2023.9

.workspace

@@ -1,7 +1,7 @@
 {
   "addons": {
-    "ghostery": "https://github.com/ghostery/ghostery-extension/releases/download/v8.11.1/ghostery-dawn-v8.11.1.zip",
-    "ghostery-search": "https://github.com/ghostery/ghostery-search-extension/releases/download/v1.1.0/ghostery_private_search-1.1.0.zip",
+    "ghostery": "https://github.com/ghostery/ghostery-extension/releases/download/v10.1.4.4/ghostery-firefox-10.1.4.zip",
+    "ghostery-search": "https://github.com/ghostery/ghostery-search-extension/releases/download/v1.1.1/ghostery_private_search-1.1.1.zip",
     "ghostery-newtab": "https://github.com/ghostery/ghostery-newtab-extension/releases/download/v0.5.3/ghostery_new_tab-0.5.3.zip"
   },
   "firefoxAddons": [
@@ -10,11 +10,11 @@
     "pictureinpicture",
     "report-site-issue"
   ],
-  "firefox": "114.0.2",
-  "app": "2023.6",
+  "firefox": "117.0.1",
+  "app": "2023.9",
   "s3bucket": "ghostery-user-agent-cache-public",
   "locales": {
-    "de": "d79045d879cadb4abd0a7ebabf7b28ebce6ede28",
-    "fr": "25e05bf2e556f9af7cf6461aa33afe47bccec284"
+    "de": "4512014206c5f5a774e47c4cae2592694bfd031f",
+    "fr": "e9d5c5bc1764f84d7499905d3a8a644095ec2eec"
   }
 }

README.md

@@ -65,7 +65,7 @@ we provide dockerised builds. These can be run using the `fern.js build` command
 
 Windows and Mac builds depend on platform frameworks being included. These should be placed in the
 `build` directory:
- * Mac: `MacOSX13.0.sdk.tar.bz2`. This can be found inside an XCode install.
+ * Mac: `MacOSX13.3.sdk.tar.bz2`. This can be found inside an XCode install.
  * Windows: `vs.tar.zstd` and `Makecab.exe`. See the end of this document to where to find these.
 
 ## Development workflow
@@ -140,10 +140,12 @@ Alternatively, the `build-*` scripts in this repo will prepare docker images wit
 ### VS Redist
 
 This can be built on windows after setting up a build environment as per [these instructions](https://firefox-source-docs.mozilla.org/setup/windows_build.html#building-firefox-on-windows).
-You will need to install the Windows 10 SDK at version `10.0.19041.0`. Then run the following to create `vs.tar.zstd`:
+You will need to install the Windows 10 SDK at version `14.29.30133`. Then run the following to create `vs2019_14.29.30133.tar.bz2`:
 
 ```bash
-./mach python --virtualenv build ./build/vs/pack_vs.py -o vs.tar.zstd ./build/vs/vs2017.yaml
+OUTPUT_DIR=PATH_TO_TEMP_FOLDER
+./mach python --virtualenv build taskcluster/scripts/misc/get_vs.py ./build/vs/vs2019.yaml $OUTPUT_DIR
+tar --zstd -cvjSf vs2019_14.29.30133.bz2 -C $OUTPUT_DIR .
 ```
 
 ### Makecab.exe

brands/ghostery/branding/pref/Better-Fox.js

@@ -3,39 +3,67 @@
 /****************************************************************************
  * Betterfox for Ghostery                                                   *
  * "Non ducor duco"                                                         *
- * version: 115                                                             *
+ * version: 116                                                             *
  * url: https://github.com/yokoffing/Betterfox                              *
 ****************************************************************************/
 
 /****************************************************************************
  * SECTION: FASTFOX                                                         *
 ****************************************************************************/
+pref("nglayout.initialpaint.delay", 0);
+pref("nglayout.initialpaint.delay_in_oopif", 0);
+pref("content.notify.interval", 100000);
+
 /** EXPERIMENTAL ***/
 pref("layout.css.grid-template-masonry-value.enabled", true); // CSS Masonry Layout
 pref("dom.enable_web_task_scheduling", true); // Prioritized Task Scheduling API
+pref("layout.css.has-selector.enabled", true); // CSS has selector
 
 /** GFX ***/
-pref("gfx.canvas.accelerated", true); // GPU-accelerated Canvas2D is enabled by default on macOS and Linux [FF110]
-// decrease video buffering on videos below 1080p
-pref("media.cache_readahead_limit", 9000); // stop reading ahead when our buffered data is this many seconds ahead of the current playback
-pref("media.cache_resume_threshold", 6000); // when a network connection is suspended, don't resume it until the amount of buffered data falls below this threshold (in seconds)
+//pref("gfx.canvas.accelerated", true); // GPU-accelerated Canvas2D is enabled by default on macOS and Linux [FF110]
+pref("gfx.canvas.accelerated.cache-items", 4096);
+pref("gfx.canvas.accelerated.cache-size", 512);
+pref("gfx.content.skia-font-cache-size", 20);
+
+/** BROWSER CACHE ***/
+pref("browser.cache.disk.enable", false);
+
+/** MEDIA CACHE ***/
+pref("media.memory_cache_max_size", 65536);
+pref("media.cache_readahead_limit", 7200);
+pref("media.cache_resume_threshold", 3600);
+
+/** IMAGE CACHE ***/
+pref("image.mem.decode_bytes_at_a_time", 32768);
 
 /** NETWORK ***/
 pref("network.buffer.cache.size", 262144); // 256 kb; default=32768 (32 kb); reduce CPU usage by requiring fewer application-to-driver data transfers
 pref("network.buffer.cache.count", 128); // default=24; reduce CPU usage by requiring fewer application-to-driver data transfers
-pref("network.dnsCacheEntries", 20000); // increase DNS cache
-pref("network.dnsCacheExpiration", 3600); // keep entries for 1 hour; pref will be ignored by DNS resolver if using DoH/TRR
-pref("network.dnsCacheExpirationGracePeriod", 300); // cache DNS entries for 5 minutes after they expire; pref will be ignored by DNS resolver if using DoH/TRR
-pref("network.ssl_tokens_cache_capacity", 32768); // increase TLS token caching (fast reconnects)
+pref("network.http.max-connections", 1800);
+pref("network.http.max-persistent-connections-per-server", 10);
+pref("network.http.max-urgent-start-excessive-connections-per-host", 5);
+pref("network.dnsCacheEntries", 1000); // increase DNS cache
+pref("network.dnsCacheExpiration", 86400); // keep entries for 1 hour; pref will be ignored by DNS resolver if using DoH/TRR
+pref("network.ssl_tokens_cache_capacity", 10240); // increase TLS token caching (fast reconnects)
+
+/** SPECULATIVE CONNECTIONS ***/
+pref("network.http.speculative-parallel-limit", 0);
+pref("network.dns.disablePrefetch", true);
+pref("browser.urlbar.speculativeConnect.enabled", false);
+pref("browser.places.speculativeConnect.enabled", false);
+pref("network.prefetch-next", false);
+pref("network.predictor.enabled", false);
+pref("network.predictor.enable-prefetch", false);
 
 /****************************************************************************
  * SECTION: SECUREFOX                                                       *
 ****************************************************************************/
 /** TRACKING PROTECTION ***/
 pref("network.http.referer.disallowCrossSiteRelaxingDefault.top_navigation", true); // enabled with ETP "Strict"; Referer: ignore ‘unsafe-url’, ‘no-referrer-when-downgrade’ and ‘origin-when-cross-origin’ for cross-site requests
 pref("privacy.query_stripping.enabled", true); // Query Stripping; Ghostery doesn't do this natively at this time
-pref("privacy.query_stripping.strip_list", "__hsfp __hssc __hstc __s _hsenc _openstat dclid fbclid gbraid gclid hsCtaTracking igshid mc_eid ml_subscriber ml_subscriber_hash msclkid oft_c oft_ck oft_d oft_id oft_ids oft_k oft_lk oft_sk oly_anon_id oly_enc_id rb_clickid s_cid twclid vero_conv vero_id wbraid wickedid yclid");
+pref("privacy.query_stripping.enabled.pbmode", true);
 pref("privacy.partition.network_state.ocsp_cache", true); // enabled with ETP "Strict"; network partitioning OSCP cache
+pref("privacy.partition.bloburl_per_partition_key", true);
 pref("extensions.webcompat.enable_shims", true); // enabled with ETP "Strict"; Smart Block shimming
 pref("browser.uitour.enabled", false); // disable UITour backend so there is no chance that a remote page can use it
 pref("privacy.globalprivacycontrol.enabled", true); // Global Privacy Control
@@ -53,26 +81,16 @@ pref("browser.xul.error_pages.expert_bad_cert", true);
 pref("security.tls.enable_0rtt_data", false);
 
 /** DISK AVOIDANCE ***/
-pref("browser.cache.disk.enable", false); // disable disk cache completely
 pref("browser.privatebrowsing.forceMediaMemoryCache", true); // disable media cache from writing to disk in Private Browsing (Ghost Mode)
-pref("browser.sessionstore.privacy_level", 2); // disable storing extra session data
 
 /** SHUTDOWN & SANITIZING ***/
 pref("privacy.history.custom", true);
 
-/** SPECULATIVE CONNECTIONS ***/
-user_pref("network.http.speculative-parallel-limit", 0);
-user_pref("network.dns.disablePrefetch", true);
-user_pref("browser.urlbar.speculativeConnect.enabled", false);
-user_pref("browser.places.speculativeConnect.enabled", false);
-user_pref("network.prefetch-next", false);
-user_pref("network.predictor.enabled", false);
-user_pref("network.predictor.enable-prefetch", false);
-
 /** SEARCH / URL BAR ***/
 pref("browser.search.separatePrivateDefault.ui.enabled", true); // Enable a seperate search engine for Private Windows
 pref("browser.urlbar.update2.engineAliasRefresh", true); // enable "Add" button under search engine menu
 pref("browser.search.suggest.enabled", false); // Live search engine suggestions (Google, Bing, etc.)
+pref("browser.formfill.enable", false); // disable Search and Form history
 pref("network.IDN_show_punycode", true);  // Enforce Punycode for Internationalized Domain Names to eliminate possible spoofing
 
 /** HTTPS-ONLY MODE ***/
@@ -88,18 +106,12 @@ pref("network.gio.supported-protocols", "");
 pref("network.trr.mode", 0); // DNS-over-HTTPS (DOH) disabled by default
 
 /** PASSWORDS AND AUTOFILL ***/
-pref("signon.formlessCapture.enabled", false); // disable formless login capture
-pref("signon.privateBrowsingCapture.enabled", false); // disable capturing credentials in private browsing
-pref("signon.autofillForms.http", false); // autofilling saved passwords on HTTP pages
 pref("signon.rememberSignons", false); // disable saving passwords
 pref("editor.truncate_user_pastes", false);
-pref("layout.forms.reveal-password-context-menu.enabled", true); // reveal password option on right-click
 
 /** ADDRESS + CREDIT CARD MANAGER ***/
 pref("extensions.formautofill.addresses.enabled", false);
 pref("extensions.formautofill.creditCards.enabled", false);
-pref("extensions.formautofill.heuristics.enabled", false);
-pref("browser.formfill.enable", false);
 
 /** MIXED CONTENT + CROSS-SITE ***/
 pref("network.auth.subresource-http-auth-allow", 1); // don't allow cross-origin sub-resources to open HTTP authentication credentials dialogs
@@ -135,7 +147,7 @@ pref("permissions.default.desktop-notification", 2); // block desktop notificati
  * SECTION: PESKYFOX                                                        *
 ****************************************************************************/
 /** UI ***/
-pref("findbar.highlightAll", true); // Show all matches in Findbar
+pref("browser.translations.enable", true); // local translation services; data doesn't leave device
 
 /** FULLSCREEN ***/
 pref("full-screen-api.transition-duration.enter", "0 0"); // transition time (instant)
@@ -171,8 +183,8 @@ pref("browser.download.open_pdf_attachments_inline", true);
 
 /** TAB BEHAVIOR ***/
 pref("browser.tabs.loadBookmarksInTabs", true); // load bookmarks in tabs
-pref("editor.truncate_user_pastes", false); // Prevent password truncation when submitting form data
-pref("layout.css.has-selector.enabled", true);
+pref("browser.menu.showViewImageInfo", true);
+pref("findbar.highlightAll", true); // Show all matches in Findbar
 
 /****************************************************************************
  * END: BETTERFOX                                                           *

brands/ghostery/branding/pref/firefox-branding.js

@@ -151,8 +151,11 @@ pref("extensions.pocket.enabled", false); // Pocket Account
 pref("extensions.pocket.api"," ");
 pref("extensions.pocket.oAuthConsumerKey", " ");
 pref("extensions.pocket.site", " ");
-pref("identity.fxaccounts.enabled", false); // Firefox Accounts & Sync
+// Firefox Accounts & Sync
+pref("identity.fxaccounts.enabled", false);
+pref("identity.fxaccounts.autoconfig.uri", "https://get.ghosterybrowser.com/health");
 pref("extensions.fxmonitor.enabled", false); // Firefox Monitor
+pref("signon.firefoxRelay.feature", ""); // Firefox Relay
 pref("signon.management.page.breach-alerts.enabled", false); // Firefox Lockwise
 pref("signon.management.page.breachAlertUrl", "");
 pref("browser.contentblocking.report.lockwise.enabled", false);

build/Linux.dockerfile

@@ -1,59 +1,59 @@
 FROM ua-build-base
 
-ENV MOZ_AUTOMATION_PACKAGE_TESTS=1 \
-    MOZ_ENABLE_FULL_SYMBOLS=1
+ENV MOZ_AUTOMATION_PACKAGE_TESTS="1" \
+    MOZ_ENABLE_FULL_SYMBOLS="1"
 
-RUN wget -nv -O /builds/worker/fetches/clang.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-clang-16/clang.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/binutils.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-binutils/binutils.tar.zst && \
+    cd /builds/worker/fetches/ && \
+    tar -xf binutils.tar.zst && \
+    rm binutils.tar.zst
+
+RUN wget -nv -O /builds/worker/fetches/clang.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-clang-16/clang.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf clang.tar.zst && \
     rm clang.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/rustc.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-rust-1.69/rustc.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/rustc.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-rust-1.71/rustc.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf rustc.tar.zst && \
     rm rustc.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/rust-size.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-rust-size/rust-size.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/rust-size.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-rust-size/rust-size.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf rust-size.tar.zst && \
     rm rust-size.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/cbindgen.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-cbindgen/cbindgen.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/cbindgen.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-cbindgen/cbindgen.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf cbindgen.tar.zst && \
     rm cbindgen.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/dump_syms.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-dump_syms/dump_syms.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/dump_syms.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-dump_syms/dump_syms.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf dump_syms.tar.zst && \
     rm dump_syms.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/sccache.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-sccache/sccache.tar.zst && \
-    cd /builds/worker/fetches/ && \
-    tar -xf sccache.tar.zst && \
-    rm sccache.tar.zst
-
-RUN wget -nv -O /builds/worker/fetches/nasm.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-nasm/nasm.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/nasm.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-nasm/nasm.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf nasm.tar.zst && \
     rm nasm.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/node.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-node-16/node.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/node.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-node-16/node.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf node.tar.zst && \
     rm node.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/pkgconf.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/linux64-pkgconf/pkgconf.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/pkgconf.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/linux64-pkgconf/pkgconf.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf pkgconf.tar.zst && \
     rm pkgconf.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/sysroot-x86_64-linux-gnu.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/sysroot-x86_64-linux-gnu/sysroot-x86_64-linux-gnu.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/sysroot-x86_64-linux-gnu.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/sysroot-x86_64-linux-gnu/sysroot-x86_64-linux-gnu.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf sysroot-x86_64-linux-gnu.tar.zst && \
     rm sysroot-x86_64-linux-gnu.tar.zst
 
-RUN wget -nv -O /builds/worker/fetches/sysroot-wasm32-wasi.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/114.0.2/sysroot-wasm32-wasi-clang-16/sysroot-wasm32-wasi.tar.zst && \
+RUN wget -nv -O /builds/worker/fetches/sysroot-wasm32-wasi.tar.zst https://ghostery-user-agent-cache-public.s3.amazonaws.com/toolchains/117.0/sysroot-wasm32-wasi-clang-16/sysroot-wasm32-wasi.tar.zst && \
     cd /builds/worker/fetches/ && \
     tar -xf sysroot-wasm32-wasi.tar.zst && \
     rm sysroot-wasm32-wasi.tar.zst