=== added file 'debian/README.gNewSense' --- debian/README.gNewSense 1970-01-01 00:00:00 +0000 +++ debian/README.gNewSense 2014-12-12 20:19:21 +0000 @@ -0,0 +1,18 @@ +Changed-From-Debian: Privacy and freedom settings +Change-Type: Modified + += Privacy = +* Send Do Not Track header +* No safe-if-Google-says-so browsing +* No social stuff +* No geolocation +* No referers +* No DNS leaks with tor +* Don't say what plugins we have + += Freedom = +* Get addons from Free Software Directory +* Don't act like not having Flash is a bad thing +* Always ask to activate Flash +* No software as a service +* Don't search for addons (in list that includes non-free ones) === modified file 'debian/browser.install.in' --- debian/browser.install.in 2014-12-13 21:18:18 +0000 +++ debian/browser.install.in 2014-12-12 19:02:58 +0000 @@ -60,7 +60,6 @@ debian/@address@hidden etc/@browser@/pref debian/vendor.js usr/share/@browser@/browser/defaults/preferences -debian/debsearch.xml etc/@browser@/searchplugins/common debian/duckduckgo.xml etc/@browser@/searchplugins/common usr/lib/@browser@/browser/extensions/\{972ce4c6-7e08-4474-a285-3208198ce6fd\} usr/lib/@browser@/browser/extensions === modified file 'debian/changelog' --- debian/changelog 2014-12-13 21:18:18 +0000 +++ debian/changelog 2014-12-21 17:50:32 +0000 @@ -1,3 +1,10 @@ +iceweasel (31.3.0esr-1~deb7u1gnewsense1) ucclia; urgency=low + + * Improve freedom and privacy. + * Disable Webm and VP8 for mipsel because the Yeeloong can't build it. + + -- Sam Geeraerts Fri, 12 Dec 2014 21:18:08 +0000 + iceweasel (31.3.0esr-1~deb7u1) stable-security; urgency=medium * New upstream release. === modified file 'debian/control' --- debian/control 2014-12-13 21:18:18 +0000 +++ debian/control 2014-12-21 17:50:57 +0000 @@ -1,8 +1,8 @@ Source: iceweasel Section: web Priority: optional -Maintainer: Maintainers of Mozilla-related packages -Uploaders: Mike Hommey +Maintainer: gNewSense Hackers +XSBC-Original-Maintainer: Maintainers of Mozilla-related packages Build-Depends: autotools-dev, debhelper (>= 7.2.3), autoconf2.13, @@ -52,8 +52,8 @@ libhildonmime-dev, libosso-dev Standards-Version: 3.9.2.0 -Vcs-Git: git://git.debian.org/git/pkg-mozilla/iceweasel.git -Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/iceweasel.git +Vcs-Bzr: bzr://bzr.savannah.gnu.org/gnewsense/packages-ucclia/iceweasel/ +Vcs-Browser: http://bzr.savannah.gnu.org/lh/gnewsense/packages-ucclia/iceweasel/ Package: iceweasel Architecture: any === modified file 'debian/control.in' --- debian/control.in 2014-12-13 21:18:18 +0000 +++ debian/control.in 2014-12-12 21:14:07 +0000 @@ -1,8 +1,8 @@ Source: iceweasel Section: web Priority: optional -Maintainer: Maintainers of Mozilla-related packages -Uploaders: Mike Hommey +Maintainer: gNewSense Hackers +XSBC-Original-Maintainer: Maintainers of Mozilla-related packages Build-Depends: autotools-dev, debhelper (>= 7.2.3), autoconf2.13, @@ -64,8 +64,8 @@ libhildonmime-dev, libosso-dev Standards-Version: 3.9.2.0 -Vcs-Git: git://git.debian.org/git/pkg-mozilla/iceweasel.git -Vcs-Browser: http://git.debian.org/?p=pkg-mozilla/iceweasel.git +Vcs-Bzr: bzr://bzr.savannah.gnu.org/gnewsense/packages-ucclia/iceweasel/ +Vcs-Browser: http://bzr.savannah.gnu.org/lh/gnewsense/packages-ucclia/iceweasel/ Package: @browser@ Architecture: any === modified file 'debian/copyright' --- debian/copyright 2014-12-13 21:18:18 +0000 +++ debian/copyright 2014-12-12 22:06:18 +0000 @@ -1681,7 +1681,7 @@ * Neither the name of Google Inc. nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. -. + . THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR === modified file 'debian/duckduckgo.xml' --- debian/duckduckgo.xml 2014-12-13 21:18:18 +0000 +++ debian/duckduckgo.xml 2014-12-11 20:07:33 +0000 @@ -5,7 +5,6 @@ https://duckduckgo.com/favicon.ico - https://duckduckgo.com/ === added directory 'debian/patches/gnewsense' === added file 'debian/patches/gnewsense/Build-on-yeeloong.patch' --- debian/patches/gnewsense/Build-on-yeeloong.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/gnewsense/Build-on-yeeloong.patch 2014-12-20 20:26:28 +0000 @@ -0,0 +1,11 @@ +--- a/browser/confvars.sh ++++ b/browser/confvars.sh +@@ -65,6 +65,8 @@ + # Enable activities. These are used for FxOS developers currently. + MOZ_ACTIVITIES=1 + MOZ_JSDOWNLOADS=1 ++if test "$OS_TEST" != "mipsel"; then + MOZ_WEBM_ENCODER=1 ++fi + # Enable exact rooting on desktop. + export JSGC_USE_EXACT_ROOTING=1 === added file 'debian/patches/gnewsense/Dont-find-nonfree-addons.patch' --- debian/patches/gnewsense/Dont-find-nonfree-addons.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/gnewsense/Dont-find-nonfree-addons.patch 2014-12-12 21:01:28 +0000 @@ -0,0 +1,30 @@ +Description: Don't find non-free addons + Iceweasel gets extension and plugin information from Mozilla by default. + These lists includes non-free addons, which we don't want. As there are no + proper alternatives with only free addons we choose to disable these + searching and updating features. +Author: Sam Geeraerts +Origin: vendor +Forwarded: not-needed +Last-Update: 2014-12-12 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/toolkit/mozapps/extensions/content/extensions.css ++++ b/toolkit/mozapps/extensions/content/extensions.css +@@ -188,7 +188,7 @@ + display: none; + } + +-#addons-page .view-pane:not([type="plugin"]) .plugin-info-container { ++#addons-page .plugin-info-container { + display: none; + } + +@@ -216,6 +216,7 @@ + + #header-search { + width: 22em; ++ display: none; + } + + #header-utils-btn { === added file 'debian/patches/gnewsense/More-freedom.patch' --- debian/patches/gnewsense/More-freedom.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/gnewsense/More-freedom.patch 2014-12-19 22:02:32 +0000 @@ -0,0 +1,109 @@ +Description: Set configuration more in tune with software freedom +Author: Sam Geeraerts +Origin: vendor +Forwarded: not-needed +Last-Update: 2014-12-19 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/browser/app/profile/firefox.js ++++ b/browser/app/profile/firefox.js +@@ -43,8 +43,9 @@ + pref("extensions.getAddons.get.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/guid:%IDS%?src=firefox&appOS=%OS%&appVersion=%VERSION%"); + pref("extensions.getAddons.getWithPerformance.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/guid:%IDS%?src=firefox&appOS=%OS%&appVersion=%VERSION%&tMain=%TIME_MAIN%&tFirstPaint=%TIME_FIRST_PAINT%&tSessionRestored=%TIME_SESSION_RESTORED%"); + pref("extensions.getAddons.search.browseURL", "https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%"); +-pref("extensions.getAddons.search.url", "https://services.addons.mozilla.org/%LOCALE%/firefox/api/%API_VERSION%/search/%TERMS%/all/%MAX_RESULTS%/%OS%/%VERSION%/%COMPATIBILITY_MODE%?src=firefox"); +-pref("extensions.webservice.discoverURL", "https://services.addons.mozilla.org/%LOCALE%/firefox/discovery/pane/%VERSION%/%OS%/%COMPATIBILITY_MODE%"); ++// Get free addons from Free Software Directory ++pref("extensions.getAddons.search.url", "http://directory.fsf.org/wiki/GNU_IceCat"); ++pref("extensions.webservice.discoverURL", "http://directory.fsf.org/wiki/GNU_IceCat"); + pref("extensions.getAddons.recommended.url", "https://services.addons.mozilla.org/%LOCALE%/%APP%/api/%API_VERSION%/list/recommended/all/%MAX_RESULTS%/%OS%/%VERSION%?src=firefox"); + + // Blocklist preferences +@@ -378,7 +379,7 @@ + pref("browser.search.searchEnginesURL", "https://addons.mozilla.org/%LOCALE%/firefox/search-engines/"); + + // pointer to the default engine name +-pref("browser.search.defaultenginename", "chrome://browser-region/locale/region.properties"); ++pref("browser.search.defaultenginename", "DuckDuckGo"); + + // disable logging for the search service by default + pref("browser.search.log", false); +@@ -647,7 +648,7 @@ + + // by default we show an infobar message when pages require plugins that are blocked, or are outdated + pref("plugins.hide_infobar_for_blocked_plugin", false); +-pref("plugins.hide_infobar_for_outdated_plugin", false); ++pref("plugins.hide_infobar_for_outdated_plugin", true); + + pref("plugins.update.url", "https://www.mozilla.org/%LOCALE%/plugincheck/"); + pref("plugins.update.notifyUser", false); +@@ -661,9 +662,9 @@ + // Plugins bundled in XPIs are enabled by default. + pref("plugin.defaultXpi.state", 2); + +-// Flash is enabled by default, and Java is click-to-activate by default on ++// Flash and Java are click-to-activate by default on + // all channels. +-pref("plugin.state.flash", 2); ++pref("plugin.state.flash", 1); + pref("plugin.state.java", 1); + + // Whitelist Requests +@@ -808,8 +809,8 @@ + pref("plugin.state.f5 sam inspection host plugin", 2); + #endif + +-// display door hanger if flash not installed +-pref("plugins.notifyMissingFlash", true); ++// Don't display door hanger if flash not installed ++pref("plugins.notifyMissingFlash", false); + + #ifdef XP_WIN + pref("browser.preferences.instantApply", false); +@@ -848,8 +849,8 @@ + pref("browser.send_pings", false); + + /* initial web feed readers list */ +-pref("browser.contentHandlers.types.0.title", "chrome://browser-region/locale/region.properties"); +-pref("browser.contentHandlers.types.0.uri", "chrome://browser-region/locale/region.properties"); ++pref("browser.contentHandlers.types.0.title", ""); ++pref("browser.contentHandlers.types.0.uri", ""); + pref("browser.contentHandlers.types.0.type", "application/vnd.mozilla.maybe.feed"); + pref("browser.contentHandlers.types.1.title", "chrome://browser-region/locale/region.properties"); + pref("browser.contentHandlers.types.1.uri", "chrome://browser-region/locale/region.properties"); +@@ -883,8 +884,8 @@ + // protocol not currently listed here), we should go ahead and add those. + + // webcal +-pref("gecko.handlerService.schemes.webcal.0.name", "chrome://browser-region/locale/region.properties"); +-pref("gecko.handlerService.schemes.webcal.0.uriTemplate", "chrome://browser-region/locale/region.properties"); ++pref("gecko.handlerService.schemes.webcal.0.name", ""); ++pref("gecko.handlerService.schemes.webcal.0.uriTemplate", ""); + pref("gecko.handlerService.schemes.webcal.1.name", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.webcal.1.uriTemplate", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.webcal.2.name", "chrome://browser-region/locale/region.properties"); +@@ -893,18 +894,18 @@ + pref("gecko.handlerService.schemes.webcal.3.uriTemplate", "chrome://browser-region/locale/region.properties"); + + // mailto +-pref("gecko.handlerService.schemes.mailto.0.name", "chrome://browser-region/locale/region.properties"); +-pref("gecko.handlerService.schemes.mailto.0.uriTemplate", "chrome://browser-region/locale/region.properties"); +-pref("gecko.handlerService.schemes.mailto.1.name", "chrome://browser-region/locale/region.properties"); +-pref("gecko.handlerService.schemes.mailto.1.uriTemplate", "chrome://browser-region/locale/region.properties"); ++pref("gecko.handlerService.schemes.mailto.0.name", ""); ++pref("gecko.handlerService.schemes.mailto.0.uriTemplate", ""); ++pref("gecko.handlerService.schemes.mailto.1.name", ""); ++pref("gecko.handlerService.schemes.mailto.1.uriTemplate", ""); + pref("gecko.handlerService.schemes.mailto.2.name", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.mailto.2.uriTemplate", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.mailto.3.name", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.mailto.3.uriTemplate", "chrome://browser-region/locale/region.properties"); + + // irc +-pref("gecko.handlerService.schemes.irc.0.name", "chrome://browser-region/locale/region.properties"); +-pref("gecko.handlerService.schemes.irc.0.uriTemplate", "chrome://browser-region/locale/region.properties"); ++pref("gecko.handlerService.schemes.irc.0.name", "); ++pref("gecko.handlerService.schemes.irc.0.uriTemplate", ""); + pref("gecko.handlerService.schemes.irc.1.name", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.irc.1.uriTemplate", "chrome://browser-region/locale/region.properties"); + pref("gecko.handlerService.schemes.irc.2.name", "chrome://browser-region/locale/region.properties"); === added file 'debian/patches/gnewsense/More-privacy.patch' --- debian/patches/gnewsense/More-privacy.patch 1970-01-01 00:00:00 +0000 +++ debian/patches/gnewsense/More-privacy.patch 2014-12-19 22:19:31 +0000 @@ -0,0 +1,29 @@ +Description: Configure for more privacy +Author: Sam Geeraerts +Origin: vendor +Forwarded: not-needed +Last-Update: 2014-12-19 +--- +This patch header follows DEP-3: http://dep.debian.net/deps/dep3/ +--- a/browser/app/profile/firefox.js ++++ b/browser/app/profile/firefox.js +@@ -927,8 +927,8 @@ + pref("gecko.handlerService.allowRegisterFromDifferentHost", false); + + #ifdef MOZ_SAFE_BROWSING +-pref("browser.safebrowsing.enabled", true); +-pref("browser.safebrowsing.malware.enabled", true); ++pref("browser.safebrowsing.enabled", false); ++pref("browser.safebrowsing.malware.enabled", false); + pref("browser.safebrowsing.debug", false); + + pref("browser.safebrowsing.updateURL", "https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%VERSION%&pver=2.2&key=%GOOGLE_API_KEY%"); +@@ -1511,7 +1511,7 @@ + pref("dom.debug.propagate_gesture_events_through_content", false); + + // The request URL of the GeoLocation backend. +-pref("geo.wifi.uri", "https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_API_KEY%"); ++pref("geo.wifi.uri", ""); + #ifdef RELEASE_BUILD + pref("geo.wifi.logging.enabled", false); + #else === modified file 'debian/patches/series' --- debian/patches/series 2014-12-13 21:18:18 +0000 +++ debian/patches/series 2014-12-20 20:11:46 +0000 @@ -28,3 +28,7 @@ debian-hacks/NSS-Adds-the-SPI-Inc.-and-CAcert.org-CA-certificates.patch debian-hacks/Work-around-binutils-assertion-on-mips.patch l10n/Place-google-and-gmail-before-yandex.patch +gnewsense/Dont-find-nonfree-addons.patch +gnewsense/More-freedom.patch +gnewsense/More-privacy.patch +gnewsense/Build-on-yeeloong.patch === modified file 'debian/rules' --- debian/rules 2014-12-13 21:18:18 +0000 +++ debian/rules 2014-12-19 23:23:38 +0000 @@ -101,6 +101,11 @@ CONFIGURE_FLAGS += --enable-optimize=-O2 endif +# The Lemote Yeeloong seems to hang in a loop while compiling libpx. +ifeq ($(DEB_BUILD_ARCH),mipsel) + CONFIGURE_FLAGS += --disable-webm +endif + ifneq (,$(filter debug,$(DEB_BUILD_OPTIONS))) CONFIGURE_FLAGS += --enable-debug endif === modified file 'debian/vendor.js.in' --- debian/vendor.js.in 2014-12-13 21:18:18 +0000 +++ debian/vendor.js.in 2014-12-19 22:18:20 +0000 @@ -4,3 +4,33 @@ pref("distribution.searchplugins.defaultLocale", "en-US"); // Forbid application updates lockPref("app.update.enabled", false); + +// Disable plugin installer +pref("plugins.hide_infobar_for_missing_plugin", true); + +// Disable third party cookies +pref("network.cookie.cookieBehavior", 1); + +// Privacy +// https://webdevelopmentaid.wordpress.com/2013/10/21/customize-privacy-settings-in-mozilla-firefox-part-1-aboutconfig/ +pref("privacy.donottrackheader.enabled", true); +pref("dom.ipc.plugins.flash.subprocess.crashreporter.enabled", false); +pref("dom.storage.enabled", false); +// No social stuff +pref("social.whitelist", ""); +pref("social.directories", ""); +pref("social.remote-install.enabled", false); +// Disable geolocation +pref("geo.enabled", false); +// Don't send referers +pref("network.http.sendRefererHeader", 0); +pref("network.http.sendSecureXSiteReferrer", false); +// https://developer.mozilla.org/en-US/docs/Mozilla/Preferences/Preference_reference/dom.event.clipboardevents.enabled +pref("dom.event.clipboardevents.enabled", false); +pref("network.prefetch-next", false); +// Prevent DNS leaks when using Tor +pref("network.dns.disablePrefetch", true); +pref("network.dns.disableIPv6", true); +pref("network.proxy.socks_remote_dns", true); +// Keep our plugin information to ourselves +pref("plugins.enumerable_names", "");