common.gypi.arm firefox-46.0/media/webrtc/trunk/webrtc/build/common.gypi +--- firefox-46.0/media/webrtc/trunk/webrtc/build/common.gypi.arm 2016-04-25 12:03:12.486027089 +0200 ++++ firefox-46.0/media/webrtc/trunk/webrtc/build/common.gypi 2016-04-25 12:05:55.714644873 +0200 +@@ -312,20 +312,6 @@ + 'defines': [ + 'WEBRTC_ARCH_ARM', + ], +- 'conditions': [ +- ['arm_version>=7', { +- 'defines': ['WEBRTC_ARCH_ARM_V7', +- 'WEBRTC_BUILD_NEON_LIBS'], +- 'conditions': [ +- ['arm_neon==1', { +- 'defines': ['WEBRTC_ARCH_ARM_NEON',], +- }], +- ['arm_neon==0 and arm_neon_optional==1', { +- 'defines': ['WEBRTC_DETECT_ARM_NEON',], +- }], +- ], +- }], +- ], + }], + ['os_bsd==1', { + 'defines': [ diff --git a/pcr/iceweasel-hardening/remove-default-and-shell-icons-in-packaging-manifest.patch b/pcr/iceweasel-hardening/remove-default-and-shell-icons-in-packaging-manifest.patch new file mode 100644 index 000000000..6bc67b30a --- /dev/null +++ b/pcr/iceweasel-hardening/remove-default-and-shell-icons-in-packaging-manifest.patch @@ -0,0 +1,34 @@ +diff --git a/browser/installer/package-manifest.in b/browser/installer/package-manifest.in +index cffcff1..85d28cc 100644 +--- a/browser/installer/package-manifest.in ++++ b/browser/installer/package-manifest.in +@@ -653,11 +653,6 @@ + @RESPATH@/chrome/toolkit.manifest + @RESPATH@/chrome/recording.manifest + @RESPATH@/chrome/recording/* +-#ifdef MOZ_GTK +-@RESPATH@/browser/chrome/icons/default/default16.png +-@RESPATH@/browser/chrome/icons/default/default32.png +-@RESPATH@/browser/chrome/icons/default/default48.png +-#endif + @RESPATH@/browser/features/* + + ; [Webide Files] +@@ -670,17 +665,10 @@ + @RESPATH@/browser/chrome/devtools.manifest + @RESPATH@/browser/@PREF_DIR@/devtools.js + +-; shell icons +-#ifdef XP_UNIX +-#ifndef XP_MACOSX +-; shell icons +-@RESPATH@/browser/icons/*.png + #ifdef MOZ_UPDATER + ; updater icon + @RESPATH@/icons/updater.png + #endif +-#endif +-#endif + + ; [Default Preferences] + ; All the pref files must be part of base to prevent migration bugs diff --git a/pcr/iceweasel-hardening/vendor.js b/pcr/iceweasel-hardening/vendor.js new file mode 100644 index 000000000..84489482b --- /dev/null +++ b/pcr/iceweasel-hardening/vendor.js @@ -0,0 +1,351 @@ +pref("extensions.getAddons.search.url", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("extensions.getAddons.link.url", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("extensions.getAddons.search.browseURL", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("accessibility.blockautorefresh", true); +pref("browser.meta_refresh_when_inactive.disabled", true); +pref("extensions.webservice.discoverURL", "https://directory.fsf.org/wiki/GNU_IceCat"); +pref("app.faqURL", "https://libreplanet.org/wiki/Group:IceCat/FAQ"); +pref("app.update.auto", false); +pref("app.update.checkInstallTime", false); +pref("app.update.enabled", false); +pref("app.update.staging.enabled", false); +pref("app.update.url", "about:blank"); +pref("beacon.enabled", false); +pref("breakpad.reportURL", "about:blank"); +pref("browser.EULA.override", true); +pref("browser.aboutHomeSnippets.updateUrl", "about:blank"); +pref("browser.apps.URL", "about:blank"); +pref("browser.cache.disk.enable", false); +pref("browser.cache.offline.enable", false); +pref("browser.casting.enabled", false); +pref("browser.search.order.US.1", ""); +pref("browser.search.order.US.2", ""); +pref("browser.search.order.US.3", ""); +pref("gecko.handlerService.schemes.mailto.0.name", ""); +pref("browser.disableResetPrompt", true); +pref("browser.display.max_font_attempts",10); +pref("browser.display.max_font_count",10); +pref("browser.display.use_document_fonts", 0); // Prevent font fingerprinting +pref("browser.download.manager.addToRecentDocs", false); +pref("browser.download.manager.retention", 1); +pref("browser.download.manager.scanWhenDone", false); // prevents AV remote reporting of downloads +pref("browser.download.useDownloadDir", false); +pref("browser.eme.ui.enabled", false); +pref("browser.fixup.alternate.enabled", false); +pref("browser.formfill.enable", false); +pref("browser.history.allowPopState", false); // HTML5 privacy https://bugzilla.mozilla.org/show_bug.cgi?id=500328 +pref("browser.history.allowPushState", false); +pref("browser.history.allowReplaceState", false); +pref("browser.link.open_newwindow.restriction", 0); // Bug 9881: Open popups in new tabs (to avoid fullscreen popups) +pref("browser.newtab.preload", false); +pref("browser.newtabpage.directory.ping", "about:blank"); +pref("browser.newtabpage.directory.source", "about:blank"); +pref("browser.newtabpage.enabled", false); +pref("browser.newtabpage.enhanced", false); +pref("browser.newtabpage.introShown", true); +pref("browser.pocket.api", "about:blank"); +pref("browser.pocket.enabled", false); +pref("browser.pocket.enabledLocales", "about:blank"); +pref("browser.pocket.oAuthConsumerKey", "about:blank"); +pref("browser.pocket.site", "about:blank"); +pref("browser.pocket.useLocaleList", false); +pref("browser.preferences.inContent",false); +//pref("browser.privatebrowsing.autostart", true); +pref("browser.rights.3.shown", true); +pref("browser.safebrowsing.appRepURL", "about:blank"); +pref("browser.safebrowsing.enabled", false); +pref("browser.safebrowsing.malware.enabled", false); +pref("browser.safebrowsing.provider.mozilla.gethashURL", "about:blank"); +pref("browser.safebrowsing.provider.mozilla.updateURL", "about:blank"); +pref("browser.safebrowsing.downloads.remote.block_dangerous", false); +pref("browser.safebrowsing.downloads.remote.block_dangerous_host", false); +pref("browser.safebrowsing.downloads.remote.block_potentially_unwanted", false); +pref("browser.safebrowsing.downloads.remote.block_uncommon", false); +pref("browser.safebrowsing.downloads.remote.enabled", false); +pref("browser.safebrowsing.downloads.remote.url", ""); +pref("browser.safebrowsing.provider.google.gethashURL", ""); +pref("browser.safebrowsing.provider.google.updateURL", ""); +pref("browser.safebrowsing.provider.google.lists", ""); +pref("browser.search.geoSpecificDefaults.url", "about:blank"); +pref("browser.search.geoSpecificDefaults", false); +pref("browser.search.geoip.url", "about:blank"); +pref("browser.search.suggest.enabled", false); +pref("browser.search.update", false); +pref("browser.selfsupport.url", "about:blank"); +pref("browser.send_pings", false); +pref("browser.sessionstore.privacy_level", 2); +pref("browser.shell.checkDefaultBrowser", false); +pref("browser.slowStartup.maxSamples", 0); +pref("browser.slowStartup.notificationDisabled", true); +pref("browser.slowStartup.samples", 0); +pref("browser.snippets.enabled", false); +pref("browser.snippets.geoUrl", "about:blank"); +pref("browser.snippets.statsUrl", "about:blank"); +pref("browser.snippets.syncPromo.enabled", false); +pref("browser.snippets.updateUrl", "about:blank"); +pref("browser.startup.homepage_override.buildID", "20100101"); +pref("browser.startup.homepage_override.mstone", "9001.0.0"); +pref("browser.syncPromoViewsLeftMap", "{\"addons\":0, \"passwords\":0, \"bookmarks\":0}"); // Don't promote sync +pref("browser.newtabpage.remote", false); +pref("browser.tabs.crashReporting.sendReport", false); +pref("browser.tabs.remote.desktopbehavior", false); +pref("browser.toolbarbuttons.introduced.pocket-button", true); +pref("browser.uitour.enabled", false); // https://trac.torproject.org/projects/tor/ticket/19047 +pref("browser.urlbar.maxRichResults", 0); +pref("browser.webapps.checkForUpdates", 0); +pref("browser.webapps.updateCheckUrl", "about:blank"); +pref("browser.zoom.siteSpecific", false); +pref("camera.control.autofocus_moving_callback.enabled", false); +pref("camera.control.face_detection.enabled", false); +pref("captivedetect.canonicalURL", "about:blank"); +pref("datareporting.healthreport.about.reportUrl", "about:blank"); +pref("datareporting.healthreport.documentServerURI", "about:blank"); +pref("datareporting.healthreport.service.enabled", false); // Yes, all three of these must be set +pref("datareporting.healthreport.uploadEnabled", false); +pref("datareporting.policy.dataSubmissionEnabled", false); +pref("datareporting.policy.dataSubmissionPolicyVersion", 2); +pref("datareporting.policy.firstRunTime", 0); +pref("device.sensors.enabled", false); +pref("devtools.debugger.remote-enabled", false); // https://developer.mozilla.org/docs/Tools/Remote_Debugging/Debugging_Firefox_Desktop#Enable_remote_debugging +pref("devtools.devices.url", "about:blank"); +pref("devtools.gcli.imgurUploadURL", "about:blank"); +pref("devtools.gcli.jquerySrc", "about:blank"); +pref("devtools.gcli.lodashSrc", "about:blank"); +pref("devtools.gcli.underscoreSrc", "about:blank"); +pref("devtools.remote.wifi.scan", false); // http://forum.top-hat-sec.com/index.php?topic=4951.5;wap2 +pref("devtools.remote.wifi.visible", false); +pref("devtools.webide.adaptersAddonURL", "about:blank"); +pref("devtools.webide.adbAddonURL", "about:blank"); +pref("devtools.webide.addonsURL", "about:blank"); +pref("devtools.webide.enabled", false); //https://trac.torproject.org/projects/tor/ticket/16222 +pref("devtools.webide.simulatorAddonsURL", "about:blank"); +pref("devtools.webide.templatesURL", "about:blank"); +pref("dom.battery.enabled", false); // fingerprinting due to differing OS implementations +pref("dom.enable_performance", false); +pref("dom.event.clipboardevents.enabled",false); +pref("dom.gamepad.enabled", false); // bugs.torproject.org/13023 +pref("dom.indexedDB.enabled", false); +pref("dom.enable_user_timing", false); +pref("dom.event.highrestimestamp.enabled", false); +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +pref("dom.mozApps.signed_apps_installable_from", "about:blank"); +pref("dom.netinfo.enabled", false); // Network Information API provides general information about the system's connection type (WiFi, cellular, etc.) +pref("dom.network.enabled",false); // fingerprinting due to differing OS implementations +pref("dom.push.enabled", false); +pref("dom.push.serverURL", ""); +pref("dom.presentation.discovery.enabled", false); +pref("dom.presentation.discoverable", false); +pref("dom.storage.enabled", false); +pref("dom.telephony.enabled", false); // https://wiki.mozilla.org/WebAPI/Security/WebTelephony +pref("dom.vibrator.enabled", false); +pref("dom.vr.enabled", false); +pref("dom.vr.cardboard.enabled", false); +pref("dom.vr.oculus.enabled", false); +pref("dom.vr.oculus050.enabled", false); +pref("dom.vr.poseprediction.enabled", false); +pref("dom.vr.add-test-devices", 0); +pref("dom.workers.sharedWorkers.enabled", false); // See https://bugs.torproject.org/15562 +pref("dom.idle-observers-api.enabled", false); // disable idle observation +pref("experiments.enabled", false); +pref("experiments.manifest.uri", "about:blank"); +pref("extensions.blocklist.detailsURL", "about:blank"); +pref("extensions.blocklist.enabled", false); +pref("extensions.blocklist.itemURL", "about:blank"); +pref("extensions.blocklist.url", "about:blank"); +pref("extensions.bootstrappedAddons", "{}"); +pref("extensions.databaseSchema", 3); +pref("extensions.enabledScopes", 1); +// Don't disable our bundled extensions in the application directory +pref("extensions.autoDisableScopes", 11); +pref("extensions.shownSelectionUI", true); +pref("extensions.getAddons.cache.enabled", false); // https://blog.mozilla.org/addons/how-to-opt-out-of-add-on-metadata-updates/ +pref("extensions.getAddons.get.url", "about:blank"); +pref("extensions.getAddons.getWithPerformance.url", "about:blank"); +pref("extensions.getAddons.recommended.url", "about:blank"); +pref("extensions.pendingOperations", false); +pref("extensions.pocket.api", "about:blank"); +pref("extensions.pocket.enabled", false); +pref("extensions.shownSelectionUI", true); +pref("extensions.ui.lastCategory", "addons://list/extension"); +pref("extensions.update.autoUpdateDefault", false); +pref("extensions.update.enabled", false); // Fingerprints all installed addons, best to let the user decide when to run updates manually. +pref("extensions.update.background.url", ""); // User can still update manually, but we disable background updates. +pref("extensions.systemAddon.update.url", ""); // The system add-ons infrastructure that's used to ship Hello and Pocket in Firefox +pref("font.default.x-western", "sans-serif"); +pref("general.appname.override", "Netscape"); +pref("general.appversion.override", "5.0 (Windows)"); +pref("general.buildID.override", "20100101"); +pref("general.oscpu.override", "Windows NT 6.1"); +pref("general.platform.override", "Win32"); +pref("general.productSub.override", "20100101"); +pref("general.useragent.compatMode.firefox", true); +pref("general.useragent.override", "Mozilla/5.0 (Windows NT 6.1; rv:49.0) Gecko/20100101 Firefox/49.0"); +pref("general.useragent.vendor", ""); +pref("general.useragent.vendorSub", ""); +pref("general.warnOnAboutConfig", false); +pref("geo.enabled", false); +pref("geo.wifi.uri", "about:blank"); +pref("gfx.direct2d.disabled", true); +pref("gfx.downloadable_fonts.fallback_delay", -1); +pref("gfx.font_rendering.opentype_svg.enabled", false); // https://wiki.mozilla.org/SVGOpenTypeFonts - iSEC Partners Report recommends to disable this +pref("healthreport.uploadEnabled", false); +pref("identity.fxaccounts.auth.uri", "about:blank"); +pref("intl.charset.default", "windows-1252"); +pref("intl.locale.matchOS", true); +pref("javascript.options.asmjs", false); // Multiple security advisories, low level js +pref("javascript.options.wasm", false); // https://hacks.mozilla.org/2016/03/a-webassembly-milestone/ +pref("javascript.use_us_english_locale", true); +pref("javascript.options.typeinference", false); +pref("javascript.options.baselinejit.content", false); +pref("javascript.options.ion.content", false); // https://trac.torproject.org/projects/tor/ticket/9387#comment:43 +pref("keyword.enabled", false); +pref("layers.acceleration.disabled", true); +pref("layout.css.visited_links_enabled", false); +pref("lightweightThemes.update.enabled", false); // We can update our themes manually, may fingerprint the user. +pref("loop.copy.throttler", "about:blank"); +pref("loop.enabled",false); //Disable Firefox Hello +pref("loop.facebook.appId", "about:blank"); +pref("loop.facebook.enabled", false); +pref("loop.facebook.fallbackUrl", "about:blank"); +pref("loop.facebook.shareUrl", "about:blank"); +pref("loop.feedback.baseUrl", "about:blank"); +pref("loop.feedback.formURL", "about:blank"); +pref("loop.feedback.manualFormURL", "about:blank"); +pref("loop.gettingStarted.url", "about:blank"); +pref("loop.learnMoreUrl", "about:blank"); +pref("loop.legal.ToS_url", "about:blank"); +pref("loop.legal.privacy_url", "about:blank"); +pref("loop.linkClicker.url", "about:blank"); +pref("loop.oauth.google.redirect_uri", "about:blank"); +pref("loop.oauth.google.scope", "about:blank"); +pref("loop.remote.autostart", false); +pref("loop.server", "about:blank"); +pref("loop.soft_start_hostname", "about:blank"); +pref("loop.support_url", "about:blank"); +pref("loop.throttled2",false); +pref("mathml.disabled", true); // https://www.torproject.org/projects/torbrowser/design +pref("media.audio_data.enabled", false); +pref("media.autoplay.enabled", false); +pref("media.cache_size", 0); +pref("media.eme.apiVisible", false); // Disable Freedom Violating DRM Feature +pref("media.eme.enabled", false); +pref("media.getusermedia.screensharing.allowed_domains", ""); // We really don't want to be promoting Cisco and Cloudflare in a whitelist here. +pref("media.getusermedia.screensharing.enabled", false); +pref("media.gmp-eme-adobe.enabled", false); +pref("media.gmp-gmpopenh264.enabled", false); +pref("media.gmp-manager.url", "about:blank"); // Disable Gecko media plugins: https://wiki.mozilla.org/GeckoMediaPlugins +pref("media.gmp-manager.url.override", "data:text/plain"); +pref("media.gmp-provider.enabled", false); +pref("media.gmp.trial-create.enabled", false); +pref("media.navigator.enabled", false); +pref("media.peerconnection.enabled", false); // Disable WebRTC interfaces +pref("media.peerconnection.ice.default_address_only", true); +pref("media.video_stats.enabled", false); +pref("media.webspeech.recognition.enable", false); +pref("media.webspeech.synth.enabled", false); +pref("network.allow-experiments", false); +pref("network.http.altsvc.enabled", false); +pref("network.http.altsvc.oe", false); // https://trac.torproject.org/projects/tor/ticket/16673 +pref("network.dns.disablePrefetch", true); +pref("network.http.connection-retry-timeout", 0); +pref("network.http.max-persistent-connections-per-proxy", 256); +pref("network.http.pipelining", true); +pref("network.http.pipelining.aggressive", true); +pref("network.http.pipelining.max-optimistic-requests", 3); +pref("network.http.pipelining.maxrequests", 10); +pref("network.http.pipelining.maxrequests", 12); +pref("network.http.pipelining.read-timeout", 60000); +pref("network.http.pipelining.reschedule-timeout", 15000); +pref("network.http.pipelining.ssl", true); +pref("network.http.proxy.pipelining", true); +pref("network.http.speculative-parallel-limit", 0); +pref("network.jar.block-remote-files", true); // https://bugzilla.mozilla.org/show_bug.cgi?id=1173171 +pref("network.jar.open-unsafe-types", false); +pref("network.manage-offline-status", false); // https://trac.torproject.org/projects/tor/ticket/18945 +pref("network.predictor.enabled", false); // https://trac.torproject.org/projects/tor/ticket/16625 +pref("network.prefetch-next", false); +pref("network.protocol-handler.external-default", false); +pref("network.protocol-handler.external.mailto", false); +pref("network.protocol-handler.external.news", false); +pref("network.protocol-handler.external.nntp", false); +pref("network.protocol-handler.external.snews", false); +pref("network.protocol-handler.warn-external.mailto", true); +pref("network.protocol-handler.warn-external.news", true); +pref("network.protocol-handler.warn-external.nntp", true); +pref("network.protocol-handler.warn-external.snews", true); +pref("network.proxy.no_proxies_on", ""); // For fingerprinting and local service vulns (#10419) +pref("network.proxy.socks", "127.0.0.1"); +pref("network.proxy.socks_port", 9050); +pref("network.proxy.socks_remote_dns", true); +pref("network.proxy.type", 0); // Setup for TOR for default proxy, but do not enable by default. +pref("network.security.ports.banned", "9050,9051,9150,9151"); +pref("network.websocket.max-connections", 0); +//pref("nglayout.initialpaint.delay", 0); http://www.mozdev.org/pipermail/fasterfox/2006-January/000509.html +pref("noscript.forbidMedia", true); +pref("offline-apps.allow_by_default", false); // https://support.mozilla.org/en-US/questions/1014708 +pref("pdfjs.disabled", true); // https://www.exploit-db.com/exploits/37958/ +pref("permissions.memory_only", true); +pref("pfs.datasource.url", "about:blank"); // Fingerprints the user, not HTTPS. Remove it. +pref("pfs.filehint.url", "about:blank"); +pref("plugin.disable", true); // Disable to search plugins on first start +pref("plugin.expose_full_path", false); +pref("plugin.state.flash", 0); +pref("plugin.state.libgnome-shell-browser-plugin", 0); // disable Gnome Shell Integration +pref("plugins.click_to_play", true); +pref("plugins.enumerable_names", "about:blank"); +pref("plugins.hideMissingPluginsNotification", true); +pref("plugins.hide_infobar_for_missing_plugin", true); +pref("plugins.hide_infobar_for_outdated_plugin", true); +pref("plugins.notifyMissingFlash", false); +pref("privacy.announcements.enabled", false); +pref("privacy.donottrackheader.enabled", false); // http://www.howtogeek.com/126705/why-enabling-do-not-track-doesnt-stop-you-from-being-tracked/ +pref("privacy.donottrackheader.value", 1); +pref("privacy.thirdparty.isolate", 2); // Always enforce third party isolation +pref("privacy.trackingprotection.enabled", true); +pref("privacy.trackingprotection.pbmode.enabled", true); +pref("security.OCSP.enabled", 0); // https://en.wikipedia.org/wiki/Online_Certificate_Status_Protocol#Privacy_concerns +pref("security.OCSP.require", false); +pref("security.ask_for_password", 0); +pref("security.cert_pinning.enforcement_level", 2); // https://trac.torproject.org/projects/tor/ticket/16206 +pref("security.enable_tls_session_tickets", false); +pref("security.mixed_content.block_active_content", true); // Note: Can be disabled for user experience. https://bugzilla.mozilla.org/show_bug.cgi?id=878890 +pref("security.nocertdb", false); +pref("security.ssl.errorReporting.url", ""); +pref("security.ssl.errorReporting.enabled", false); +pref("security.ssl.disable_session_identifiers", true); +pref("security.ssl.enable_false_start", true); +pref("security.ssl.require_safe_negotiation", true); +pref("security.ssl.treat_unsafe_negotiation_as_broken", true); +pref("security.ssl3.rsa_seed_sha", true); +pref("security.tls.insecure_fallback_hosts.use_static_list", false); +pref("security.tls.unrestricted_rc4_fallback", false); +pref("security.tls.version.max", 3); +pref("security.tls.version.min", 1); +pref("services.kinto.base", ""); +pref("services.sync.engine.addons", false); +pref("services.sync.engine.prefs", false); // Never sync prefs, addons, or tabs with other browsers +pref("services.sync.engine.tabs", false); +pref("services.sync.prefs.sync.addons.ignoreUserEnabledChanges", false); +pref("services.sync.prefs.sync.extensions.update.enabled", false); +pref("services.sync.serverURL", "about:blank"); +pref("services.sync.jpake.serverURL", "about:blank"); +pref("signon.autofillForms", false); // disable cross-site form exposure from password manager - http://kb.mozillazine.org/Signon.autofillForms +pref("signon.rememberSignons", false); +pref("social.directories", ""); +pref("social.enabled", false); +pref("social.remote-install.enabled", false); +pref("social.shareDirectory", ""); +pref("social.toast-notifications.enabled", false); +pref("social.whitelist", ""); +pref("startup.homepage_override_url", ""); +pref("startup.homepage_welcome_url", ""); +pref("svg.in-content.enabled", true); +pref("toolkit.telemetry.enabled", false); +pref("toolkit.telemetry.server", "about:blank"); +pref("toolkit.telemetry.archive.enabled", false); +pref("ui.key.menuAccessKeyFocuses", false); // Disable "alt" as a shortcut key to open full menu bar. Conflicts with "alt" as a modifier +pref("webgl.disable-extensions", true); +pref("webgl.disabled", true); +pref("webgl.min_capability_mode", true); +pref("xpinstall.signatures.required", true); // Requires AMO signing key for addons +pref("xpinstall.whitelist.add", ""); -- cgit v1.2.3