commit 287f65fc7e496aae552e85e0b8c2fa3f6dc62e3d Author: Sukhbir Singh <sukhbir@torproject.org> Date: Sat Jun 27 04:17:20 2015 -0400 Update preferences with revised security settings --- projects/instantbird/preferences.patch | 158 ++++++++++++-------------------- 1 file changed, 57 insertions(+), 101 deletions(-) diff --git a/projects/instantbird/preferences.patch b/projects/instantbird/preferences.patch index b93c079..904a919 100644 --- a/projects/instantbird/preferences.patch +++ b/projects/instantbird/preferences.patch @@ -1,38 +1,17 @@ -# HG changeset patch -# User Sukhbir Singh <sukhbir@torproject.org> -# Date 1416649788 18000 -# Node ID 84423e51b0535ccd21aff64f10176f3e8c05b7c3 -# Parent ae1c9811a808a4c642d97bf9202cb7bfb866f6b1 -Update the security configuration preferences - diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.js --- a/im/app/profile/all-instantbird.js +++ b/im/app/profile/all-instantbird.js -@@ -3,18 +3,16 @@ - * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ - - pref("toolkit.defaultChromeURI", "chrome://instantbird/content/blist.xul"); - pref("toolkit.singletonWindowType", "Messenger:blist"); - #ifdef XP_MACOSX - pref("browser.hiddenWindowChromeURL", "chrome://instantbird/content/hiddenWindow.xul"); - #endif - --#expand pref("general.useragent.extra.instantbird", "Instantbird/__APP_VERSION__"); -- - #ifdef XP_UNIX - #ifndef XP_MACOSX - #define UNIX_BUT_NOT_MAC +@@ -64,9 +64,6 @@ #endif #endif - pref("general.smoothScroll", false); - #ifdef UNIX_BUT_NOT_MAC -@@ -112,24 +110,16 @@ pref("browser.preferences.animateFadeIn" - pref("browser.zoom.full", true); - pref("conversation.zoomLevel", "1.0"); - - pref("accessibility.typeaheadfind", false); - pref("accessibility.typeaheadfind.timeout", 5000); +-// Whether message related sounds should be played at all. If this is enabled +-// then the more specific prefs are checked as well. +-pref("messenger.options.playSounds.message", true); + // Specifies whether each message event should trigger a sound for incoming + // and outgoing messages, or when your nickname is mentioned in a chat. + pref("messenger.options.playSounds.outgoing", true); +@@ -114,14 +111,6 @@ pref("accessibility.typeaheadfind.linksonly", false); pref("accessibility.typeaheadfind.flashBar", 1); @@ -47,36 +26,26 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird. // Defines how the Application Update Service notifies the user about updates: // // AUM Set to: Minor Releases: Major Releases: - // 0 download no prompt download no prompt - // 1 download no prompt download no prompt if no incompatibilities - // 2 download no prompt prompt - // - // See chart in nsUpdateService.js.in for more details -@@ -197,17 +187,17 @@ pref("browser.search.defaultenginename", - // disable logging for the search service by default - pref("browser.search.log", false); +@@ -138,7 +127,7 @@ - // Ordering of Search Engines in the Engine list. + // If set to true, the Update Service will apply updates in the background + // when it finishes downloading them. +-pref("app.update.staging.enabled", true); ++pref("app.update.staging.enabled", false); + + // Update service URL: + // You do not need to use all the %VAR% parameters. Use what you need, %PRODUCT%,%VERSION%,%BUILD_ID%,%CHANNEL% for example +@@ -198,9 +187,6 @@ pref("browser.search.order.1", "chrome://instantbird/locale/region.properties"); pref("browser.search.order.2", "chrome://instantbird/locale/region.properties"); - // send ping to the server to update +-// send ping to the server to update -pref("browser.search.update", true); -+pref("browser.search.update", false); - +- // disable logging for the search service update system by default pref("browser.search.update.log", false); - // Check whether we need to perform engine updates every 6 hours - pref("browser.search.updateinterval", 6); - - /* Extension manager */ -@@ -217,20 +207,18 @@ pref("xpinstall.dialog.progress.chrome", - pref("xpinstall.dialog.progress.type.skin", "Extension:Manager"); - pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager"); - pref("extensions.dss.enabled", false); - pref("extensions.dss.switchPending", false); - pref("extensions.ignoreMTimeChanges", false); +@@ -219,10 +205,8 @@ pref("extensions.logging.enabled", false); pref("general.skins.selectedSkin", "classic/1.0"); @@ -87,44 +56,36 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird. // Preferences for the Get Add-ons pane pref("extensions.getAddons.cache.enabled", false); - pref("extensions.getAddons.browseAddons", "https://addons.instantbird.org/%LOCALE%/%APP%"); - pref("extensions.getAddons.maxResults", 5); - pref("extensions.getAddons.recommended.browseURL", "https://addons.instantbird.org/%LOCALE%/%APP%/recommended"); - pref("extensions.getAddons.recommended.url", "https://services.instantbird.org/%LOCALE%/%APP%/api/%API_VERSION%/list/featu..."); - pref("extensions.getAddons.search.browseURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/search?q=%TERMS%"); -@@ -239,21 +227,16 @@ pref("extensions.webservice.discoverURL" - - pref("extensions.getMoreExtensionsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/extensions/"); - pref("extensions.getMoreThemesURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/themes/"); - pref("extensions.getMorePluginsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/plugins/"); - pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/messagestyles/"); - pref("extensions.getMoreEmoticonsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/emoticons/"); +@@ -242,9 +226,9 @@ pref("extensions.getMoreProtocolsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/protocols/"); --// suppress external-load warning for standard browser schemes + // suppress external-load warning for standard browser schemes -pref("network.protocol-handler.warn-external.http", false); -pref("network.protocol-handler.warn-external.https", false); -pref("network.protocol-handler.warn-external.ftp", false); -- ++pref("network.protocol-handler.warn-external.http", true); ++pref("network.protocol-handler.warn-external.https", true); ++pref("network.protocol-handler.warn-external.ftp", true); + // don't load links inside Instantbird pref("network.protocol-handler.expose-all", false); - // Although we allow these to be exposed internally, there are various places - // (e.g. message pane) where we may divert them out to external applications. - pref("network.protocol-handler.expose.about", true); - pref("network.protocol-handler.expose.http", true); - pref("network.protocol-handler.expose.https", true); - -@@ -297,19 +280,86 @@ pref("browser.tabs.tabClipWidth", 140); - - // Where to show tab close buttons: - // 0 on active tab only - // 1 on all tabs until tabClipWidth is reached, then active tab only - // 2 no close buttons at all +@@ -258,9 +242,6 @@ + // javascript: links inside messages are filtered out. + pref("network.protocol-handler.expose.javascript", true); + +-// 0-Accept, 1-dontAcceptForeign, 2-dontUse +-pref("network.cookie.cookieBehavior", 0); +- + // The breakpad report server to link to in about:crashes + pref("breakpad.reportURL", "http://crash-stats.instantbird.com/report/index/"); + +@@ -297,14 +278,77 @@ // 3 at the end of the tabstrip pref("browser.tabs.closeButtons", 1); -#expand pref("chat.irc.defaultQuitMessage", "Instantbird __APP_VERSION__ -- http://www.instantbird.com"); -- ++#expand pref("chat.irc.defaultQuitMessage", ""); + pref("chat.twitter.consumerKey", "TSuyS1ieRAkB3qWv8yyEw"); pref("chat.twitter.consumerSecret", "DKtKaSf5a7pBNhdBsSZHTnI5Y03hRlPFYWmb4xXBlkU"); @@ -134,12 +95,12 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird. +pref("chat.prpls.forcePurple", ""); // Whether to parse log files for conversation statistics. - pref("statsService.parseLogsForStats", true); +-pref("statsService.parseLogsForStats", true); ++pref("statsService.parseLogsForStats", false); + +/* Tor Messenger */ +// Logging +// Disable all logging -+pref("purple.logging.format", "json"); +pref("purple.logging.log_chats", false); +pref("purple.logging.log_ims", false); +pref("purple.logging.log_system", false); @@ -147,29 +108,28 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird. +// Network +// Use a manual proxy configuration +pref("network.proxy.type", 1); ++// Empty the "no proxy" setting ++pref("network.proxy.no_proxies_on", ""); +// Configure Instantbird to use the SOCKS5 proxy +pref("network.proxy.socks", "127.0.0.1"); +pref("network.proxy.socks_port", 9152); +pref("network.proxy.socks_version", 5); +// Set DNS proxying through SOCKS5 +pref("network.proxy.socks_remote_dns", true); -+// Warn when an external application is to be launched -+pref("network.protocol-handler.warn-external.http", true); -+pref("network.protocol-handler.warn-external.https", true); -+pref("network.protocol-handler.warn-external.ftp", true); -+pref("network.protocol-handler.warn-external.file", true); -+pref("network.protocol-handler.warn-external-default", true); ++// Disable DNS prefetching ++pref("network.dns.disablePrefetch", true); ++// Disable SPDY ++pref("network.http.spdy.enabled", false); ++// Do not accept third-party cookies ++pref("network.cookie.cookieBehavior", 1); + +// Security +// Disable SSLv3 by setting the minimum supported protocol to TLS 1.0. +pref("security.tls.version.min", 1); +// Disable geolocation +pref("geo.enabled", false); -+// Empty the user agent -+pref("general.useragent.extra.instantbird", ""); + -+// Messenger -+// 0 = do not connect / show the account manager ++// Messenger // 0 = do not connect / show the account manager +pref("messenger.startup.action", 0); +// Do not report idle status or the away message +pref("messenger.status.awayWhenIdle", false); @@ -177,30 +137,26 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird. +pref("messenger.status.reportIdle", false); +// Do not play sounds on messaging events +pref("messenger.options.playSounds.message", false); -+ -+// Chat -+// Do not show any quit message -+pref("chat.irc.defaultQuitMessage", ""); ++// Disable text formatting (remove the tags) ++pref("messenger.options.filterMode", 0); + +// Browser +// Disable caching +pref("browser.cache.disk.enable", false); +pref("browser.cache.offline.enable", false); -+// Disable text formatting (remove the tags) -+pref("messenger.options.filterMode", 0); + +// Media ++// Disable WebRTC ++pref("media.peerconnection.enabled", false); +// Disable "Take Picture" functionality that accesses the webcam +pref("media.navigator.video.enabled", false); + -+// Enable cert pinning -+// 2. Strict. Pinning is always enforced -+pref("security.cert_pinning.enforcement_level", 2); -+ +// Updates +// Do not auto-update Instantbird -+pref("app.update.enabled", false): ++pref("app.update.enabled", false); +pref("app.update.auto", false); +// Do not auto-update extensions +pref("extensions.update.enabled", false); +pref("extensions.update.autoUpdateDefault", false); ++// Do not send ping to the server to update ++pref("browser.search.update", false);