[tor-commits] [tor-messenger-build/master] Update preferences with revised security settings

sukhbir at torproject.org sukhbir at torproject.org
Sat Jun 27 08:17:43 UTC 2015 

commit 287f65fc7e496aae552e85e0b8c2fa3f6dc62e3d
Author: Sukhbir Singh <sukhbir at torproject.org>
Date:   Sat Jun 27 04:17:20 2015 -0400

    Update preferences with revised security settings
---
 projects/instantbird/preferences.patch |  158 ++++++++++++--------------------
 1 file changed, 57 insertions(+), 101 deletions(-)

diff --git a/projects/instantbird/preferences.patch b/projects/instantbird/preferences.patch
index b93c079..904a919 100644
--- a/projects/instantbird/preferences.patch
+++ b/projects/instantbird/preferences.patch
@@ -1,38 +1,17 @@
-# HG changeset patch
-# User Sukhbir Singh <sukhbir at torproject.org>
-# Date 1416649788 18000
-# Node ID 84423e51b0535ccd21aff64f10176f3e8c05b7c3
-# Parent  ae1c9811a808a4c642d97bf9202cb7bfb866f6b1
-Update the security configuration preferences
-
 diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.js
 --- a/im/app/profile/all-instantbird.js
 +++ b/im/app/profile/all-instantbird.js
-@@ -3,18 +3,16 @@
-  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
- 
- pref("toolkit.defaultChromeURI", "chrome://instantbird/content/blist.xul");
- pref("toolkit.singletonWindowType", "Messenger:blist");
- #ifdef XP_MACOSX
- pref("browser.hiddenWindowChromeURL", "chrome://instantbird/content/hiddenWindow.xul");
- #endif
- 
--#expand pref("general.useragent.extra.instantbird", "Instantbird/__APP_VERSION__");
--
- #ifdef XP_UNIX
- #ifndef XP_MACOSX
- #define UNIX_BUT_NOT_MAC
+@@ -64,9 +64,6 @@
  #endif
  #endif
  
- pref("general.smoothScroll", false);
- #ifdef UNIX_BUT_NOT_MAC
-@@ -112,24 +110,16 @@ pref("browser.preferences.animateFadeIn"
- pref("browser.zoom.full", true);
- pref("conversation.zoomLevel", "1.0");
- 
- pref("accessibility.typeaheadfind", false);
- pref("accessibility.typeaheadfind.timeout", 5000);
+-// Whether message related sounds should be played at all. If this is enabled
+-// then the more specific prefs are checked as well.
+-pref("messenger.options.playSounds.message", true);
+ // Specifies whether each message event should trigger a sound for incoming
+ // and outgoing messages, or when your nickname is mentioned in a chat.
+ pref("messenger.options.playSounds.outgoing", true);
+@@ -114,14 +111,6 @@
  pref("accessibility.typeaheadfind.linksonly", false);
  pref("accessibility.typeaheadfind.flashBar", 1);
  
@@ -47,36 +26,26 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.
  // Defines how the Application Update Service notifies the user about updates:
  //
  // AUM Set to:        Minor Releases:     Major Releases:
- // 0                  download no prompt  download no prompt
- // 1                  download no prompt  download no prompt if no incompatibilities
- // 2                  download no prompt  prompt
- //
- // See chart in nsUpdateService.js.in for more details
-@@ -197,17 +187,17 @@ pref("browser.search.defaultenginename",
- // disable logging for the search service by default
- pref("browser.search.log", false);
+@@ -138,7 +127,7 @@
  
- // Ordering of Search Engines in the Engine list.
+ // If set to true, the Update Service will apply updates in the background
+ // when it finishes downloading them.
+-pref("app.update.staging.enabled", true);
++pref("app.update.staging.enabled", false);
+ 
+ // Update service URL:
+ // You do not need to use all the %VAR% parameters. Use what you need, %PRODUCT%,%VERSION%,%BUILD_ID%,%CHANNEL% for example
+@@ -198,9 +187,6 @@
  pref("browser.search.order.1",                "chrome://instantbird/locale/region.properties");
  pref("browser.search.order.2",                "chrome://instantbird/locale/region.properties");
  
- // send ping to the server to update
+-// send ping to the server to update
 -pref("browser.search.update", true);
-+pref("browser.search.update", false);
- 
+-
  // disable logging for the search service update system by default
  pref("browser.search.update.log", false);
  
- // Check whether we need to perform engine updates every 6 hours
- pref("browser.search.updateinterval", 6);
- 
- /* Extension manager */
-@@ -217,20 +207,18 @@ pref("xpinstall.dialog.progress.chrome",
- pref("xpinstall.dialog.progress.type.skin", "Extension:Manager");
- pref("xpinstall.dialog.progress.type.chrome", "Extension:Manager");
- pref("extensions.dss.enabled", false);
- pref("extensions.dss.switchPending", false);
- pref("extensions.ignoreMTimeChanges", false);
+@@ -219,10 +205,8 @@
  pref("extensions.logging.enabled", false);
  pref("general.skins.selectedSkin", "classic/1.0");
  
@@ -87,44 +56,36 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.
  
  // Preferences for the Get Add-ons pane
  pref("extensions.getAddons.cache.enabled", false);
- pref("extensions.getAddons.browseAddons", "https://addons.instantbird.org/%LOCALE%/%APP%");
- pref("extensions.getAddons.maxResults", 5);
- pref("extensions.getAddons.recommended.browseURL", "https://addons.instantbird.org/%LOCALE%/%APP%/recommended");
- pref("extensions.getAddons.recommended.url", "https://services.instantbird.org/%LOCALE%/%APP%/api/%API_VERSION%/list/featured/all/10/%OS%/%VERSION%");
- pref("extensions.getAddons.search.browseURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/search?q=%TERMS%");
-@@ -239,21 +227,16 @@ pref("extensions.webservice.discoverURL"
- 
- pref("extensions.getMoreExtensionsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/extensions/");
- pref("extensions.getMoreThemesURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/themes/");
- pref("extensions.getMorePluginsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/plugins/");
- pref("extensions.getMoreMessageStylesURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/messagestyles/");
- pref("extensions.getMoreEmoticonsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/emoticons/");
+@@ -242,9 +226,9 @@
  pref("extensions.getMoreProtocolsURL", "https://add-ons.instantbird.org/%LOCALE%/%APP%/%VERSION%/protocols/");
  
--// suppress external-load warning for standard browser schemes
+ // suppress external-load warning for standard browser schemes
 -pref("network.protocol-handler.warn-external.http", false);
 -pref("network.protocol-handler.warn-external.https", false);
 -pref("network.protocol-handler.warn-external.ftp", false);
--
++pref("network.protocol-handler.warn-external.http", true);
++pref("network.protocol-handler.warn-external.https", true);
++pref("network.protocol-handler.warn-external.ftp", true);
+ 
  // don't load links inside Instantbird
  pref("network.protocol-handler.expose-all", false);
- // Although we allow these to be exposed internally, there are various places
- // (e.g. message pane) where we may divert them out to external applications.
- pref("network.protocol-handler.expose.about", true);
- pref("network.protocol-handler.expose.http", true);
- pref("network.protocol-handler.expose.https", true);
- 
-@@ -297,19 +280,86 @@ pref("browser.tabs.tabClipWidth", 140);
- 
- // Where to show tab close buttons:
- // 0  on active tab only
- // 1  on all tabs until tabClipWidth is reached, then active tab only
- // 2  no close buttons at all
+@@ -258,9 +242,6 @@
+ // javascript: links inside messages are filtered out.
+ pref("network.protocol-handler.expose.javascript", true);
+ 
+-// 0-Accept, 1-dontAcceptForeign, 2-dontUse
+-pref("network.cookie.cookieBehavior", 0);
+-
+ // The breakpad report server to link to in about:crashes
+ pref("breakpad.reportURL", "http://crash-stats.instantbird.com/report/index/");
+ 
+@@ -297,14 +278,77 @@
  // 3  at the end of the tabstrip
  pref("browser.tabs.closeButtons", 1);
  
 -#expand pref("chat.irc.defaultQuitMessage", "Instantbird __APP_VERSION__ -- http://www.instantbird.com");
--
++#expand pref("chat.irc.defaultQuitMessage", "");
+ 
  pref("chat.twitter.consumerKey", "TSuyS1ieRAkB3qWv8yyEw");
  pref("chat.twitter.consumerSecret", "DKtKaSf5a7pBNhdBsSZHTnI5Y03hRlPFYWmb4xXBlkU");
  
@@ -134,12 +95,12 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.
 +pref("chat.prpls.forcePurple", "");
  
  // Whether to parse log files for conversation statistics.
- pref("statsService.parseLogsForStats", true);
+-pref("statsService.parseLogsForStats", true);
++pref("statsService.parseLogsForStats", false);
 +
 +/* Tor Messenger */
 +// Logging
 +// Disable all logging
-+pref("purple.logging.format", "json");
 +pref("purple.logging.log_chats", false);
 +pref("purple.logging.log_ims", false);
 +pref("purple.logging.log_system", false);
@@ -147,29 +108,28 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.
 +// Network
 +// Use a manual proxy configuration
 +pref("network.proxy.type", 1);
++// Empty the "no proxy" setting
++pref("network.proxy.no_proxies_on", "");
 +// Configure Instantbird to use the SOCKS5 proxy
 +pref("network.proxy.socks", "127.0.0.1");
 +pref("network.proxy.socks_port", 9152);
 +pref("network.proxy.socks_version", 5);
 +// Set DNS proxying through SOCKS5
 +pref("network.proxy.socks_remote_dns", true);
-+// Warn when an external application is to be launched
-+pref("network.protocol-handler.warn-external.http", true);
-+pref("network.protocol-handler.warn-external.https", true);
-+pref("network.protocol-handler.warn-external.ftp", true);
-+pref("network.protocol-handler.warn-external.file", true);
-+pref("network.protocol-handler.warn-external-default", true);
++// Disable DNS prefetching
++pref("network.dns.disablePrefetch", true);
++// Disable SPDY
++pref("network.http.spdy.enabled", false);
++// Do not accept third-party cookies
++pref("network.cookie.cookieBehavior", 1);
 +
 +// Security
 +// Disable SSLv3 by setting the minimum supported protocol to TLS 1.0.
 +pref("security.tls.version.min", 1);
 +// Disable geolocation
 +pref("geo.enabled", false);
-+// Empty the user agent
-+pref("general.useragent.extra.instantbird", "");
 +
-+// Messenger
-+//  0 = do not connect / show the account manager
++// Messenger //  0 = do not connect / show the account manager
 +pref("messenger.startup.action", 0);
 +// Do not report idle status or the away message
 +pref("messenger.status.awayWhenIdle", false);
@@ -177,30 +137,26 @@ diff --git a/im/app/profile/all-instantbird.js b/im/app/profile/all-instantbird.
 +pref("messenger.status.reportIdle", false);
 +// Do not play sounds on messaging events
 +pref("messenger.options.playSounds.message", false);
-+
-+// Chat
-+// Do not show any quit message
-+pref("chat.irc.defaultQuitMessage", "");
++// Disable text formatting (remove the tags)
++pref("messenger.options.filterMode", 0);
 +
 +// Browser
 +// Disable caching
 +pref("browser.cache.disk.enable", false);
 +pref("browser.cache.offline.enable", false);
-+// Disable text formatting (remove the tags)
-+pref("messenger.options.filterMode", 0);
 +
 +// Media
++// Disable WebRTC
++pref("media.peerconnection.enabled", false);
 +// Disable "Take Picture" functionality that accesses the webcam
 +pref("media.navigator.video.enabled", false);
 +
-+// Enable cert pinning
-+// 2. Strict. Pinning is always enforced
-+pref("security.cert_pinning.enforcement_level", 2);
-+
 +// Updates
 +// Do not auto-update Instantbird
-+pref("app.update.enabled", false):
++pref("app.update.enabled", false);
 +pref("app.update.auto", false);
 +// Do not auto-update extensions
 +pref("extensions.update.enabled", false);
 +pref("extensions.update.autoUpdateDefault", false);
++// Do not send ping to the server to update
++pref("browser.search.update", false);

More information about the tor-commits mailing list