Macintosh-SW
/
tenfourfox
mirror of https://github.com/classilla/tenfourfox.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of github.com:classilla/tenfourfox

This commit is contained in:
Cameron Kaiser 2021-11-09 10:55:11 -08:00
parent 0da0ec9f95 fe1675378f
commit f98a834454
21 changed files with 4995 additions and 8482 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
104fx_import_esr68_stspreload.pl → 104fx_import_esr91_stspreload.pl
View File

@ -10,7 +10,7 @@ print <<'EOF';
/* nsSiteSecurityService.cpp, you shouldn't be #including it. */
/*****************************************************************************/
/* imported from ESR68 by TenFourFox conversion script */
/* imported from ESR91 by TenFourFox conversion script */
#include <stdint.h>
EOF

4
104fx_upcerts.sh
View File

@ -10,7 +10,7 @@ endif
# if we update NSS, we need to remove that patch (TenFourFox issue 512).
set verbose
set release_url=https://hg.mozilla.org/releases/mozilla-esr78/raw-file/tip/
set release_url=https://hg.mozilla.org/releases/mozilla-esr91/raw-file/tip/
# self test to ensure certificates and encryption methods are correct
curl ${release_url}/config/milestone.txt || exit
@ -18,6 +18,6 @@ curl ${release_url}/config/milestone.txt || exit
curl ${release_url}/security/manager/ssl/StaticHPKPins.h > security/manager/ssl/StaticHPKPins.h
curl ${release_url}/security/nss/lib/ckfw/builtins/certdata.txt > security/nss/lib/ckfw/builtins/certdata.txt
curl ${release_url}/netwerk/dns/effective_tld_names.dat > netwerk/dns/effective_tld_names.dat
curl ${release_url}/security/manager/ssl/nsSTSPreloadList.inc | perl ./104fx_import_esr78_stspreload.pl > security/manager/ssl/nsSTSPreloadList.inc
curl ${release_url}/security/manager/ssl/nsSTSPreloadList.inc | perl ./104fx_import_esr91_stspreload.pl > security/manager/ssl/nsSTSPreloadList.inc
perl ./104fx_import_shavar_cryptominers.pl > caps/shavar-blocklist.h

2
CLOBBER
View File

@ -22,4 +22,4 @@
# changes to stick? As of bug 928195, this shouldn't be necessary! Please
# don't change CLOBBER for WebIDL changes any more.
Merge day clobber
Rolling release

4
README.md
View File

@ -4,9 +4,9 @@ A fork of Firefox to maintain support for the Power Mac, supporting Mac OS X 10.
This project is specifically for Mac OS X 10.4+. If you're looking for a browser for Mac OS 8.6-10.3, look at our sister project, [Classilla](http://www.classilla.org/).
Our Github project site houses our source code, [documentation wiki](https://github.com/classilla/tenfourfox/wiki) and [issues list](https://github.com/classilla/tenfourfox/issues). For downloads and archived versions, visit our [SourceForge download repository](https://sourceforge.net/projects/tenfourfox/files/). **The most current downloads are always linked on [the main TenFourFox home page](http://www.tenfourfox.com/).**
**TenFourFox is a "hobby" project: you build it yourself, with no guarantees on updates, update frequency, security or stability.** Our Github project site houses our source code, [documentation wiki](https://github.com/classilla/tenfourfox/wiki) with complete build instructions, and [the current worklist](https://github.com/classilla/tenfourfox/issues). For archived downloads, language packs and contributed tools, visit our [SourceForge download repository](https://sourceforge.net/projects/tenfourfox/files/). **There is no support for any version of TenFourFox.** The current update source is Firefox 91ESR.
**If you are an end-user, or otherwise not an official contributor, do _not_ file issues on Github.** Please visit [our Tenderapp support site](http://tenfourfox.tenderapp.com/) and one of our helpful volunteers will assist. Issues opened by end users may be closed as invalid if they have not been adequately vetted.
**If you file a Github issue without a patch, or without declaring your intention to file a pull request addressing that issue, it may be summarily closed or deleted at the maintainer's sole discretion.** The issue list is an active worklist, and if no work will occur on an issue, even if the issue is real and verifiable, it will be closed. There are lots of acknowledged deficiencies in TenFourFox and not everyone is going to prioritize a deficiency the way you might. If you are not willing or able to fix your most important issues yourself, you may not want to use this browser.
The `wiki/` branch contains old documentation and release notes from our former Google Code wiki. They are no longer updated or maintained. Take care as links in those documents have probably rotted.

1
browser/components/preferences/in-content/tenfourfox.js
View File

@ -70,6 +70,7 @@ var gTenFourFoxPane = {
"fx60" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:60.0) Gecko/20100101 Firefox/60.0",
"fx68" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:68.0) Gecko/20100101 Firefox/68.0",
"fx78" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:78.0) Gecko/20100101 Firefox/78.0",
"fx91" : "Mozilla/5.0 (Macintosh; Intel Mac OS X 12.0; rv:91.0) Gecko/20100101 Firefox/91.0",
"classilla" : "NokiaN90-1/3.0545.5.1 Series60/2.8 Profile/MIDP-2.0 Configuration/CLDC-1.1 (en-US; rv:9.3.3) Clecko/20141026 Classilla/CFM",
"ie8" : "Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)",
"ie11" : "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko",

1
browser/components/preferences/in-content/tenfourfox.xul
View File

@ -66,6 +66,7 @@
preference="tenfourfox.ua.template">
<menupopup>
<menuitem label="&TFFuserAgent.default;" value=""/>
<menuitem label="Firefox 91ESR (Intel)" value="fx91"/>
<menuitem label="Firefox 78ESR (Intel)" value="fx78"/>
<menuitem label="Firefox 68ESR (Intel)" value="fx68"/>
<menuitem label="Firefox 60ESR (Intel)" value="fx60"/>

1
browser/components/preferences/tenfourfox-ssua.xul
View File

@ -63,6 +63,7 @@
oncommand="gTenFourFoxSSUAManager.fillUA(event.target);">
<menupopup>
<menuitem label="" value=""/>
<menuitem label="Firefox 91ESR (Intel)" value="fx91"/>
<menuitem label="Firefox 78ESR (Intel)" value="fx78"/>
<menuitem label="Firefox 68ESR (Intel)" value="fx68"/>
<menuitem label="Firefox 60ESR (Intel)" value="fx60"/>

2
browser/config/version.txt
View File

@ -1 +1 @@
45.41.5
45.41.6

2
browser/config/version_display.txt
View File

@ -1 +1 @@
So Long, And Thanks For All The Fish
Rolling Release

2
config/milestone.txt
View File

@ -10,4 +10,4 @@
# hardcoded milestones in the tree from these two files.
#--------------------------------------------------------
45.41.5
45.41.6

1
intl/icu/source/data/misc/timezoneTypes.txt
View File

@ -93,6 +93,7 @@ timezoneTypes:table(nofallback){
"Mexico:BajaSur"{"America/Mazatlan"}
"Mexico:General"{"America/Mexico_City"}
"Pacific:Chuuk"{"Pacific/Truk"}
"Pacific:Kanton"{"Pacific/Enderbury"}
"Pacific:Pohnpei"{"Pacific/Ponape"}
"Pacific:Samoa"{"Pacific/Pago_Pago"}
"Pacific:Yap"{"Pacific/Truk"}

4
layout/xul/nsMenuFrame.cpp
View File

@ -1267,7 +1267,9 @@ nsMenuFrame::PassMenuCommandEventToPopupManager()
nsXULPopupManager* pm = nsXULPopupManager::GetInstance();
nsMenuParent* menuParent = GetMenuParent();
if (pm && menuParent && mDelayedMenuCommandEvent) {
pm->ExecuteMenu(mContent, mDelayedMenuCommandEvent);
nsCOMPtr<nsIContent> content = mContent;
RefPtr<nsXULMenuCommandEvent> event = mDelayedMenuCommandEvent;
pm->ExecuteMenu(content, event);
}
mDelayedMenuCommandEvent = nullptr;
}

2
modules/libpref/init/all.js
View File

@ -1436,7 +1436,7 @@ pref("network.http.spdy.default-concurrent", 100);
// alt-svc allows separation of transport routing from
// the origin host without using a proxy.
pref("network.http.altsvc.enabled", true);
pref("network.http.altsvc.oe", true);
pref("network.http.altsvc.oe", false); // bug 1730935
pref("network.http.diagnostics", false);

18
netwerk/base/nsSocketTransport2.cpp
View File

@ -2083,7 +2083,7 @@ NS_IMETHODIMP
nsSocketTransport::OpenInputStream(uint32_t flags,
uint32_t segsize,
uint32_t segcount,
nsIInputStream **result)
nsIInputStream **aResult)
{
SOCKET_LOG(("nsSocketTransport::OpenInputStream [this=%p flags=%x]\n",
this, flags));
@ -2092,6 +2092,7 @@ nsSocketTransport::OpenInputStream(uint32_t flags,
nsresult rv;
nsCOMPtr<nsIAsyncInputStream> pipeIn;
nsCOMPtr<nsIInputStream> result;
if (!(flags & OPEN_UNBUFFERED) || (flags & OPEN_BLOCKING)) {
// XXX if the caller wants blocking, then the caller also gets buffered!
@ -2111,10 +2112,10 @@ nsSocketTransport::OpenInputStream(uint32_t flags,
NS_ASYNCCOPY_VIA_WRITESEGMENTS, segsize);
if (NS_FAILED(rv)) return rv;
*result = pipeIn;
result = pipeIn;
}
else
*result = &mInput;
result = &mInput;
// flag input stream as open
mInputClosed = false;
@ -2122,7 +2123,7 @@ nsSocketTransport::OpenInputStream(uint32_t flags,
rv = PostEvent(MSG_ENSURE_CONNECT);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result);
result.forget(aResult);
return NS_OK;
}
@ -2130,7 +2131,7 @@ NS_IMETHODIMP
nsSocketTransport::OpenOutputStream(uint32_t flags,
uint32_t segsize,
uint32_t segcount,
nsIOutputStream **result)
nsIOutputStream **aResult)
{
SOCKET_LOG(("nsSocketTransport::OpenOutputStream [this=%p flags=%x]\n",
this, flags));
@ -2139,6 +2140,7 @@ nsSocketTransport::OpenOutputStream(uint32_t flags,
nsresult rv;
nsCOMPtr<nsIAsyncOutputStream> pipeOut;
nsCOMPtr<nsIOutputStream> result;
if (!(flags & OPEN_UNBUFFERED) || (flags & OPEN_BLOCKING)) {
// XXX if the caller wants blocking, then the caller also gets buffered!
//bool openBuffered = !(flags & OPEN_UNBUFFERED);
@ -2157,10 +2159,10 @@ nsSocketTransport::OpenOutputStream(uint32_t flags,
NS_ASYNCCOPY_VIA_READSEGMENTS, segsize);
if (NS_FAILED(rv)) return rv;
*result = pipeOut;
result = pipeOut;
}
else
*result = &mOutput;
result = &mOutput;
// flag output stream as open
mOutputClosed = false;
@ -2168,7 +2170,7 @@ nsSocketTransport::OpenOutputStream(uint32_t flags,
rv = PostEvent(MSG_ENSURE_CONNECT);
if (NS_FAILED(rv)) return rv;
NS_ADDREF(*result);
result.forget(aResult);
return NS_OK;
}

65
netwerk/dns/effective_tld_names.dat
View File

@ -842,7 +842,13 @@ gov.cu
inf.cu
// cv : https://en.wikipedia.org/wiki/.cv
// cv : http://www.dns.cv/tldcv_portal/do?com=DS;5446457100;111;+PAGE(4000018)+K-CAT-CODIGO(RDOM)+RCNT(100); <- registration rules
cv
com.cv
edu.cv
int.cv
nome.cv
org.cv
// cw : http://www.una.cw/cw_registry/
// Confirmed by registry <registry@una.net> 2013-03-26
@ -1179,6 +1185,7 @@ org.gu
web.gu
// gw : https://en.wikipedia.org/wiki/.gw
// gw : https://nic.gw/regras/
gw
// gy : https://en.wikipedia.org/wiki/.gy
@ -5853,7 +5860,7 @@ com.ps
org.ps
net.ps
// pt : http://online.dns.pt/dns/start_dns
// pt : https://www.dns.pt/en/domain/pt-terms-and-conditions-registration-rules/
pt
net.pt
gov.pt
@ -7125,7 +7132,7 @@ org.zw
// newGTLDs
// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2021-08-19T15:13:52Z
// List of new gTLDs imported from https://www.icann.org/resources/registries/gtlds/v2/gtlds.json on 2021-10-08T15:12:46Z
// This list is auto-generated, don't edit it manually.
// aaa : 2015-02-26 American Automobile Association, Inc.
aaa
@ -8015,7 +8022,7 @@ duck
// dunlop : 2015-07-02 The Goodyear Tire & Rubber Company
dunlop
// dupont : 2015-06-25 E. I. du Pont de Nemours and Company
// dupont : 2015-06-25 DuPont Specialty Products USA, LLC
dupont
// durban : 2014-03-24 ZA Central Registry NPC trading as ZA Central Registry
@ -9449,9 +9456,6 @@ quebec
// quest : 2015-03-26 XYZ.COM LLC
quest
// qvc : 2015-07-30 QVC, Inc.
qvc
// racing : 2014-12-04 Premier Registry Limited
racing
@ -9551,9 +9555,6 @@ rio
// rip : 2014-07-10 Dog Beach, LLC
rip
// rmit : 2015-11-19 Royal Melbourne Institute of Technology
rmit
// rocher : 2014-12-18 Ferrero Trading Lux S.A.
rocher
@ -9899,9 +9900,6 @@ suzuki
// swatch : 2015-01-08 The Swatch Group Ltd
swatch
// swiftcover : 2015-07-23 Swiftcover Insurance Services Limited
swiftcover
// swiss : 2014-10-16 Swiss Confederation
swiss
@ -10331,7 +10329,7 @@ xin
// xn--45q11c : 2013-11-21 Zodiac Gemini Ltd
八卦
// xn--4gbrim : 2013-10-04 Fans TLD Limited
// xn--4gbrim : 2013-10-04 Helium TLDs Ltd
موقع
// xn--55qw42g : 2013-11-08 China Organizational Name Administration Center
@ -10800,6 +10798,10 @@ tele.amune.org
// Submitted by Apigee Security Team <security@apigee.com>
apigee.io
// Apphud : https://apphud.com
// Submitted by Alexander Selivanov <alex@apphud.com>
siiites.com
// Appspace : https://www.appspace.com
// Submitted by Appspace Security Team <security@appspace.com>
appspacehosted.com
@ -11051,10 +11053,6 @@ clerkstage.app
*.stg.dev
*.stgstage.dev
// Clic2000 : https://clic2000.fr
// Submitted by Mathilde Blanchemanche <mathilde@clic2000.fr>
clic2000.net
// ClickRising : https://clickrising.com/
// Submitted by Umut Gumeli <infrastructure-publicsuffixlist@clickrising.com>
clickrising.net
@ -11608,8 +11606,8 @@ ddnss.org
definima.net
definima.io
// DigitalOcean : https://digitalocean.com/
// Submitted by Braxton Huggins <bhuggins@digitalocean.com>
// DigitalOcean App Platform : https://www.digitalocean.com/products/app-platform/
// Submitted by Braxton Huggins <psl-maintainers@digitalocean.com>
ondigitalocean.app
// DigitalOcean Spaces : https://www.digitalocean.com/products/spaces/
@ -11678,10 +11676,6 @@ tuleap-partners.com
onred.one
staging.onred.one
// One.com: https://www.one.com/
// Submitted by Jacob Bunk Nielsen <jbn@one.com>
service.one
// EU.org https://eu.org/
// Submitted by Pierre Beyssac <hostmaster@eu.org>
eu.org
@ -12080,6 +12074,7 @@ withyoutube.com
*.gateway.dev
cloud.goog
translate.goog
*.usercontent.goog
cloudfunctions.net
blogspot.ae
blogspot.al
@ -12522,6 +12517,7 @@ linkyard-cloud.ch
members.linode.com
*.nodebalancer.linode.com
*.linodeobjects.com
ip.linodeusercontent.com
// LiquidNet Ltd : http://www.liquidnetlimited.com/
// Submitted by Victor Velchev <admin@liquidnetlimited.com>
@ -12923,6 +12919,10 @@ cloudycluster.net
// Submitted by Vicary Archangel <vicary@omniwe.com>
omniwe.site
// One.com: https://www.one.com/
// Submitted by Jacob Bunk Nielsen <jbn@one.com>
service.one
// One Fold Media : http://www.onefoldmedia.com/
// Submitted by Eddie Jones <eddie@onefoldmedia.com>
nid.io
@ -13063,6 +13063,10 @@ pstmn.io
mock.pstmn.io
httpbin.org
//prequalifyme.today : https://prequalifyme.today
//Submitted by DeepakTiwari deepak@ivylead.io
prequalifyme.today
// prgmr.com : https://prgmr.com/
// Submitted by Sarah Newman <owner@prgmr.com>
xen.prgmr.com
@ -13473,6 +13477,11 @@ tabitorder.co.il
// Submitted by Bjoern Henke <dev-server@taifun-software.de>
taifun-dns.de
// Tailscale Inc. : https://www.tailscale.com
// Submitted by David Anderson <danderson@tailscale.com>
beta.tailscale.net
ts.net
// TASK geographical domains (www.task.gda.pl/uslugi/dns)
gda.pl
gdansk.pl
@ -13508,6 +13517,10 @@ reservd.dev.thingdust.io
reservd.disrec.thingdust.io
reservd.testing.thingdust.io
// ticket i/O GmbH : https://ticket.io
// Submitted by Christian Franke <it@ticket.io>
tickets.io
// Tlon.io : https://tlon.io
// Submitted by Mark Staarink <mark@tlon.io>
arvo.network
@ -13593,6 +13606,10 @@ inc.hk
virtualuser.de
virtual-user.de
// Upli : https://upli.io
// Submitted by Lenny Bakkalian <lenny.bakkalian@gmail.com>
upli.io
// urown.net : https://urown.net
// Submitted by Hostmaster <hostmaster@urown.net>
urown.cloud
@ -13741,7 +13758,7 @@ wpenginepowered.com
js.wpenginepowered.com
// Wix.com, Inc. : https://www.wix.com
// Submitted by Shahar Talmi <shahart@wix.com>
// Submitted by Shahar Talmi <shahar@wix.com>
wixsite.com
editorx.io

157
security/certverifier/ExtendedValidation.cpp
View File

@ -232,18 +232,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"A1UEAxMeQ09NT0RPIENlcnRpZmljYXRpb24gQXV0aG9yaXR5",
"ToEtioJl4AsC7j41AkblPQ==",
},
{
// CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE
"1.3.6.1.4.1.6449.1.2.1.5.1",
"Comodo EV OID",
{ 0x68, 0x7F, 0xA4, 0x51, 0x38, 0x22, 0x78, 0xFF, 0xF0, 0xC8, 0xB1,
0x1F, 0x8D, 0x43, 0xD5, 0x76, 0x67, 0x1C, 0x6E, 0xB2, 0xBC, 0xEA,
0xB4, 0x13, 0xFB, 0x83, 0xD9, 0x65, 0xD0, 0x6D, 0x2F, 0xF2 },
"MG8xCzAJBgNVBAYTAlNFMRQwEgYDVQQKEwtBZGRUcnVzdCBBQjEmMCQGA1UECxMd"
"QWRkVHJ1c3QgRXh0ZXJuYWwgVFRQIE5ldHdvcmsxIjAgBgNVBAMTGUFkZFRydXN0"
"IEV4dGVybmFsIENBIFJvb3Q=",
"AQ==",
},
{
// OU=Go Daddy Class 2 Certification Authority,O=\"The Go Daddy Group, Inc.\",C=US
"2.16.840.1.114413.1.7.23.3",
@ -388,19 +376,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"MB4GA1UEAwwXQnV5cGFzcyBDbGFzcyAzIFJvb3QgQ0E=",
"Ag==",
},
{
// CN=Chambers of Commerce Root - 2008,O=AC Camerfirma S.A.,serialNumber=A82743287,L=Madrid (see current address at www.camerfirma.com/address),C=EU
"1.3.6.1.4.1.17326.10.14.2.1.2",
"Camerfirma EV OID a",
{ 0x06, 0x3E, 0x4A, 0xFA, 0xC4, 0x91, 0xDF, 0xD3, 0x32, 0xF3, 0x08,
0x9B, 0x85, 0x42, 0xE9, 0x46, 0x17, 0xD8, 0x93, 0xD7, 0xFE, 0x94,
0x4E, 0x10, 0xA7, 0x93, 0x7E, 0xE2, 0x9D, 0x96, 0x93, 0xC0 },
"MIGuMQswCQYDVQQGEwJFVTFDMEEGA1UEBxM6TWFkcmlkIChzZWUgY3VycmVudCBh"
"ZGRyZXNzIGF0IHd3dy5jYW1lcmZpcm1hLmNvbS9hZGRyZXNzKTESMBAGA1UEBRMJ"
"QTgyNzQzMjg3MRswGQYDVQQKExJBQyBDYW1lcmZpcm1hIFMuQS4xKTAnBgNVBAMT"
"IENoYW1iZXJzIG9mIENvbW1lcmNlIFJvb3QgLSAyMDA4",
"AKPaQn6ksa7a",
},
{
// CN=AffirmTrust Commercial,O=AffirmTrust,C=US
"1.3.6.1.4.1.34697.2.1",
@ -845,17 +820,6 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"aG9yaXR5IC0gRzI=",
"AA==",
},
{
// CN=LuxTrust Global Root 2,O=LuxTrust S.A.,C=LU
"1.3.171.1.1.10.5.2",
"LuxTrust EV OID",
{ 0x54, 0x45, 0x5F, 0x71, 0x29, 0xC2, 0x0B, 0x14, 0x47, 0xC4, 0x18,
0xF9, 0x97, 0x16, 0x8F, 0x24, 0xC5, 0x8F, 0xC5, 0x02, 0x3B, 0xF5,
0xDA, 0x5B, 0xE2, 0xEB, 0x6E, 0x1D, 0xD8, 0x90, 0x2E, 0xD5 },
"MEYxCzAJBgNVBAYTAkxVMRYwFAYDVQQKDA1MdXhUcnVzdCBTLkEuMR8wHQYDVQQD"
"DBZMdXhUcnVzdCBHbG9iYWwgUm9vdCAy",
"Cn6m30tEntpqJIWe5rgV0xZ/u7E=",
},
{
// CN=GDCA TrustAUTH R5 ROOT,O="GUANG DONG CERTIFICATE AUTHORITY CO.,LTD.",C=CN
"1.2.156.112559.1.1.6.1",
@ -961,6 +925,127 @@ static struct nsMyTrustedEVInfo myTrustedEVInfos[] = {
"TXVkaHJhIEluYzEgMB4GA1UEAxMXZW1TaWduIEVDQyBSb290IENBIC0gQzM=",
"e3G2gla4EnycqA==",
},
{
// OU=certSIGN ROOT CA G2,O=CERTSIGN SA,C=RO
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x65, 0x7C, 0xFE, 0x2F, 0xA7, 0x3F, 0xAA, 0x38, 0x46, 0x25, 0x71,
0xF3, 0x32, 0xA2, 0x36, 0x3A, 0x46, 0xFC, 0xE7, 0x02, 0x09, 0x51,
0x71, 0x07, 0x02, 0xCD, 0xFB, 0xB6, 0xEE, 0xDA, 0x33, 0x05 },
"MEExCzAJBgNVBAYTAlJPMRQwEgYDVQQKEwtDRVJUU0lHTiBTQTEcMBoGA1UECxMT"
"Y2VydFNJR04gUk9PVCBDQSBHMg==",
"EQA0tk7GNi02",
},
{
// CN=IdenTrust Commercial Root CA 1,O=IdenTrust,C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x5D, 0x56, 0x49, 0x9B, 0xE4, 0xD2, 0xE0, 0x8B, 0xCF, 0xCA, 0xD0,
0x8A, 0x3E, 0x38, 0x72, 0x3D, 0x50, 0x50, 0x3B, 0xDE, 0x70, 0x69,
0x48, 0xE4, 0x2F, 0x55, 0x60, 0x30, 0x19, 0xE5, 0x28, 0xAE },
"MEoxCzAJBgNVBAYTAlVTMRIwEAYDVQQKEwlJZGVuVHJ1c3QxJzAlBgNVBAMTHklk"
"ZW5UcnVzdCBDb21tZXJjaWFsIFJvb3QgQ0EgMQ==",
"CgFCgAAAAUUjyES1AAAAAg==",
},
{
// CN=Trustwave Global Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x97, 0x55, 0x20, 0x15, 0xF5, 0xDD, 0xFC, 0x3C, 0x87, 0x88, 0xC0, 0x06, 0x94, 0x45, 0x55, 0x40, 0x88, 0x94, 0x45, 0x00, 0x84, 0xF1, 0x00, 0x86, 0x70, 0x86, 0xBC, 0x1A, 0x2B, 0xB5, 0x8D, 0xC8 },
"MIGIMQswCQYDVQQGEwJVUzERMA8GA1UECAwISWxsaW5vaXMxEDAOBgNVBAcMB0No"
"aWNhZ28xITAfBgNVBAoMGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjExMC8GA1UE"
"AwwoVHJ1c3R3YXZlIEdsb2JhbCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eQ==",
"BfcOhtpJ80Y1Lrqy",
},
{
// CN=Trustwave Global ECC P256 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x94, 0x5B, 0xBC, 0x82, 0x5E, 0xA5, 0x54, 0xF4, 0x89, 0xD1, 0xFD, 0x51, 0xA7, 0x3D, 0xDF, 0x2E, 0xA6, 0x24, 0xAC, 0x70, 0x19, 0xA0, 0x52, 0x05, 0x22, 0x5C, 0x22, 0xA7, 0x8C, 0xCF, 0xA8, 0xB4 },
"MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0No"
"aWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UE"
"AxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDI1NiBDZXJ0aWZpY2F0aW9uIEF1dGhv"
"cml0eQ==",
"DWpfCD8oXD5Rld9d",
},
{
// CN=Trustwave Global ECC P384 Certification Authority,O="Trustwave Holdings, Inc.",L=Chicago,ST=Illinois,C=US
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x55, 0x90, 0x38, 0x59, 0xC8, 0xC0, 0xC3, 0xEB, 0xB8, 0x75, 0x9E, 0xCE, 0x4E, 0x25, 0x57, 0x22, 0x5F, 0xF5, 0x75, 0x8B, 0xBD, 0x38, 0xEB, 0xD4, 0x82, 0x76, 0x60, 0x1E, 0x1B, 0xD5, 0x80, 0x97 },
"MIGRMQswCQYDVQQGEwJVUzERMA8GA1UECBMISWxsaW5vaXMxEDAOBgNVBAcTB0No"
"aWNhZ28xITAfBgNVBAoTGFRydXN0d2F2ZSBIb2xkaW5ncywgSW5jLjE6MDgGA1UE"
"AxMxVHJ1c3R3YXZlIEdsb2JhbCBFQ0MgUDM4NCBDZXJ0aWZpY2F0aW9uIEF1dGhv"
"cml0eQ==",
"CL2Fl2yZJ6SAaEc7",
},
{
// CN=GlobalSign Root R46,O=GlobalSign nv-sa,C=BE
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x4F, 0xA3, 0x12, 0x6D, 0x8D, 0x3A, 0x11, 0xD1, 0xC4, 0x85, 0x5A, 0x4F, 0x80, 0x7C, 0xBA, 0xD6, 0xCF, 0x91, 0x9D, 0x3A, 0x5A, 0x88, 0xB0, 0x3B, 0xEA, 0x2C, 0x63, 0x72, 0xD9, 0x3C, 0x40, 0xC9 },
"MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD"
"VQQDExNHbG9iYWxTaWduIFJvb3QgUjQ2",
"EdK7udcjGJ5AXwqdLdDfJWfR",
},
{
// CN=GlobalSign Root E46,O=GlobalSign nv-sa,C=BE
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0xCB, 0xB9, 0xC4, 0x4D, 0x84, 0xB8, 0x04, 0x3E, 0x10, 0x50, 0xEA, 0x31, 0xA6, 0x9F, 0x51, 0x49, 0x55, 0xD7, 0xBF, 0xD2, 0xE2, 0xC6, 0xB4, 0x93, 0x01, 0x01, 0x9A, 0xD6, 0x1D, 0x9F, 0x50, 0x58 },
"MEYxCzAJBgNVBAYTAkJFMRkwFwYDVQQKExBHbG9iYWxTaWduIG52LXNhMRwwGgYD"
"VQQDExNHbG9iYWxTaWduIFJvb3QgRTQ2",
"EdK7ujNu1LzmJGjFDYQdmOhD",
},
{
// "CN=AC RAIZ FNMT-RCM SERVIDORES SEGUROS,OID.2.5.4.97=VATES-Q2826004J,OU=Ceres,O=FNMT-RCM,C=E
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x55, 0x41, 0x53, 0xB1, 0x3D, 0x2C, 0xF9, 0xDD, 0xB7, 0x53, 0xBF, 0xBE, 0x1A, 0x4E, 0x0A, 0xE0, 0x8D, 0x0A, 0xA4, 0x18, 0x70, 0x58, 0xFE, 0x60, 0xA2, 0xB8, 0x62, 0xB2, 0xE4, 0xB8, 0x7B, 0xCB },
"MHgxCzAJBgNVBAYTAkVTMREwDwYDVQQKDAhGTk1ULVJDTTEOMAwGA1UECwwFQ2Vy"
"ZXMxGDAWBgNVBGEMD1ZBVEVTLVEyODI2MDA0SjEsMCoGA1UEAwwjQUMgUkFJWiBG"
"Tk1ULVJDTSBTRVJWSURPUkVTIFNFR1VST1M=",
"YvYybOXE42hcG2LdnC6dlQ==",
},
{
// CN=GLOBALTRUST 2020,O=e-commerce monitoring GmbH,C=AT
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x9A, 0x29, 0x6A, 0x51, 0x82, 0xD1, 0xD4, 0x51, 0xA2, 0xE3, 0x7F, 0x43, 0x9B, 0x74, 0xDA, 0xAF, 0xA2, 0x67, 0x52, 0x33, 0x29, 0xF9, 0x0F, 0x9A, 0x0D, 0x20, 0x07, 0xC3, 0x34, 0xE2, 0x3C, 0x9A },
"ME0xCzAJBgNVBAYTAkFUMSMwIQYDVQQKExplLWNvbW1lcmNlIG1vbml0b3Jpbmcg"
"R21iSDEZMBcGA1UEAxMQR0xPQkFMVFJVU1QgMjAyMA==",
"Wku9WvtPilv6ZeU=",
},
{
// CN=Certum Extended Validation ECC CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0x6B, 0x32, 0x80, 0x85, 0x62, 0x53, 0x18, 0xAA, 0x50, 0xD1, 0x73, 0xC9, 0x8D, 0x8B, 0xDA, 0x09, 0xD5, 0x7E, 0x27, 0x41, 0x3D, 0x11, 0x4C, 0xF7, 0x87, 0xA0, 0xF5, 0xD0, 0x6C, 0x03, 0x0C, 0xF6 },
"MHQxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu"
"QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEZMBcG"
"A1UEAxMQQ2VydHVtIEVDLTM4NCBDQQ==",
"eI8nXIESUiClBNAt3bpz9A==",
},
{
// CN=Certum Extended Validation RSA CA,OU=Certum Certification Authority,O=Asseco Data Systems S.A.,C=PL
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0xFE, 0x76, 0x96, 0x57, 0x38, 0x55, 0x77, 0x3E, 0x37, 0xA9, 0x5E, 0x7A, 0xD4, 0xD9, 0xCC, 0x96, 0xC3, 0x01, 0x57, 0xC1, 0x5D, 0x31, 0x76, 0x5B, 0xA9, 0xB1, 0x57, 0x04, 0xE1, 0xAE, 0x78, 0xFD },
"MHoxCzAJBgNVBAYTAlBMMSEwHwYDVQQKExhBc3NlY28gRGF0YSBTeXN0ZW1zIFMu"
"QS4xJzAlBgNVBAsTHkNlcnR1bSBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTEfMB0G"
"A1UEAxMWQ2VydHVtIFRydXN0ZWQgUm9vdCBDQQ==",
"Hr9ZULjJgDdMBvfrVU+17Q==",
},
{
// CN=ANF Secure Server Root CA,OU=ANF CA Raiz,O=ANF Autoridad de Certificacion,C=ES,serialNumber=G63287510
"2.23.140.1.1",
"CA/Browser Forum EV OID",
{ 0xFB, 0x8F, 0xEC, 0x75, 0x91, 0x69, 0xB9, 0x10, 0x6B, 0x1E, 0x51, 0x16, 0x44, 0xC6, 0x18, 0xC5, 0x13, 0x04, 0x37, 0x3F, 0x6C, 0x06, 0x43, 0x08, 0x8D, 0x8B, 0xEF, 0xFD, 0x1B, 0x99, 0x75, 0x99 },
"MIGEMRIwEAYDVQQFEwlHNjMyODc1MTAxCzAJBgNVBAYTAkVTMScwJQYDVQQKEx5B"
"TkYgQXV0b3JpZGFkIGRlIENlcnRpZmljYWNpb24xFDASBgNVBAsTC0FORiBDQSBS"
"YWl6MSIwIAYDVQQDExlBTkYgU2VjdXJlIFNlcnZlciBSb290IENB",
"DdPjvGz5a7E=",
},
};
// TenFourFox issue 512, backport from ESR60: treat all EV roots as

180
security/manager/ssl/StaticHPKPins.h
View File

@ -7,14 +7,6 @@
/* PublicKeyPinningService.cpp, you shouldn't be #including it. */
/*****************************************************************************/
#include <stdint.h>
/* AddTrust External Root */
static const char kAddTrust_External_RootFingerprint[] =
"lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=";
/* AddTrust Low-Value Services Root */
static const char kAddTrust_Low_Value_Services_RootFingerprint[] =
"BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo=";
/* AffirmTrust Commercial */
static const char kAffirmTrust_CommercialFingerprint[] =
"bEZLmlsjOl6HTadlwm8EUBDS3c/0V5TwtMfkqvpQFJU=";
@ -115,6 +107,14 @@ static const char kEntrust_net_Premium_2048_Secure_Server_CAFingerprint[] =
static const char kFacebookBackupFingerprint[] =
"q4PO2G2cbkZhZ82+JgmRUyGMoAeozA+BSXVXQWB8XWQ=";
/* GOOGLE_PIN_AddTrustClass1CARoot */
static const char kGOOGLE_PIN_AddTrustClass1CARootFingerprint[] =
"BStocQfshOhzA4JFLsKidFF0XXSFpX1vRk4Np6G2ryo=";
/* GOOGLE_PIN_AddTrustExternalCARoot */
static const char kGOOGLE_PIN_AddTrustExternalCARootFingerprint[] =
"lCppFqbkrlJ3EcVFAkeip0+44VaoJUymbnOaEUk7tEU=";
/* GOOGLE_PIN_AddTrustPublicCARoot */
static const char kGOOGLE_PIN_AddTrustPublicCARootFingerprint[] =
"OGHXtpYfzbISBFb/b8LrdwSxp0G0vZM6g3b14ZFcppg=";
@ -143,10 +143,34 @@ static const char kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint[] =
static const char kGOOGLE_PIN_GTSCA1O1Fingerprint[] =
"YZPgTZ+woNCCCIW3LH2CxQeLzB/1m42QcCTBSdgayjs=";
/* GOOGLE_PIN_GeoTrustGlobal */
static const char kGOOGLE_PIN_GeoTrustGlobalFingerprint[] =
"h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
/* GOOGLE_PIN_GeoTrustGlobal2 */
static const char kGOOGLE_PIN_GeoTrustGlobal2Fingerprint[] =
"F3VaXClfPS1y5vAxofB/QAxYi55YKyLxfq4xoVkNEYU=";
/* GOOGLE_PIN_GeoTrustPrimary */
static const char kGOOGLE_PIN_GeoTrustPrimaryFingerprint[] =
"SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=";
/* GOOGLE_PIN_GeoTrustPrimary_G2 */
static const char kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint[] =
"vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs=";
/* GOOGLE_PIN_GeoTrustPrimary_G3 */
static const char kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint[] =
"q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=";
/* GOOGLE_PIN_GeoTrustUniversal */
static const char kGOOGLE_PIN_GeoTrustUniversalFingerprint[] =
"lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA=";
/* GOOGLE_PIN_GeoTrustUniversal2 */
static const char kGOOGLE_PIN_GeoTrustUniversal2Fingerprint[] =
"fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE=";
/* GOOGLE_PIN_GoDaddySecure */
static const char kGOOGLE_PIN_GoDaddySecureFingerprint[] =
"MrZLZnJ6IGPkBm87lYywqu5Xal7O/ZUzmbuIdHMdlYc=";
@ -203,10 +227,26 @@ static const char kGOOGLE_PIN_VeriSignClass2_G2Fingerprint[] =
static const char kGOOGLE_PIN_VeriSignClass3_G2Fingerprint[] =
"AjyBzOjnxk+pQtPBUEhwfTXZu1uH9PVExb8bxWQ68vo=";
/* GOOGLE_PIN_VeriSignClass3_G3 */
static const char kGOOGLE_PIN_VeriSignClass3_G3Fingerprint[] =
"SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=";
/* GOOGLE_PIN_VeriSignClass3_G4 */
static const char kGOOGLE_PIN_VeriSignClass3_G4Fingerprint[] =
"UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=";
/* GOOGLE_PIN_VeriSignClass3_G5 */
static const char kGOOGLE_PIN_VeriSignClass3_G5Fingerprint[] =
"JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=";
/* GOOGLE_PIN_VeriSignClass4_G3 */
static const char kGOOGLE_PIN_VeriSignClass4_G3Fingerprint[] =
"VnuCEf0g09KD7gzXzgZyy52ZvFtIeljJ1U7Gf3fUqPU=";
/* GOOGLE_PIN_VeriSignUniversal */
static const char kGOOGLE_PIN_VeriSignUniversalFingerprint[] =
"lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI=";
/* GTS Root R1 */
static const char kGTS_Root_R1Fingerprint[] =
"hxqRlPTu1bMS/0DITB1SSu0vd4u/8l8TjPgfaAp63Gc=";
@ -223,30 +263,6 @@ static const char kGTS_Root_R3Fingerprint[] =
static const char kGTS_Root_R4Fingerprint[] =
"mEflZT5enoR1FuXLgYYGqnVEoZvmf9c2bVBpiOjYQ0c=";
/* GeoTrust Global CA */
static const char kGeoTrust_Global_CAFingerprint[] =
"h6801m+z8v3zbgkRHpq6L29Esgfzhj89C1SyUCOQmqU=";
/* GeoTrust Primary Certification Authority */
static const char kGeoTrust_Primary_Certification_AuthorityFingerprint[] =
"SQVGZiOrQXi+kqxcvWWE96HhfydlLVqFr4lQTqI5qqo=";
/* GeoTrust Primary Certification Authority - G2 */
static const char kGeoTrust_Primary_Certification_Authority___G2Fingerprint[] =
"vPtEqrmtAhAVcGtBIep2HIHJ6IlnWQ9vlK50TciLePs=";
/* GeoTrust Primary Certification Authority - G3 */
static const char kGeoTrust_Primary_Certification_Authority___G3Fingerprint[] =
"q5hJUnat8eyv8o81xTBIeB5cFxjaucjmelBPT2pRMo8=";
/* GeoTrust Universal CA */
static const char kGeoTrust_Universal_CAFingerprint[] =
"lpkiXF3lLlbN0y3y6W0c/qWqPKC7Us2JM8I7XCdEOCA=";
/* GeoTrust Universal CA 2 */
static const char kGeoTrust_Universal_CA_2Fingerprint[] =
"fKoDRlEkWQxgHlZ+UhSOlSwM/+iQAFMP4NlbbVDqrkE=";
/* GlobalSign ECC Root CA - R4 */
static const char kGlobalSign_ECC_Root_CA___R4Fingerprint[] =
"CLOmM1/OXvSPjw5UOYbAf9GKOxImEp9hhku9W90fHMk=";
@ -267,6 +283,10 @@ static const char kGlobalSign_Root_CA___R2Fingerprint[] =
static const char kGlobalSign_Root_CA___R3Fingerprint[] =
"cGuxAXyFXFkWm61cF4HPWX8S0srS9j0aSqN0k4AP+4A=";
/* GlobalSign Root CA - R6 */
static const char kGlobalSign_Root_CA___R6Fingerprint[] =
"aCdH+LpiG4fN07wpXtXKvOciocDANj0daLOJKNJ4fx4=";
/* Go Daddy Class 2 CA */
static const char kGo_Daddy_Class_2_CAFingerprint[] =
"VjLZe/p3W/PJnd6lL8JVNBCGQBZynFLdZSTIqcO0SJ8=";
@ -343,18 +363,6 @@ static const char kUSERTrust_ECC_Certification_AuthorityFingerprint[] =
static const char kUSERTrust_RSA_Certification_AuthorityFingerprint[] =
"x4QzPSC810K5/cMjb05Qm4k3Bw5zBn4lTdO/nEW/Td4=";
/* VeriSign Class 3 Public Primary Certification Authority - G4 */
static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint[] =
"UZJDjsNp1+4M5x9cbbdflB779y5YRBcV6Z6rBMLIrO4=";
/* VeriSign Class 3 Public Primary Certification Authority - G5 */
static const char kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint[] =
"JbQbUG5JMJUoI6brnx0x3vZF6jilxsapbXGVfjhN8Fg=";
/* VeriSign Universal Root Certification Authority */
static const char kVeriSign_Universal_Root_Certification_AuthorityFingerprint[] =
"lnsM2T/O9/J84sJFdnrpsFp3awZJ+ZZbYpCWhGloaHI=";
/* Verisign Class 1 Public Primary Certification Authority - G3 */
static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint[] =
"IgduWu9Eu5pBaii30cRDItcFn2D+/6XK9sW+hEeJEwM=";
@ -363,10 +371,6 @@ static const char kVerisign_Class_1_Public_Primary_Certification_Authority___G3F
static const char kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint[] =
"cAajgxHlj7GTSEIzIYIQxmEloOSoJq7VOaxWHfv72QM=";
/* Verisign Class 3 Public Primary Certification Authority - G3 */
static const char kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint[] =
"SVqWumuteCQHvVIaALrOZXuzVVVeS7f4FGxxu6V+es4=";
/* YahooBackup1 */
static const char kYahooBackup1Fingerprint[] =
"2fRAUXyxl4A1/XHrKNBmc8bTkzA7y4FB/GLJuNAzCqY=";
@ -375,18 +379,6 @@ static const char kYahooBackup1Fingerprint[] =
static const char kYahooBackup2Fingerprint[] =
"dolnbtzEBnELx/9lOEQ22e6OZO/QNb6VSSX2XHA3E7A=";
/* thawte Primary Root CA */
static const char kthawte_Primary_Root_CAFingerprint[] =
"HXXQgxueCIU5TTLHob/bPbwcKOKw6DkfsTWYHbxbqTY=";
/* thawte Primary Root CA - G2 */
static const char kthawte_Primary_Root_CA___G2Fingerprint[] =
"Z9xPMvoQ59AaeaBzqgyeAhLsL/w9d54Kp/nA8OHCyJM=";
/* thawte Primary Root CA - G3 */
static const char kthawte_Primary_Root_CA___G3Fingerprint[] =
"GQbGEk27Q4V40A4GbVBUxsN/D6YCjAVUXgmU7drshik=";
/* Pinsets are each an ordered list by the actual value of the fingerprint */
struct StaticFingerprints {
// See bug 1338873 about making these fields const.
@ -400,47 +392,37 @@ static const char* const kPinset_google_root_pems_Data[] = {
kCOMODO_ECC_Certification_AuthorityFingerprint,
kDigiCert_Assured_ID_Root_G2Fingerprint,
kCOMODO_Certification_AuthorityFingerprint,
kAddTrust_Low_Value_Services_RootFingerprint,
kGlobalSign_ECC_Root_CA___R4Fingerprint,
kDigiCert_Assured_ID_Root_G3Fingerprint,
kStarfield_Class_2_CAFingerprint,
kthawte_Primary_Root_CA___G3Fingerprint,
kthawte_Primary_Root_CAFingerprint,
kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kUSERTrust_ECC_Certification_AuthorityFingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGlobalSign_Root_CAFingerprint,
kGo_Daddy_Root_Certificate_Authority___G2Fingerprint,
kAffirmTrust_Premium_ECCFingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kGTS_Root_R3Fingerprint,
kGTS_Root_R2Fingerprint,
kGo_Daddy_Class_2_CAFingerprint,
kDigiCert_Trusted_Root_G4Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kBaltimore_CyberTrust_RootFingerprint,
kthawte_Primary_Root_CA___G2Fingerprint,
kGlobalSign_Root_CA___R6Fingerprint,
kAffirmTrust_CommercialFingerprint,
kEntrust_Root_Certification_AuthorityFingerprint,
kGlobalSign_Root_CA___R3Fingerprint,
kEntrust_Root_Certification_Authority___G2Fingerprint,
kGeoTrust_Universal_CA_2Fingerprint,
kGlobalSign_ECC_Root_CA___R5Fingerprint,
kCybertrust_Global_RootFingerprint,
kStarfield_Root_Certificate_Authority___G2Fingerprint,
kCOMODO_RSA_Certification_AuthorityFingerprint,
kGeoTrust_Global_CAFingerprint,
kGTS_Root_R1Fingerprint,
kDigiCert_Global_Root_G2Fingerprint,
kGlobalSign_Root_CA___R2Fingerprint,
kAffirmTrust_NetworkingFingerprint,
kAddTrust_External_RootFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kGTS_Root_R4Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kDigiCert_Global_Root_G3Fingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kComodo_AAA_Services_rootFingerprint,
kAffirmTrust_PremiumFingerprint,
kUSERTrust_RSA_Certification_AuthorityFingerprint,
@ -513,21 +495,21 @@ static const char* const kPinset_twitterCom_Data[] = {
kGOOGLE_PIN_GeoTrustGlobal2Fingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G5Fingerprint,
kGOOGLE_PIN_VeriSignClass1Fingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kGOOGLE_PIN_GeoTrustPrimaryFingerprint,
kGOOGLE_PIN_VeriSignClass3_G3Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G4Fingerprint,
kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kGeoTrust_Universal_CA_2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_GeoTrustUniversal2Fingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
kGOOGLE_PIN_VeriSignUniversalFingerprint,
kGOOGLE_PIN_GeoTrustUniversalFingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint,
kTwitter1Fingerprint,
};
static const StaticFingerprints kPinset_twitterCom = {
@ -540,24 +522,24 @@ static const char* const kPinset_twitterCDN_Data[] = {
kGOOGLE_PIN_TrustedCertificateServicesFingerprint,
kCOMODO_Certification_AuthorityFingerprint,
kGOOGLE_PIN_VeriSignClass3_G2Fingerprint,
kAddTrust_Low_Value_Services_RootFingerprint,
kGOOGLE_PIN_AddTrustClass1CARootFingerprint,
kGOOGLE_PIN_UTNUSERFirstObjectFingerprint,
kGOOGLE_PIN_GTECyberTrustGlobalRootFingerprint,
kGOOGLE_PIN_GeoTrustGlobal2Fingerprint,
kEntrust_net_Premium_2048_Secure_Server_CAFingerprint,
kDigiCert_Assured_ID_Root_CAFingerprint,
kVerisign_Class_1_Public_Primary_Certification_Authority___G3Fingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G5Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G5Fingerprint,
kGlobalSign_Root_CAFingerprint,
kGOOGLE_PIN_UTNUSERFirstClientAuthenticationandEmailFingerprint,
kGOOGLE_PIN_VeriSignClass1Fingerprint,
kGOOGLE_PIN_AddTrustPublicCARootFingerprint,
kGOOGLE_PIN_UTNDATACorpSGCFingerprint,
kGOOGLE_PIN_SecureCertificateServicesFingerprint,
kGeoTrust_Primary_Certification_AuthorityFingerprint,
kVerisign_Class_3_Public_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_GeoTrustPrimaryFingerprint,
kGOOGLE_PIN_VeriSignClass3_G3Fingerprint,
kGOOGLE_PIN_UTNUSERFirstHardwareFingerprint,
kVeriSign_Class_3_Public_Primary_Certification_Authority___G4Fingerprint,
kGOOGLE_PIN_VeriSignClass3_G4Fingerprint,
kGOOGLE_PIN_VeriSignClass4_G3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kBaltimore_CyberTrust_RootFingerprint,
@ -565,16 +547,16 @@ static const char* const kPinset_twitterCDN_Data[] = {
kVerisign_Class_2_Public_Primary_Certification_Authority___G3Fingerprint,
kGlobalSign_Root_CA___R3Fingerprint,
kEntrust_Root_Certification_Authority___G2Fingerprint,
kGeoTrust_Universal_CA_2Fingerprint,
kGeoTrust_Global_CAFingerprint,
kGOOGLE_PIN_GeoTrustUniversal2Fingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
kGlobalSign_Root_CA___R2Fingerprint,
kAddTrust_External_RootFingerprint,
kVeriSign_Universal_Root_Certification_AuthorityFingerprint,
kGeoTrust_Universal_CAFingerprint,
kGOOGLE_PIN_AddTrustExternalCARootFingerprint,
kGOOGLE_PIN_VeriSignUniversalFingerprint,
kGOOGLE_PIN_GeoTrustUniversalFingerprint,
kGOOGLE_PIN_Entrust_SSLFingerprint,
kGeoTrust_Primary_Certification_Authority___G3Fingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G3Fingerprint,
kDigiCert_Global_Root_CAFingerprint,
kGeoTrust_Primary_Certification_Authority___G2Fingerprint,
kGOOGLE_PIN_GeoTrustPrimary_G2Fingerprint,
kComodo_AAA_Services_rootFingerprint,
kTwitter1Fingerprint,
kGOOGLE_PIN_AddTrustQualifiedCARootFingerprint,
@ -616,7 +598,7 @@ static const char* const kPinset_spideroak_Data[] = {
kSpiderOak2Fingerprint,
kSpiderOak3Fingerprint,
kDigiCert_High_Assurance_EV_Root_CAFingerprint,
kGeoTrust_Global_CAFingerprint,
kGOOGLE_PIN_GeoTrustGlobalFingerprint,
};
static const StaticFingerprints kPinset_spideroak = {
sizeof(kPinset_spideroak_Data) / sizeof(const char*),
@ -1167,4 +1149,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1640861498270000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1643626214621000);

6616
security/manager/ssl/nsSTSPreloadList.inc
View File

File diff suppressed because it is too large Load Diff

6404
security/nss/lib/ckfw/builtins/certdata.txt
View File

File diff suppressed because it is too large Load Diff

4
toolkit/content/about.js
View File

@ -25,7 +25,9 @@ var versionNum = Components.classes["@mozilla.org/xre/app-info;1"]
var version = document.getElementById("version");
// paranoia
if (versionNum.substr(0,3) == "45.") {
if (1 == 1) {
version.textContent = "Rolling Release";
} else if (versionNum.substr(0,3) == "45.") {
// FPR series
var vf = 0 + versionNum.substr(3);
var pl = ""+ (vf - (vf|0));

5
widget/cocoa/nsCursorManager.mm
View File

@ -195,10 +195,13 @@ static const nsCursor sCustomCursor = eCursorCount;
{
NS_OBJC_BEGIN_TRY_ABORT_BLOCK_NSRESULT;
// No more plugins, so we can implement M1736049.
#if(0)
// Some plugins mess with our cursors and set a cursor that even
// [NSCursor currentCursor] doesn't know about. In case that happens, just
// reset the state.
[[NSCursor currentCursor] set];
#endif
nsCursor oldType = [mCurrentMacCursor type];
if (oldType != aCursor) {
@ -242,7 +245,7 @@ static const nsCursor sCustomCursor = eCursorCount;
// As the user moves the mouse, this gets called repeatedly with the same aCursorImage
//if (sCursorImgContainer == aCursorImage && sCursorScaleFactor == scaleFactor && mCurrentMacCursor) {
if (sCursorImgContainer == aCursorImage && mCurrentMacCursor) {
[self setMacCursor:mCurrentMacCursor];
// [self setMacCursor:mCurrentMacCursor]; // bug 1736049
return NS_OK;
}