yt-dlp: fix license table for parsing properly.

libmateweather: update patch.
firefox: set higher priority than chromium based ones
2025-09-25 15:05:43 -06:00 · 2025-09-24 16:53:58 -06:00 · 2025-09-22 13:43:27 -06:00 · 2025-09-20 20:06:17 -06:00 · 2025-09-15 15:38:44 -06:00 · 2025-09-13 01:51:27 -06:00
855 changed files with 25214 additions and 1665 deletions
--- a/.gitlab/issue_templates/Default.md
+++ b/.gitlab/issue_templates/Default.md
@ -0,0 +1,52 @@
 ## Bug Report Template
 > **If you have a question or are not sure about what you are about to post, please use the forums instead.**
 > **Also, check for possible duplicate reports here or in the forum before submitting this issue.**
 ---
 ### 1. Affected Package revision / version
 <!-- Example: v1.3.2, v1.2.3trisquel1, etc -->
 ---
 ### 2. Steps to Reproduce
 <!-- List the minimal steps to reproduce the issue -->
 1. ...
 2. ...
 3. ...
 ---
 ### 3. Current Behavior
 <!-- Describe what is happening -->
 ---
 ### 4. Expected Behavior *(optional)*
 <!-- Describe what you expected to happen instead -->
 ---
 ### 5. Workaround *(optional)*
 <!-- Is there a known workaround? -->
 ---
 ### 6. Suggestions, Investigation and Possible Causes *(optional)*
 <!-- Share any insights, code references, or debugging steps you've taken -->
 ---
 ### 7. Other Tests *(optional)*
 <!-- Any other environments or tests tried? -->
 ---
--- a/helpers/DATA/apparmor-profiles-extra/70aed868a4ed76d74eecf3b210ce7bf3098ffab4.patch
+++ b/helpers/DATA/apparmor-profiles-extra/70aed868a4ed76d74eecf3b210ce7bf3098ffab4.patch
@ -0,0 +1,38 @@
 From 70aed868a4ed76d74eecf3b210ce7bf3098ffab4 Mon Sep 17 00:00:00 2001
 From: Jacob K <jacobk@disroot.org>
 Date: Wed, 12 Feb 2025 12:19:24 -0600
 Subject: [PATCH] Add some lines from Atril's profile to fix the screen reader
 ---
 profiles/usr.bin.pidgin | 8 ++++++++
 1 file changed, 8 insertions(+)
 diff --git a/profiles/usr.bin.pidgin b/profiles/usr.bin.pidgin
 index 5e18702..085301c 100644
 --- a/profiles/usr.bin.pidgin
 +++ b/profiles/usr.bin.pidgin
@@ -8,6 +8,7 @@
   #include <abstractions/bash>
   #include <abstractions/dbus-session>
   #include <abstractions/dbus-strict>
 +  #include <abstractions/dbus-accessibility>
   #include <abstractions/dconf>
   #include <abstractions/enchant>
   #include <abstractions/gnome>
@@ -82,6 +83,13 @@
   owner @{PROC}/@{pid}/auxv r,
   owner @{PROC}/@{pid}/fd/ r,
 +  # These lines were copied from Atril's profile to make the screen reader functional
 +  owner /{,var/}run/user/*/at-spi2-*/   rw,
 +  owner /{,var/}run/user/*/at-spi2-*/** rw,
 +  # Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
 +  #   https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
 +  owner /{,var/}run/user/*/at-spi/bus* rw,
 +
   # Site-specific additions and overrides. See local/README for details.
   #include <local/usr.bin.pidgin>
 }
 -- 
 2.25.1
--- a/helpers/DATA/apparmor/b5a7641dd3502fcfb897d3b96e197628b674ce3c.patch
+++ b/helpers/DATA/apparmor/b5a7641dd3502fcfb897d3b96e197628b674ce3c.patch
@ -17,7 +17,7 @@ index 01493260d..dd783992d 100644
 /etc/wildmidi/wildmidi.cfg r,
 +# pipewire
-+/usr/share/pipewire/client.conf r,
+/usr/share/pipewire/client{,-rt}.conf r,
 +
   # Include additions to the abstraction
   include if exists <abstractions/audio.d>
--- a/helpers/DATA/atril/apparmor-profile
+++ b/helpers/DATA/atril/apparmor-profile
@ -0,0 +1,350 @@
 # vim:syntax=apparmor
 # evince is not written with application confinement in mind and is designed to
 # operate within a trusted desktop session where anything running within the
 # user's session is trusted. That said, evince will often process untrusted
 # input (PDFs, images, etc). Ideally evince would be written in such a way that
 # image processing is separate from the main process and that processing
 # happens in a restrictive sandbox, but unfortunately that is not currently the
 # case. Because evince will process untrusted input, this profile aims to
 # provide some hardening, but considering evince's design and other factors such
 # as X, gsettings, accessibility, translations, DBus session and system
 # services, etc, complete confinement is not possible.
 #include <tunables/global>
 /usr/bin/atril {
  #include <abstractions/audio>
  #include <abstractions/bash>
  #include <abstractions/cups-client>
  #include <abstractions/dbus-accessibility>
  #include <abstractions/atril>
  #include <abstractions/ibus>
  #include <abstractions/nameservice>
  #include <abstractions/ubuntu-browsers>
  #include <abstractions/ubuntu-console-browsers>
  #include <abstractions/ubuntu-email>
  #include <abstractions/ubuntu-console-email>
  #include <abstractions/ubuntu-media-players>
  # allow atril to spawn browsers distributed as snaps (LP: #1794064)
  #include <abstractions/snap_browsers>
  # For now, let atril talk to any session services over dbus. We can
  # blacklist any problematic ones (but note, evince uses libsecret :\)
  #include <abstractions/dbus-session>
  #include <abstractions/dbus-strict>
  dbus (receive) bus=system,
  # Allow getting information from various system services
  dbus (send)
      bus=system
      member="Get*"
      peer=(label=unconfined),
  # Allow talking to avahi with whatever polkit allows
  dbus (send)
      bus=system
      interface="org.freedesktop.Avahi{,.*}",
  # Allow talking to colord with whatever polkit allows
  dbus (send)
      bus=system
      interface="org.freedesktop.ColorManager{,.*}",
  # Terminals for using console applications. These abstractions should ideally
  # have 'ix' to restrict access to what only atril is allowed to do
  #include <abstractions/ubuntu-gnome-terminal>
  # By default, we won't support launching a terminal program in Xterm or
  # KDE's konsole. It opens up too many unnecessary files for most users.
  # People who need this functionality can uncomment the following:
  ##include <abstractions/ubuntu-xterm>
  ##include <abstractions/ubuntu-konsole>
  /usr/bin/atril rmPx,
  /usr/bin/atril-previewer Px,
  /usr/bin/yelp Cx -> sanitized_helper,
  /usr/bin/bug-buddy px,
  # 'Show Containing Folder' (LP: #1022962)
  /usr/bin/nautilus Cx -> sanitized_helper, # Gnome
  /usr/bin/pcmanfm Cx -> sanitized_helper,  # LXDE
  /usr/bin/krusader Cx -> sanitized_helper, # KDE
  /usr/bin/thunar Cx -> sanitized_helper,   # XFCE
  # Print Dialog
  /usr/lib/@{multiarch}/libproxy/*/pxgsettings Cx -> sanitized_helper,
  # For Xubuntu to launch the browser
  #include <abstractions/exo-open>
  # For text attachments
  /usr/bin/gedit ixr,
  # For Send to
  /usr/bin/nautilus-sendto Cx -> sanitized_helper,
  # GLib desktop launch helper (used under the hood by g_app_info_launch)
  /usr/lib/@{multiarch}/glib-[0-9]*/gio-launch-desktop rmix,
  /usr/bin/env ixr,
  # allow directory listings (ie 'r' on directories) so browsing via the file
  # dialog works
  / r,
  /**/ r,
  # This is need for saving files in your home directory without an extension.
  # Changing this to '@{HOME}/** r' makes it require an extension and more
  # secure (but with 'rw', we still have abstractions/private-files-strict in
  # effect).
  owner @{HOME}/** rw,
  owner /media/**  rw,
  owner @{HOME}/.local/share/gvfs-metadata/** l,
  owner /{,var/}run/user/*/gvfs-metadata/** l,
  # Maybe add to an abstraction?
  /etc/dconf/**                                       r,
  owner @{HOME}/.cache/dconf/user                     rw,
  owner @{HOME}/.config/dconf/user                    r,
  owner @{HOME}/.config/enchant/*                     rk,
  owner /{,var/}run/user/*/dconf/                     w,
  owner /{,var/}run/user/*/dconf/user                 rw,
  owner /{,var/}run/user/*/dconf-service/keyfile/     w,
  owner /{,var/}run/user/*/dconf-service/keyfile/user rw,
  owner /{,var/}run/user/*/at-spi2-*/   rw,
  owner /{,var/}run/user/*/at-spi2-*/** rw,
  # Allow access to the non-abstract D-Bus socket used by at-spi > 2.42.0
  #   https://gitlab.gnome.org/GNOME/at-spi2-core/-/issues/43
  owner /{,var/}run/user/*/at-spi/bus* rw,
  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
  # read and write for all supported file formats
  /**.[aA][iI]         rw,
  /**.[bB][mM][pP]     rw,
  /**.[dD][jJ][vV][uU] rw,
  /**.[dD][vV][iI]     rw,
  /**.[gG][iI][fF]     rw,
  /**.[jJ][pP][gG]     rw,
  /**.[jJ][pP][eE][gG] rw,
  /**.[oO][dD][pP]     rw,
  /**.[fFpP][dD][fF]   rw,
  /**.[pP][nN][mM]     rw,
  /**.[pP][nN][gG]     rw,
  /**.[pP][sS]         rw,
  /**.[eE][pP][sS]     rw,
  /**.[tT][iI][fF]     rw,
  /**.[tT][iI][fF][fF] rw,
  /**.[xX][pP][mM]     rw,
  /**.[gG][zZ]         rw,
  /**.[bB][zZ]2        rw,
  /**.[cC][bB][rRzZ7]  rw,
  /**.[xX][zZ]         rw,
  # atril creates a temporary stream file like '.goutputstream-XXXXXX' in the
  # directory a file is saved. This allows that behavior.
  owner /**/.goutputstream-* w,
  # allow atril to spawn browsers distributed as snaps (LP: #1794064)
  /{,snap/core/[0-9]*/,snap/snapd/[0-9]*/}usr/bin/snap mrCx -> snap_browsers,
 }
 /usr/bin/atril-previewer {
  #include <abstractions/audio>
  #include <abstractions/bash>
  #include <abstractions/cups-client>
  #include <abstractions/dbus-accessibility>
  #include <abstractions/atril>
  #include <abstractions/ibus>
  #include <abstractions/nameservice>
  #include <abstractions/ubuntu-browsers>
  #include <abstractions/ubuntu-console-browsers>
  #include <abstractions/ubuntu-email>
  #include <abstractions/ubuntu-console-email>
  #include <abstractions/ubuntu-media-players>
  # For now, let atril talk to any session services over dbus. We can
  # blacklist any problematic ones (but note, evince uses libsecret :\)
  #include <abstractions/dbus-session>
  #include <abstractions/dbus-strict>
  dbus (receive) bus=system,
  # Allow getting information from various system services
  dbus (send)
      bus=system
      member="Get*"
      peer=(label=unconfined),
  # Allow talking to avahi with whatever polkit allows
  dbus (send)
      bus=system
      interface="org.freedesktop.Avahi{,.*}",
  # Allow talking to colord with whatever polkit allows
  dbus (send)
      bus=system
      interface="org.freedesktop.ColorManager{,.*}",
  # Terminals for using console applications. These abstractions should ideally
  # have 'ix' to restrict access to what only atril is allowed to do
  #include <abstractions/ubuntu-gnome-terminal>
  # By default, we won't support launching a terminal program in Xterm or
  # KDE's konsole. It opens up too many unnecessary files for most users.
  # People who need this functionality can uncomment the following:
  ##include <abstractions/ubuntu-xterm>
  /usr/bin/atril-previewer mr,
  /usr/bin/yelp Cx -> sanitized_helper,
  /usr/bin/bug-buddy px,
  # Lenient, but remember we still have abstractions/private-files-strict in
  # effect). Write is needed for 'print to file' from the previewer.
  @{HOME}/ r,
  @{HOME}/** rw,
  # Maybe add to an abstraction?
  owner /{,var/}run/user/*/dconf/          w,
  owner /{,var/}run/user/*/dconf/user      rw,
 }
 /usr/bin/atril-thumbnailer {
  #include <abstractions/base>
  #include <abstractions/private-files-strict>
  #include <abstractions/fonts>
  deny @{HOME}/.{,cache/}fontconfig/** wl,
  deny @{HOME}/missfont.log wl,
  #include <abstractions/dbus-session-strict>
  dbus (receive) bus=session,
  dbus (send)
    bus=session
    path="/org/gtk/vfs/mounttracker"
    interface="org.gtk.vfs.MountTracker"
    member="ListMountableInfo"
    peer=(label=unconfined),
  # updating gvfs-metadata for thumbnails is unneeded, so explicitly deny it
  deny dbus (send)
    bus=session
    path="/org/gtk/vfs/metadata"
    interface="org.gtk.vfs.Metadata"
    member="GetTreeFromDevice"
    peer=(label=unconfined),
  deny @{HOME}/.local/share/gvfs-metadata/* r,
  dbus (send)
    bus=session
    path="/org/gtk/vfs/Daemon"
    interface="org.gtk.vfs.Daemon"
    member="List*"
    peer=(label=unconfined),
  # The thumbnailer doesn't need access to everything in the nameservice
  # abstraction. Allow reading of /etc/passwd and /etc/group, but suppress
  # logging denial of nsswitch.conf.
  /etc/passwd r,
  /etc/group r,
  deny /etc/nsswitch.conf r,
  # TCP/UDP network access for NFS
  network inet  stream,
  network inet6 stream,
  network inet  dgram,
  network inet6 dgram,
  /etc/papersize r,
  /usr/bin/atril-thumbnailer mr,
  /etc/texmf/ r,
  /etc/texmf/** r,
  /etc/xpdf/* r,
  /usr/bin/gs-esp ixr,
  # Silence these denials since 'no new privs' drops transitions to
  # sanitized_helper, we don't want all those perms in the thumbnailer
  # and the thumbnailer generates thumbnails without these just fine.
  deny /usr/bin/mktexpk x,
  deny /usr/bin/mktextfm x,
  deny /usr/bin/dvipdfm x,
  deny /usr/bin/dvipdfmx x,
  deny /usr/bin/mkofm x,
  # supported archivers
  /{usr/,}bin/gzip ixr,
  /{usr/,}bin/bzip2 ixr,
  /usr/bin/unrar* ixr,
  /usr/bin/unzip ixr,
  /usr/bin/7zr ixr,
  /usr/lib/p7zip/7zr ixr,
  /usr/bin/7za ixr,
  /usr/lib/p7zip/7za ixr,
  /usr/bin/zipnote ixr,
  /{usr/,}bin/tar ixr,
  /usr/bin/xz ixr,
  # miscellaneous access for the above
  owner @{PROC}/@{pid}/fd/ r,
  owner @{PROC}/@{pid}/mountinfo r,
  /sys/devices/system/cpu/ r,
  # allow read access to anything in /usr/share, for plugins and input methods
  /usr/local/share/** r,
  /usr/share/** r,
  /usr/lib/ghostscript/** mr,
  /var/lib/ghostscript/** r,
  /var/lib/texmf/** r,
  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
  # read for all supported file formats
  /**.[bB][mM][pP]     r,
  /**.[dD][jJ][vV][uU] r,
  /**.[dD][vV][iI]     r,
  /**.[gG][iI][fF]     r,
  /**.[jJ][pP][gG]     r,
  /**.[jJ][pP][eE][gG] r,
  /**.[oO][dD][pP]     r,
  /**.[fFpP][dD][fF]   r,
  /**.[pP][nN][mM]     r,
  /**.[pP][nN][gG]     r,
  /**.[pP][sS]         r,
  /**.[eE][pP][sS]     r,
  /**.[eE][pP][sS][fFiI23] r,
  /**.[tT][iI][fF]     r,
  /**.[tT][iI][fF][fF] r,
  /**.[xX][pP][mM]     r,
  /**.[gG][zZ]         r,
  /**.[bB][zZ]2        r,
  /**.[cC][bB][rRzZ7]  r,
  /**.[xX][zZ]         r,
  owner @{HOME}/.texlive*/** r,
  owner @{HOME}/.texmf*/** r,
  owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
  owner @{HOME}/.local/share/{,flatpak/exports/share/}mime/** r,
  # With the network rules above, this allows data exfiltration for files
  # not covered by private-files-strict.
  @{HOME}/ r,
  owner @{HOME}/[^.]** r,
  owner /media/**  r,
  owner /tmp/.gnome_desktop_thumbnail* w,
  owner /tmp/gnome-desktop-* rw,
  owner /tmp/atril-thumbnailer*/{,**} rw,
  # these happen post pivot_root
  / r,
  deny /missfont.log w,
  # Add apparmor rule for mate's caja - LP#1798091
  owner /tmp/.mate_desktop_thumbnail* w,
  owner /tmp/mate-desktop-thumbnailer* w,
  # Fix thumbnail issue #915024
  owner @{HOME}/.cache/thumbnails/** rw,
  owner /tmp/atril-thumbnailer* rw,
 }
--- a/helpers/DATA/atril/apparmor-profile.abstraction
+++ b/helpers/DATA/atril/apparmor-profile.abstraction
@ -0,0 +1,127 @@
 # vim:syntax=apparmor
 #
 # abstraction used by atril binaries
 #
  #include <abstractions/gnome>
  #include <abstractions/p11-kit>
  #include <abstractions/ubuntu-helpers>
  @{PROC}/[0-9]*/fd/ r,
  @{PROC}/[0-9]*/mountinfo r,
  owner @{PROC}/[0-9]*/auxv r,
  owner @{PROC}/[0-9]*/status r,
  # Doesn't seem to be required, but noisy. Maybe allow 'r' for 'b*' if needed.
  # Possibly move to an abstraction if anything else needs it.
  deny /run/udev/data/** r,
  # move out to the gnome abstraction if anyone else needs these
  /etc/udev/udev.conf r,
  /sys/devices/**/block/**/uevent r,
  # apport
  /etc/default/apport r,
  # XFCE
  /etc/xfce4/defaults.list r,
  # Lubuntu
  /etc/xdg/lubuntu/applications/defaults.list r,
  # atril specific
  /etc/ r,
  /etc/fstab r,
  /etc/texmf/ r,
  /etc/texmf/** r,
  /etc/xpdf/* r,
  owner @{HOME}/.config/atril/   rw,
  owner @{HOME}/.config/atril/** rwkl,
  /usr/bin/gs-esp ixr,
  /usr/bin/mktexpk Cx -> sanitized_helper,
  /usr/bin/mktextfm Cx -> sanitized_helper,
  /usr/bin/dvipdfm Cx -> sanitized_helper,
  /usr/bin/dvipdfmx Cx -> sanitized_helper,
  # gio-launch-desktop was replaced by a very small shell script
  /{usr/,}bin/{dash,bash} ixr,
  # supported archivers
  /{usr/,}bin/gzip ixr,
  /{usr/,}bin/bzip2 ixr,
  /usr/bin/unrar* ixr,
  /usr/bin/unzip ixr,
  /usr/bin/7zr ixr,
  /usr/lib/p7zip/7zr ixr,
  /usr/bin/7za ixr,
  /usr/lib/p7zip/7za ixr,
  /usr/bin/zipnote ixr,
  /{usr/,}bin/tar ixr,
  /usr/bin/xz ixr,
  # allow read access to anything in /usr/share, for plugins and input methods
  /usr/local/share/** r,
  /usr/share/** r,
  /usr/lib/ghostscript/** mr,
  /var/lib/ghostscript/** r,
  /var/lib/texmf/{,**} r,
  # from http://live.gnome.org/Evince/SupportedDocumentFormats. Allow
  # read for all supported file formats
  /**.[aA][iI]         r,
  /**.[bB][mM][pP]     r,
  /**.[dD][jJ][vV][uU] r,
  /**.[dD][vV][iI]     r,
  /**.[gG][iI][fF]     r,
  /**.[jJ][pP][gG]     r,
  /**.[jJ][pP][eE][gG] r,
  /**.[oO][dD][pP]     r,
  /**.[fFpP][dD][fF]   r,
  /**.[pP][nN][mM]     r,
  /**.[pP][nN][gG]     r,
  /**.[pP][sS]         r,
  /**.[eE][pP][sS]     r,
  /**.[eE][pP][sS][fFiI23] r,
  /**.[tT][iI][fF]     r,
  /**.[tT][iI][fF][fF] r,
  /**.[xX][pP][mM]     r,
  /**.[gG][zZ]         r,
  /**.[bB][zZ]2        r,
  /**.[cC][bB][rRzZ7]  r,
  /**.[xX][zZ]         r,
  # Use abstractions/private-files instead of abstractions/private-files-strict
  # and add the sensitive files manually to work around LP: #451422. The goal
  # is to disallow access to the .mozilla folder in general, but to allow
  # access to the Cache directory, which the browser may tell atril to open
  # from directly.
  #include <abstractions/private-files>
  audit deny @{HOME}/.gnupg/{,**} mrwkl,
  audit deny @{HOME}/.ssh/{,**} mrwkl,
  audit deny @{HOME}/.gnome2_private/{,**} mrwkl,
  audit deny @{HOME}/.gnome2/ w,
  audit deny @{HOME}/.gnome2/keyrings/{,**} mrwkl,
  audit deny @{HOME}/.kde/{,share/,share/apps/} w,
  audit deny @{HOME}/.kde/share/apps/kwallet/{,**} mrwkl,
  audit deny @{HOME}/.pki/{,nssdb/} w,
  audit deny @{HOME}/.pki/nssdb/{,**} wl,
  audit deny @{HOME}/.mozilla/{,**/} w,
  audit deny @{HOME}/.mozilla/*/*/* mrwkl,
  audit deny @{HOME}/.mozilla/**/bookmarkbackups/{,**} mrwkl,
  audit deny @{HOME}/.mozilla/**/chrome/{,**} mrwkl,
  audit deny @{HOME}/.mozilla/**/extensions/{,**} mrwkl,
  audit deny @{HOME}/.mozilla/**/gm_scripts/{,**} mrwkl,
  audit deny @{HOME}/.config/ w,
  audit deny @{HOME}/.config/chromium/{,**} mrwkl,
  audit deny @{HOME}/.config/evolution/{,**} mrwkl,
  audit deny @{HOME}/.evolution/{,**} mrwkl,
  audit deny @{HOME}/.kde/{,share/,share/apps/} w,
  audit deny @{HOME}/.kde/share/config/{,**} mrwkl,
  audit deny @{HOME}/.kde/share/apps/kmail/{,**} mrwkl,
  audit deny @{HOME}/.{,mozilla-}thunderbird/{,**/} w,
  audit deny @{HOME}/.{,mozilla-}thunderbird/*/* mrwkl,
  audit deny @{HOME}/.{,mozilla-}thunderbird/*/[^C][^a][^c][^h][^e]*/{,**} mrwkl,
--- a/helpers/DATA/atril/atril.apport
+++ b/helpers/DATA/atril/atril.apport
@ -0,0 +1,21 @@
 '''apport package hook for atril
 (c) 2024 Luis Guzmán
 Author:
 Luis Guzmán <ark@switnet.org>
 based on evince's hook
 '''
 from apport.hookutils import *
 from os import path
 import re
 def add_info(report):
    attach_conffiles(report, 'atril')
    attach_related_packages(report, ['apparmor', 'libapparmor1',
        'libapparmor-perl', 'apparmor-utils', 'auditd', 'libaudit1'])
    attach_mac_events(report, ['/usr/bin/atril',
                               '/usr/bin/atril-previewer',
                               '/usr/bin/atril-thumbnailer'])
--- a/helpers/DATA/atril/patches/add_install_profiles_rules.patch
+++ b/helpers/DATA/atril/patches/add_install_profiles_rules.patch
@ -0,0 +1,29 @@
 diff --git a/debian/rules b/debian/rules
 old mode 100755
 new mode 100644
 index 8a7ff87..655c574
 --- a/debian/rules
 +++ b/debian/rules
@@ -52,3 +52,9 @@ override_dh_auto_configure:
 get-orig-source:
 	uscan --noconf --force-download --rename --download-current-version --destdir=..
 +
 +execute_after_dh_install:
 +	install -m 0644 -D debian/apparmor-profile debian/atril/etc/apparmor.d/usr.bin.atril
 +	install -m 0644 -D debian/apparmor-profile.abstraction debian/atril/etc/apparmor.d/abstractions/atril
 +	install -m 0644 -D debian/atril.apport debian/atril/usr/share/apport/package-hooks/source_atril.py
 +	dh_apparmor --profile-name=usr.bin.atril -patril
 diff --git a/debian/control b/debian/control
 index f5bda53..6d72cc9 100644
 --- a/debian/control
 +++ b/debian/control
@@ -9,6 +9,7 @@ Uploaders: Mike Gabriel <sunweaver@debian.org>,
            Vangelis Mouhtsis <vangelis@gnugr.org>,
            Martin Wimpress <code@flexion.org>,
 Build-Depends: debhelper-compat (= 13),
 +               dh-apparmor,
                dpkg-dev (>= 1.16.1.1),
                gobject-introspection,
                intltool,
--- a/helpers/DATA/choose-mirror/rev_Makefile.patch
+++ b/helpers/DATA/choose-mirror/rev_Makefile.patch
@ -5,7 +5,7 @@ diff -ru choose-mirror-2.78ubuntu7+10.0trisquel3/Makefile choose-mirror-2.111/Ma
 STRIP=strip
 # Derivative distributions may want to change these.
-#MIRRORLISTURL=https://anonscm.debian.org/git/mirror/mirror-masterlist.git/plain/Mirrors.masterlist
+-#MIRRORLISTURL=https://gitlab.trisquel.org/trisquel/trisquel-packages/-/raw/master/extra/mirrors/Mirrors.masterlist
 -MASTERLIST=Mirrors.masterlist.trisquel
 +MIRRORLISTURL=https://salsa.debian.org/mirror-team/masterlist/raw/master/Mirrors.masterlist
 +MASTERLIST=Mirrors.masterlist
--- a/helpers/DATA/cron/license-info-fix.patch
+++ b/helpers/DATA/cron/license-info-fix.patch
@ -0,0 +1,37 @@
 diff --git a/debian/copyright b/debian/copyright
 index 3c8824f..c6ec81a 100644
 --- a/debian/copyright
 +++ b/debian/copyright
@@ -38,7 +38,7 @@ License: GPL-2+
 Files: debian/examples/crontab2english.pl
 Copyright: 2001, Sean M. Burke
 -License: Artistic
 +License: GPL-1+ or Artistic
 License: Paul-Vixie's-license
  Distribute freely, except: don't remove my name from the source or
@@ -67,6 +67,23 @@ License: GPL-2+
  On Debian systems, the complete text of the GNU General
  Public License version 2 can be found in "/usr/share/common-licenses/GPL-2".
 +License: GPL-1+
 + This package is free software; you can redistribute it and/or modify
 + it under the terms of the GNU General Public License as published by
 + the Free Software Foundation; either version 1 of the License, or
 + (at your option) any later version.
 + .
 + This package is distributed in the hope that it will be useful,
 + but WITHOUT ANY WARRANTY; without even the implied warranty of
 + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 + GNU General Public License for more details.
 + .
 + You should have received a copy of the GNU General Public License
 + along with this program. If not, see <http://www.gnu.org/licenses/>
 + .
 + On Debian systems, the complete text of the GNU General
 + Public License version 1 can be found in "/usr/share/common-licenses/GPL-1".
 +
 License: Artistic
  This program is free software; you can redistribute it and/or modify it
  under the terms of the "Artistic License" which comes with Debian.
--- a/helpers/DATA/debconf-kde/patch_changes/000-fix_TPH_212_LP_1851573.patch
+++ b/helpers/DATA/debconf-kde/patch_changes/000-fix_TPH_212_LP_1851573.patch
@ -0,0 +1,33 @@
 diff --git a/tools/main.cpp b/tools/main.cpp
 index 813aba5a..5f91e057 100644
 --- a/tools/main.cpp
 +++ b/tools/main.cpp
@@ -37,6 +37,8 @@
 #include <DebconfGui.h>
 +#include <pwd.h>
 +
 using namespace DebconfKde;
 // Handle SIGQUIT. Clients (e.g. packagekit) may use QUIT which would otherwise
@@ -73,6 +76,19 @@ static void setupQuitHandler() {
 int main(int argc, char **argv)
 {
 +    /* TPH: #212 | LP: #1851573 — When the helper is started through pkexec/aptdaemon
 +     * the environment may arrive without $HOME.  Without HOME, KConfig writes
 +     * to "//.config/..." and shows a "not writable" dialog for every debconf
 +     * question.  Substitute the passwd entry’s home directory.
 +     */
 +    const char *homeEnv = getenv("HOME");
 +    if (!homeEnv || homeEnv[0] == '\0') {
 +        struct passwd *pw = getpwuid(getuid());
 +        if (pw && pw->pw_dir) {
 +            setenv("HOME", pw->pw_dir, /* overwrite = */ 1);
 +        }
 +    }
 +
     QApplication app(argc, argv);
     setupQuitHandler();
--- a/helpers/DATA/debootstrap/ecne
+++ b/helpers/DATA/debootstrap/ecne
@ -0,0 +1 @@
 trisquel
--- a/helpers/DATA/dino-im/cve/01_ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch
+++ b/helpers/DATA/dino-im/cve/01_ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec.patch
@ -0,0 +1,37 @@
 From ef8fb0e94ce79d5fde2943e433ad0422eb7f70ec Mon Sep 17 00:00:00 2001
 From: Marvin W <git@larma.de>
 Date: Thu, 23 Mar 2023 10:13:30 -0600
 Subject: [PATCH] Check sender of bookmark:1 updates
 ---
 xmpp-vala/src/module/xep/0402_bookmarks2.vala | 10 ++++++++++
 1 file changed, 10 insertions(+)
 diff --git a/xmpp-vala/src/module/xep/0402_bookmarks2.vala b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
 index 406f37f43..d1e53e6e3 100644
 --- a/xmpp-vala/src/module/xep/0402_bookmarks2.vala
 +++ b/xmpp-vala/src/module/xep/0402_bookmarks2.vala
@@ -68,6 +68,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
     }
     private void on_pupsub_item(XmppStream stream, Jid jid, string id, StanzaNode? node) {
 +        if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
 +            warning("Received alleged bookmarks:1 item from %s, ignoring", jid.to_string());
 +            return;
 +        }
 +
         Conference conference = parse_item_node(node, id);
         Flag? flag = stream.get_flag(Flag.IDENTITY);
         if (flag != null) {
@@ -77,6 +82,11 @@ public class Module : BookmarksProvider, XmppStreamModule {
     }
     private void on_pupsub_retract(XmppStream stream, Jid jid, string id) {
 +        if (!jid.equals(stream.get_flag(Bind.Flag.IDENTITY).my_jid.bare_jid)) {
 +            warning("Received alleged bookmarks:1 retract from %s, ignoring", jid.to_string());
 +            return;
 +        }
 +
         try {
             Jid jid_parsed = new Jid(id);
             Flag? flag = stream.get_flag(Flag.IDENTITY);
--- a/helpers/DATA/distro-info-data/README.Debian.patch
+++ b/helpers/DATA/distro-info-data/README.Debian.patch
@ -1,5 +1,5 @@
--- debian/README.Debian	2019-10-17 15:10:30.000000000 -0500
+--- a/debian/README.Debian	2019-10-17 15:10:30.000000000 -0500
-+++ debian/README.Debian_trisquel	2021-11-26 13:26:20.362971709 -0600
+++ b/debian/README.Debian	2021-11-26 13:26:20.362971709 -0600
@@ -2,7 +2,7 @@
 ===========
--- a/helpers/DATA/distro-info-data/add_trisquel_tools_py.patch
+++ b/helpers/DATA/distro-info-data/add_trisquel_tools_py.patch
@ -1,5 +1,5 @@
--- lib/tools.py	2021-10-15 08:01:00.000000000 -0500
+--- a/lib/tools.py	2021-10-15 08:01:00.000000000 -0500
-+++ lib/tools.py	2022-04-06 12:27:07.672427372 -0500
+++ a/lib/tools.py	2022-04-06 12:27:07.672427372 -0500
@@ -37,7 +37,7 @@
 def main(validation_function):
     """Main function with command line parameter parsing."""
--- a/helpers/DATA/distro-info-data/add_trisquel_validate.patch
+++ b/helpers/DATA/distro-info-data/add_trisquel_validate.patch
@ -1,5 +1,5 @@
--- validate-csv-data	2021-10-15 08:01:00.000000000 -0500
+--- a/validate-csv-data	2021-10-15 08:01:00.000000000 -0500
-+++ validate-csv-data	2022-04-06 12:27:29.004706669 -0500
+++ b/validate-csv-data	2022-04-06 12:27:29.004706669 -0500
@@ -27,6 +27,13 @@
--- a/helpers/DATA/distro-info-data/trisquel.csv
+++ b/helpers/DATA/distro-info-data/trisquel.csv
@ -12,3 +12,4 @@ version,codename,series,created,release,eol,upstream
 9.0 LTS,Etiona,etiona,2017-10-19,2020-10-16,2023-05-31,bionic
 10.0 LTS,Nabia,nabia,2019-10-17,2021-12-16,2025-05-29,focal
 11.0 LTS,Aramo,aramo,2021-10-14,2023-03-19,2027-06-01,jammy
 12.0 LTS,Ecne,ecne,2023-10-12,2029-05-31,2029-05-31,noble
--- a/helpers/DATA/firefox/branding/content/about-wordmark.svg
+++ b/helpers/DATA/firefox/branding/content/about-wordmark.svg
--- a/helpers/DATA/firefox/branding/content/aboutDialog.css
+++ b/helpers/DATA/firefox/branding/content/aboutDialog.css
@ -40,8 +40,9 @@
 }
 #rightBox {
-  margin-left: 30px;
+  background-size: auto 64px;
-  margin-right: 30px;
+  margin-inline: 30px;
  padding-top: 64px;
 }
 #bottomBox {
--- a/helpers/DATA/firefox/branding/content/firefox-wordmark.svg
+++ b/helpers/DATA/firefox/branding/content/firefox-wordmark.svg
--- a/helpers/DATA/firefox/default-strict.patch
+++ b/helpers/DATA/firefox/default-strict.patch
@ -1,7 +1,8 @@
-diff -ru firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs_fix
+diff --git a/browser/components/BrowserGlue.sys.mjs b/browser/components/BrowserGlue.sys.mjs
--- firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs	2023-02-07 01:52:32.000000000 -0600
+index 8fa6f7a..a34ab8b 100644
-+++ firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs_fix	2023-02-07 14:52:59.465762604 -0600
+--- a/browser/components/BrowserGlue.sys.mjs
-@@ -1637,6 +1637,19 @@
+++ b/browser/components/BrowserGlue.sys.mjs
@@ -1860,6 +1860,19 @@ BrowserGlue.prototype = {
       }
     });
@ -18,6 +19,6 @@ diff -ru firefox-110.0+build1/browser/components/BrowserGlue.sys.mjs firefox-110
 +      Services.prefs.setStringPref("browser.contentblocking.category", "strict"); this._updateCBCategory;
 +    }
 +
-     // Offer to reset a user's profile if it hasn't been used for 60 days.
+     this._maybeOfferProfileReset();
-     const OFFER_PROFILE_RESET_INTERVAL_MS = 60 * 24 * 60 * 60 * 1000;
+ 
-     let lastUse = Services.appinfo.replacedLockTime;
+     this._checkForOldBuildUpdates();
--- a/helpers/DATA/firefox/patch_changes/001-Remove_Android_and_iOS_promotion.patch
+++ b/helpers/DATA/firefox/patch_changes/001-Remove_Android_and_iOS_promotion.patch
@ -1,13 +1,14 @@
 diff --git a/browser/components/preferences/sync.inc.xhtml b/browser/components/preferences/sync.inc.xhtml
-index 7d37d26..4ebbc06 100644
+index 492491a3..0c8c462a 100644
 --- a/browser/components/preferences/sync.inc.xhtml
 +++ b/browser/components/preferences/sync.inc.xhtml
-@@ -35,22 +35,6 @@
+@@ -35,24 +35,6 @@
         </hbox>
       </vbox>
     </hbox>
 -    <label class="fxaMobilePromo" data-l10n-id="sync-mobile-promo">
 -      <html:img
 -        role="none"
 -        src="chrome://browser/skin/logo-android.svg"
 -        data-l10n-name="android-icon"
 -        class="androidIcon"/>
@ -15,6 +16,7 @@ index 7d37d26..4ebbc06 100644
 -        data-l10n-name="android-link"
 -        class="fxaMobilePromo-android text-link" target="_blank"/>
 -      <html:img
 -        role="none"
 -        src="chrome://browser/skin/logo-ios.svg"
 -        data-l10n-name="ios-icon"
 -        class="iOSIcon"/>
@ -49,12 +51,12 @@ index 1b29e8d..6f7566c 100644
 sync-profile-picture =
     .tooltiptext = Change profile picture
 diff --git a/browser/components/protections/content/vpn-card.mjs b/browser/components/protections/content/vpn-card.mjs
-index 2417f1a641..698c48ccc3 100644
+index d9fe35c0..1b166048 100644
 --- a/browser/components/protections/content/vpn-card.mjs
 +++ b/browser/components/protections/content/vpn-card.mjs
-@@ -23,22 +23,6 @@ export default class VPNCard {
+@@ -24,22 +24,6 @@ export default class VPNCard {
     vpnLink.addEventListener("click", () => {
-       this.doc.sendTelemetryEvent("click", "vpn_card_link");
+       this.doc.sendTelemetryEvent("clickVpnCardLink");
     });
 -    let androidVPNAppLink = document.getElementById(
 -      "vpn-google-playstore-link"
@ -63,14 +65,14 @@ index 2417f1a641..698c48ccc3 100644
 -      "browser.contentblocking.report.vpn-android.url"
 -    );
 -    androidVPNAppLink.addEventListener("click", () => {
-      document.sendTelemetryEvent("click", "vpn_app_link_android");
+-      document.sendTelemetryEvent("clickVpnAppLinkAndroid");
 -    });
 -    let iosVPNAppLink = document.getElementById("vpn-app-store-link");
 -    iosVPNAppLink.href = RPMGetStringPref(
 -      "browser.contentblocking.report.vpn-ios.url"
 -    );
 -    iosVPNAppLink.addEventListener("click", () => {
-      document.sendTelemetryEvent("click", "vpn_app_link_ios");
+-      document.sendTelemetryEvent("clickVpnAppLinkIos");
 -    });
     const vpnBanner = this.doc.querySelector(".vpn-banner");
--- a/helpers/DATA/firefox/patch_changes/002-Remove_moreFromMozilla_Focus_and_Klar.patch
+++ b/helpers/DATA/firefox/patch_changes/002-Remove_moreFromMozilla_Focus_and_Klar.patch
--- a/helpers/DATA/firefox/patch_changes/003-disable_sponsored_topsites_and_keep_weather_widget_static.patch
+++ b/helpers/DATA/firefox/patch_changes/003-disable_sponsored_topsites_and_keep_weather_widget_static.patch
@ -0,0 +1,54 @@
 diff --git a/browser/app/profile/firefox.js b/browser/app/profile/firefox.js
 index 52a520fd..81cc685d 100644
 --- a/browser/app/profile/firefox.js
 +++ b/browser/app/profile/firefox.js
@@ -1718,19 +1718,19 @@
 pref("browser.topsites.component.enabled", false);
 pref("browser.topsites.useRemoteSetting", true);
 // Fetch sponsored Top Sites from Mozilla Tiles Service (Contile)
 -pref("browser.topsites.contile.enabled", true);
 -pref("browser.topsites.contile.endpoint", "https://contile.services.mozilla.com/v1/tiles");
 +pref("browser.topsites.contile.enabled", false);
 +pref("browser.topsites.contile.endpoint", "");
 // Whether to enable the Share-of-Voice feature for Sponsored Topsites via Contile.
 -pref("browser.topsites.contile.sov.enabled", true);
 +pref("browser.topsites.contile.sov.enabled", false);
 // The base URL for the Quick Suggest anonymizing proxy. To make a request to
 // the proxy, include a campaign ID in the path.
 -pref("browser.partnerlink.attributionURL", "https://topsites.services.mozilla.com/cid/");
 -pref("browser.partnerlink.campaign.topsites", "amzn_2020_a1");
 +pref("browser.partnerlink.attributionURL", "");
 +pref("browser.partnerlink.campaign.topsites", "");
 // Activates preloading of the new tab url.
 -pref("browser.newtab.preload", true);
 +pref("browser.newtab.preload", false);
 pref("browser.preonboarding.onTrainRolloutPopulation",  0);
 // Mozilla Ad Routing Service (MARS) unified ads service
 -pref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", true);
 -pref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", true);
 -pref("browser.newtabpage.activity-stream.unifiedAds.endpoint", "https://ads.mozilla.org/");
 +pref("browser.newtabpage.activity-stream.unifiedAds.tiles.enabled", false);
 +pref("browser.newtabpage.activity-stream.unifiedAds.spocs.enabled", false);
 +pref("browser.newtabpage.activity-stream.unifiedAds.endpoint", "");
 pref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.enabled", false);
 pref("browser.newtabpage.activity-stream.unifiedAds.adsFeed.tiles.enabled", false);
 // Weather widget for newtab
 -pref("browser.newtabpage.activity-stream.showWeather", true);
 +pref("browser.newtabpage.activity-stream.showWeather", false);
 pref("browser.newtabpage.activity-stream.weather.query", "");
 pref("browser.newtabpage.activity-stream.weather.display", "simple");
 +pref("browser.newtabpage.activity-stream.images.smart", true);
 // enable location search for newtab weather widget
 -pref("browser.newtabpage.activity-stream.weather.locationSearchEnabled", true);
 +pref("browser.newtabpage.activity-stream.weather.locationSearchEnabled", false);
 // List of regions that get weather by default.
 pref("browser.newtabpage.activity-stream.discoverystream.region-weather-config", "US,CA")
--- a/helpers/DATA/firefox/patch_changes/004-sqlite-ppc.patch
+++ b/helpers/DATA/firefox/patch_changes/004-sqlite-ppc.patch
--- a/helpers/DATA/firefox/patch_changes/005-apply_custom_urls.patch
+++ b/helpers/DATA/firefox/patch_changes/005-apply_custom_urls.patch
@ -0,0 +1,53 @@
 # WIP - Help needed
 URL customizations requires to comprehend the scope to handle the documentation for this
 and other projects heavily customizing and rebranding Firefox like Abrowser does.
 This patch documents how to handle custom URLs to point to a desired page (initially).
 It replaces,
 * is="moz-support-link"
 * support-page="..."
 to customize the default URL, making sure there is an id for l10n field,
 * data-l10n-id="..."
 so the corresponding message is displayed as it seems to be linked on some cases
 with is="" and support-page="..."
 Cheers!
 diff --git a/browser/components/preferences/privacy.inc.xhtml b/browser/components/preferences/privacy.inc.xhtml_
 index 77ea8f5d..62c3ce8e 100644
 --- a/browser/components/preferences/privacy.inc.xhtml
 +++ b/browser/components/preferences/privacy.inc.xhtml
@@ -372,10 +372,7 @@
           support-page="global-privacy-control" />
     </hbox>
     <hbox id="doNotTrackBox" flex="1" align="center" hidden="true">
 -      <html:a is="moz-support-link"
 -          id="doNotTrackRemoval"
 -          support-page="how-do-i-turn-do-not-track-feature"
 -          data-l10n-id="do-not-track-removal" />
 +      <html:a class="learnMore" href="https://trisquel.info/en/wiki/abrowser-help" target="_blank"/>
     </hbox>
   </vbox>
 </groupbox>
@@ -388,11 +385,10 @@
     <vbox flex="1">
       <description class="description-with-side-element description-deemphasized" flex="1">
         <html:span id="totalSiteDataSize"></html:span>
 -        <html:a is="moz-support-link"
 -                id="siteDataLearnMoreLink"
 -                data-l10n-id="sitedata-learn-more"
 -                support-page="storage-permissions"
 -        />
 +        <html:a id="doNotTrackLearnMoreLink"
 +            href="https://trisquel.info/en/wiki/abrowser-help"
 +            data-l10n-id="do-not-track-learn-more"
 +            target="_blank"/>
       </description>
       <hbox flex="1" id="deleteOnCloseNote" class="info-box-container smaller-font-size">
         <hbox class="info-icon-container">
--- a/helpers/DATA/firefox/patch_changes/006-remova_mailto_handlers_correctly.patch
+++ b/helpers/DATA/firefox/patch_changes/006-remova_mailto_handlers_correctly.patch
@ -0,0 +1,204 @@
 diff --git a/uriloader/exthandler/HandlerList.sys.mjs b/uriloader/exthandler/HandlerList.sys.mjs
 index e95d627..beef04d 100644
 --- a/uriloader/exthandler/HandlerList.sys.mjs
 +++ b/uriloader/exthandler/HandlerList.sys.mjs
@@ -8,198 +8,7 @@ export const kHandlerList = {
   default: {
     schemes: {
       mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  cs: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Seznam",
 -            uriTemplate: "https://email.seznam.cz/newMessageScreen?mailto=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  "es-CL": {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -          {
 -            name: "Outlook",
 -            uriTemplate:
 -              "https://outlook.live.com/default.aspx?rru=compose&to=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  "ja-JP-mac": {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Yahoo!メール",
 -            uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  ja: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Yahoo!メール",
 -            uriTemplate: "https://mail.yahoo.co.jp/compose/?To=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  kk: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Яндекс.Почта",
 -            uriTemplate: "https://mail.yandex.ru/compose?mailto=%s",
 -          },
 -          {
 -            name: "Mail.Ru",
 -            uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  ltg: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -          {
 -            name: "inbox.lv mail",
 -            uriTemplate: "https://mail.inbox.lv/compose?to=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  lv: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -          {
 -            name: "inbox.lv mail",
 -            uriTemplate: "https://mail.inbox.lv/compose?to=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  pl: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Poczta Interia.pl",
 -            uriTemplate: "https://poczta.interia.pl/mh/?mailto=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  ru: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Яндекс.Почту",
 -            uriTemplate: "https://mail.yandex.ru/compose?mailto=%s",
 -          },
 -          {
 -            name: "Mail.Ru",
 -            uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
 -          },
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  uk: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -          {
 -            name: "Outlook",
 -            uriTemplate:
 -              "https://outlook.live.com/default.aspx?rru=compose&to=%s",
 -          },
 -        ],
 -      },
 -    },
 -  },
 -  uz: {
 -    schemes: {
 -      mailto: {
 -        handlers: [
 -          {
 -            name: "Gmail",
 -            uriTemplate: "https://mail.google.com/mail/?extsrc=mailto&url=%s",
 -          },
 -          {
 -            name: "Mail.Ru",
 -            uriTemplate: "https://e.mail.ru/cgi-bin/sentmsg?mailto=%s",
 -          },
 -        ],
 +        handlers: [],
       },
     },
   },
--- a/helpers/DATA/firefox/patch_changes/007-disable_remote_settings_antifeature.patch
+++ b/helpers/DATA/firefox/patch_changes/007-disable_remote_settings_antifeature.patch
@ -0,0 +1,96 @@
 diff --git a/services/settings/RemoteSettingsClient.sys.mjs b/services/settings/RemoteSettingsClient.sys.mjs
 index 7e98e6d..7716e41 100644
 --- a/services/settings/RemoteSettingsClient.sys.mjs
 +++ b/services/settings/RemoteSettingsClient.sys.mjs
@@ -229,13 +229,8 @@ class AttachmentDownloader extends Downloader {
    * @see Downloader.download
    */
   async download(record, options) {
 -    await lazy.UptakeTelemetry.report(
 -      TELEMETRY_COMPONENT,
 -      lazy.UptakeTelemetry.STATUS.DOWNLOAD_START,
 -      {
 -        source: this._client.identifier,
 -      }
 -    );
 +    console.warn("Function 'download' disabled in Abrowser due privacy concerns.");
 +    return null;
     try {
       // Explicitly await here to ensure we catch a network error.
       return await super.download(record, options);
 diff --git a/services/settings/Utils.sys.mjs b/services/settings/Utils.sys.mjs
 index 12fef6c..c52b65e 100644
 --- a/services/settings/Utils.sys.mjs
 +++ b/services/settings/Utils.sys.mjs
@@ -409,6 +409,8 @@ export var Utils = {
    * @param {Object} filters
    */
   async fetchLatestChanges(serverUrl, options = {}) {
 +    console.warn("Function 'fetchLatestChanges' disabled in Abrowser due privacy concerns.");
 +    return null;
     const { expectedTimestamp, lastEtag = "", filters = {} } = options;
     let url = serverUrl + Utils.CHANGES_PATH;
 diff --git a/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs b/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
 index 803d52a1..1a3ef5ba 100644
 --- a/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
 +++ b/toolkit/components/telemetry/app/TelemetryUtils.sys.mjs
@@ -124,6 +124,11 @@ export var TelemetryUtils = {
    * Takes a date and returns it truncated to a date with daily precision.
    */
   truncateToDays(date) {
 +  console.warn("Function 'truncateToDays' called with:", date);
 +  if (!date || !(date instanceof Date)) {
 +    console.warn("Function 'truncateToDays' disabled in Abrowser due to privacy concerns. Received invalid or undefined date.");
 +    return null; // Retorna null para evitar errores posteriores
 +  }
     return new Date(
       date.getFullYear(),
       date.getMonth(),
@@ -172,6 +172,10 @@ export var TelemetryUtils = {
    * @return {Object} The Date object representing the next midnight.
    */
   getNextMidnight(date) {
 +  if (!date || !(date instanceof Date)) {
 +    console.warn("Function 'getNextMidnight' disabled in Abrowser due to privacy concerns.");
 +    return null;
 +  }
     let nextMidnight = new Date(this.truncateToDays(date));
     nextMidnight.setDate(nextMidnight.getDate() + 1);
     return nextMidnight;
@@ -185,6 +189,10 @@ export var TelemetryUtils = {
    *                  is not within the midnight tolerance.
    */
   getNearestMidnight(date, tolerance) {
 +  if (!date || !(date instanceof Date)) {
 +    console.warn("Function 'getNearestMidnight' disabled in Abrowser due to privacy concerns.");
 +    return null;
 +  }
     let lastMidnight = this.truncateToDays(date);
     if (this.areTimesClose(date.getTime(), lastMidnight.getTime(), tolerance)) {
       return lastMidnight;
 diff --git a/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs b/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
 index 539447a..43d846b 100644
 --- a/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
 +++ b/toolkit/components/telemetry/app/TelemetryScheduler.sys.mjs
@@ -183,8 +183,20 @@ export var TelemetryScheduler = {
   },
   _sentPingToday(pingTime, nowDate) {
 +    // Validar 'nowDate' antes de usarlo
 +    if (!nowDate || !(nowDate instanceof Date)) {
 +      console.warn("Invalid 'nowDate' passed to _sentPingToday. Function disabled in Abrowser due to privacy concerns.");
 +      return false; // Devolvemos 'false' para evitar errores
 +    }
 +
     // This is today's date and also the previous midnight (0:00).
     const todayDate = TelemetryUtils.truncateToDays(nowDate);
 +
 +    if (!todayDate) {
 +      console.warn("TelemetryUtils.truncateToDays returned null. Skipping _sentPingToday.");
 +      return false;
 +    }
 +
     // We consider a ping sent for today if it occured after or at 00:00 today.
     return pingTime >= todayDate.getTime();
   },
--- a/helpers/DATA/firefox/patch_changes/008-aboutRights_removal_fix.patch
+++ b/helpers/DATA/firefox/patch_changes/008-aboutRights_removal_fix.patch
@ -0,0 +1,26 @@
 diff --git a/browser/base/content/aboutDialog.xhtml b/browser/base/content/aboutDialog.xhtml
 index c6498081..a8db34ad 100644
 --- a/browser/base/content/aboutDialog.xhtml
 +++ b/browser/base/content/aboutDialog.xhtml
@@ -138,7 +138,7 @@
     <vbox id="bottomBox">
       <hbox pack="center">
         <label is="text-link" class="bottom-link" useoriginprincipal="true" href="about:license" data-l10n-id="bottomLinks-license"/>
 -        <label is="text-link" class="bottom-link" href="https://www.mozilla.org/about/legal/terms/firefox/" data-l10n-id="bottom-links-terms"/>
 +        <label is="text-link" class="bottom-link" href="https://trisquel.info/legal" data-l10n-id="bottom-links-terms"/>
         <label is="text-link" class="bottom-link" href="https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&#38;utm_medium=firefox-desktop&#38;utm_campaign=about-dialog" data-l10n-id="bottom-links-privacy"/>
       </hbox>
       <description id="trademark" data-l10n-id="trademarkInfo"></description>
 diff --git a/browser/components/about/AboutRedirector.cpp b/browser/components/about/AboutRedirector.cpp
 index d1fe0148..ce5d1f42 100644
 --- a/browser/components/about/AboutRedirector.cpp
 +++ b/browser/components/about/AboutRedirector.cpp
@@ -90,7 +90,7 @@ static const RedirEntry kRedirMap[] = {
     {"profiling",
      "chrome://devtools/content/performance-new/aboutprofiling/index.xhtml",
      nsIAboutModule::ALLOW_SCRIPT | nsIAboutModule::IS_SECURE_CHROME_UI},
 -    {"rights", "https://www.mozilla.org/about/legal/terms/firefox/",
 +    {"rights", "https://trisquel.info/legal",
      nsIAboutModule::URI_SAFE_FOR_UNTRUSTED_CONTENT |
          nsIAboutModule::URI_MUST_LOAD_IN_CHILD},
     {"robots", "chrome://browser/content/aboutRobots.xhtml",
--- a/helpers/DATA/firefox/patch_changes/009-remove_ubunfox_suggest_webext-ublock-origin.patch
+++ b/helpers/DATA/firefox/patch_changes/009-remove_ubunfox_suggest_webext-ublock-origin.patch
@ -0,0 +1,24 @@
 diff --git a/debian/control.in b/debian/control.in
 index dd3c8daa..911d9667 100644
 --- a/debian/control.in
 +++ b/debian/control.in
@@ -52,8 +52,7 @@ Architecture: any
 Depends: lsb-release,
 	${misc:Depends},
 	${shlibs:Depends}
 -Recommends: xul-ext-ubufox,
 -	${support:Recommends},
 +Recommends: ${support:Recommends},
 	libcanberra0,
 	libdbusmenu-glib4,
 	libdbusmenu-gtk3-4
@@ -61,7 +60,8 @@ Provides: www-browser,
 	iceweasel, firefox,
 	gnome-www-browser,
 	${app:Provides}
 -Suggests: fonts-lyx,
 +Suggests: webext-ublock-origin,
 +	fonts-lyx,
 	${support:Suggests}
 Breaks: ${transitional:Breaks}
 Replaces: ${transitional:Replaces}
--- a/helpers/DATA/firefox/patch_changes/010-remove_theme_recommendation_and_saas_forge.patch
+++ b/helpers/DATA/firefox/patch_changes/010-remove_theme_recommendation_and_saas_forge.patch
@ -0,0 +1,23 @@
 diff --git a/toolkit/mozapps/extensions/content/aboutaddons.html b/toolkit/mozapps/extensions/content/aboutaddons.html
 index 77702576..35cf6593 100644
 --- a/toolkit/mozapps/extensions/content/aboutaddons.html
 +++ b/toolkit/mozapps/extensions/content/aboutaddons.html
@@ -799,18 +799,6 @@
       <footer is="recommended-footer" class="view-footer"></footer>
     </template>
 -    <template name="recommended-themes-footer">
 -      <p data-l10n-id="recommended-theme-1" class="theme-recommendation">
 -        <a data-l10n-name="link" target="_blank"></a>
 -      </p>
 -      <div class="amo-link-container view-footer-item">
 -        <button
 -          class="primary"
 -          action="open-amo"
 -          data-l10n-id="find-more-themes"
 -        ></button>
 -      </div>
 -    </template>
    <template name="recommended-themes-section">
      <h2
--- a/helpers/DATA/firefox/patch_changes/012-fix_wrong_directory_on_home_dir_for_abrowser.patch
+++ b/helpers/DATA/firefox/patch_changes/012-fix_wrong_directory_on_home_dir_for_abrowser.patch
@ -0,0 +1,14 @@
 diff --git a/toolkit/xre/nsXREDirProvider.cpp b/toolkit/xre/nsXREDirProvider.cpp
 index 9c94cb88..0c19fad9 100644
 --- a/toolkit/xre/nsXREDirProvider.cpp
 +++ b/toolkit/xre/nsXREDirProvider.cpp
@@ -1232,7 +1232,8 @@ nsresult nsXREDirProvider::AppendProfilePath(nsIFile* aFile, bool aLocal) {
   if (gAppData->profile) {
     profile = gAppData->profile;
   } else {
 -    appName = gAppData->name;
 +    // For Abrowser compatibility: force use of ~/.mozilla/abrowser
 +    appName.AssignLiteral("abrowser");
     vendor = gAppData->vendor;
   }
--- a/helpers/DATA/firefox/patch_changes/013-remove_finish_setup_third_party_services.patch
+++ b/helpers/DATA/firefox/patch_changes/013-remove_finish_setup_third_party_services.patch
@ -0,0 +1,98 @@
 diff --git a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
 index ba47adb6..c4b29ec4 100644
 --- a/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
 +++ b/browser/components/aboutwelcome/modules/AboutWelcomeDefaults.sys.mjs
@@ -704,7 +704,7 @@ const MR_ABOUT_WELCOME_DEFAULT = {
           action: {
             type: "OPEN_URL",
             data: {
 -              args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
 +              args: "https://gnuzilla.gnu.org/",
               where: "tabshifted",
             },
             navigate: true,
@@ -750,49 +750,6 @@ const MR_ABOUT_WELCOME_DEFAULT = {
       },
       targeting: "isFxASignedIn",
     },
 -    {
 -      id: "AW_ACCOUNT_LOGIN",
 -      content: {
 -        fullscreen: true,
 -        position: "split",
 -        split_narrow_bkg_position: "-228px",
 -        image_alt_text: {
 -          string_id: "mr2022-onboarding-gratitude-image-alt",
 -        },
 -        background:
 -          "url('chrome://activity-stream/content/data/content/assets/fox-doodle-waving-laptop.svg') center center / 80% no-repeat var(--mr-screen-background-color)",
 -        progress_bar: true,
 -        logo: {},
 -        title: {
 -          string_id: "onboarding-sign-up-title",
 -        },
 -        subtitle: {
 -          string_id: "onboarding-sign-up-description",
 -        },
 -        secondary_button: {
 -          label: {
 -            string_id: "mr2-onboarding-start-browsing-button-label",
 -          },
 -          style: "secondary",
 -          action: {
 -            navigate: true,
 -          },
 -        },
 -        primary_button: {
 -          label: {
 -            string_id: "onboarding-sign-up-button",
 -          },
 -          action: {
 -            data: {
 -              entrypoint: "newuser-onboarding-desktop",
 -            },
 -            type: "FXA_SIGNIN_FLOW",
 -            navigate: true,
 -          },
 -        },
 -      },
 -      targeting: "!isFxASignedIn",
 -    },
   ],
 };
 diff --git a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
 index 29d2ca46..41b65ac4 100644
 --- a/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
 +++ b/browser/components/asrouter/modules/FeatureCalloutMessages.sys.mjs
@@ -885,7 +885,7 @@ const MESSAGES = () => {
                   dismiss: true,
                   type: "OPEN_URL",
                   data: {
 -                    args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/36d285535db74c6986abbeeed3e214/?page=1&collection_sort=added",
 +                    args: "https://gnuzilla.gnu.org/",
                     where: "tabshifted",
                   },
                 },
 diff --git a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
 index abc6db68..0c86955f 100644
 --- a/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
 +++ b/browser/components/asrouter/modules/OnboardingMessageProvider.sys.mjs
@@ -1226,7 +1226,7 @@ const BASE_MESSAGES = () => [
                         {
                           type: "OPEN_URL",
                           data: {
 -                            args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
 +                            args: "https://gnuzilla.gnu.org/",
                             where: "current",
                           },
                         },
@@ -1430,7 +1430,7 @@ const BASE_MESSAGES = () => [
                         {
                           type: "OPEN_URL",
                           data: {
 -                            args: "https://addons.mozilla.org/en-US/firefox/collections/4757633/b4d5649fb087446aa05add5f0258c3/?page=1&collection_sort=-popularity",
 +                            args: "https://gnuzilla.gnu.org/",
                             where: "current",
                           },
                         },
--- a/helpers/DATA/firefox/patch_changes/014-remove_support_firefox_mission_on_abrowser.patch
+++ b/helpers/DATA/firefox/patch_changes/014-remove_support_firefox_mission_on_abrowser.patch
@ -0,0 +1,138 @@
 diff --git a/browser/components/preferences/home.inc.xhtml b/browser/components/preferences/home.inc.xhtml
 index c0094fe0..08856c78 100644
 --- a/browser/components/preferences/home.inc.xhtml
 +++ b/browser/components/preferences/home.inc.xhtml
@@ -101,15 +101,6 @@
   <vbox id="trending-searches" />
   <vbox id="topsites" />
   <vbox id="topstories" />
 -  <vbox id="support-firefox" />
 -
 -  <html:moz-box-item class="mission-message">
 -    <html:span data-l10n-id="home-prefs-mission-message" />
 -    <html:a is="moz-support-link"
 -            support-page="sponsor-privacy"
 -            data-l10n-id="home-prefs-mission-message-learn-more-link" />
 -  </html:moz-box-item>
 -
   <vbox id="highlights" />
 </groupbox>
 </html:template>
 diff --git a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
 index 0d43919b..f2e0fbd0 100644
 --- a/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
 +++ b/browser/extensions/newtab/lib/AboutPreferences.sys.mjs
@@ -120,37 +120,6 @@ const PREFS_FOR_SETTINGS = () => [
     ),
     eventSource: "TOP_STORIES",
   },
 -  {
 -    id: "support-firefox",
 -    pref: {
 -      feed: "showSponsoredCheckboxes",
 -      titleString: "home-prefs-support-firefox-header",
 -      nestedPrefs: [
 -        {
 -          name: "showSponsoredTopSites",
 -          titleString: "home-prefs-shortcuts-by-option-sponsored",
 -          eventSource: "SPONSORED_TOP_SITES",
 -        },
 -        {
 -          name: "showSponsored",
 -          titleString: "home-prefs-recommended-by-option-sponsored-stories",
 -          eventSource: "POCKET_SPOCS",
 -          shouldHidePref: !Services.prefs.getBoolPref(
 -            "browser.newtabpage.activity-stream.feeds.system.topstories",
 -            true
 -          ),
 -          shouldDisablePref: !Services.prefs.getBoolPref(
 -            "browser.newtabpage.activity-stream.feeds.section.topstories",
 -            true
 -          ),
 -        },
 -      ],
 -    },
 -    shouldHidePref: !Services.prefs.getBoolPref(
 -      "browser.newtabpage.activity-stream.system.showSponsoredCheckboxes",
 -      false
 -    ),
 -  },
 ];
 export class AboutPreferences {
@@ -351,41 +320,8 @@ export class AboutPreferences {
       }
     });
 -    // Special cases to like the nested prefs with another pref,
 -    // so we can disable it real time.
 -    if (id === "support-firefox") {
 -      function setupSupportFirefoxSubCheck(triggerPref, subPref) {
 -        const subCheckFullName = `browser.newtabpage.activity-stream.${triggerPref}`;
 -        const subCheckPref = Preferences.get(subCheckFullName);
 -
 -        subCheckPref?.on("change", () => {
 -          const showSponsoredFullName = `browser.newtabpage.activity-stream.${subPref}`;
 -          const showSponsoredSubcheck = subChecks.find(
 -            subcheck =>
 -              subcheck.getAttribute("preference") === showSponsoredFullName
 -          );
 -          if (showSponsoredSubcheck) {
 -            showSponsoredSubcheck.disabled = !Services.prefs.getBoolPref(
 -              subCheckFullName,
 -              true
 -            );
 -          }
 -        });
 -      }
 -
 -      setupSupportFirefoxSubCheck("feeds.section.topstories", "showSponsored");
 -      setupSupportFirefoxSubCheck("feeds.topsites", "showSponsoredTopSites");
 -    }
 -
     pref.on("change", () => {
       subChecks.forEach(subcheck => {
 -        // Update child preferences for the "Support Firefox" checkbox group
 -        // so that they're turned on and off at the same time.
 -        if (id === "support-firefox") {
 -          const subPref = Preferences.get(subcheck.getAttribute("preference"));
 -          subPref.value = pref.value;
 -        }
 -
         // Disable any nested checkboxes if the parent pref is not enabled.
         subcheck.disabled = !pref._value;
       });
 diff --git a/browser/locales/en-US/browser/preferences/preferences.ftl b/browser/locales/en-US/browser/preferences/preferences.ftl
 index 269eca10..4c35b53f 100644
 --- a/browser/locales/en-US/browser/preferences/preferences.ftl
 +++ b/browser/locales/en-US/browser/preferences/preferences.ftl
@@ -749,11 +749,7 @@ home-prefs-trending-search-header =
 home-prefs-trending-search-description = Popular and frequently searched topics
 # "Support" here means to help sustain or contribute to something, especially through funding or sponsorship.
 -home-prefs-support-firefox-header =
 -    .label = Support { -brand-product-name }
 -
 -home-prefs-mission-message = Our sponsors support our mission to build a better web
 -home-prefs-mission-message-learn-more-link = Find out how
 +## Removed by Abrowser customization process.
 # Variables:
 #   $num (number) - Number of rows displayed
 diff --git a/browser/themes/shared/preferences/preferences.css b/browser/themes/shared/preferences/preferences.css
 index 9c8155e5..4718341f 100644
 --- a/browser/themes/shared/preferences/preferences.css
 +++ b/browser/themes/shared/preferences/preferences.css
@@ -1541,12 +1541,3 @@ richlistitem .text-link:hover {
 .search-header:has(.section-heading) {
   margin: 0;
 }
 -
 -/* Styles for the "sponsors support our mission" message and link on the Home tab */
 -.mission-message {
 -  margin-block-start: var(--space-large);
 -
 -  > a {
 -    font-size: var(--font-size-small);
 -  }
 -}
--- a/helpers/DATA/firefox/patch_changes/015-set_higher_priority_than_chromium_based_ones.patch
+++ b/helpers/DATA/firefox/patch_changes/015-set_higher_priority_than_chromium_based_ones.patch
@ -0,0 +1,17 @@
 diff --git a/debian/firefox.postinst.in b/debian/firefox.postinst.in
 index 4cb73f02..44e9261a 100644
 --- a/debian/firefox.postinst.in
 +++ b/debian/firefox.postinst.in
@@ -36,10 +36,10 @@ finish_rm_conffile() {
 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-remove" ] ; then
     update-alternatives --install /usr/bin/gnome-www-browser \
 -        gnome-www-browser /usr/bin/$MOZ_APP_NAME 40
 +        gnome-www-browser /usr/bin/$MOZ_APP_NAME 240
     update-alternatives --install /usr/bin/x-www-browser \
 -        x-www-browser /usr/bin/$MOZ_APP_NAME 40
 +        x-www-browser /usr/bin/$MOZ_APP_NAME 240
 fi
 if [ "$1" = "configure" ] ; then
--- a/helpers/DATA/firefox/process-json-files.py
+++ b/helpers/DATA/firefox/process-json-files.py
@ -1,6 +1,9 @@
 #! /usr/bin/python3
-
+#    Copyright (C) 2024  Luis Guzmán <ark@switnet.org>
-#    Copyright (C) 2020, 2021  grizzlyuser <grizzlyuser@protonmail.com>
+#    Copyright (C) 2020, 2021, 2022, 2023, 2024 grizzlyuser <grizzlyuser@protonmail.com>
 #    Based on: https://gitlab.trisquel.org/trisquel/wrapage-helpers/-/blob/81881d89b2bf7d502dd14fcccdb471fec6f6b206/helpers/DATA/firefox/reprocess-search-config.py
 #    Below is the notice from the original author:
 #
 #    Copyright (C) 2020, 2021  Ruben Rodriguez <ruben@trisquel.info>
 #
 #    This program is free software; you can redistribute it and/or modify
@ -23,6 +26,7 @@ import time
 import copy
 import argparse
 import pathlib
 import logging
 from collections import namedtuple
 from jsonschema import validate
@ -41,12 +45,42 @@ parser.add_argument(
    type=int,
    default=2,
    help='indent for pretty printing of output files')
 parser.add_argument(
    '-l',
    '--loglevel',
    choices=logging._nameToLevel.keys(),
    default=logging.INFO,
    help='logging level')
 arguments = parser.parse_args()
 logging.basicConfig(level=arguments.loglevel)
 logger = logging.getLogger(str(pathlib.Path(__file__).name))
 File = namedtuple('File', ['path', 'content'])
-class RemoteSettings:
+class JsonProcessor:
    @classmethod
    def process(cls):
        parsed_jsons = []
        for json_path in cls.JSON_PATHS:
            logger.info('Reading input: ' + str(json_path) + '...')
            with json_path.open(encoding='utf-8') as file:
                parsed_jsons.append(File(json_path, json.load(file)))
        parsed_schema = None
        if hasattr(cls, "SCHEMA_PATH"):
            logger.info('Reading schema: ' + str(json_path) + '...')
            with cls.SCHEMA_PATH.open() as file:
                parsed_schema = json.load(file)
        processed = cls.process_parsed(parsed_jsons, parsed_schema)
        with processed.path.open('w') as file:
            json.dump(processed.content, file, indent=arguments.indent)
            logger.info('Wrote: ' + str(processed.path))
 class RemoteSettings(JsonProcessor):
    DUMPS_PATH_RELATIVE = 'services/settings/dumps'
    DUMPS_PATH_ABSOLUTE = arguments.MAIN_PATH / DUMPS_PATH_RELATIVE
@ -75,11 +109,12 @@ class RemoteSettings:
    @classmethod
    def now(cls):
-        return int(round(time.time() / 10 ** 6))
+        return int(round(time.time() * 1000))
    @classmethod
    def process_raw(cls, unwrapped_jsons, parsed_schema):
        timestamps, result = [], []
        for collection in unwrapped_jsons:
            should_modify_collection = cls.should_modify_collection(collection)
            for record in collection.content:
@ -110,13 +145,23 @@ class RemoteSettings:
        return File(cls.OUTPUT_PATH, result)
    @classmethod
-    def process(cls, parsed_jsons, parsed_schema):
+    def process_parsed(cls, parsed_jsons, parsed_schema):
        return cls.wrap(
            cls.process_raw(
                cls.unwrap(parsed_jsons),
                parsed_schema))
 class EmptyRemoteSettings(RemoteSettings):
    @classmethod
    def should_drop_record(cls, search_engine):
        return True
    @classmethod
    def process_record(cls, record):
        return record
 class Changes(RemoteSettings):
    JSON_PATHS = tuple(RemoteSettings.DUMPS_PATH_ABSOLUTE.glob('*/*.json'))
    OUTPUT_PATH = RemoteSettings.DUMPS_PATH_ABSOLUTE / 'monitor/changes'
@ -132,7 +177,7 @@ class Changes(RemoteSettings):
        changes = []
        for collection in unwrapped_jsons:
-            if collection.path not in (RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/example.json', RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/search-config-v2.json'):
+            if collection.path != RemoteSettings.DUMPS_PATH_ABSOLUTE / 'main/example.json':
                latest_change = {}
                latest_change[cls._LAST_MODIFIED_KEY_NAME] = cls.get_collection_timestamp(
                    collection)
@ -145,61 +190,116 @@ class Changes(RemoteSettings):
        return File(cls.OUTPUT_PATH, changes)
-class SearchConfig(RemoteSettings):
+class SearchConfigV2(RemoteSettings):
    JSON_PATHS = (
        RemoteSettings.DUMPS_PATH_ABSOLUTE /
-        'main/search-config.json',
+        'main/search-config-v2.json',
    )
    SCHEMA_PATH = arguments.MAIN_PATH / \
-        'toolkit/components/search/schema/search-config-schema.json'
+        'toolkit/components/search/schema/search-config-v2-schema.json'
    OUTPUT_PATH = JSON_PATHS[0]
-    _DUCKDUCKGO_SEARCH_ENGINE_ID = 'ddg@search.mozilla.org'
+    _DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER = 'ddg'
    @classmethod
-    def should_drop_record(cls, search_engine):
+    def should_drop_record(cls, record):
-        return search_engine['webExtension']['id'] not in (
+        if record['recordType'] != 'engine':
-            cls._DUCKDUCKGO_SEARCH_ENGINE_ID, 'wikipedia@search.mozilla.org',
+            return False
-            'trisquel@search.mozilla.org', 'trisquel-packages@@search.mozilla.org',
+
-            'qwant@search.mozilla.org', 'ecosia@search.mozilla.org')
+        identifier = record['identifier']
        excluded_identifiers = ['ecosia', 'qwant', 'trisquel', 'trisquel-packages']
        return (
            identifier != cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER and
            not (identifier.startswith('wikipedia') or identifier in excluded_identifiers)
        )
    @classmethod
-    def process_record(cls, search_engine):
+    def process_record(cls, record):
-        [search_engine.pop(key, None)
+        if record['recordType'] == 'defaultEngines':
-         for key in ['extraParams', 'telemetryId']]
+            return cls.process_default_engines(record)
        elif record['recordType'] == 'engine':
            return cls.process_engine(record)
        elif record['recordType'] == 'engineOrders':
            return cls.process_engine_orders(record)
        else:
            return record
-        general_specifier = {}
+    @classmethod
-        for specifier in search_engine['appliesTo'].copy():
+    def process_default_engines(cls, default_engines):
-            if 'application' in specifier:
+        default_engines['globalDefault'] = cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER
-                if 'distributions' in specifier['application']:
+        default_engines['specificDefaults'] = []
-                    search_engine['appliesTo'].remove(specifier)
+        return default_engines
                    continue
                specifier['application'].pop('extraParams', None)
-            if 'included' in specifier and 'everywhere' in specifier[
+    @classmethod
-                    'included'] and specifier['included']['everywhere']:
+    def process_engine(cls, engine):
-                if search_engine['webExtension']['id'] == cls._DUCKDUCKGO_SEARCH_ENGINE_ID:
+        engine['base'].pop('partnerCode', None)
-                    specifier['default'] = 'yes'
+        engine['base']['urls']['search'].pop('params', None)
                general_specifier = specifier
-        if not general_specifier:
+        if engine['identifier'] == cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER:
-            general_specifier = {'included': {'everywhere': True}}
+            engine['base']['name'] += ' HTML'
-            search_engine['appliesTo'].insert(0, general_specifier)
+            engine['base']['urls']['search']['base'] = 'https://html.duckduckgo.com/html'
        if search_engine['webExtension']['id'] == cls._DUCKDUCKGO_SEARCH_ENGINE_ID:
            general_specifier['default'] = 'yes'
-        return search_engine
+        allRegions_prefixes = ['ecosia', 'qwant', 'trisquel']
        if any(engine['identifier'].startswith(prefix) for prefix in allRegions_prefixes) or \
           engine['identifier'] == cls._DUCKDUCKGO_SEARCH_ENGINE_IDENTIFIER:
            engine['variants'] = [{'environment': {'allRegionsAndLocales': True}}]
        return engine
    @classmethod
    def process_engine_orders(cls, engine_orders):
        engine_orders['orders'] = []
        return engine_orders
 class SearchConfigOverridesV2(EmptyRemoteSettings):
    JSON_PATHS = (
        RemoteSettings.DUMPS_PATH_ABSOLUTE /
        'main/search-config-overrides-v2.json',
    )
    SCHEMA_PATH = arguments.MAIN_PATH / \
        'toolkit/components/search/schema/search-config-overrides-v2-schema.json'
    OUTPUT_PATH = JSON_PATHS[0]
-class TippyTopSites:
+class SearchDefaultOverrideAllowlist(EmptyRemoteSettings):
    JSON_PATHS = (
        RemoteSettings.DUMPS_PATH_ABSOLUTE /
        'main/search-default-override-allowlist.json',
    )
    SCHEMA_PATH = arguments.MAIN_PATH / \
        'toolkit/components/search/schema/search-default-override-allowlist-schema.json'
    OUTPUT_PATH = JSON_PATHS[0]
 class SearchTelemetryV2(EmptyRemoteSettings):
    JSON_PATHS = (
        RemoteSettings.DUMPS_PATH_ABSOLUTE /
        'main/search-telemetry-v2.json',
    )
    SCHEMA_PATH = arguments.MAIN_PATH / \
        'browser/components/search/schema/search-telemetry-v2-schema.json'
    OUTPUT_PATH = JSON_PATHS[0]
 class UrlClassifierSkipUrls(EmptyRemoteSettings):
    JSON_PATHS = (
        RemoteSettings.DUMPS_PATH_ABSOLUTE /
        'main/url-classifier-skip-urls.json',
    )
    OUTPUT_PATH = JSON_PATHS[0]
 class TippyTopSites(JsonProcessor):
    JSON_PATHS = (
        arguments.MAIN_PATH /
-        'browser/components/newtab/data/content/tippytop/top_sites.json',
+        'browser/components/topsites/content/tippytop/top_sites.json',
        arguments.BRANDING_PATH /
        'tippytop/top_sites.json')
    @classmethod
-    def process(cls, parsed_jsons, parsed_schema):
+    def process_parsed(cls, parsed_jsons, parsed_schema):
        tippy_top_sites_main = parsed_jsons[0]
        tippy_top_sites_branding = parsed_jsons[1]
        result = tippy_top_sites_branding.content + \
@ -224,7 +324,7 @@ class TopSites(RemoteSettings):
    @classmethod
    def should_drop_record(cls, site):
-        return site['url'] != 'https://www.wikipedia.org/'
+        return True
    @classmethod
    def process_record(cls, site):
@ -234,19 +334,15 @@ class TopSites(RemoteSettings):
 # To reflect the latest timestamps, Changes class should always come after
 # all other RemoteSettings subclasses
-processors = (SearchConfig, Changes)
+processors = (
    SearchConfigV2,
    SearchConfigOverridesV2,
    SearchDefaultOverrideAllowlist,
    SearchTelemetryV2,
    UrlClassifierSkipUrls,
    TopSites,
    Changes,
    TippyTopSites)
 for processor in processors:
-    parsed_jsons = []
+    processor.process()
    for json_path in processor.JSON_PATHS:
        with json_path.open(encoding='utf-8') as file:
            parsed_jsons.append(File(json_path, json.load(file)))
    parsed_schema = None
    if hasattr(processor, "SCHEMA_PATH"):
        with processor.SCHEMA_PATH.open() as file:
            parsed_schema = json.load(file)
    processed = processor.process(parsed_jsons, parsed_schema)
    with processed.path.open('w') as file:
        json.dump(processed.content, file, indent=arguments.indent)
--- a/helpers/DATA/firefox/rollback_ddg_firefox_partnership_codes.patch
+++ b/helpers/DATA/firefox/rollback_ddg_firefox_partnership_codes.patch
@ -1,24 +0,0 @@
 More info related to the change: https://hg.mozilla.org/mozilla-central/rev/5079bb7577182734823d6e4a3c468115d45a9dd9
 --- a/browser/components/search/extensions/ddg/manifest.json	2023-04-06 23:48:16.983734806 -0600
 +++ b/browser/components/search/extensions/ddg/manifest.json	2023-04-06 23:54:27.848103496 -0600
@@ -21,7 +21,7 @@
       "name": "DuckDuckGo",
       "search_url": "https://duckduckgo.com/",
       "search_form": "https://duckduckgo.com/",
 -      "search_url_get_params": "t=ffab&q={searchTerms}",
 +      "search_url_get_params": "q={searchTerms}",
       "suggest_url": "https://ac.duckduckgo.com/ac/",
       "suggest_url_get_params": "q={searchTerms}&type=list"
     }
 --- a/browser/components/search/extensions/ddg-html/manifest.json	2023-04-06 23:48:16.987734810 -0600
 +++ b/browser/components/search/extensions/ddg-html/manifest.json	2023-04-06 23:55:19.080158907 -0600
@@ -21,7 +21,7 @@
       "name": "DuckDuckGo (HTML)",
       "search_url": "https://html.duckduckgo.com/html/",
       "search_form": "https://html.duckduckgo.com/html/",
 -      "search_url_get_params": "t=ffab&q={searchTerms}",
 +      "search_url_get_params": "q={searchTerms}",
       "suggest_url": "https://ac.duckduckgo.com/ac/",
       "suggest_url_get_params": "q={searchTerms}&type=list"
     }
--- a/helpers/DATA/firefox/search-custom/services/settings/dumps/main/top-sites.json
+++ b/helpers/DATA/firefox/search-custom/services/settings/dumps/main/top-sites.json
@ -0,0 +1,61 @@
 {
  "data": [
    {
      "url": "https://trisquel.info/",
      "order": 0,
      "title": "Trisquel",
      "id": "ec7f4843-6be5-5e86-870a-1c8383500a4b",
      "last_modified": 1715345084783
    },
    {
      "url": "https://packages.trisquel.org/",
      "order": 1,
      "title": "Trisquel Packages",
      "id": "27a9b035-0b8b-4472-97cb-b1866aba0740",
      "last_modified": 1715345084786
    },
    {
      "url": "https://www.gnu.org/",
      "order": 2,
      "title": "GNU",
      "id": "1baee931-751c-5993-b6fe-d86fbf78f9b0",
      "last_modified": 1715345084789
    },
    {
      "url": "https://www.fsf.org/",
      "order": 3,
      "title": "FSF",
      "id": "fcc60dd8-4d97-5aca-8e5d-784652c75818",
      "last_modified": 1715345084792
    },
    {
      "url": "https://directory.fsf.org/",
      "order": 4,
      "title": "FSF Directory",
      "id": "abe5bfb2-9487-5697-9f27-e0b782dfe006",
      "last_modified": 1715345084796
    },
    {
      "url": "https://libreplanet.org/",
      "order": 5,
      "title": "LibrePlanet",
      "id": "e3d2cf88-a4dc-5d2e-9f9a-f3ea241d17d8",
      "last_modified": 1715345084800
    },
    {
      "url": "https://www.wikipedia.org/",
      "order": 6,
      "title": "Wikipedia",
      "id": "02c295f5-54a8-5d29-8d1f-b619216b20c0",
      "last_modified": 1715345084803
    },
    {
      "url": "https://h-node.org/",
      "order": 7,
      "title": "h-node",
      "id": "c426481f-8c3f-53b8-b23a-431a91a1c7b4",
      "last_modified": 1715345084807
    }
  ],
  "timestamp": 1715345084810
 }
--- a/helpers/DATA/firefox/search-custom/tippytop/top_sites.json
+++ b/helpers/DATA/firefox/search-custom/tippytop/top_sites.json
@ -0,0 +1,52 @@
 [
  {
    "domains": ["duckduckgo.com"],
    "image_url": "images/duckduckgo-com@2x.svg",
    "favicon_url": "favicons/duckduckgo-com.ico"
  },
  {
    "domains": ["trisquel.info"],
    "image_url": "images/trisquel.png",
    "favicon_url": "favicons/trisquel.ico"
  },
  {
    "domains": ["packages.trisquel.org"],
    "image_url": "images/trisquel-packages.png",
    "favicon_url": "favicons/trisquel-packages.ico"
  },
  {
    "domains": ["gnu.org"],
    "image_url": "images/gnu.png",
    "favicon_url": "favicons/gnu.ico"
  },
  {
    "domains": ["fsf.org"],
    "image_url": "images/fsf.png",
    "favicon_url": "favicons/fsf.ico"
  },
  {
    "domains": ["directory.fsf.org"],
    "image_url": "images/directory.png",
    "favicon_url": "favicons/fsf.ico"
  },
  {
    "domains": ["libreplanet.org"],
    "image_url": "images/libreplanet.png",
    "favicon_url": "favicons/libreplanet.ico"
  },
  {
    "domains": ["fsfe.org"],
    "image_url": "images/fsfe.png",
    "favicon_url": "favicons/fsfe.ico"
  },
  {
    "domains": ["wikipedia.org"],
    "image_url": "images/wikipedia.png",
    "favicon_url": "favicons/wikipedia.ico"
  },
  {
    "domains": ["h-node.org"],
    "image_url": "images/hnode.png",
    "favicon_url": "favicons/hnode.ico"
  }
 ]
--- a/helpers/DATA/firefox/searchplugins/trisquel-packages-v2.json
+++ b/helpers/DATA/firefox/searchplugins/trisquel-packages-v2.json
@ -0,0 +1,30 @@
        {
        "base": {
            "aliases": [
              "packages",
              "p"
            ],
            "classification": "unknown",
            "name": "Trisquel Packages",
            "urls": {
                "search": {
                    "base": "https://packages.trisquel.org/search",
                    "params": [],
                    "searchTermParamName": "keywords"
                }
            }
        },
        "id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
        "identifier": "trisquel-packages",
        "last_modified": 1678,
        "recordType": "engine",
        "schema": "defaultEngines",
        "variants": [
            {
                "environment": {
                    "allRegionsAndLocales": true
                },
                "optional": false
            }
        ]
    },
--- a/helpers/DATA/firefox/searchplugins/trisquel-packages.json
+++ b/helpers/DATA/firefox/searchplugins/trisquel-packages.json
@ -1,15 +0,0 @@
    {
      "schema": 1674147734592,
      "appliesTo": [
        {
          "included": {
            "everywhere": true
          }
        }
      ],
      "webExtension": {
        "id": "trisquel-packages@search.mozilla.org"
      },
      "id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
      "last_modified": 1678
    },
--- a/helpers/DATA/firefox/searchplugins/trisquel-packages/b5fd21a8-e369-477f-a3f2-b47a370f9030
+++ b/helpers/DATA/firefox/searchplugins/trisquel-packages/b5fd21a8-e369-477f-a3f2-b47a370f9030
--- a/helpers/DATA/firefox/searchplugins/trisquel-v2.json
+++ b/helpers/DATA/firefox/searchplugins/trisquel-v2.json
@ -0,0 +1,30 @@
        {
        "base": {
            "aliases": [
              "trisquel",
              "t"
            ],
            "classification": "unknown",
            "name": "Trisquel",
            "urls": {
                "search": {
                    "base": "https://trisquel.info/search/node",
                    "params": [],
                    "searchTermParamName": "q"
                }
            }
        },
        "id": "b99ed276-9557-4492-8bbb-d59826381893",
        "identifier": "trisquel",
        "last_modified": 1678,
        "recordType": "engine",
        "schema": "defaultEngines",
        "variants": [
            {
                "environment": {
                    "allRegionsAndLocales": true
                },
                "optional": false
            }
        ]
    },
--- a/helpers/DATA/firefox/searchplugins/trisquel.json
+++ b/helpers/DATA/firefox/searchplugins/trisquel.json
@ -1,15 +0,0 @@
    {
      "schema": 1674147734535,
      "appliesTo": [
        {
          "included": {
            "everywhere": true
          }
        }
      ],
      "webExtension": {
        "id": "trisquel@search.mozilla.org"
      },
      "id": "b99ed276-9557-4492-8bbb-d59826381893",
      "last_modified": 1678
    },
--- a/helpers/DATA/firefox/searchplugins/trisquel/b99ed276-9557-4492-8bbb-d59826381893
+++ b/helpers/DATA/firefox/searchplugins/trisquel/b99ed276-9557-4492-8bbb-d59826381893
--- a/helpers/DATA/firefox/settings.js
+++ b/helpers/DATA/firefox/settings.js
@ -1,4 +1,3 @@
 // Release notes and vendor URLs
 pref("app.releaseNotesURL", "https://trisquel.info/en/wiki/abrowser-help");
 pref("app.vendorURL", "https://trisquel.info/en/wiki/abrowser-help");
@ -63,7 +62,7 @@ pref("general.useragent.compatMode.abrowser",true);
 pref ("browser.startup.homepage_override.mstone", "ignore");
 // Preferences for the Get Add-ons panel
-pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/mozzarella/");
+pref ("extensions.webservice.discoverURL", "https://gnuzilla.gnu.org/");
 pref ("extensions.getAddons.search.url", "https://trisquel.info");
 // Help URL
@ -75,8 +74,8 @@ pref ("plugins.update.url", "https://trisquel.info/en/wiki/abrowser-help");
 pref ("browser.customizemode.tip0.learnMoreUrl", "https://trisquel.info/en/wiki/abrowser-help");
 // Dictionary download preference
-pref("browser.dictionaries.download.url", "http://dictionaries.mozdev.org/");
+pref("browser.dictionaries.download.url", "https://addons.mozilla.org/%LOCALE%/firefox/language-tools/");
-pref("browser.search.searchEnginesURL", "http://mycroft.mozdev.org/");
+pref("browser.search.searchEnginesURL", "https://mycroftproject.com/");
 // Enable Spell Checking In All Text Fields
 pref("layout.spellcheckDefault", 2);
@ -117,6 +116,7 @@ pref("network.http.sendRefererHeader", 2);
 pref("dom.event.clipboardevents.enabled",false);
 pref("network.prefetch-next", false);
 pref("network.dns.disablePrefetch", true);
 pref("network.dns.disablePrefetchFromHTTPS", true);
 pref("network.http.sendSecureXSiteReferrer", false);
 pref("toolkit.telemetry.enabled", false);
 // Do not tell what plugins do we have enabled: https://mail.mozilla.org/pipermail/firefox-dev/2013-November/001186.html
@ -126,6 +126,7 @@ pref("plugin.state.flash", 1);
 pref("browser.newtabpage.directory.source", "");
 pref("browser.newtabpage.directory.ping", "");
 pref("browser.newtabpage.introShown", true);
 pref("browser.newtabpage.activity-stream.unifiedAds.endpoint","");
 // Disable home snippets
 pref("browser.aboutHomeSnippets.updateUrl", "");
 // Always ask before restoring the browsing session
@ -152,6 +153,7 @@ pref("toolkit.telemetry.firstShutdownPing.enabled", false);
 pref("toolkit.telemetry.bhrPing.enabled", false);
 pref("browser.ping-centre.telemetry", false);
 pref("dom.security.unexpected_system_load_telemetry_enabled", false);
 pref("network.connectivity-service.enabled", false);
 // Canvas fingerprint protection
 // Disabled, as it breaks things and does little improvements to fingerprinting
@ -202,6 +204,10 @@ pref("media.gmp-manager.url", "");
 pref("media.gmp-provider.enabled", false);
 // Don't install openh264 codec
 pref("media.gmp-gmpopenh264.enabled", false);
 // Disable Widevine
 pref("media.gmp-widevinecdm.enabled", false);
 // Disable eme codecs
 pref("media.eme.enabled", false);
 //Disable middle click content load
 //Avoid loading urls by mistake 
@ -246,9 +252,13 @@ pref("browser.onboarding.enabled", false);
 pref("browser.newtabpage.activity-stream.default.sites", "https://trisquel.info/,https://packages.trisquel.org,https://www.gnu.org/,https://www.fsf.org/,https://directory.fsf.org,https://libreplanet.org/,https://fsfe.org,https://www.wikipedia.org/wiki/,https://www.h-node.org/");
 pref("browser.newtabpage.activity-stream.showTopSites",true);
 pref("browser.newtabpage.activity-stream.feeds.section.topstories",false);
 pref("browser.newtabpage.activity-stream.feeds.discoverystreamfeed", false);
 pref("browser.newtabpage.activity-stream.discoverystream.enabled", false);
 pref("browser.newtabpage.activity-stream.discoverystream.endpoints", "");
 pref("browser.newtabpage.activity-stream.feeds.snippets",false);
 pref("browser.newtabpage.activity-stream.disableSnippets", true);
-user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
+pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
 pref("browser.newtabpage.activity-stream.showSponsoredCheckboxes", false);
 // Enable xrender
 //pref("gfx.xrender.enabled",true);
@ -256,7 +266,6 @@ user_pref("browser.newtabpage.activity-stream.tippyTop.service.endpoint", "");
 // Disable push notifications
 pref("dom.webnotifications.enabled",false);
 pref("dom.webnotifications.serviceworker.enabled",false);
 pref("dom.push.enabled",false);
 // Disable services server
 pref("services.settings.server", "");
@ -268,14 +277,13 @@ pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.addons", false);
 pref("browser.newtabpage.activity-stream.asrouter.userprefs.cfr.features", false);
 pref("extensions.htmlaboutaddons.discover.enabled", false);
 pref("extensions.htmlaboutaddons.recommendations.enabled", false);
-//pref("browser.newtabpage.activity-stream.asrouterExperimentEnabled", false);
+pref("extensions.getAddons.cache.enabled", false);
 pref("extensions.getAddons.get.url", "");
-pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/mozzarella/");
+pref("extensions.getAddons.link.url", "https://gnuzilla.gnu.org/");
 pref("extensions.getAddons.langpacks.url", "");
 pref("extensions.getAddons.discovery.api_url", "");
 pref("extensions.recommendations.privacyPolicyUrl", "https://trisquel.info/legal");
-pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/mozzarella/search.php?q=%TERMS%");
+pref("extensions.getAddons.search.browseURL", "https://gnuzilla.gnu.org/search.php?q=%TERMS%");
 // Disable pingback on first run
 pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
@ -284,3 +292,32 @@ pref("browser.newtabpage.activity-stream.fxaccounts.endpoint", "");
 // Disable Normandy (remote settings changer for AB testing)
 pref("app.normandy.enabled", false);
 pref("app.normandy.api_url", "");
 // Disable Adwaita theme by default.
 pref("widget.gtk.libadwaita-colors.enabled", false);
 // High level search data collection
 pref("browser.search.serpEventTelemetry.enabled",false);
 // Disable Privacy-Preserving Attribution submition
 pref("dom.private-attribution.submission.enabled", false);
 // Disable Machine Learning
 pref("browser.ml.chat.enabled", false);
 // Hide from UI
 pref("browser.ml.chat.hideFromLabs", true);
 pref("browser.ml.chat.hideLabsShortcuts", true);
 // Disable tab hover preview
 pref("browser.tabs.hoverPreview.enabled", false);
 // Disable DAP telemetry servers & experiments
 pref("toolkit.telemetry.dap.leader.url", "");
 pref("toolkit.telemetry.dap.helper.url", "");
 pref("messaging-system.rsexperimentloader.enabled", false);
 // Disable DoH as third party service, users can restore it at will.
 pref("network.trr.mode", 5);
 pref("doh-rollout.enabled", false);
 pref("doh-rollout.provider-steering.enabled", false);
--- a/helpers/DATA/firefox/topsites/directory.png
+++ b/helpers/DATA/firefox/topsites/directory.png
--- a/helpers/DATA/firefox/topsites/fsf.ico
+++ b/helpers/DATA/firefox/topsites/fsf.ico
--- a/helpers/DATA/firefox/topsites/fsf.png
+++ b/helpers/DATA/firefox/topsites/fsf.png
--- a/helpers/DATA/firefox/topsites/fsfe.ico
+++ b/helpers/DATA/firefox/topsites/fsfe.ico
--- a/helpers/DATA/firefox/topsites/fsfe.png
+++ b/helpers/DATA/firefox/topsites/fsfe.png
--- a/helpers/DATA/firefox/topsites/gnu.ico
+++ b/helpers/DATA/firefox/topsites/gnu.ico
--- a/helpers/DATA/firefox/topsites/gnu.png
+++ b/helpers/DATA/firefox/topsites/gnu.png
--- a/helpers/DATA/firefox/topsites/hnode.ico
+++ b/helpers/DATA/firefox/topsites/hnode.ico
--- a/helpers/DATA/firefox/topsites/hnode.png
+++ b/helpers/DATA/firefox/topsites/hnode.png
--- a/helpers/DATA/firefox/topsites/libreplanet.ico
+++ b/helpers/DATA/firefox/topsites/libreplanet.ico
--- a/helpers/DATA/firefox/topsites/libreplanet.png
+++ b/helpers/DATA/firefox/topsites/libreplanet.png
--- a/helpers/DATA/firefox/topsites/trisquel-packages.ico
+++ b/helpers/DATA/firefox/topsites/trisquel-packages.ico
--- a/helpers/DATA/firefox/topsites/trisquel-packages.png
+++ b/helpers/DATA/firefox/topsites/trisquel-packages.png
--- a/helpers/DATA/firefox/topsites/trisquel.ico
+++ b/helpers/DATA/firefox/topsites/trisquel.ico
--- a/helpers/DATA/firefox/topsites/trisquel.png
+++ b/helpers/DATA/firefox/topsites/trisquel.png
--- a/helpers/DATA/firefox/topsites/wikinews.ico
+++ b/helpers/DATA/firefox/topsites/wikinews.ico
--- a/helpers/DATA/firefox/topsites/wikinews.png
+++ b/helpers/DATA/firefox/topsites/wikinews.png
--- a/helpers/DATA/firefox/topsites/wikipedia-org@2x.png
+++ b/helpers/DATA/firefox/topsites/wikipedia-org@2x.png
--- a/helpers/DATA/firefox/topsites/wikipedia.ico
+++ b/helpers/DATA/firefox/topsites/wikipedia.ico
--- a/helpers/DATA/firefox/topsites/wikipedia.png
+++ b/helpers/DATA/firefox/topsites/wikipedia.png
--- a/helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.png
+++ b/helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.png
--- a/helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-trisquel-packages.json
+++ b/helpers/DATA/firefox/trisquel-search-icons/b5fd21a8-trisquel-packages.json
@ -0,0 +1,17 @@
 {
  "schema": 40960,
  "imageSize": 48,
  "attachment": {
    "hash": "0b077376b224b66159130f587371d67f97454fd692296c449590a9123591c9f6",
    "size": 3441,
    "filename": "trisquel-packages-48-firefox.png",
    "location": "main-workspace/search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.png",
    "mimetype": "image/png"
  },
  "engineIdentifiers": [
    "trisquel-packages"
  ],
  "filter_expression": "env.appinfo.ID == \"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\"",
  "id": "b5fd21a8-e369-477f-a3f2-b47a370f9030",
  "last_modified": 1734316560
 }
--- a/helpers/DATA/firefox/trisquel-search-icons/b99ed276-9557-4492-8bbb-d59826381893.png
+++ b/helpers/DATA/firefox/trisquel-search-icons/b99ed276-9557-4492-8bbb-d59826381893.png
--- a/helpers/DATA/firefox/trisquel-search-icons/b99ed276-trisquel.json
+++ b/helpers/DATA/firefox/trisquel-search-icons/b99ed276-trisquel.json
@ -0,0 +1,17 @@
 {
  "schema": 45056,
  "imageSize": 48,
  "attachment": {
    "hash": "93bc9a505442520b44ae5ffb880979943826308bcc051b966e1cbd67dbc64125",
    "size": 4493,
    "filename": "trisquel-48-firefox.png",
    "location": "main-workspace/search-config-icons/b99ed276-9557-4492-8bbb-d59826381893",
    "mimetype": "image/png"
  },
  "engineIdentifiers": [
    "trisquel"
  ],
  "filter_expression": "env.appinfo.ID == \"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\"",
  "id": "b99ed276-9557-4492-8bbb-d59826381893",
  "last_modified": 1734316560
 }
--- a/helpers/DATA/firefox/trisquel-search-icons/update_mozbuild.py
+++ b/helpers/DATA/firefox/trisquel-search-icons/update_mozbuild.py
@ -0,0 +1,64 @@
 #! /usr/bin/python3
 #
 # Script to add trisquel's icons on search engine options.
 #
 #    Copyright (C) 2024 Luis Guzmán <ark@switnet.org>
 #
 #    This program is free software; you can redistribute it and/or modify
 #    it under the terms of the GNU General Public License as published by
 #    the Free Software Foundation; either version 2 of the License, or
 #    (at your option) any later version.
 #
 #    This program is distributed in the hope that it will be useful,
 #    but WITHOUT ANY WARRANTY; without even the implied warranty of
 #    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 #    GNU General Public License for more details.
 #
 #    You should have received a copy of the GNU General Public License
 #    along with this program; if not, write to the Free Software
 #    Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301 USA
 # File path
 moz_build_path = "services/settings/dumps/main/moz.build"
 # New entries to add
 new_entries = [
    "search-config-icons/b99ed276-9557-4492-8bbb-d59826381893",
    "search-config-icons/b99ed276-9557-4492-8bbb-d59826381893.meta.json",
    "search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030",
    "search-config-icons/b5fd21a8-e369-477f-a3f2-b47a370f9030.meta.json",
 ]
 # Read the moz.build file
 with open(moz_build_path, "r") as file:
    lines = file.readlines()
 # Locate the section for `search-config-icons`
 start_idx = None
 for idx, line in enumerate(lines):
    if "FINAL_TARGET_FILES.defaults.settings.main[\"search-config-icons\"] += [" in line:
        start_idx = idx
        break
 if start_idx is None:
    raise RuntimeError("Could not find the 'search-config-icons' section in moz.build")
 # Extract existing entries
 start_idx += 1
 end_idx = start_idx
 while end_idx < len(lines) and lines[end_idx].strip() != "]":
    end_idx += 1
 current_entries = [line.strip().strip(",") for line in lines[start_idx:end_idx]]
 # Combine and sort all entries
 all_entries = sorted(set(current_entries + [f'"{entry}"' for entry in new_entries]))
 # Replace the section in moz.build
 lines[start_idx:end_idx] = [f"        {entry},\n" for entry in all_entries]
 # Write the updated content back to the file
 with open(moz_build_path, "w") as file:
    file.writelines(lines)
 print("> Added trisquel's search engine icons to 'moz.build'")
--- a/helpers/DATA/gnome-boxes/001_add_trisquel_gnome-boxes_logo.patch
+++ b/helpers/DATA/gnome-boxes/001_add_trisquel_gnome-boxes_logo.patch
@ -0,0 +1,29 @@
 diff --git a/data/osinfo/meson.build b/data/osinfo/meson.build
 index acf27962..158af16b 100644
 --- a/data/osinfo/meson.build
 +++ b/data/osinfo/meson.build
@@ -16,7 +16,8 @@ osinfo_db = [
   ['popos-17.10.xml', 'gnome-boxes/osinfo/os/system76.com'],
   ['rhel-8.0.xml', 'gnome-boxes/osinfo/os/redhat.com'],
   ['rocky-8.4.xml', 'gnome-boxes/osinfo/os/rockylinux.org'],
 -  ['silverblue-28.xml', 'gnome-boxes/osinfo/os/fedoraproject.org']
 +  ['silverblue-28.xml', 'gnome-boxes/osinfo/os/fedoraproject.org'],
 +  ['trisquel-9.xml', 'gnome-boxes/osinfo/os/trisquel.info']
 ]
 foreach os: osinfo_db
 diff --git a/data/osinfo/trisquel-11.xml b/data/osinfo/trisquel-11.xml
 new file mode 100644
 index 00000000..ce9b4b36
 --- /dev/null
 +++ b/data/osinfo/trisquel-9.xml
@@ -0,0 +1,9 @@
 +<libosinfo version="0.0.1">
 +
 +  <!-- Please read https://gitlab.gnome.org/GNOME/gnome-boxes-logos/-/raw/master/README.md for any questions about usage of product logos in Boxes. !-->
 +
 +  <os id="http://trisquel.info/trisquel/9">
 +    <logo>https://gitlab.gnome.org/GNOME/gnome-boxes-logos/-/raw/master/logos/trisquel.svg</logo>
 +  </os>
 +
 +</libosinfo>
--- a/helpers/DATA/gnome-software/rm_snap_fwup_support.patch
+++ b/helpers/DATA/gnome-software/rm_snap_fwup_support.patch
@ -0,0 +1,86 @@
 diff --git a/debian/control b/debian/control
 index 2ea9e66..91f61fc 100644
 --- a/debian/control
 +++ b/debian/control
@@ -62,9 +62,8 @@ Depends: appstream,
          ${misc:Depends},
          ${shlibs:Depends}
 Conflicts: sessioninstaller
 -Recommends: fwupd [linux-any], ${plugin:Recommends}
 +Recommends: ${plugin:Recommends}
 Suggests: apt-config-icons-hidpi,
 -          gnome-software-plugin-flatpak [amd64 arm64 armel armhf i386 mips mipsel mips64el ppc64el s390x hppa powerpc powerpcspe ppc64],
           ${plugin:Suggests}
 Description: Software Center for GNOME
  Software lets you install and update applications and system extensions.
@@ -106,26 +106,6 @@ Description: Flatpak support for GNOME Software
  .
  This package contains the Flatpak plugin.
 -Package: gnome-software-plugin-snap
 -Architecture: amd64 arm64 armel armhf i386 ppc64el s390x
 -Depends: gnome-software (= ${binary:Version}),
 -         snapd [amd64 arm64 armel armhf i386 ppc64el],
 -         ${misc:Depends},
 -         ${shlibs:Depends}
 -Recommends: snapd [s390x]
 -Breaks: gnome-software (<< 3.22.3)
 -Replaces: gnome-software (<< 3.22.3)
 -Description: Snap support for GNOME Software
 - Software lets you install and update applications and system extensions.
 - .
 - Software uses a plugin architecture to separate the frontend from the
 - technologies that are used underneath. Currently, a PackageKit plugin provides
 - data from a number of traditional packaging systems, such as rpm or apt. An
 - appdata plugin provides additional metadata from locally installed data in the
 - appdata format.
 - .
 - This package contains the Snap plugin.
 -
 Package: gnome-software-dev
 Section: libdevel
 Architecture: any
 diff --git a/debian/rules b/debian/rules
 index f0bb2394..58b4bc70 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -30,11 +30,11 @@ ifeq ($(DEB_HOST_ARCH_OS), linux)
 	GS_CONFIGURE_FLAGS += -Dgudev=true
 	# Enable fwupd support on Linux
 -	GS_CONFIGURE_FLAGS += -Dfwupd=true
 +	GS_CONFIGURE_FLAGS += -Dfwupd=false
 	# Enable snap support on supported architectures
 	ifneq (,$(filter $(DEB_HOST_ARCH), amd64 arm64 armel armhf i386 ppc64el s390x))
 -		GS_CONFIGURE_FLAGS += -Dsnap=true
 +		GS_CONFIGURE_FLAGS += -Dsnap=false
 	endif
 endif
@@ -42,9 +42,9 @@ DISTRO_ID = debian
 FREE_REPOS = \'@DISTRO@-*-main\'
 FREE_URL = https:\/\/www.debian.org\/social_contract\#guidelines
 ifeq (yes,$(shell dpkg-vendor --derives-from Ubuntu && echo yes))
 -	DISTRO_ID = ubuntu
 -	FREE_REPOS = \'@DISTRO@-*-main\', \'@DISTRO@-*-universe\'
 -	FREE_URL = https:\/\/www.ubuntu.com\/about\/about-ubuntu\/licensing
 +	DISTRO_ID = trisquel
 +	FREE_REPOS = \'@DISTRO@-*-main\'
 +	FREE_URL = https:\/\/trisquel.info\/legal
 else ifeq (yes,$(shell dpkg-vendor --derives-from Tanglu && echo yes))
 	DISTRO_ID = tanglu
 else ifeq (yes,$(shell dpkg-vendor --derives-from PureOS && echo yes))
@@ -87,11 +87,7 @@ override_dh_shlibdeps:
 override_dh_auto_test:
 override_dh_gencontrol:
 -ifeq ($(shell dpkg-vendor --query vendor),Ubuntu)
 -	dh_gencontrol -- -Vplugin:Recommends='gnome-software-plugin-snap [linux-any]'
 -else
 -	dh_gencontrol -- -Vplugin:Suggests='gnome-software-plugin-snap [linux-any]'
 -endif
 +	dh_gencontrol
 override_dh_clean:
 	rm -f debian/gnome-software.gsettings-override
--- a/helpers/DATA/gnupg2/001-reduce_gpg-wks-server_dependency_to_match_later_releases.patch
+++ b/helpers/DATA/gnupg2/001-reduce_gpg-wks-server_dependency_to_match_later_releases.patch
@ -0,0 +1,35 @@
 diff --git a/debian/control b/debian/control
 index c6a9778..ca0b1f0 100644
 --- a/debian/control
 +++ b/debian/control
@@ -254,8 +254,6 @@ Depends:
  gpg-agent (>= ${source:Version}),
  gpg-wks-client (<< ${source:Version}.1~),
  gpg-wks-client (>= ${source:Version}),
 - gpg-wks-server (<< ${source:Version}.1~),
 - gpg-wks-server (>= ${source:Version}),
  gpgsm (<< ${source:Version}.1~),
  gpgsm (>= ${source:Version}),
  gpgv (<< ${source:Version}.1~),
@@ -265,6 +263,8 @@ Depends:
 Recommends:
  ${shlibs:Recommends},
 Suggests:
 + gpg-wks-server (<< ${source:Version}.1~),
 + gpg-wks-server (>= ${source:Version}),
  parcimonie,
  xloadimage,
 Breaks:
 diff --git a/debian/control b/debian/control
 index ca0b1f0..dc1d5cd 100644
 --- a/debian/control
 +++ b/debian/control
@@ -279,6 +279,8 @@ Breaks:
  python-apt (<= 1.1.0~beta4),
  python-gnupg (<< 0.3.8-3),
  python3-apt (<= 1.1.0~beta4),
 +Conflicts:
 + gpg-wks-server (<= 2.2.27-3ubuntu2.3+11.0trisquel0),
 Replaces:
  gnupg2 (<< 2.1.11-7+exp1),
 Description: GNU privacy guard - a free PGP replacement
--- a/helpers/DATA/guix/cve/0001-etc-news-add-news-entry-for-build-user-takeover-vuln.patch
+++ b/helpers/DATA/guix/cve/0001-etc-news-add-news-entry-for-build-user-takeover-vuln.patch
@ -0,0 +1,57 @@
 From 532996c5908fb14cc8d102865280fb203c075c9c Mon Sep 17 00:00:00 2001
 From: Reepca Russelstein <reepca@russelstein.xyz>
 Date: Sun, 20 Oct 2024 17:32:23 -0500
 Subject: [PATCH] etc: news: add news entry for build user takeover
 vulnerability fix.
 * etc/news.scm: add entry about build user takeover vulnerability.
 ---
 etc/news.scm | 32 ++++++++++++++++++++++++++++++++
 1 file changed, 32 insertions(+)
 diff --git a/etc/news.scm b/etc/news.scm
 index a90f92a9ff..3fb53a9849 100644
 --- a/etc/news.scm
 +++ b/etc/news.scm
@@ -33,6 +33,38 @@
 (channel-news
  (version 0)
 + (entry (commit "5966e0fdc78771c562e0f484a22f381a77908be0")
 +        (title
 +         (en "Daemon vulnerability allowing takeover of build users fixed"))
 +        (body
 +         (en "A vulnerability allowing a local user to execute arbitrary code
 +as any of the build users has been identified and fixed.  Most notably, this
 +allows any local user to alter the result of any local build, even if it
 +happens inside a container.  The only requirements to exploit this
 +vulnerability are the ability to start a derivation build and the ability to
 +run arbitrary code with access to the store in the root PID namespace on the
 +machine that build occurs on.  This largely limits the vulnerability to
 +multi-user systems.
 +
 +This vulnerability is caused by the fact that @command{guix-daemon} does not
 +change ownership and permissions on the outputs of failed builds when it moves
 +them to the store, and is also caused by there being a window of time between
 +when it moves outputs of successful builds to the store and when it changes
 +their ownership and permissions.  Because of this, a build can create a binary
 +with both setuid and setgid bits set and have it become visible to the outside
 +world once the build ends.  At that point any process that can access the
 +store can execute it and gain the build user's privileges.  From there any
 +process owned by that build user can be manipulated via procfs and signals at
 +will, allowing the attacker to control the output of its builds.
 +
 +You are advised to upgrade @command{guix-daemon}.  Run @command{info \"(guix)
 +Upgrading Guix\"}, for info on how to do that.  Additionally, if there is any
 +risk that a builder may have already created these setuid binaries (for
 +example on accident), run @command{guix gc} to remove all failed build
 +outputs.
 +
 +See @uref{https://issues.guix.gnu.org/73919} for more information on this
 +vulnerability.")))
  (entry (commit "2161820ebbbab62a5ce76c9101ebaec54dc61586")
         (title
          (en "Risk of local privilege escalation during user account creation")
 -- 
 2.45.2
--- a/helpers/DATA/guix/cve/0001-nix-build-sanitize-failed-build-outputs-prior-to-exp.patch
+++ b/helpers/DATA/guix/cve/0001-nix-build-sanitize-failed-build-outputs-prior-to-exp.patch
@ -0,0 +1,83 @@
 From e936861263d9bafdfbe395c12526f2dc48ac17d7 Mon Sep 17 00:00:00 2001
 Message-ID: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
 From: Reepca Russelstein <reepca@russelstein.xyz>
 Date: Sun, 20 Oct 2024 15:36:06 -0500
 Subject: [PATCH 1/2] nix: build: sanitize failed build outputs prior to
 exposing them.
 The only thing keeping a rogue builder and a local user from collaborating to
 usurp control over the builder's user during the build is the fact that
 whatever files the builder may produce are not accessible to any other users
 yet.  If we're going to make them accessible, we should probably do some
 sanity checking to ensure that sort of collaborating can't happen.
 Currently this isn't happening when failed build outputs are moved from the
 chroot as an aid to debugging.
 * nix/libstore/build.cc (secureFilePerms): new function.
  (DerivationGoal::buildDone): use it.
 Change-Id: I9dce1e3d8813b31cabd87a0e3219bf9830d8be96
 ---
 nix/libstore/build.cc | 36 +++++++++++++++++++++++++++++++++++-
 1 file changed, 35 insertions(+), 1 deletion(-)
 diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
 index d23c0944a4..67ebfe2f14 100644
 --- a/nix/libstore/build.cc
 +++ b/nix/libstore/build.cc
@@ -1301,6 +1301,34 @@ void replaceValidPath(const Path & storePath, const Path tmpPath)
 MakeError(NotDeterministic, BuildError)
 +/* Recursively make the file permissions of a path safe for exposure to
 +   arbitrary users, but without canonicalising its permissions, timestamp, and
 +   user.  Throw an exception if a file type that isn't explicitly known to be
 +   safe is found. */
 +static void secureFilePerms(Path path)
 +{
 +  struct stat st;
 +  if (lstat(path.c_str(), &st)) return;
 +
 +  switch(st.st_mode & S_IFMT) {
 +  case S_IFLNK:
 +    return;
 +
 +  case S_IFDIR:
 +    for (auto & i : readDirectory(path)) {
 +      secureFilePerms(path + "/" + i.name);
 +    }
 +    /* FALLTHROUGH */
 +
 +  case S_IFREG:
 +    chmod(path.c_str(), (st.st_mode & ~S_IFMT) & ~(S_ISUID | S_ISGID | S_IWOTH));
 +    break;
 +
 +  default:
 +    throw Error(format("file `%1%' has an unsupported type") % path);
 +  }
 +}
 +
 void DerivationGoal::buildDone()
 {
     trace("build done");
@@ -1372,9 +1400,15 @@ void DerivationGoal::buildDone()
                build failures. */
             if (useChroot && buildMode == bmNormal)
                 foreach (PathSet::iterator, i, missingPaths)
 -                    if (pathExists(chrootRootDir + *i))
 +                    if (pathExists(chrootRootDir + *i)) {
 +                      try {
 +                        secureFilePerms(chrootRootDir + *i);
                         rename((chrootRootDir + *i).c_str(), i->c_str());
 +                      } catch(Error & e) {
 +                        printMsg(lvlError, e.msg());
 +                      }
 +                    }
             if (diskFull)
                 printMsg(lvlError, "note: build failure may have been caused by lack of free disk space");
 -- 
 2.45.2
--- a/helpers/DATA/guix/cve/0002-nix-build-sanitize-successful-build-outputs-prior-to.patch
+++ b/helpers/DATA/guix/cve/0002-nix-build-sanitize-successful-build-outputs-prior-to.patch
@ -0,0 +1,64 @@
 From d096d653cc69118e05f49247ab312d0096b16656 Mon Sep 17 00:00:00 2001
 Message-ID: <d096d653cc69118e05f49247ab312d0096b16656.1729457080.git.reepca@russelstein.xyz>
 In-Reply-To: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
 References: <e936861263d9bafdfbe395c12526f2dc48ac17d7.1729457080.git.reepca@russelstein.xyz>
 From: Reepca Russelstein <reepca@russelstein.xyz>
 Date: Sun, 20 Oct 2024 15:39:02 -0500
 Subject: [PATCH 2/2] nix: build: sanitize successful build outputs prior to
 exposing them.
 There is currently a window of time between when the build outputs are exposed
 and when their metadata is canonicalized.
 * nix/libstore/build.cc (DerivationGoal::registerOutputs): wait until after
  metadata canonicalization to move successful build outputs to the store.
 Change-Id: Ia995136f3f965eaf7b0e1d92af964b816f3fb276
 ---
 nix/libstore/build.cc | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)
 diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
 index 67ebfe2f14..43a8a37184 100644
 --- a/nix/libstore/build.cc
 +++ b/nix/libstore/build.cc
@@ -2369,15 +2369,6 @@ void DerivationGoal::registerOutputs()
         Path actualPath = path;
         if (useChroot) {
             actualPath = chrootRootDir + path;
 -            if (pathExists(actualPath)) {
 -                /* Move output paths from the chroot to the store. */
 -                if (buildMode == bmRepair)
 -                    replaceValidPath(path, actualPath);
 -                else
 -                    if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1)
 -                        throw SysError(format("moving build output `%1%' from the chroot to the store") % path);
 -            }
 -            if (buildMode != bmCheck) actualPath = path;
         } else {
             Path redirected = redirectedOutputs[path];
             if (buildMode == bmRepair
@@ -2463,6 +2454,20 @@ void DerivationGoal::registerOutputs()
         canonicalisePathMetaData(actualPath,
             buildUser.enabled() && !rewritten ? buildUser.getUID() : -1, inodesSeen);
 +        if (useChroot) {
 +          if (pathExists(actualPath)) {
 +            /* Now that output paths have been canonicalized (in particular
 +               there are no setuid files left), move them outside of the
 +               chroot and to the store. */
 +            if (buildMode == bmRepair)
 +              replaceValidPath(path, actualPath);
 +            else
 +              if (buildMode != bmCheck && rename(actualPath.c_str(), path.c_str()) == -1)
 +                throw SysError(format("moving build output `%1%' from the chroot to the store") % path);
 +          }
 +          if (buildMode != bmCheck) actualPath = path;
 +        }
 +
         /* For this output path, find the references to other paths
            contained in it.  Compute the SHA-256 NAR hash at the same
            time.  The hash is stored in the database so that we can
 -- 
 2.45.2
--- a/helpers/DATA/guix/cve/CVE-2024-27297_4a67c00ad02fbe7a7f5796c4c4dc2c0ad70f0472.patch
+++ b/helpers/DATA/guix/cve/CVE-2024-27297_4a67c00ad02fbe7a7f5796c4c4dc2c0ad70f0472.patch
@ -0,0 +1,378 @@
 From 4a67c00ad02fbe7a7f5796c4c4dc2c0ad70f0472 Mon Sep 17 00:00:00 2001
 From: Vagrant Cascadian <vagrant@debian.org>
 Date: Tue, 12 Mar 2024 09:18:23 -0700
 Subject: [PATCH] debian/patches: guix-daemon: Protect against file descriptor
 escape when building fixed-output derivations (CVE-2024-27297). (Closes:
 #1066113)
 ---
 ...gainst-FD-escape-when-building-fixed.patch | 232 ++++++++++++++++++
 ...hortcoming-in-previous-security-fix-.patch | 106 ++++++++
 debian/patches/series                         |   2 +
 3 files changed, 340 insertions(+)
 create mode 100644 debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
 create mode 100644 debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
 diff --git a/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch b/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
 new file mode 100644
 index 0000000000..e6e02cf206
 --- /dev/null
 +++ b/debian/patches/security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
@@ -0,0 +1,232 @@
 +From 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 Mon Sep 17 00:00:00 2001
 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
 +Date: Mon, 11 Mar 2024 10:59:42 +0100
 +Subject: [PATCH 01/36] daemon: Protect against FD escape when building
 + fixed-output derivations (CVE-2024-27297).
 +MIME-Version: 1.0
 +Content-Type: text/plain; charset=UTF-8
 +Content-Transfer-Encoding: 8bit
 +
 +This fixes a security issue (CVE-2024-27297) whereby a fixed-output
 +derivation build process could open a writable file descriptor to its
 +output, send it to some outside process for instance over an abstract
 +AF_UNIX socket, which would then allow said process to modify the file
 +in the store after it has been marked as “valid”.
 +
 +Vulnerability discovered by puck <https://github.com/puckipedia>.
 +
 +Nix security advisory:
 +https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37
 +
 +Nix fix:
 +https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9
 +
 +* nix/libutil/util.cc (readDirectory): Add variants that take a DIR* and
 +a file descriptor.  Rewrite the ‘Path’ variant accordingly.
 +(copyFile, copyFileRecursively): New functions.
 +* nix/libutil/util.hh (copyFileRecursively): New declaration.
 +* nix/libstore/build.cc (DerivationGoal::buildDone): When ‘fixedOutput’
 +is true, call ‘copyFileRecursively’ followed by ‘rename’ on each output.
 +
 +Change-Id: I7952d41093eed26e123e38c14a4c1424be1ce1c4
 +
 +Reported-by: Picnoir <picnoir@alternativebit.fr>, Théophane Hufschmitt <theophane.hufschmitt@tweag.io>
 +Change-Id: Idb5f2757f35af86b032a9851cecb19b70227bd88
 +---
 + nix/libstore/build.cc |  16 ++++++
 + nix/libutil/util.cc   | 112 ++++++++++++++++++++++++++++++++++++++++--
 + nix/libutil/util.hh   |   6 +++
 + 3 files changed, 129 insertions(+), 5 deletions(-)
 +
 +diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
 +index 461fcbc584..e2adee118b 100644
 +--- a/nix/libstore/build.cc
 ++++ b/nix/libstore/build.cc
 +@@ -1382,6 +1382,22 @@ void DerivationGoal::buildDone()
 +                 % drvPath % statusToString(status));
 +         }
 + 
 ++	if (fixedOutput) {
 ++	    /* Replace the output, if it exists, by a fresh copy of itself to
 ++               make sure that there's no stale file descriptor pointing to it
 ++               (CVE-2024-27297).  */
 ++	    foreach (DerivationOutputs::iterator, i, drv.outputs) {
 ++		if (pathExists(i->second.path)) {
 ++		    Path pivot = i->second.path + ".tmp";
 ++		    copyFileRecursively(i->second.path, pivot, true);
 ++		    int err = rename(pivot.c_str(), i->second.path.c_str());
 ++		    if (err != 0)
 ++			throw SysError(format("renaming `%1%' to `%2%'")
 ++				       % pivot % i->second.path);
 ++		}
 ++	    }
 ++	}
 ++
 +         /* Compute the FS closure of the outputs and register them as
 +            being valid. */
 +         registerOutputs();
 +diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
 +index 82eac72120..493f06f357 100644
 +--- a/nix/libutil/util.cc
 ++++ b/nix/libutil/util.cc
 +@@ -215,14 +215,11 @@ bool isLink(const Path & path)
 + }
 + 
 + 
 +-DirEntries readDirectory(const Path & path)
 ++static DirEntries readDirectory(DIR *dir)
 + {
 +     DirEntries entries;
 +     entries.reserve(64);
 + 
 +-    AutoCloseDir dir = opendir(path.c_str());
 +-    if (!dir) throw SysError(format("opening directory `%1%'") % path);
 +-
 +     struct dirent * dirent;
 +     while (errno = 0, dirent = readdir(dir)) { /* sic */
 +         checkInterrupt();
 +@@ -230,11 +227,29 @@ DirEntries readDirectory(const Path & path)
 +         if (name == "." || name == "..") continue;
 +         entries.emplace_back(name, dirent->d_ino, dirent->d_type);
 +     }
 +-    if (errno) throw SysError(format("reading directory `%1%'") % path);
 ++    if (errno) throw SysError(format("reading directory"));
 + 
 +     return entries;
 + }
 + 
 ++DirEntries readDirectory(const Path & path)
 ++{
 ++    AutoCloseDir dir = opendir(path.c_str());
 ++    if (!dir) throw SysError(format("opening directory `%1%'") % path);
 ++    return readDirectory(dir);
 ++}
 ++
 ++static DirEntries readDirectory(int fd)
 ++{
 ++    /* Since 'closedir' closes the underlying file descriptor, duplicate FD
 ++       beforehand.  */
 ++    int fdcopy = dup(fd);
 ++    if (fdcopy < 0) throw SysError("dup");
 ++
 ++    AutoCloseDir dir = fdopendir(fdcopy);
 ++    if (!dir) throw SysError(format("opening directory from file descriptor `%1%'") % fd);
 ++    return readDirectory(dir);
 ++}
 + 
 + unsigned char getFileType(const Path & path)
 + {
 +@@ -364,6 +379,93 @@ void deletePath(const Path & path, unsigned long long & bytesFreed, size_t linkT
 +     _deletePath(path, bytesFreed, linkThreshold);
 + }
 + 
 ++static void copyFile(int sourceFd, int destinationFd)
 ++{
 ++    struct stat st;
 ++    if (fstat(sourceFd, &st) == -1) throw SysError("statting file");
 ++
 ++    ssize_t result = copy_file_range(sourceFd, NULL, destinationFd, NULL, st.st_size, 0);
 ++    if (result < 0 && errno == ENOSYS) {
 ++	for (size_t remaining = st.st_size; remaining > 0; ) {
 ++	    unsigned char buf[8192];
 ++	    size_t count = std::min(remaining, sizeof buf);
 ++
 ++	    readFull(sourceFd, buf, count);
 ++	    writeFull(destinationFd, buf, count);
 ++	    remaining -= count;
 ++	}
 ++    } else {
 ++	if (result < 0)
 ++	    throw SysError(format("copy_file_range `%1%' to `%2%'") % sourceFd % destinationFd);
 ++	if (result < st.st_size)
 ++	    throw SysError(format("short write in copy_file_range `%1%' to `%2%'")
 ++			   % sourceFd % destinationFd);
 ++    }
 ++}
 ++
 ++static void copyFileRecursively(int sourceroot, const Path &source,
 ++				int destinationroot, const Path &destination,
 ++				bool deleteSource)
 ++{
 ++    struct stat st;
 ++    if (fstatat(sourceroot, source.c_str(), &st, AT_SYMLINK_NOFOLLOW) == -1)
 ++	throw SysError(format("statting file `%1%'") % source);
 ++
 ++    if (S_ISREG(st.st_mode)) {
 ++	AutoCloseFD sourceFd = openat(sourceroot, source.c_str(),
 ++				      O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
 ++	if (sourceFd == -1) throw SysError(format("opening `%1%'") % source);
 ++
 ++	AutoCloseFD destinationFd = openat(destinationroot, destination.c_str(),
 ++					   O_CLOEXEC | O_CREAT | O_WRONLY | O_TRUNC,
 ++					   st.st_mode);
 ++	if (destinationFd == -1) throw SysError(format("opening `%1%'") % source);
 ++
 ++	copyFile(sourceFd, destinationFd);
 ++    } else if (S_ISLNK(st.st_mode)) {
 ++	char target[st.st_size + 1];
 ++	ssize_t result = readlinkat(sourceroot, source.c_str(), target, st.st_size);
 ++	if (result != st.st_size) throw SysError("reading symlink target");
 ++	target[st.st_size] = '\0';
 ++	int err = symlinkat(target, destinationroot, destination.c_str());
 ++	if (err != 0)
 ++	    throw SysError(format("creating symlink `%1%'") % destination);
 ++    } else if (S_ISDIR(st.st_mode)) {
 ++	int err = mkdirat(destinationroot, destination.c_str(), 0755);
 ++	if (err != 0)
 ++	    throw SysError(format("creating directory `%1%'") % destination);
 ++
 ++	AutoCloseFD destinationFd = openat(destinationroot, destination.c_str(),
 ++					   O_CLOEXEC | O_RDONLY | O_DIRECTORY);
 ++	if (err != 0)
 ++	    throw SysError(format("opening directory `%1%'") % destination);
 ++
 ++	AutoCloseFD sourceFd = openat(sourceroot, source.c_str(),
 ++				      O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
 ++	if (sourceFd == -1)
 ++	    throw SysError(format("opening `%1%'") % source);
 ++
 ++        if (deleteSource && !(st.st_mode & S_IWUSR)) {
 ++	    /* Ensure the directory writable so files within it can be
 ++	       deleted.  */
 ++            if (fchmod(sourceFd, st.st_mode | S_IWUSR) == -1)
 ++                throw SysError(format("making `%1%' directory writable") % source);
 ++        }
 ++
 ++        for (auto & i : readDirectory(sourceFd))
 ++	    copyFileRecursively((int)sourceFd, i.name, (int)destinationFd, i.name,
 ++				deleteSource);
 ++    } else throw Error(format("refusing to copy irregular file `%1%'") % source);
 ++
 ++    if (deleteSource)
 ++	unlinkat(sourceroot, source.c_str(),
 ++		 S_ISDIR(st.st_mode) ? AT_REMOVEDIR : 0);
 ++}
 ++
 ++void copyFileRecursively(const Path &source, const Path &destination, bool deleteSource)
 ++{
 ++    copyFileRecursively(AT_FDCWD, source, AT_FDCWD, destination, deleteSource);
 ++}
 + 
 + static Path tempName(Path tmpRoot, const Path & prefix, bool includePid,
 +     int & counter)
 +diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh
 +index 880b0e93b2..058f5f8446 100644
 +--- a/nix/libutil/util.hh
 ++++ b/nix/libutil/util.hh
 +@@ -102,6 +102,12 @@ void deletePath(const Path & path);
 + void deletePath(const Path & path, unsigned long long & bytesFreed,
 +     size_t linkThreshold = 1);
 + 
 ++/* Copy SOURCE to DESTINATION, recursively.  Throw if SOURCE contains a file
 ++   that is not a regular file, symlink, or directory.  When DELETESOURCE is
 ++   true, delete source files once they have been copied.  */
 ++void copyFileRecursively(const Path &source, const Path &destination,
 ++    bool deleteSource = false);
 ++
 + /* Create a temporary directory. */
 + Path createTempDir(const Path & tmpRoot = "", const Path & prefix = "nix",
 +     bool includePid = true, bool useGlobalCounter = true, mode_t mode = 0755);
 +-- 
 +2.39.2
 +
 diff --git a/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch b/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
 new file mode 100644
 index 0000000000..0d0b6bd22f
 --- /dev/null
 +++ b/debian/patches/security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
@@ -0,0 +1,106 @@
 +From ff1251de0bc327ec478fc66a562430fbf35aef42 Mon Sep 17 00:00:00 2001
 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
 +Date: Tue, 12 Mar 2024 11:53:35 +0100
 +Subject: [PATCH 32/36] daemon: Address shortcoming in previous security fix
 + for CVE-2024-27297.
 +MIME-Version: 1.0
 +Content-Type: text/plain; charset=UTF-8
 +Content-Transfer-Encoding: 8bit
 +
 +This is a followup to 8f4ffb3fae133bb21d7991e97c2f19a7108b1143.
 +
 +Commit 8f4ffb3fae133bb21d7991e97c2f19a7108b1143 fell short in two
 +ways: (1) it didn’t have any effet for fixed-output derivations
 +performed in a chroot, which is the case for all of them except those
 +using “builtin:download” and “builtin:git-download”, and (2) it did not
 +preserve ownership when copying, leading to “suspicious ownership or
 +permission […] rejecting this build output” errors.
 +
 +* nix/libstore/build.cc (DerivationGoal::buildDone): Account for
 +‘chrootRootDir’ when copying ‘drv.outputs’.
 +* nix/libutil/util.cc (copyFileRecursively): Add ‘fchown’ and ‘fchownat’
 +calls to preserve file ownership; this is necessary for chrooted
 +fixed-output derivation builds.
 +* nix/libutil/util.hh: Update comment.
 +
 +Change-Id: Ib59f040e98fed59d1af81d724b874b592cbef156
 +---
 + nix/libstore/build.cc | 11 ++++++-----
 + nix/libutil/util.cc   |  4 ++++
 + nix/libutil/util.hh   |  7 ++++---
 + 3 files changed, 14 insertions(+), 8 deletions(-)
 +
 +diff --git a/nix/libstore/build.cc b/nix/libstore/build.cc
 +index e2adee118b..d23c0944a4 100644
 +--- a/nix/libstore/build.cc
 ++++ b/nix/libstore/build.cc
 +@@ -1387,13 +1387,14 @@ void DerivationGoal::buildDone()
 +                make sure that there's no stale file descriptor pointing to it
 +                (CVE-2024-27297).  */
 + 	    foreach (DerivationOutputs::iterator, i, drv.outputs) {
 +-		if (pathExists(i->second.path)) {
 +-		    Path pivot = i->second.path + ".tmp";
 +-		    copyFileRecursively(i->second.path, pivot, true);
 +-		    int err = rename(pivot.c_str(), i->second.path.c_str());
 ++		Path output = chrootRootDir + i->second.path;
 ++		if (pathExists(output)) {
 ++		    Path pivot = output + ".tmp";
 ++		    copyFileRecursively(output, pivot, true);
 ++		    int err = rename(pivot.c_str(), output.c_str());
 + 		    if (err != 0)
 + 			throw SysError(format("renaming `%1%' to `%2%'")
 +-				       % pivot % i->second.path);
 ++				       % pivot % output);
 + 		}
 + 	    }
 + 	}
 +diff --git a/nix/libutil/util.cc b/nix/libutil/util.cc
 +index 493f06f357..578d657293 100644
 +--- a/nix/libutil/util.cc
 ++++ b/nix/libutil/util.cc
 +@@ -422,6 +422,7 @@ static void copyFileRecursively(int sourceroot, const Path &source,
 + 	if (destinationFd == -1) throw SysError(format("opening `%1%'") % source);
 + 
 + 	copyFile(sourceFd, destinationFd);
 ++	fchown(destinationFd, st.st_uid, st.st_gid);
 +     } else if (S_ISLNK(st.st_mode)) {
 + 	char target[st.st_size + 1];
 + 	ssize_t result = readlinkat(sourceroot, source.c_str(), target, st.st_size);
 +@@ -430,6 +431,8 @@ static void copyFileRecursively(int sourceroot, const Path &source,
 + 	int err = symlinkat(target, destinationroot, destination.c_str());
 + 	if (err != 0)
 + 	    throw SysError(format("creating symlink `%1%'") % destination);
 ++	fchownat(destinationroot, destination.c_str(),
 ++		 st.st_uid, st.st_gid, AT_SYMLINK_NOFOLLOW);
 +     } else if (S_ISDIR(st.st_mode)) {
 + 	int err = mkdirat(destinationroot, destination.c_str(), 0755);
 + 	if (err != 0)
 +@@ -455,6 +458,7 @@ static void copyFileRecursively(int sourceroot, const Path &source,
 +         for (auto & i : readDirectory(sourceFd))
 + 	    copyFileRecursively((int)sourceFd, i.name, (int)destinationFd, i.name,
 + 				deleteSource);
 ++	fchown(destinationFd, st.st_uid, st.st_gid);
 +     } else throw Error(format("refusing to copy irregular file `%1%'") % source);
 + 
 +     if (deleteSource)
 +diff --git a/nix/libutil/util.hh b/nix/libutil/util.hh
 +index 058f5f8446..377aac0684 100644
 +--- a/nix/libutil/util.hh
 ++++ b/nix/libutil/util.hh
 +@@ -102,9 +102,10 @@ void deletePath(const Path & path);
 + void deletePath(const Path & path, unsigned long long & bytesFreed,
 +     size_t linkThreshold = 1);
 + 
 +-/* Copy SOURCE to DESTINATION, recursively.  Throw if SOURCE contains a file
 +-   that is not a regular file, symlink, or directory.  When DELETESOURCE is
 +-   true, delete source files once they have been copied.  */
 ++/* Copy SOURCE to DESTINATION, recursively, preserving ownership.  Throw if
 ++   SOURCE contains a file that is not a regular file, symlink, or directory.
 ++   When DELETESOURCE is true, delete source files once they have been
 ++   copied.  */
 + void copyFileRecursively(const Path &source, const Path &destination,
 +     bool deleteSource = false);
 + 
 +-- 
 +2.39.2
 +
 diff --git a/debian/patches/series b/debian/patches/series_
 index 5d506e57..0b8879d1 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series_
@@ -40,3 +40,5 @@ lsb-init-functions
 guix-daemon-openrc-fixes
 tests-Ensure-test-OpenPGP-keys-never-expire.patch
 use-c-utf8-locale
 +security/0001-daemon-Protect-against-FD-escape-when-building-fixed.patch
 +security/0032-daemon-Address-shortcoming-in-previous-security-fix-.patch
 -- 
 GitLab
--- a/helpers/DATA/guix/guix-1.3.0.4-to-1.3.0-5.patch
+++ b/helpers/DATA/guix/guix-1.3.0.4-to-1.3.0-5.patch
@ -0,0 +1,157 @@
 diff --git a/debian/control b/debian/control
 index f5080c40..24f545ae 100644
 --- a/debian/control
 +++ b/debian/control
@@ -44,7 +44,9 @@ Depends: ${misc:Depends}, ${shlibs:Depends},
  guile-sqlite3 (>= 0.1.3-2~),
  guile-zlib (>= 0.1.0),
  libssh-dev,
 -Recommends: nscd,
 +Recommends: ca-certificates,
 + less,
 + nscd,
  systemd,
 Description: GNU Guix functional package manager
  Guix is an advanced distribution of the GNU operating system
 diff --git a/debian/patches/series b/debian/patches/series
 index 2151eca4..5d506e57 100644
 --- a/debian/patches/series
 +++ b/debian/patches/series
@@ -38,3 +38,5 @@ lsb-init-functions
 0030-Disable-gexp-derivation-allowed-references-test-when.patch
 0031-Disable-substitue-deduplication-test-when-network-is.patch
 guix-daemon-openrc-fixes
 +tests-Ensure-test-OpenPGP-keys-never-expire.patch
 +use-c-utf8-locale
 diff --git a/guix/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch b/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch
 new file mode 100644
 index 00000000..3d23bd95
 --- /dev/null
 +++ b/debian/patches/tests-Ensure-test-OpenPGP-keys-never-expire.patch
@@ -0,0 +1,62 @@
 +From 3ae7632ca0a1edca9d8c3c766efb0dcc8aa5da37 Mon Sep 17 00:00:00 2001
 +From: =?UTF-8?q?Ludovic=20Court=C3=A8s?= <ludo@gnu.org>
 +Date: Wed, 18 May 2022 23:20:21 +0200
 +Subject: [PATCH] tests: Ensure test OpenPGP keys never expire.
 +
 +All these keys had expiration dates.  'tests/keys/ed25519.pub' expired
 +on 2022-04-24.
 +
 +Fixes <https://issues.guix.gnu.org/55506>.
 +
 +* tests/keys/ed25519.pub, tests/keys/ed25519-2.pub,
 +tests/keys/ed25519-3.pub: Remove expiration date.
 +---
 + tests/keys/ed25519-2.pub | 11 +++++------
 + tests/keys/ed25519-3.pub | 10 +++++-----
 + tests/keys/ed25519.pub   | 10 +++++-----
 + 3 files changed, 15 insertions(+), 16 deletions(-)
 +
 +Adjusted to apply to older locations present in 1.3.0.
 +
 +diff --git a/tests/ed25519bis.key b/tests/ed25519bis.key
 +index f5329105d5..ef050e3845 100644
 +--- a/tests/ed25519bis.key
 ++++ b/tests/ed25519bis.key
 +@@ -1,10 +1,9 @@
 + -----BEGIN PGP PUBLIC KEY BLOCK-----
 + 
 + mDMEXtVsNhYJKwYBBAHaRw8BAQdAnLsYdh3BpeK1xDguJE80XW2/MSmqeeP6pbQw
 +-8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IlgQTFggA
 +-PhYhBKBDaY1jer75FlruS4IkDtyrgNqDBQJe1Ww2AhsDBQkDwmcABQsJCAcCBhUK
 +-CQgLAgQWAgMBAh4BAheAAAoJEIIkDtyrgNqDM6cA/idDdoxo9SU+witdTXt24APH
 +-yRzHbX9Iyh4dZNIek9JwAP9E0BwSvDHB4LY9z4RWf2hJp3dm/yZ/jEpK+w4BGN4J
 +-Ag==
 +-=JIU0
 ++8jAw0OG0IkNoYXJsaWUgR3VpeCA8Y2hhcmxpZUBleGFtcGxlLm9yZz6IkAQTFggA
 ++OAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBKBDaY1jer75FlruS4IkDtyr
 ++gNqDBQJihWJtAAoJEIIkDtyrgNqDbs0BAPOaGSYf3pX3DReEe1zbxxVQrolX9/AZ
 ++VP0AOt0TAgkzAP0Sr7G1NuCtjWWGK1WmlyTFPhOWLhNriKgZFkBZrGypAw==
 ++=pdTB
 + -----END PGP PUBLIC KEY BLOCK-----
 +diff --git a/tests/ed25519.key b/tests/ed25519.key
 +index f6bf906783..5a2fccc9f9 100644
 +--- a/tests/ed25519.key
 ++++ b/tests/ed25519.key
 +@@ -2,9 +2,9 @@
 + 
 + mDMEXqNaoBYJKwYBBAHaRw8BAQdArviKtelb4g0I3zx9xyDS40Oz8i1/LRXqppG6
 + b23Hdim0KEVkIFR3by1GaWZ0eSA8bHVkbyt0ZXN0LWVjY0BjaGJvdWliLm9yZz6I
 +-lgQTFggAPhYhBETTHiGvcTj5tjIoCncfScv6rgctBQJeo1qgAhsDBQkDwmcABQsJ
 +-CAcCBhUKCQgLAgQWAgMBAh4BAheAAAoJEHcfScv6rgctq4MA/1R9G0roEwrHwmTd
 +-DHxt211eLqupwXE0Z7xY2FH6DHk9AP4owEefBU7jQprSAzBS+c6gdS3SCCKKqAh6
 +-ToZ4LmbKAw==
 +-=FXMK
 ++kAQTFggAOAIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBETTHiGvcTj5tjIo
 ++CncfScv6rgctBQJihWH6AAoJEHcfScv6rgctfPMBAPv+yPmEgM+J6D1nZjXsO4zW
 +++4e3y2Ez+QxgI2tn8Z2xAQDBUWyyu0X+8dguGmVlsaiQdkazaUSpexvIhh9zONYw
 ++Bg==
 ++=s4Vp
 + -----END PGP PUBLIC KEY BLOCK-----
 +-- 
 +2.30.2
 +
 diff --git a/guix/debian/patches/use-c-utf8-locale b/debian/patches/use-c-utf8-locale
 new file mode 100644
 index 00000000..6f69c0fa
 --- /dev/null
 +++ b/debian/patches/use-c-utf8-locale
@@ -0,0 +1,58 @@
 +Use the C.UTF-8 locale for guix-daemon and guix-publish.
 +
 +https://bugs.debian.org/1012536
 +
 +Index: guix/etc/guix-daemon.service.in
 +===================================================================
 +--- guix.orig/etc/guix-daemon.service.in
 ++++ guix/etc/guix-daemon.service.in
 +@@ -7,7 +7,7 @@ Description=Build daemon for GNU Guix
 + 
 + [Service]
 + ExecStart=/usr/bin/guix-daemon --build-users-group=_guixbuild
 +-Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
 ++Environment=LC_ALL=C.UTF-8
 + RemainAfterExit=yes
 + StandardOutput=syslog
 + StandardError=syslog
 +Index: guix/etc/init.d/guix-daemon.in
 +===================================================================
 +--- guix.orig/etc/init.d/guix-daemon.in
 ++++ guix/etc/init.d/guix-daemon.in
 +@@ -35,8 +35,7 @@ start)
 +       -a \
 +       -e "/var/log/guix-daemon-stderr.log" \
 +       -o "/var/log/guix-daemon-stdout.log" \
 +-      -E GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale \
 +-      -E LC_ALL=en_US.utf8 \
 ++      -E LC_ALL=C.UTF-8 \
 +       -p "/var/run/guix-daemon.pid" \
 +       /usr/bin/guix-daemon \
 +       --build-users-group=_guixbuild
 +Index: guix/etc/openrc/guix-daemon.in
 +===================================================================
 +--- guix.orig/etc/openrc/guix-daemon.in
 ++++ guix/etc/openrc/guix-daemon.in
 +@@ -17,8 +17,7 @@
 + # You should have received a copy of the GNU General Public License
 + # along with GNU Guix.  If not, see <http://www.gnu.org/licenses/>.
 + 
 +-export GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale
 +-export LC_ALL=en_US.utf8
 ++export LC_ALL=C.UTF-8
 + command="/usr/bin/guix-daemon"
 + command_args="--build-users-group=_guixbuild"
 + command_background="yes"
 +Index: guix/etc/guix-publish.service.in
 +===================================================================
 +--- guix.orig/etc/guix-publish.service.in
 ++++ guix/etc/guix-publish.service.in
 +@@ -10,7 +10,7 @@ After=guix-daemon.service
 + 
 + [Service]
 + ExecStart=/usr/bin/guix publish --user=nobody --port=8181
 +-Environment='GUIX_LOCPATH=@localstatedir@/guix/profiles/per-user/root/guix-profile/lib/locale' LC_ALL=en_US.utf8
 ++Environment=LC_ALL=C.UTF-8
 + RemainAfterExit=yes
 + StandardOutput=syslog
 + StandardError=syslog
--- a/helpers/DATA/hplip/patch_changes/000-add_trisquel_distro_definition_distros_password.patch
+++ b/helpers/DATA/hplip/patch_changes/000-add_trisquel_distro_definition_distros_password.patch
@ -0,0 +1,313 @@
 diff --git a/installer/distros.dat b/installer/distros.dat
 index 80588920..66bb81a1 100644
 --- a/installer/distros.dat
 +++ b/installer/distros.dat
@@ -94,7 +94,7 @@
 # ****************************************
 [distros]
 -distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary
 +distros=unknown,mepis,debian,suse,mandriva,fedora,redhat,rhel,slackware,gentoo,redflag,ubuntu,xandros,freebsd,linspire,ark,pclinuxos,centos,igos,linuxmint,linpus,gos,boss,lfs,manjarolinux,zorin,mxlinux,elementary,trisquel
 # ****************************************
@@ -18946,3 +18946,287 @@ packages=automake1.11
 packages=epm
 # ****************************************
 +
 +[trisquel]
 +index=99
 +versions=11.0.1,12.0
 +display_name=Trisquel GNU/Linux
 +alt_names=trisquel,Trisquel GNU/Linux
 +display=1
 +notes=
 +package_mgrs=dpkg,apt-get,synaptic,update-manager,adept,aptitude,adept-updater
 +package_mgr_cmd=sudo apt-get install --assume-yes $packages_to_install
 +pre_depend_cmd=sudo dpkg --configure -a,sudo apt-get install --yes --force-yes -f,sudo apt-get update
 +post_depend_cmd=
 +hp_libs_remove_cmd= sudo apt-get remove libhpmud0 libsane-hpaio printer-driver-postscript-hp
 +hplip_remove_cmd=sudo aptitude remove --assume-yes hplip hpijs
 +su_sudo=sudo
 +ppd_install=ppd
 +udev_mode_fix=1
 +ppd_dir=
 +fix_ppd_symlink=0
 +drv_dir=/usr/share/cups/drv/HP
 +
 +# ****************************************
 +
 +[trisquel:11.0.1]
 +code_name=aramo
 +supported=1
 +scan_supported=1
 +fax_supported=1
 +pcard_supported=1
 +network_supported=1
 +parallel_supported=1
 +usb_supported=1
 +packaged_version=3.21.12
 +release_date=01/01/2022
 +notes=
 +ppd_install=drv
 +udev_mode_fix=1
 +ppd_dir=/usr/share/ppd/HP
 +fix_ppd_symlink=0
 +drv_dir=/usr/share/cups/drv/HP
 +ui_toolkit=qt5
 +native_cups=1
 +acl_rules=1
 +
 +libdir_path=/usr/lib
 +
 +[trisquel:11.0.1:cups]
 +packages=libcups2
 +
 +[trisquel:11.0.1:cups-devel]
 +packages=libcups2-dev,cups-bsd,cups-client
 +
 +[trisquel:11.0.1:gcc]
 +packages=build-essential
 +
 +[trisquel:11.0.1:gs]
 +packages=ghostscript
 +
 +[trisquel:11.0.1:libcrypto]
 +packages=openssl
 +
 +[trisquel:11.0.1:libjpeg]
 +packages=libjpeg-dev
 +
 +[trisquel:11.0.1:libatk-adaptor]
 +packages=libatk-adaptor
 +
 +[trisquel:11.0.1:libgail-common]
 +packages=libgail-common
 +
 +[trisquel:11.0.1:libnetsnmp-devel]
 +packages=libsnmp-dev
 +
 +[trisquel:11.0.1:libpthread]
 +packages=build-essential
 +
 +[trisquel:11.0.1:libtool]
 +packages=libtool,libtool-bin
 +
 +[trisquel:11.0.1:libusb]
 +packages=libusb-1.0-0-dev,libusb-0.1-4
 +
 +[trisquel:11.0.1:make]
 +packages=build-essential
 +
 +[trisquel:11.0.1:ppdev]
 +packages=
 +commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
 +
 +[trisquel:11.0.1:sane]
 +packages=libsane
 +
 +[trisquel:11.0.1:sane-devel]
 +packages=libsane-dev
 +
 +[trisquel:11.0.1:scanimage]
 +packages=sane-utils
 +
 +[trisquel:11.0.1:xsane]
 +packages=gtk2-engines-pixbuf,xsane
 +
 +[trisquel:11.0.1:dbus]
 +packages=libdbus-1-dev
 +
 +[trisquel:11.0.1:cups-image]
 +packages=libcupsimage2-dev
 +
 +[trisquel:11.0.1:cups-ddk]
 +packages=cups
 +
 +[trisquel:11.0.1:policykit]
 +packages=policykit-1,policykit-1-gnome
 +
 +[trisquel:11.0.1:network]
 +packages=wget
 +
 +[trisquel:11.0.1:avahi-utils]
 +packages=avahi-utils
 +
 +[trisquel:11.0.1:libavahi-dev]
 +packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
 +
 +[trisquel:11.0.1:python3-notify2]
 +packages=python3-notify2
 +
 +[trisquel:11.0.1:python3-pyqt5-dbus]
 +packages=python3-dbus.mainloop.pyqt5
 +
 +[trisquel:11.0.1:python3-pyqt5]
 +packages=python3-pyqt5,gtk2-engines-pixbuf
 +
 +[trisquel:11.0.1:python3-dbus]
 +packages=python3-dbus,python3-gi
 +
 +[trisquel:11.0.1:python3-xml]
 +packages=python3-lxml
 +
 +[trisquel:11.0.1:python3-devel]
 +packages=python3-dev
 +
 +[trisquel:11.0.1:python3-pil]
 +packages=python3-pil
 +
 +[trisquel:11.0.1:python3-reportlab]
 +packages=python3-reportlab
 +
 +[trisquel:11.0.1:automake]
 +packages=automake1.11
 +
 +[trisquel:11.0.1:epm]
 +packages=epm
 +
 +# ****************************************
 +
 +[trisquel:12.0]
 +code_name=ecne
 +supported=1
 +scan_supported=1
 +fax_supported=1
 +pcard_supported=1
 +network_supported=1
 +parallel_supported=1
 +usb_supported=1
 +packaged_version=3.23.12
 +release_date=01/01/2022
 +notes=
 +ppd_install=drv
 +udev_mode_fix=1
 +ppd_dir=/usr/share/ppd/HP
 +fix_ppd_symlink=0
 +drv_dir=/usr/share/cups/drv/HP
 +ui_toolkit=qt5
 +native_cups=1
 +acl_rules=1
 +
 +libdir_path=/usr/lib
 +
 +[trisquel:12.0:cups]
 +packages=libcups2t64
 +
 +[trisquel:12.0:cups-devel]
 +packages=libcups2-dev,cups-bsd,cups-client
 +
 +[trisquel:12.0:gcc]
 +packages=build-essential
 +
 +[trisquel:12.0:gs]
 +packages=ghostscript
 +
 +[trisquel:12.0:libcrypto]
 +packages=openssl
 +
 +[trisquel:12.0:libjpeg]
 +packages=libjpeg-dev
 +
 +[trisquel:12.0:libatk-adaptor]
 +packages=libatk-adaptor
 +
 +[trisquel:12.0:libgail-common]
 +packages=libgail-common
 +
 +[trisquel:12.0:libnetsnmp-devel]
 +packages=libsnmp-dev
 +
 +[trisquel:12.0:libpthread]
 +packages=build-essential
 +
 +[trisquel:12.0:libtool]
 +packages=libtool,libtool-bin
 +
 +[trisquel:12.0:libusb]
 +packages=libusb-1.0-0-dev,libusb-0.1-4
 +
 +[trisquel:12.0:make]
 +packages=build-essential
 +
 +[trisquel:12.0:ppdev]
 +packages=
 +commands=sudo modprobe ppdev,sudo cp -f /etc/modules /etc/modules.hplip,echo ppdev | sudo tee -a /etc/modules
 +
 +[trisquel:12.0:sane]
 +packages=libsane1
 +
 +[trisquel:12.0:sane-devel]
 +packages=libsane-dev
 +
 +[trisquel:12.0:scanimage]
 +packages=sane-utils
 +
 +[trisquel:12.0:xsane]
 +packages=gtk2-engines-pixbuf,xsane
 +
 +[trisquel:12.0:dbus]
 +packages=libdbus-1-dev
 +
 +[trisquel:12.0:cups-image]
 +packages=libcupsimage2-dev
 +
 +[trisquel:12.0:cups-ddk]
 +packages=cups
 +
 +[trisquel:12.0:policykit]
 +packages=policykit-1,policykit-1-gnome
 +
 +[trisquel:12.0:network]
 +packages=wget
 +
 +[trisquel:12.0:avahi-utils]
 +packages=avahi-utils
 +
 +[trisquel:12.0:libavahi-dev]
 +packages=libavahi-client-dev,libavahi-core-dev,libavahi-common-dev
 +
 +[trisquel:12.0:python3-notify2]
 +packages=python3-notify2
 +
 +[trisquel:12.0:python3-pyqt5-dbus]
 +packages=python3-dbus.mainloop.pyqt5
 +
 +[trisquel:12.0:python3-pyqt5]
 +packages=python3-pyqt5,gtk2-engines-pixbuf
 +
 +[trisquel:12.0:python3-dbus]
 +packages=python3-dbus,python3-gi
 +
 +[trisquel:12.0:python3-xml]
 +packages=python3-lxml
 +
 +[trisquel:12.0:python3-devel]
 +packages=python3-dev
 +
 +[trisquel:12.0:python3-pil]
 +packages=python3-pil
 +
 +[trisquel:12.0:python3-reportlab]
 +packages=python3-reportlab
 +
 +[trisquel:12.0:automake]
 +packages=automake1.11
 +
 +[trisquel:12.0:epm]
 +packages=epm
 +
 +# ****************************************
 diff --git a/base/password.py b/base/password.py
 index a76d4048..b0c6fe20 100644
 --- a/base/password.py
 +++ b/base/password.py
@@ -63,6 +63,7 @@ AUTH_TYPES = {'mepis': 'su',
               'debiangnu/linux' : 'su',
               'mxlinux' : 'su',
               'elementaryos' : 'sudo',
 +              'trisquel' : 'sudo',
               }
--- a/helpers/DATA/hplip/patch_changes/001-enable_distro_name_dectection.patch
+++ b/helpers/DATA/hplip/patch_changes/001-enable_distro_name_dectection.patch
@ -0,0 +1,16 @@
 diff --git a/installer/core_install.py b/installer/core_install.py
 index 1c8af23e..9595b2c7 100644
 --- a/installer/core_install.py
 +++ b/installer/core_install.py
@@ -644,6 +644,11 @@ class CoreInstall(object):
         ld = distro.linux_distribution(full_distribution_name=False)
         name = ld[0]
         ver = ld[1]
 +        # Ensure variable exists (used below for MX detection)
 +        try:
 +            distro_release_name = distro.name(pretty=True) or ""
 +        except Exception:
 +            distro_release_name = ""
         found = True
--- a/helpers/DATA/libmateweather/patch_changes/001-0cc07f7e5163870bcc2fb7281c28e8e39c9cbc54.patch
+++ b/helpers/DATA/libmateweather/patch_changes/001-0cc07f7e5163870bcc2fb7281c28e8e39c9cbc54.patch
--- a/helpers/DATA/libmateweather/patch_changes/002-a61542ffc2d3807dbc3163d1727cc5d8c2118838.patch
+++ b/helpers/DATA/libmateweather/patch_changes/002-a61542ffc2d3807dbc3163d1727cc5d8c2118838.patch
--- a/helpers/DATA/libmateweather/patch_changes/003-weather_server_uri_update_138.patch
+++ b/helpers/DATA/libmateweather/patch_changes/003-weather_server_uri_update_138.patch
@ -0,0 +1,38 @@
 From 4e54f44dab4efa8c216b26ea7188b99c94882ba4 Mon Sep 17 00:00:00 2001
 From: Victor Kareh <vkareh@redhat.com>
 Date: Thu, 18 Sep 2025 11:40:55 -0400
 Subject: [PATCH] metar: Update AviationWeather URL
 According to their website: "The AviationWeather Data API has been
 redeveloped in 2025."
 Also they put 'METAR' (or 'SPECI') onto the beginning of data to make it
 ICAO compliant, so we add code to parse that.
 Fixes #135
 ---
 libmateweather/weather-metar.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 diff --git a/libmateweather/weather-metar.c b/libmateweather/weather-metar.c
 index 7bc24fc9..4698a077 100644
 --- a/libmateweather/weather-metar.c
 +++ b/libmateweather/weather-metar.c
@@ -510,7 +510,7 @@ metar_finish (SoupSession *session, SoupMessage *msg, gpointer data)
     loc = info->location;
 -    searchkey = g_strdup_printf ("<raw_text>%s", loc->code);
 +    searchkey = g_strdup_printf ("<raw_text>METAR %s", loc->code);
     p = strstr (msg->response_body->data, searchkey);
     g_free (searchkey);
     if (p) {
@@ -550,7 +550,7 @@ metar_start_open (WeatherInfo *info)
     }
     msg = soup_form_request_new (
 -        "GET", "https://www.aviationweather.gov/cgi-bin/data/dataserver.php",
 +        "GET", "https://aviationweather.gov/api/data/dataserver",
         "dataSource", "metars",
         "requestType", "retrieve",
         "format", "xml",
--- a/helpers/DATA/linux-hwe-6.5/deblob-check
+++ b/helpers/DATA/linux-hwe-6.5/deblob-check
@ -7058,6 +7058,9 @@ set_except () {
    # New in 6.6-rc, 6.5.9, 6.1.60, 5.15.137, 5.10.199.
    blobname 'gsl1680-\(bush-bush-windows-tablet\|positivo-c4128b\)\.fw' drivers/platform/x86/otuchscreen_dmi.c
    # Trisquel changes for HWE 6.5
    blobname 'qcom[/]prog_firehose_sdx6x\.elf' drivers/bus/mhi/host/pci_generic.c
    ;;
  */*freedo*.patch | */*logo*.patch)
--- a/helpers/DATA/linux-hwe-6.5/silent-accept-firmware.patch
+++ b/helpers/DATA/linux-hwe-6.5/silent-accept-firmware.patch
@ -229,20 +229,21 @@ diff --color -Nru a/drivers/gpu/drm/amd/amdgpu/cik_sdma.c b/drivers/gpu/drm/amd/
 		for (i = 0; i < adev->sdma.num_instances; i++)
 			amdgpu_ucode_release(&adev->sdma.instance[i].fw);
 	}
-diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+# removed starting at
-index 49d34c7..376ccc3 100644
+#diff --git a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+#index 49d34c7..376ccc3 100644
-+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
+#--- a/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
-@@ -4011,8 +4011,7 @@ static int gfx_v10_0_init_microcode(struct amdgpu_device *adev)
+#+++ b/drivers/gpu/drm/amd/amdgpu/gfx_v10_0.c
- 			goto out;
+#@@ -4011,8 +4011,7 @@ static int gfx_v10_0_init_microcode(struct amdgpu_device *adev)
- 		if (err)
+# 			goto out;
- 			dev_dbg(adev->dev,
+# 		if (err)
-				"gfx10: amdgpu_ucode_request() failed \"%s\"\n",
+# 			dev_dbg(adev->dev,
-				fw_name);
+#-				"gfx10: amdgpu_ucode_request() failed \"%s\"\n",
-+				"gfx10: amdgpu_ucode_request() failed \n");
+#-				fw_name);
- 		rlc_hdr = (const struct rlc_firmware_header_v2_0 *)adev->gfx.rlc_fw->data;
+#+				"gfx10: amdgpu_ucode_request() failed \n");
- 		version_major = le16_to_cpu(rlc_hdr->header.header_version_major);
+# 		rlc_hdr = (const struct rlc_firmware_header_v2_0 *)adev->gfx.rlc_fw->data;
- 		version_minor = le16_to_cpu(rlc_hdr->header.header_version_minor);
+# 		version_major = le16_to_cpu(rlc_hdr->header.header_version_major);
 # 		version_minor = le16_to_cpu(rlc_hdr->header.header_version_minor);
 diff --color -Nru a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c
 --- a/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c	2022-07-31 16:03:01.000000000 -0500
 +++ b/drivers/gpu/drm/amd/amdgpu/gfx_v6_0.c	2023-03-09 19:48:18.700813841 -0600
@ -1973,3 +1974,88 @@ index bd4c4174..9beeb2e6 100644
 	return request_firmware_nowait(THIS_MODULE, 1, drv->firmware_name,
 				       drv->trans->dev,
 diff --git a/drivers/bluetooth/hci_intel.c b/drivers/bluetooth/hci_intel.c
 index f9d2740a..37f4b0c3 100644
 --- a/drivers/bluetooth/hci_intel.c
 +++ b/drivers/bluetooth/hci_intel.c
@@ -701,8 +701,7 @@ static int intel_setup(struct hci_uart *hu)
 	err = request_firmware(&fw, fwname, &hdev->dev);
 	if (err < 0) {
 -		bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
 -			   err);
 +		bt_dev_err(hdev, "Failed to load firmware file");
 		return err;
 	}
 diff --git a/drivers/bluetooth/hci_nokia.c b/drivers/bluetooth/hci_nokia.c
 index 97da0b2b..f8c38d91 100644
 --- a/drivers/bluetooth/hci_nokia.c
 +++ b/drivers/bluetooth/hci_nokia.c
@@ -344,8 +344,7 @@ static int nokia_setup_fw(struct hci_uart *hu)
 	err = request_firmware(&fw, fwname, dev);
 	if (err < 0) {
 -		dev_err(dev, "%s: Failed to load Nokia firmware file (%d)",
 -			hu->hdev->name, err);
 +		dev_err(dev, "Failed to load firmware file");
 		return err;
 	}
 diff --git a/drivers/bluetooth/btintel.c b/drivers/bluetooth/btintel.c
 index f9b77a17..147d9fff 100644
 --- a/drivers/bluetooth/btintel.c
 +++ b/drivers/bluetooth/btintel.c
@@ -2049,12 +2049,11 @@ static int btintel_download_fw(struct hci_dev *hdev,
 			return 0;
 		}
 -		bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
 -			   err);
 +		bt_dev_err(hdev, "Failed to load firmware file");
 		return err;
 	}
 -	bt_dev_info(hdev, "Found device firmware: %s", fwname);
 +	bt_dev_info(hdev, "Found device firmware");
 	if (fw->size < 644) {
 		bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
@@ -2238,13 +2237,12 @@ static int btintel_prepare_fw_download_tlv(struct hci_dev *hdev,
 			return 0;
 		}
 -		bt_dev_err(hdev, "Failed to load Intel firmware file (%d)",
 -			   err);
 +		bt_dev_err(hdev, "Failed to load firmware file");
 		return err;
 	}
 -	bt_dev_info(hdev, "Found device firmware: %s", fwname);
 +	bt_dev_info(hdev, "Found device firmware");
 	if (fw->size < 644) {
 		bt_dev_err(hdev, "Invalid size of firmware file (%zu)",
 diff --git a/drivers/bluetooth/btmtk.c b/drivers/bluetooth/btmtk.c
 index 809762d6..fe2545ce 100644
 --- a/drivers/bluetooth/btmtk.c
 +++ b/drivers/bluetooth/btmtk.c
@@ -69,7 +69,7 @@ int btmtk_setup_firmware_79xx(struct hci_dev *hdev, const char *fwname,
 	err = request_firmware(&fw, fwname, &hdev->dev);
 	if (err < 0) {
 -		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
 +		bt_dev_err(hdev, "Failed to load firmware file");
 		return err;
 	}
@@ -181,7 +181,7 @@ int btmtk_setup_firmware(struct hci_dev *hdev, const char *fwname,
 	err = request_firmware(&fw, fwname, &hdev->dev);
 	if (err < 0) {
 -		bt_dev_err(hdev, "Failed to load firmware file (%d)", err);
 +		bt_dev_err(hdev, "Failed to load firmware file");
 		return err;
 	}
--- a/helpers/DATA/linux-hwe-6.5/udeb/d-i.patch
+++ b/helpers/DATA/linux-hwe-6.5/udeb/d-i.patch
@ -1,8 +1,8 @@
 diff --git a/debian/rules b/debian/rules
-index fe52711..b2d1921 100755
+index 661286bd..e828a0ac 100755
 --- a/debian/rules
 +++ b/debian/rules
-@@ -134,12 +134,19 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
+@@ -128,12 +128,19 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
 	dh_testroot
 	dh_clean
@ -12,7 +12,7 @@ index fe52711..b2d1921 100755
 +	rm -f $(DEBIAN)/d-i/firmware/$(arch)/kernel-image
 +
 	# normal build junk
- 	rm -rf $(DEBIAN)/abi/$(release)-$(revision)
+ 	rm -rf $(DEBIAN)/abi
 	rm -rf $(builddir)
 	rm -f $(stampdir)/stamp-*
 	rm -rf debian/linux-*/
@ -22,14 +22,15 @@ index fe52711..b2d1921 100755
 	cp $(DEBIAN)/changelog debian/changelog
 	# Install the copyright information.
-@@ -184,7 +191,6 @@ $(DEBIAN)/control.stub: 				\
+#removed at 6.5.0-27.28~22.04.1
- 		$(DROOT)/scripts/control-create		\
+#@@ -184,7 +191,6 @@ $(DEBIAN)/control.stub: 				\
- 		$(control_files)			\
+# 		$(DROOT)/scripts/control-create		\
- 		debian/canonical-revoked-certs.pem	\
+# 		$(control_files)			\
-		$(DROOT)/control.d/flavour-module.stub	\
+# 		debian/canonical-revoked-certs.pem	\
- 		$(DEBIAN)/changelog			\
+#-		$(DROOT)/control.d/flavour-module.stub	\
- 		$(wildcard $(DEBIAN)/control.d/* $(DEBIAN)/sub-flavours/*.vars)
+# 		$(DEBIAN)/changelog			\
- 	for i in $(control_files); do                                           \
+# 		$(wildcard $(DEBIAN)/control.d/* $(DEBIAN)/sub-flavours/*.vars)
 # 	for i in $(control_files); do                                           \
@@ -211,7 +217,14 @@ $(DEBIAN)/control.stub: 				\
 .PHONY: debian/control
--- a/helpers/DATA/linux-hwe-6.5/udeb/disable_zstd_module_compression.patch
+++ b/helpers/DATA/linux-hwe-6.5/udeb/disable_zstd_module_compression.patch
@ -0,0 +1,15 @@
 diff --git a/debian/rules.d/0-common-vars.mk b/debian/rules.d/0-common-vars.mk_
 index bc873563..d6692ca1 100644
 --- a/debian/rules.d/0-common-vars.mk
 +++ b/debian/rules.d/0-common-vars.mk_
@@ -197,8 +197,9 @@ do_dtbs=false
 do_fips_checks=false
 # ZSTD compressed kernel modules
 +ifeq ($(filter $(series),jammy aramo),)
 do_zstd_ko=true
 -ifeq ($(series),jammy)
 +else
 do_zstd_ko=
 endif
--- a/helpers/DATA/linux-hwe-6.8/000-silent-accept-firmware.patch
+++ b/helpers/DATA/linux-hwe-6.8/000-silent-accept-firmware.patch
--- a/helpers/DATA/linux-hwe-6.8/001-revert_iwlwifi_clear_firmware1.patch
+++ b/helpers/DATA/linux-hwe-6.8/001-revert_iwlwifi_clear_firmware1.patch
@ -0,0 +1,21 @@
 reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
 --- b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
 +++ a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -1597,8 +1597,15 @@
 	 * else from proceeding if the module fails to load
 	 * or hangs loading.
 	 */
 +	if (load_module) {
 -	if (load_module)
 		request_module("%s", op->name);
 +#ifdef CONFIG_IWLWIFI_OPMODE_MODULAR
 +		if (err)
 +			IWL_ERR(drv,
 +				"failed to load module %s (error %d), is dynamic loading enabled?\n",
 +				op->name, err);
 +#endif
 +	}
 	failure = false;
 	goto free;
--- a/helpers/DATA/linux-hwe-6.8/002-revert_iwlwifi_clear_firmware2.patch
+++ b/helpers/DATA/linux-hwe-6.8/002-revert_iwlwifi_clear_firmware2.patch
@ -0,0 +1,40 @@
 reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
 --- b/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
 +++ a/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
@@ -130,9 +130,6 @@
 	for (i = 0; i < IWL_UCODE_TYPE_MAX; i++)
 		iwl_free_fw_img(drv, drv->fw.img + i);
 -
 -	/* clear the data for the aborted load case */
 -	memset(&drv->fw, 0, sizeof(drv->fw));
 }
 static int iwl_alloc_fw_desc(struct iwl_drv *drv, struct fw_desc *desc,
@@ -1429,7 +1426,6 @@
 	int i;
 	bool load_module = false;
 	bool usniffer_images = false;
 -	bool failure = true;
 	fw->ucode_capa.max_probe_length = IWL_DEFAULT_MAX_PROBE_LENGTH;
 	fw->ucode_capa.standard_phy_calibration_size =
@@ -1699,7 +1695,6 @@
 				op->name, err);
 #endif
 	}
 -	failure = false;
 	goto free;
  try_again:
@@ -1715,9 +1710,6 @@
 	complete(&drv->request_firmware_complete);
 	device_release_driver(drv->trans->dev);
  free:
 -	if (failure)
 -		iwl_dealloc_ucode(drv);
 -
 	if (pieces) {
 		for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
 			kfree(pieces->img[i].sec);
--- a/helpers/DATA/linux-hwe-6.8/003-revert_iwlwifi_clear_firmware3.patch
+++ b/helpers/DATA/linux-hwe-6.8/003-revert_iwlwifi_clear_firmware3.patch
@ -0,0 +1,13 @@
 reverts https://lore.kernel.org/all/iwlwifi.20211210110539.1f742f0eb58a.I1315f22f6aa632d94ae2069f85e1bca5e734dce0@changeid/
 diff -ru source.orig/drivers/net/wireless/intel/iwlwifi/iwl-drv.c source/drivers/net/wireless/intel/iwlwifi/iwl-drv.c
 --- source.orig/drivers/net/wireless/intel/iwlwifi/iwl-drv.c	2022-05-13 16:10:11.883295769 -0400
 +++ source/drivers/net/wireless/intel/iwlwifi/iwl-drv.c	2022-05-13 20:13:06.568151229 -0400
@@ -1605,7 +1605,6 @@
 	complete(&drv->request_firmware_complete);
 	device_release_driver(drv->trans->dev);
 	/* drv has just been freed by the release */
 -	failure = false;
  free:
 	if (pieces) {
 		for (i = 0; i < ARRAY_SIZE(pieces->img); i++)
--- a/helpers/DATA/linux-hwe-6.8/004-enable_blobless_activation_radeon.patch
+++ b/helpers/DATA/linux-hwe-6.8/004-enable_blobless_activation_radeon.patch
@ -0,0 +1,227 @@
 Based on https://libreplanet.org/wiki/Group:Hardware/research/gpu/radeon
 diff -ru a/drivers/gpu/drm/radeon/btc_dpm.c b/drivers/gpu/drm/radeon/btc_dpm.c
 --- a/drivers/gpu/drm/radeon/btc_dpm.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/btc_dpm.c	2023-02-13 15:50:41.218608376 -0500
@@ -2437,7 +2437,6 @@
 	ret = rv770_upload_firmware(rdev);
 	if (ret) {
 		DRM_ERROR("rv770_upload_firmware failed\n");
 -		return ret;
 	}
 	ret = cypress_get_table_locations(rdev);
 	if (ret) {
 diff -ru a/drivers/gpu/drm/radeon/ci_dpm.c b/drivers/gpu/drm/radeon/ci_dpm.c
 --- a/drivers/gpu/drm/radeon/ci_dpm.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/ci_dpm.c	2023-02-13 15:53:38.591724496 -0500
@@ -5157,7 +5157,6 @@
 	ret = ci_upload_firmware(rdev);
 	if (ret) {
 		DRM_ERROR("ci_upload_firmware failed\n");
 -		return ret;
 	}
 	ret = ci_process_firmware_header(rdev);
 	if (ret) {
 diff -ru a/drivers/gpu/drm/radeon/cik.c b/drivers/gpu/drm/radeon/cik.c
 --- a/drivers/gpu/drm/radeon/cik.c	2023-02-13 15:21:35.174999782 -0500
 +++ b/drivers/gpu/drm/radeon/cik.c	2023-02-13 15:47:37.149601121 -0500
@@ -8285,7 +8285,6 @@
 		r = ci_mc_load_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load MC firmware!\n");
 -			return r;
 		}
 	}
@@ -8591,7 +8590,6 @@
 			r = cik_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	} else {
@@ -8601,7 +8599,6 @@
 			r = cik_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	}
@@ -8668,7 +8665,6 @@
 	 */
 	if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
 		DRM_ERROR("radeon: MC ucode required for NI+.\n");
 -		return -EINVAL;
 	}
 	return 0;
 diff -ru a/drivers/gpu/drm/radeon/cypress_dpm.c b/drivers/gpu/drm/radeon/cypress_dpm.c
 --- a/drivers/gpu/drm/radeon/cypress_dpm.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/cypress_dpm.c	2023-02-13 15:50:25.130869935 -0500
@@ -1862,7 +1862,6 @@
 	ret = rv770_upload_firmware(rdev);
 	if (ret) {
 		DRM_ERROR("rv770_upload_firmware failed\n");
 -		return ret;
 	}
 	ret = cypress_get_table_locations(rdev);
 diff -ru a/drivers/gpu/drm/radeon/evergreen.c b/drivers/gpu/drm/radeon/evergreen.c
 --- a/drivers/gpu/drm/radeon/evergreen.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/evergreen.c	2023-02-13 15:47:50.457384749 -0500
@@ -5018,7 +5018,6 @@
 		r = ni_mc_load_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load MC firmware!\n");
 -			return r;
 		}
 	}
@@ -5235,7 +5234,6 @@
 			r = ni_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	} else {
@@ -5243,7 +5241,6 @@
 			r = r600_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	}
@@ -5289,7 +5286,6 @@
 	if (ASIC_IS_DCE5(rdev)) {
 		if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
 			DRM_ERROR("radeon: MC ucode required for NI+.\n");
 -			return -EINVAL;
 		}
 	}
 diff -ru a/drivers/gpu/drm/radeon/ni.c b/drivers/gpu/drm/radeon/ni.c
 --- a/drivers/gpu/drm/radeon/ni.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/ni.c	2023-02-13 15:46:45.402442454 -0500
@@ -2163,7 +2163,6 @@
 		r = ni_mc_load_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load MC firmware!\n");
 -			return r;
 		}
 	}
@@ -2390,7 +2389,6 @@
 			r = ni_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	} else {
@@ -2398,7 +2396,6 @@
 			r = ni_init_microcode(rdev);
 			if (r) {
 				DRM_ERROR("Failed to load firmware!\n");
 -				return r;
 			}
 		}
 	}
@@ -2453,7 +2450,6 @@
 	 */
 	if (!rdev->mc_fw && !(rdev->flags & RADEON_IS_IGP)) {
 		DRM_ERROR("radeon: MC ucode required for NI+.\n");
 -		return -EINVAL;
 	}
 	return 0;
 diff -ru a/drivers/gpu/drm/radeon/r100.c b/drivers/gpu/drm/radeon/r100.c
 --- a/drivers/gpu/drm/radeon/r100.c	2023-02-13 15:21:35.174999782 -0500
 +++ b/drivers/gpu/drm/radeon/r100.c	2023-02-13 15:49:15.548001277 -0500
@@ -1134,7 +1134,6 @@
 		r = r100_cp_init_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load firmware!\n");
 -			return r;
 		}
 	}
 diff -ru a/drivers/gpu/drm/radeon/r600.c b/drivers/gpu/drm/radeon/r600.c
 --- a/drivers/gpu/drm/radeon/r600.c	2023-02-13 15:21:35.174999782 -0500
 +++ b/drivers/gpu/drm/radeon/r600.c	2023-02-13 15:46:07.291062125 -0500
@@ -3299,7 +3299,6 @@
 		r = r600_init_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load firmware!\n");
 -			return r;
 		}
 	}
 diff -ru a/drivers/gpu/drm/radeon/rv770.c b/drivers/gpu/drm/radeon/rv770.c
 --- a/drivers/gpu/drm/radeon/rv770.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/rv770.c	2023-02-13 15:26:54.385808292 -0500
@@ -1966,7 +1966,6 @@
 		r = r600_init_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load firmware!\n");
 -			return r;
 		}
 	}
 diff -ru a/drivers/gpu/drm/radeon/rv770_dpm.c b/drivers/gpu/drm/radeon/rv770_dpm.c
 --- a/drivers/gpu/drm/radeon/rv770_dpm.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/rv770_dpm.c	2023-02-13 15:50:13.591057564 -0500
@@ -1948,12 +1948,10 @@
 	ret = rv770_upload_firmware(rdev);
 	if (ret) {
 		DRM_ERROR("rv770_upload_firmware failed\n");
 -		return ret;
 	}
 	ret = rv770_init_smc_table(rdev, boot_ps);
 	if (ret) {
 		DRM_ERROR("rv770_init_smc_table failed\n");
 -		return ret;
 	}
 	rv770_program_response_times(rdev);
 diff -ru a/drivers/gpu/drm/radeon/si.c b/drivers/gpu/drm/radeon/si.c
 --- a/drivers/gpu/drm/radeon/si.c	2023-02-13 15:21:35.178999717 -0500
 +++ b/drivers/gpu/drm/radeon/si.c	2023-02-13 15:47:00.042204445 -0500
@@ -6619,7 +6619,6 @@
 		r = si_mc_load_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load MC firmware!\n");
 -			return r;
 		}
 	}
@@ -6867,7 +6866,6 @@
 		r = si_init_microcode(rdev);
 		if (r) {
 			DRM_ERROR("Failed to load firmware!\n");
 -			return r;
 		}
 	}
@@ -6926,7 +6924,6 @@
 	 */
 	if (!rdev->mc_fw) {
 		DRM_ERROR("radeon: MC ucode required for NI+.\n");
 -		return -EINVAL;
 	}
 	return 0;
 diff -ru a/drivers/gpu/drm/radeon/si_dpm.c b/drivers/gpu/drm/radeon/si_dpm.c
 --- a/drivers/gpu/drm/radeon/si_dpm.c	2021-10-31 16:53:10.000000000 -0400
 +++ b/drivers/gpu/drm/radeon/si_dpm.c	2023-02-13 15:53:00.844338238 -0500
@@ -6366,7 +6366,6 @@
 	ret = si_upload_firmware(rdev);
 	if (ret) {
 		DRM_ERROR("si_upload_firmware failed\n");
 -		return ret;
 	}
 	ret = si_process_firmware_header(rdev);
 	if (ret) {
--- a/helpers/DATA/linux-hwe-6.8/005-removal_of_external_recommendation_for_firmware.patch
+++ b/helpers/DATA/linux-hwe-6.8/005-removal_of_external_recommendation_for_firmware.patch
@ -0,0 +1,29 @@
 Removal of references to external repositories we can't manage what kind of firmware is pointed to.
 The only firmware we can confirm to work with is the one contained on the packge source code.
 diff --git a/drivers/net/wireless/atmel/at76c50x-usb.c b/drivers/net/wireless/atmel/at76c50x-usb.c
 index 447b51cf..898b83af 100644
 --- a/drivers/net/wireless/atmel/at76c50x-usb.c
 +++ b/drivers/net/wireless/atmel/at76c50x-usb.c
@@ -1619,8 +1619,6 @@ static struct fwentry *at76_load_firmware(struct usb_device *udev,
 	if (ret < 0) {
 		dev_err(&udev->dev, "firmware %s not found!\n",
 			fwe->fwname);
 -		dev_err(&udev->dev,
 -			"you may need to download the firmware from http://developer.berlios.de/projects/at76c503a/\n");
 		goto exit;
 	}
 diff --git a/sound/soc/sof/topology.c b/sound/soc/sof/topology.c
 index f3b50528..1860f2b7 100644
 --- a/sound/soc/sof/topology.c
 +++ b/sound/soc/sof/topology.c
@@ -2445,8 +2445,6 @@ int snd_sof_load_topology(struct snd_soc_component *scomp, const char *file)
 	if (ret < 0) {
 		dev_err(scomp->dev, "error: tplg request firmware %s failed err: %d\n",
 			file, ret);
 -		dev_err(scomp->dev,
 -			"you may need to download the firmware from https://github.com/thesofproject/sof-bin/\n");
 		return ret;
 	}
--- a/helpers/DATA/linux-hwe-6.8/check.sh
+++ b/helpers/DATA/linux-hwe-6.8/check.sh
@ -0,0 +1,7 @@
 #!/bin/bash
 files=`find -type f`
 while read -r line
 do
    ./deblob-check $line
 done <<< "$files"
--- a/helpers/DATA/linux-hwe-6.8/deblob-6.8
+++ b/helpers/DATA/linux-hwe-6.8/deblob-6.8
--- a/helpers/DATA/linux-hwe-6.8/deblob-check
+++ b/helpers/DATA/linux-hwe-6.8/deblob-check
--- a/helpers/DATA/linux-hwe-6.8/udeb/000-d-i.patch
+++ b/helpers/DATA/linux-hwe-6.8/udeb/000-d-i.patch
@ -0,0 +1,61 @@
 diff --git a/debian/rules b/debian/rules
 index 43eae8d5..c81721bc 100755
 --- a/debian/rules
 +++ b/debian/rules
@@ -136,11 +136,18 @@ clean: debian/control debian/canonical-certs.pem debian/canonical-revoked-certs.
 	dh_testroot
 	dh_clean
 +	# d-i stuff
 +	rm -rf $(DEBIAN)/d-i-$(arch)
 +	# Generated on the fly.
 +	rm -f $(DEBIAN)/d-i/firmware/$(arch)/kernel-image
 +
 	# normal build junk
 	rm -rf $(DEBIAN)/abi
 	rm -rf $(builddir) $(stampdir)
 	rm -rf debian/linux-*/
 +	# This gets rid of the d-i packages in control
 +	cp -f $(DEBIAN)/control.stub $(DROOT)/control
 	cp $(DEBIAN)/changelog debian/changelog
 	# Install the copyright information.
@@ -213,7 +221,14 @@ $(DEBIAN)/control.stub: 				\
 .PHONY: debian/control
 debian/control: $(DEBIAN)/control.stub
 +	echo "# placebo control.stub for kernel-wedge flow change" >debian/control.stub
 	cp $(DEBIAN)/control.stub debian/control
 +	# append udeb packages
 +	export KW_DEFCONFIG_DIR=$(DEBIAN)/d-i && \
 +	export KW_CONFIG_DIR=$(DEBIAN)/d-i && \
 +	LANG=C kernel-wedge gen-control $(release)-$(abinum) | \
 +		grep-dctrl -FArchitecture $(arch) \
 +		>>$(CURDIR)/debian/control
 debian/canonical-certs.pem: $(wildcard $(DROOT)/certs/*-all.pem) $(wildcard $(DROOT)/certs/*-$(arch).pem) $(wildcard $(DEBIAN)/certs/*-all.pem) $(wildcard $(DEBIAN)/certs/*-$(arch).pem)
 	for cert in $(sort $(notdir $^));					\
 diff --git a/debian/rules.d/2-binary-arch.mk b/debian/rules.d/2-binary-arch.mk
 index fe66f8a0..e934f797 100644
 --- a/debian/rules.d/2-binary-arch.mk
 +++ b/debian/rules.d/2-binary-arch.mk
@@ -145,10 +145,14 @@ endif
 	install -m600 $(builddir)/build-$*/System.map \
 		$(pkgdir)/boot/System.map-$(abi_release)-$*
 -ifeq ($(do_dtbs),true)
 -	$(kmake) O=$(builddir)/build-$* $(conc_level) dtbs_install \
 -		INSTALL_DTBS_PATH=$(pkgdir)/lib/firmware/$(abi_release)-$*/device-tree
 -endif
 +	if [ "$(filter true,$(do_dtbs))" ]; then \
 +		$(kmake) O=$(builddir)/build-$* $(conc_level) dtbs_install \
 +			INSTALL_DTBS_PATH=$(pkgdir)/lib/firmware/$(abi_release)-$*/device-tree; \
 +		( cd $(pkgdir)/lib/firmware/$(abi_release)-$*/ && find device-tree -print ) | \
 +		while read dtb_file; do \
 +			echo "$$dtb_file ?" >> $(DEBIAN)/d-i/firmware/$(arch)/kernel-image; \
 +		done; \
 +	fi
 ifeq ($(no_dumpfile),)
 	makedumpfile -g $(pkgdir)/boot/vmcoreinfo-$(abi_release)-$* \
--- a/helpers/DATA/linux-hwe-6.8/udeb/001-disable_zstd_module_compression.patch
+++ b/helpers/DATA/linux-hwe-6.8/udeb/001-disable_zstd_module_compression.patch
@ -0,0 +1,20 @@
 Debian doesn't use zstd compression for kernel modules by default, and
 kernel-wedge does not currently support this compression. It is recommended
 to continue using XZ compression to maintain compatibility with udeb
 packages in Trisquel, at least while this changes.
 diff --git a/debian/rules.d/0-common-vars.mk b/debian/rules.d/0-common-vars.mk
 index d832106b..4afdd290 100644
 --- a/debian/rules.d/0-common-vars.mk
 +++ b/debian/rules.d/0-common-vars.mk
@@ -154,6 +154,10 @@ do_zstd_ko=true
 ifeq ($(series),jammy)
 do_zstd_ko=
 endif
 +# Trisquel use udebs, so it disable zstd by default.
 +ifeq (yes,$(shell dpkg-vendor --is Trisquel && echo yes))
 +do_zstd_ko=
 +endif
 # Support parallel=<n> in DEB_BUILD_OPTIONS (see #209008)
 #
--- a/helpers/DATA/linux-hwe-6.8/udeb/5-udebs.mk
+++ b/helpers/DATA/linux-hwe-6.8/udeb/5-udebs.mk
@ -6,7 +6,7 @@ ifeq ($(disable_d_i),)
 		do-binary-udebs
 endif
-do-binary-udebs: linux_udeb_name=$(shell if echo $(src_pkg_name)|egrep -q '(linux-lts|linux-hwe)'; then echo $(src_pkg_name); else echo linux; fi)
+do-binary-udebs: linux_udeb_name=$(shell if echo $(src_pkg_name)|egrep -q '(linux-lts|linux-hwe|linux-[0-9]+\.[0-9]+)'; then echo $(src_pkg_name); else echo linux; fi)
 do-binary-udebs: debian/control
 	@echo Debug: $@
 	dh_testdir
--- a/helpers/DATA/linux-hwe-6.8/udeb/d-i/firmware/README.txt
+++ b/helpers/DATA/linux-hwe-6.8/udeb/d-i/firmware/README.txt
--- a/Show more
+++ b/Show more
Author	SHA1	Message	Date
Luis Guzmán	f6dec89128	yt-dlp: fix license table for parsing properly.	2025-09-25 15:05:43 -06:00
Ark74	7cfab2b6b1	libmateweather: update patch.	2025-09-24 16:53:58 -06:00
Luis Guzmán	4309bbb18c	firefox: set higher priority than chromium based ones	2025-09-22 13:43:27 -06:00
Ark74	a18b9a93cc	libmateweather: update default server uri.	2025-09-20 20:06:17 -06:00
Ark74	d61e03b0a2	hplip: add trisquel distro-name definition for hplip tools.	2025-09-15 15:38:44 -06:00
Luis Guzmán	1084ad3d7d	firefox: update for v143 and remove conflict on sponsors reference.	2025-09-13 01:51:27 -06:00
Luis Guzmán	939adc704b	firefox: publish 142 build, disable Sponsored Checkboxes	2025-08-31 01:04:53 -06:00
Luis Guzmán	765b4d5059	firefox: publish 142 build, disable Sponsored Checkboxes	2025-08-31 00:56:15 -06:00
Luis Guzmán	c8a2a75e3a	yt-dlp: update integration with abrowser patch.	2025-08-28 08:10:55 -06:00
Ark74	472b6928a5	icecat: adding trisquel binaries.	2025-08-20 15:24:50 -06:00
Luis Guzmán	813a6be87b	minetest: backporting ecne's release to fix CVE-2022-35978 and many others	2025-08-20 10:57:55 -06:00
Luis Guzmán	ce7eb58666	yt-dlp: update upstream keyring	2025-08-12 16:33:11 -06:00
Ark74	9147ba0080	videomass,vidtuber: fix dependencies on upstream package.	2025-07-30 12:18:08 -06:00
Luis Guzmán	b3e9560864	videomass: fix update python3-request dependencies.	2025-07-22 19:10:30 -06:00
Ark74	be0ad5a911	vidtuber: add simple yt-dlp GUI frontend.	2025-07-22 19:06:06 -06:00
Luis Guzmán	1e6aa228d5	firefox: patch external links for addons & update gnuzilla addon url	2025-07-09 04:26:28 -06:00
Luis Guzman	98fa1b2279	firefox: restore upstream release available for v140	2025-06-24 18:51:21 +00:00
Ark74	cb785f108d	yt-dlp: enable abrowser to use 'cookies-from-browser' feature	2025-06-21 00:44:09 -06:00
Luis Guzmán	f7c9a74b92	python-apt: mirrors update bump.	2025-06-19 21:32:54 -06:00
Luis Guzmán	af678e2b2b	firefox: prepare package changes for v139	2025-06-19 15:23:08 -06:00
Luis Guzmán	b6b5bf299f	rustc-1.82: manually backported rustc-1.82 for latest abrowser builds	2025-06-19 15:17:38 -06:00
Luis Guzman	73229c9749	libgit2: backport for newer abrowser releases	2025-06-19 21:03:27 +00:00
Luis Guzmán	1aab15ff3a	dh-cargo: backport for newer abrowser releases	2025-06-19 15:01:55 -06:00
Luis Guzmán	af31af9d45	cron: remove build until direction.	2025-06-17 00:39:36 -06:00
Jacob K	94fcd284a3	cron: correct copyright on crontab2english.pl (fixes TPH # 199)	2025-06-17 00:14:21 -06:00
Ark74	492256dd6f	misc: clean unused component on src line	2025-06-14 16:00:02 -06:00
Luis Guzmán	bf25cfe3ce	config: add start info for package helpers	2025-06-12 18:55:15 -06:00
Ark74	692365065d	update-manager: update patch to remove pro	2025-06-12 02:32:00 -06:00
Ark74	d62d4dd516	llvm-toolchain-19: restore armhf rt runtime.	2025-06-07 01:22:52 -06:00
Ark74	c7b19a492f	config: add apply_patch_changes function	2025-06-02 23:03:59 -06:00
Luis Guzmán	d703c69384	debconf-kde: fix TPH #212 , pass home to prevent requests.	2025-06-02 19:14:08 -06:00
Luis Guzmán	c175b38d84	apparmor: upate apparmor profile	2025-05-31 17:31:18 -06:00
Luis Guzmán	2e58fef9fd	llvm-toolchain-19: backported for latest abrowser updates	2025-05-29 02:06:37 -06:00
Luis Guzmán	c82672e89a	weechat: backport fixed security release	2025-05-27 06:16:07 -06:00
Luis Guzmán	c223536ed0	misc: rename issue template	2025-05-14 17:55:29 +00:00
Ark74	3db09bbd0b	misc: add issue template for bug report	2025-05-14 11:16:56 -06:00
Ark74	ed0d32e790	osinfo-db: improve trisquel derivation from earlier releases.	2025-04-29 04:47:29 -06:00
Luis Guzmán	e48d27b4e7	gnupg2: lower dependency of gpg-wks-server from desktop environment	2025-04-28 21:18:36 +00:00
Luis Guzman	603d8b7c64	openssh: bump security update 0.13	2025-04-27 19:58:03 +00:00
Ark74	42232b0f1c	linux-hwe-6.8: update deblob-check for 6.8	2025-04-24 14:28:59 -06:00
Luis Guzmán	20ee3b87b8	thunderbird: update patch set for v128.9	2025-04-12 17:59:39 +00:00
Ark74	8adb9c62f5	expat: actually bump helper version	2025-04-08 17:31:35 -06:00
Ark74	6e5124d605	expat: bump version to trigger update	2025-04-08 16:33:27 -06:00
Luis Guzmán	aa1bb83ff3	firefox: prepare 136 release and strength privacy	2025-04-05 06:14:56 +00:00
Ark74	90fef7b990	linux-hwe-6.8: update deblob-check tools.	2025-04-04 10:16:57 -06:00
Ark74	b3799f8366	linux-hwe-6.8: update silent patch for 57.59	2025-04-04 00:08:26 -06:00
Ark74	96d3253765	linux-hwe-6.8: removal of references to external sources for firmware	2025-04-02 03:32:16 -06:00
Ark74	96cf108af6	linux: removal of references to external sources for firmware	2025-04-02 03:22:16 -06:00
Luis Guzmán	e7ae52a1ea	config: add finish timestamp	2025-03-28 11:04:31 +00:00
Jacob K	1be49b69d4	apparmor-profiles-extra: fix screen reader in pidgin (issue #198 )	2025-03-05 21:19:11 +00:00
Luis Guzman	4e2896e48c	firefox: update patches for current release.	2025-02-25 06:07:35 +00:00
Ark74	06a3cb2c23	0ad{,-data}: backport version 0.27 for aramo	2025-02-24 15:53:34 -06:00
Luis Guzmán	2281936bd8	firefox: fix build for 135 update	2025-02-24 07:06:37 +00:00
Luis Guzman	f102d4c04e	openssh: bump security update 0.11	2025-02-18 20:08:38 +00:00
Ark74	d602065589	nano: bump security update 0.1	2025-02-17 21:04:49 -06:00
Ark74	5412a1bae7	expat: bump security update 0.5	2025-02-17 20:55:13 -06:00
Ark74	913bb5a75d	python-apt,choose-mirror: mirrors list update 02-2025	2025-02-01 06:02:41 +00:00
Ark74	bc2827457c	firefox: disable hover preview tab as privacy settings maintenance.	2025-01-25 00:48:01 +00:00
Luis Guzman	8380da6089	firefox: test 134 version	2025-01-18 05:59:53 +00:00
Luis Guzmán	7ed3fcbcff	qt6-webengine: make sure to disable safe_browsing_mode by default.	2025-01-16 23:44:54 +00:00
Ark74	e1d249923d	qtwebengine-opensource-src: update removal list, fixes TPH:#196	2025-01-15 00:26:35 +00:00
Ark74	c499caf3a4	qt6-webengine: add helper to remove non-free and prebuilt binaries	2025-01-14 14:39:17 -06:00
Luis Guzmán	9572d7031a	yt-dlp: add missing repokey	2025-01-14 17:52:55 +00:00
Luis Guzmán	43f99b854e	yt-dlp: add latest stable upstream and remove explicit site listing	2025-01-14 17:38:49 +00:00
Luis Guzmán	c308416eb2	linux-hwe-6.8: update 001-disable_zstd_module_compression.patch	2025-01-13 04:48:15 +00:00
Luis Guzmán	2d72e52681	thuderbird: prepare icedove release v128	2025-01-10 14:11:28 +00:00
Luis Guzmán	42344a8d22	linux-hwe-6.8: restore udebs for latest linux-hwe-6.8 release	2025-01-09 21:19:33 +00:00
Ark74	c55c8bf080	python-apt: promote https sites by default on mirmon option	2025-01-07 22:32:41 -06:00
Ark74	46d5e40e51	python-apt: add option to parse Mastermirror list for mirmon format.	2025-01-06 15:25:47 -06:00
Ark74	37d28150c3	config: upgrade discover dpkg-vendor or distro-related behaviors	2025-01-03 14:55:22 -06:00
Luis Guzmán	22b7d58dad	linux-hwe-6.5: restore udebs for latest linux-hwe-6.5 release.	2025-01-03 07:28:46 +00:00
Luis Guzmán	04b7fe41f7	config: add old kernel build capability for development	2025-01-01 08:12:47 +00:00
Luis Guzmán	60b1c33a70	firefox: final changes to fix trisquel's search engine icons.	2024-12-27 17:10:39 +00:00
Luis Guzmán	6b8c0b5c38	linux-hwe-6.8: tweak deblob-check for upstream update.	2024-12-24 16:36:03 +00:00
Luis Guzman	905d792784	linux: update cleaning linux tools for 5.15-130	2024-12-20 08:08:38 +00:00
Luis Guzmán	68b179b512	firefox: test firefox v133 release	2024-12-17 23:46:39 +00:00
Luis Guzmán	2cc2eaa5e0	llvm-toolchain-18: backport as dependency for icedove 128	2024-12-13 10:00:15 +00:00
Luis Guzmán	c3ad925bce	atril: add custom apparmor profile for atril	2024-12-06 15:40:29 +00:00
Ark74	dc5da8840f	debian-installer: no change, bump to rebuild against latest choose-mirror.	2024-12-04 20:05:06 -06:00
Luis Guzmán	ad12eaf56a	python-apt: use git Mirrors.masterlist as main source	2024-12-05 00:06:06 +00:00
Luis Guzmán	c20840005e	choose-mirror: use git Mirrors.masterlist source.	2024-12-05 00:00:34 +00:00
Luis Guzmán	9b803b2d03	firefox: use v132.0.2 for some maintenance work.	2024-11-16 18:27:56 +00:00
Luis Guzman	94cb4fd000	evince: fix apparmor profile for Trisquel Mini	2024-11-10 07:34:17 +00:00
Luis Guzmán	b640585ac8	distro-info-data: add test data for ecne / noble.	2024-11-10 06:22:28 +00:00
Luis Guzmán	57e5ef19ba	firefox: add lost comment on patch 005_apply_custom_urls.patch	2024-11-08 15:56:42 +00:00
Luis Guzmán	20a25ce6d3	firefox: update for 132 release.	2024-11-08 04:08:49 +00:00
Luis Guzman	9d85d5a76d	linux-hwe-6.8: update deblob-check for upstream included drivers on 6.8	2024-11-04 23:43:07 +00:00
Luis Guzmán	c7d80f569a	python-apt: november update for repositories.	2024-11-01 10:34:45 +00:00
Luis Guzman	dda0d24f45	greybird-gtk-theme: update focused deprecated pseudo-class	2024-10-30 04:27:18 -06:00
Luis Guzmán	dbda85fde6	guix: add patches to fix guix#73919.	2024-10-23 15:31:17 +00:00
Luis Guzmán	1e8d358cbf	config: add note when dpkg-vendor is present in debian/rules	2024-10-18 02:43:56 +00:00
Luis Guzmán	b294eb5ae9	firefox: prepare security 131.0.2 release	2024-10-15 12:16:11 +00:00
dinomug	8aee9943a1	yyjson: backport from debian trixie as fastfetch dependency	2024-10-10 21:16:41 +00:00
Luis Guzmán	44b98eef40	pkg-kde-tools: add patch for all policy.mk files.	2024-10-04 06:49:12 +00:00
Luis Guzman	e36e53d60b	umbrello: remove deprecated changes on control file.	2024-10-04 05:44:12 +00:00
Luis Guzman	d61583cbf2	pkg-kde-tools: add Trisquel as valid Maintainer at pkg-kde-tools.	2024-10-04 05:38:43 +00:00
Luis Guzman	869d519689	python-apt: fix version FULLVERSION value	2024-10-01 21:27:44 +00:00
Luis Guzmán	32646fde69	python-apt: update mirrors October 2024	2024-10-01 21:17:46 +00:00
Luis Guzmán	26b0e44d7d	firefox: prepare v130.0.1 release	2024-10-01 07:27:28 +00:00
Ark74	4c7f4310c5	linux-hwe-6.8: update silent patch.	2024-09-20 15:21:44 -06:00
Luis Guzmán	f05eeee8e4	linux-meta-hwe-6.8: restore improved version.	2024-09-19 04:29:38 +00:00
Luis Guzman	80f5ab8fd7	linux-meta-hwe-6.8: add meta package for linux-hwe-6.8	2024-09-19 04:09:43 +00:00
Luis Guzmán	c0320163fe	linux-hwe-6.8: fix hwe definition and changelog version.	2024-09-18 18:26:56 +00:00
Ark74	bd4bcea380	expat: bump version for ubuntu0.4 release	2024-09-17 20:21:14 -06:00
Luis Guzmán	f24da921d2	nextcloud-desktop: backport packages required for v3.14	2024-09-16 15:11:46 +00:00
Luis Guzman	7b3f63da19	linux: update linux-libre tools and silent patch for 5.15-121	2024-09-15 20:13:11 +00:00
Ark74	8deec99563	linux-meta-hwe-6.8: add meta helper for hwe 6.8	2024-09-15 11:04:51 -06:00
Luis Guzman	d2239ec76a	linux-hwe-6.8: add hwe 6.8 for aramo.	2024-09-15 06:13:46 +00:00
Luis Guzmán	07803be7f6	nextcloud-desktop: remove custom patches now applied upstream.	2024-09-14 20:40:33 +00:00
Luis Guzman	5bab20d013	update-manager: update patches and match newer release.	2024-09-14 16:27:10 +00:00
Luis Guzmán	226526fcbc	nextcloud-desktop: backport fix for #7026 bug	2024-09-12 21:34:17 +00:00
Luis Guzmán	b5a0d8260a	debootstrap: add Ecne script	2024-09-12 05:41:00 +00:00
Ark74	9565068877	gnome-software: update remove snap & fwup patch.	2024-09-11 02:50:22 -06:00
Luis Guzmán	95edfb114a	gnome-software: remove fwup and snap support from gnome-software.	2024-09-11 02:15:27 -06:00
Luis Guzmán	05320ef185	firefox: 129.0.2 ; apply last patch before migrate to search-config-v2	2024-08-26 04:12:05 +00:00
Luis Guzmán	1374485dfd	software-properties: make software-properties-qt visible with custom icon.	2024-08-17 22:08:59 +00:00
Luis Guzman	e34bb8fb39	nheko: backport newer release to improve matrix support on aramo.	2024-08-12 22:15:01 +00:00
Luis Guzmán	ff9bd1d520	gnome-boxes: add support for trisquel logo from osinfo-db.	2024-08-06 01:37:07 +00:00
Ark74	1cbeb6452b	osinfo-db: update osinfo with ecne's release.	2024-08-05 19:08:53 -06:00
Luis Guzmán	7553ea11aa	config: add option to set security component on helper.	2024-07-24 16:09:49 +00:00
Luis Guzmán	969774c9c4	guix: upgrade version from FTBFS + add missing CVE-2024-27297 fix via helper.	2024-07-23 00:40:52 +00:00
Luis Guzmán	47e7a17a54	linux-hwe-6.5: update deblob-check to match 6.5 changes.	2024-07-20 06:42:06 +00:00
Luis Guzman	6f60f2801c	firefox: roll back old serach-config and update privacy settings.	2024-07-19 16:45:34 +00:00
Luis Guzman	876aa59124	config: add rollback patch function	2024-07-19 15:57:28 +00:00
Luis Guzmán	8af4bc9c9a	firefox: update strict patch for v128	2024-07-11 05:39:01 +00:00
Luis Guzmán	eed30ae01c	virtnbdbackup: drop target specific python3 version instead use generic v3 one.	2024-07-10 08:09:33 +00:00
Luis Guzman	057509e640	openssh: bump ssh version.	2024-07-01 18:18:14 +00:00
Luis Guzmán	c57af22e38	firefox: update and test changes for v127	2024-06-27 17:47:01 +00:00
Luis Guzman	84a1f3e553	rust-1.76: backported as dependency for abrowser.	2024-06-27 05:52:33 +00:00
Luis Guzmán	6df130993b	ubuntu-themes: improve branding logos replacement.	2024-06-21 05:13:51 +00:00
Luis Guzmán	814669556e	linux-hwe-6.5: update s-a-f patch for rev_41.41	2024-06-19 23:27:30 +00:00
Luis Guzman	3e89d26e3d	make-linux: update linux-libre deblob-check.	2024-06-07 06:49:10 +00:00
Ark74	df85682d15	config: add function to simplify patch application.	2024-06-05 10:40:06 -06:00
Ark74	b440107ea3	misc: bump version to apply latest fixes.	2024-06-04 19:05:11 -06:00
Luis Guzman	c03ed2178d	notmuch: backport fixes via debian-backports	2024-05-30 17:49:52 +00:00
Ark74	2dc0f8da09	python-apt: add freedif.org mirror (Singapore).	2024-05-20 01:34:40 -06:00
Ark74	7d1e8b0f4b	usb-creator: add german l10n update, thanks knife.	2024-05-18 04:54:01 -06:00
Luis Guzman	3a4c59b33d	linux{,hwe-6.5}: update hwe kernel dmks removal.	2024-05-18 05:14:29 +00:00
Luis Guzmán	f6c8d0a1f7	software-properties: update l10n german strings, thanks knife.	2024-05-18 03:27:34 +00:00
Ark74	59dce80f42	linux{,hwe-6.5}: fix disable dkms modules with external sources.	2024-05-17 14:14:01 -06:00
Luis Guzmán	088da83a52	update-manager: add german l10n, thanks knife.	2024-05-12 17:52:10 +00:00
Luis Guzmán	7921aef7ec	update-manager: add german l10n, thanks knife.	2024-05-12 14:45:11 +00:00
Luis Guzmán	ae058aaab1	greybird-gtk-theme: fix caja selected elements on inactive panel at list view	2024-05-10 06:35:28 +00:00
Luis Guzmán	59c07048d4	misc: restore libxnvctrl for nvidia hardware detection	2024-05-09 19:20:45 +00:00
Luis Guzman	d815cecda4	firefox: update helper and patches for v126	2024-05-09 07:26:36 +00:00
Luis Guzmán	5f44eef626	config: add echo comment to easily identify sed_csum errors.	2024-05-08 19:05:39 +00:00
Ark74	036ae24511	python-virtualenv: remove python3-pip as dependency from virtualenv.	2024-05-03 19:18:58 -06:00
Luis Guzmán	cf01842269	dino-im: apply CVE-2023-28686 missing upstream	2024-05-04 00:06:49 +00:00
Ark74	cb72766b55	nvidia-settings: bump version to apply helper.	2024-05-02 00:22:47 -06:00
Ark74	f8835acec0	deboostrap: backport latest debootstrap for ecne support.	2024-05-01 01:17:51 -06:00
Luis Guzmán	ef906f1bfa	pupnp: update backport helper to match dpkg version.	2024-04-30 05:14:49 +00:00
Luis Guzmán	e45548320a	ubuntu-release-upgrader: actually upgrade version number	2024-04-26 01:07:05 +00:00
Luis Guzmán	580e426c0f	ubuntu-release-upgrader: remove expired mirror.	2024-04-25 22:32:29 +00:00
Ark74	f0842c0799	base-files: update point release for new iso set.	2024-04-25 21:15:18 +00:00
Luis Guzmán	8dde32e79b	libreoffice: update max libreoffice jobs for amd64.	2024-04-19 06:15:23 +00:00
Ark74	50e421142d	nvidia-settings: remove pointer to external repository.	2024-04-17 13:28:59 -06:00
Luis Guzmán	d0e8271cbb	opendmarc: rebuild to introduce missing armhf package in aramo repository	2024-04-15 18:42:18 +00:00
Luis Guzmán	76393fb349	update-manager: rollback uaclient.api.u.pro usage	2024-04-15 18:41:19 +00:00
Luis Guzmán	56bf7aedfd	linux-meta: remove wireguard load on meta package.	2024-04-10 14:33:05 +00:00
Luis Guzmán	f1139c25b7	linux-hwe-6.5: sync base helper for linux and linux-hwe	2024-04-10 06:03:01 +00:00
Luis Guzman	2e68bebf50	firefox: update checksum for v125.	2024-04-09 18:10:30 +00:00
Luis Guzmán	dcc7af2408	linux: merge linux/linux-hwe helpers for both.	2024-04-09 08:18:23 +00:00
Luis Guzmán	63ffabcd4a	firefox: set widget.gtk.libadwaita-colors.enabled to false.	2024-04-04 21:46:57 +00:00