Compare commits
47 Commits
c8
...
a8-depreca
| Author | SHA1 | Date | |
|---|---|---|---|
| 3cdc22f0d8 | |||
| 22f32eeeab | |||
| 6e3747e2d2 | |||
| d4b42db2ba | |||
| 00fa8239f2 | |||
| 69bc6c585e | |||
| 340f9d2202 | |||
| 60ad003bfa | |||
| 2d06094ecf | |||
| 646c517f54 | |||
| ed3e9312d8 | |||
| fb17fd17a8 | |||
| e18aeba8d2 | |||
| 04876bb865 | |||
| 59db145c1d | |||
| 21d5ccd0e4 | |||
| 552d9f0e32 | |||
|
fe84804e74 | ||
|
|
d3d52efa09 | ||
|
|
6f633d1055 | ||
|
|
9aa9900f52 | ||
|
|
fd99a5867f | ||
|
|
cab6c6dbe5 | ||
|
|
6964dcd748 | ||
| dcce0e3ca8 | |||
|
|
b6787ce4fb | ||
|
|
b7aef6013b | ||
|
|
822dbdd442 | ||
|
|
251f813b02 | ||
|
|
d718fd7570 | ||
|
|
5c283a3a94 | ||
| 8089b206bf | |||
|
|
0e5083ed77 | ||
|
|
bd58103f3e | ||
|
|
a76ec55d70 | ||
| e81c9a95f7 | |||
|
cfd8f3e52e | ||
|
|
5fe78972e6 | ||
|
|
748ab73828 | ||
|
|
894d34e0d2 | ||
|
|
366328e182 | ||
|
|
702a50d837 | ||
|
|
bf3904caf8 | ||
|
075a817284 | ||
|
|
592542490e | ||
| 61ed7ebc99 | |||
| 14135a8233 |
@ -1,8 +1,7 @@
|
||||
bc4adac8f38f5103d8f88564a1545063dd8d6402 SOURCES/cbindgen-vendor.tar.xz
|
||||
c25da23b50ddf8926a943f86f1180b6d96c0eff0 SOURCES/firefox-140.4.0esr.processed-source.tar.xz
|
||||
22a42066c01a85b1264223041ed270b9e294d7e0 SOURCES/firefox-langpacks-140.4.0esr-20251010.tar.xz
|
||||
5012b69e54cbebe3b5e74011dacf3a2097f49921 SOURCES/cbindgen-vendor.tar.xz
|
||||
6816817f0b3b42a13dfdc38af8c61dca46b54c13 SOURCES/firefox-128.3.1esr.processed-source.tar.xz
|
||||
4641ad07664f375780e20200322bd5b45cd60ee8 SOURCES/firefox-langpacks-128.3.1esr-20241009.tar.xz
|
||||
2d8a6b2b30d5496735f49ffe8c8a7ede3a78a5ca SOURCES/mochitest-python.tar.gz
|
||||
0d0ddbd2a73340b3cbc977997f57222946b1e775 SOURCES/nspr-4.36.0-2.el8_2.src.rpm
|
||||
fd3879b176634d66f8ef64d18fdaeec98e140c23 SOURCES/nss-3.112.0-1.el9_4.src.rpm
|
||||
c3f0aaef37972107442e2796efad71be3a98ce3c SOURCES/nss-3.112.0-4.el8_2.src.rpm
|
||||
0332862626d2148648ff749078c223dbd859d901 SOURCES/wasi-sdk-20.tar.gz
|
||||
d744f92e874688cc4b5376477dfdd639a97a6cd4 SOURCES/nspr-4.35.0-1.el8_1.src.rpm
|
||||
f466d7213e85773e002c48897524eaf909480046 SOURCES/nss-3.101.0-7.el8_2.src.rpm
|
||||
0413d22a58ba1bba99acec9c3c2a4db56a4100c7 SOURCES/nss-3.101.0-7.el9_2.src.rpm
|
||||
|
||||
11
.gitignore
vendored
11
.gitignore
vendored
@ -1,8 +1,7 @@
|
||||
SOURCES/cbindgen-vendor.tar.xz
|
||||
SOURCES/firefox-140.4.0esr.processed-source.tar.xz
|
||||
SOURCES/firefox-langpacks-140.4.0esr-20251010.tar.xz
|
||||
SOURCES/firefox-128.3.1esr.processed-source.tar.xz
|
||||
SOURCES/firefox-langpacks-128.3.1esr-20241009.tar.xz
|
||||
SOURCES/mochitest-python.tar.gz
|
||||
SOURCES/nspr-4.36.0-2.el8_2.src.rpm
|
||||
SOURCES/nss-3.112.0-1.el9_4.src.rpm
|
||||
SOURCES/nss-3.112.0-4.el8_2.src.rpm
|
||||
SOURCES/wasi-sdk-20.tar.gz
|
||||
SOURCES/nspr-4.35.0-1.el8_1.src.rpm
|
||||
SOURCES/nss-3.101.0-7.el8_2.src.rpm
|
||||
SOURCES/nss-3.101.0-7.el9_2.src.rpm
|
||||
|
||||
@ -1,50 +0,0 @@
|
||||
diff --git a/dom/media/webrtc/transport/nricectx.cpp b/dom/media/webrtc/transport/nricectx.cpp
|
||||
--- a/dom/media/webrtc/transport/nricectx.cpp
|
||||
+++ b/dom/media/webrtc/transport/nricectx.cpp
|
||||
@@ -124,23 +124,30 @@
|
||||
static int nr_crypto_nss_hmac(UCHAR* key, size_t keyl, UCHAR* buf, size_t bufl,
|
||||
UCHAR* result) {
|
||||
CK_MECHANISM_TYPE mech = CKM_SHA_1_HMAC;
|
||||
PK11SlotInfo* slot = nullptr;
|
||||
MOZ_ASSERT(keyl > 0);
|
||||
- SECItem keyi = {siBuffer, key, static_cast<unsigned int>(keyl)};
|
||||
+ CK_KEY_DERIVATION_STRING_DATA idkey = {key, keyl};
|
||||
+ SECItem keyi = {siBuffer, (unsigned char*)&idkey, sizeof(idkey)};
|
||||
+ PK11SymKey* tmpKey = nullptr;
|
||||
PK11SymKey* skey = nullptr;
|
||||
PK11Context* hmac_ctx = nullptr;
|
||||
SECStatus status;
|
||||
unsigned int hmac_len;
|
||||
SECItem param = {siBuffer, nullptr, 0};
|
||||
int err = R_INTERNAL;
|
||||
|
||||
slot = PK11_GetInternalKeySlot();
|
||||
if (!slot) goto abort;
|
||||
|
||||
- skey = PK11_ImportSymKey(slot, mech, PK11_OriginUnwrap, CKA_SIGN, &keyi,
|
||||
- nullptr);
|
||||
+ // HMAC is used for hash calculation only so use derive instead of import
|
||||
+ // to be FIPS compliant.
|
||||
+ tmpKey = PK11_KeyGen(slot, mech, NULL, keyl, nullptr);
|
||||
+ if (!tmpKey) goto abort;
|
||||
+
|
||||
+ skey = PK11_Derive(tmpKey, CKM_CONCATENATE_DATA_AND_BASE, &keyi, mech,
|
||||
+ CKA_SIGN, keyl);
|
||||
if (!skey) goto abort;
|
||||
|
||||
hmac_ctx = PK11_CreateContextBySymKey(mech, CKA_SIGN, skey, ¶m);
|
||||
if (!hmac_ctx) goto abort;
|
||||
|
||||
@@ -157,10 +164,11 @@
|
||||
|
||||
err = 0;
|
||||
|
||||
abort:
|
||||
if (hmac_ctx) PK11_DestroyContext(hmac_ctx, PR_TRUE);
|
||||
+ if (tmpKey) PK11_FreeSymKey(tmpKey);
|
||||
if (skey) PK11_FreeSymKey(skey);
|
||||
if (slot) PK11_FreeSlot(slot);
|
||||
|
||||
return err;
|
||||
}
|
||||
|
||||
@ -1,206 +0,0 @@
|
||||
diff -up firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.D224588 firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c
|
||||
--- firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c.D224588 2025-06-25 11:50:45.852066851 +0200
|
||||
+++ firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_gcm_nss.c 2025-06-25 11:50:45.908794290 +0200
|
||||
@@ -56,6 +56,7 @@
|
||||
#include "cipher_test_cases.h"
|
||||
#include <secerr.h>
|
||||
#include <nspr.h>
|
||||
+#include "nss_fips.h"
|
||||
|
||||
srtp_debug_module_t srtp_mod_aes_gcm = {
|
||||
0, /* debugging is off by default */
|
||||
@@ -215,8 +216,13 @@ static srtp_err_status_t srtp_aes_gcm_ns
|
||||
/* explicitly cast away const of key */
|
||||
SECItem key_item = { siBuffer, (unsigned char *)(uintptr_t)key,
|
||||
c->key_size };
|
||||
- c->key = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
|
||||
- CKA_ENCRYPT, &key_item, NULL);
|
||||
+ if (PK11_IsFIPS()) {
|
||||
+ c->key = PK11_ImportSymKey_FIPS(slot, CKM_AES_GCM, PK11_OriginUnwrap,
|
||||
+ CKA_ENCRYPT, &key_item, NULL);
|
||||
+ } else {
|
||||
+ c->key = PK11_ImportSymKey(slot, CKM_AES_GCM, PK11_OriginUnwrap,
|
||||
+ CKA_ENCRYPT, &key_item, NULL);
|
||||
+ }
|
||||
PK11_FreeSlot(slot);
|
||||
|
||||
if (!c->key) {
|
||||
diff -up firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_icm_nss.c.D224588 firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_icm_nss.c
|
||||
--- firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_icm_nss.c.D224588 2025-06-17 18:15:28.000000000 +0200
|
||||
+++ firefox-140.0/third_party/libsrtp/src/crypto/cipher/aes_icm_nss.c 2025-06-25 11:50:45.909171218 +0200
|
||||
@@ -53,6 +53,7 @@
|
||||
#include "alloc.h"
|
||||
#include "cipher_types.h"
|
||||
#include "cipher_test_cases.h"
|
||||
+#include "nss_fips.h"
|
||||
|
||||
srtp_debug_module_t srtp_mod_aes_icm = {
|
||||
0, /* debugging is off by default */
|
||||
@@ -257,8 +258,13 @@ static srtp_err_status_t srtp_aes_icm_ns
|
||||
/* explicitly cast away const of key */
|
||||
SECItem keyItem = { siBuffer, (unsigned char *)(uintptr_t)key,
|
||||
c->key_size };
|
||||
- c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap,
|
||||
- CKA_ENCRYPT, &keyItem, NULL);
|
||||
+ if (PK11_IsFIPS()) {
|
||||
+ c->key = PK11_ImportSymKey_FIPS(slot, CKM_AES_CTR, PK11_OriginUnwrap,
|
||||
+ CKA_ENCRYPT, &keyItem, NULL);
|
||||
+ } else {
|
||||
+ c->key = PK11_ImportSymKey(slot, CKM_AES_CTR, PK11_OriginUnwrap,
|
||||
+ CKA_ENCRYPT, &keyItem, NULL);
|
||||
+ }
|
||||
PK11_FreeSlot(slot);
|
||||
|
||||
if (!c->key) {
|
||||
diff -up firefox-140.0/third_party/libsrtp/src/crypto/include/nss_fips.h.D224588 firefox-140.0/third_party/libsrtp/src/crypto/include/nss_fips.h
|
||||
--- firefox-140.0/third_party/libsrtp/src/crypto/include/nss_fips.h.D224588 2025-06-25 11:50:45.909524312 +0200
|
||||
+++ firefox-140.0/third_party/libsrtp/src/crypto/include/nss_fips.h 2025-06-25 11:50:45.909524312 +0200
|
||||
@@ -0,0 +1,148 @@
|
||||
+/*
|
||||
+ * Copyright (c) 2024, Red Hat, Inc.
|
||||
+ * All rights reserved.
|
||||
+ *
|
||||
+ * Redistribution and use in source and binary forms, with or without
|
||||
+ * modification, are permitted provided that the following conditions
|
||||
+ * are met:
|
||||
+ *
|
||||
+ * Redistributions of source code must retain the above copyright
|
||||
+ * notice, this list of conditions and the following disclaimer.
|
||||
+ *
|
||||
+ * Redistributions in binary form must reproduce the above
|
||||
+ * copyright notice, this list of conditions and the following
|
||||
+ * disclaimer in the documentation and/or other materials provided
|
||||
+ * with the distribution.
|
||||
+ *
|
||||
+ * Neither the name of the Red Hat, Inc. nor the names of its
|
||||
+ * contributors may be used to endorse or promote products derived
|
||||
+ * from this software without specific prior written permission.
|
||||
+ *
|
||||
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
||||
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
||||
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
||||
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
||||
+ * COPYRIGHT HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
|
||||
+ * INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
||||
+ * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR
|
||||
+ * SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
|
||||
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||||
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
|
||||
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||
+*/
|
||||
+
|
||||
+/*
|
||||
+ Adapted from Red Hat Ceph patch by
|
||||
+ Radoslaw Zarzynski <rzarzyns@redhat.com>
|
||||
+
|
||||
+ PK11_ImportSymKey() is a part of NSS API that becomes unavailable
|
||||
+ in the FIPS mode. Apparently NSS targets stricter restrictions
|
||||
+ than those coming from Level 1 of FIPS 140-2. In the consequence,
|
||||
+ loading a symmetric key from plain keyring or key db fails.
|
||||
+
|
||||
+ A raw crypto key is in-memory wrapped with fresh, random wrapping
|
||||
+ key just before being imported via PK11_UnwrapSymKey(). Of course,
|
||||
+ this effectively lowers to FIPS level 1. Still, this would be no
|
||||
+ different from what OpenSSL gives in the matter.
|
||||
+*/
|
||||
+
|
||||
+#ifndef NSS_FIPS_H
|
||||
+#define NSS_FIPS_H
|
||||
+
|
||||
+static PK11SymKey *PK11_ImportSymKey_FIPS(
|
||||
+ PK11SlotInfo * const slot,
|
||||
+ const CK_MECHANISM_TYPE type,
|
||||
+ const PK11Origin origin,
|
||||
+ const CK_ATTRIBUTE_TYPE operation,
|
||||
+ SECItem * const raw_key,
|
||||
+ void * const wincx)
|
||||
+{
|
||||
+ PK11SymKey* wrapping_key = NULL;
|
||||
+ PK11Context *wrap_key_crypt_context = NULL;
|
||||
+ SECItem *raw_key_aligned = NULL;
|
||||
+ CK_MECHANISM_TYPE wrap_mechanism = 0;
|
||||
+
|
||||
+ struct {
|
||||
+ unsigned char data[256];
|
||||
+ int len;
|
||||
+ } wrapped_key;
|
||||
+
|
||||
+ #define SCOPE_DATA_FREE() \
|
||||
+ { \
|
||||
+ PK11_FreeSymKey(wrapping_key); \
|
||||
+ PK11_DestroyContext(wrap_key_crypt_context, PR_TRUE); \
|
||||
+ SECITEM_FreeItem(raw_key_aligned, PR_TRUE); \
|
||||
+ }
|
||||
+
|
||||
+ if(raw_key->len > sizeof(wrapped_key.data)) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ // getting 306 on my system which is CKM_DES3_ECB.
|
||||
+ wrap_mechanism = PK11_GetBestWrapMechanism(slot);
|
||||
+
|
||||
+ // Generate a wrapping key. It will be used exactly twice over the scope:
|
||||
+ // * to encrypt raw_key giving wrapped_key,
|
||||
+ // * to decrypt wrapped_key in the internals of PK11_UnwrapSymKey().
|
||||
+ wrapping_key = PK11_KeyGen(slot, wrap_mechanism, NULL,
|
||||
+ PK11_GetBestKeyLength(slot, wrap_mechanism), NULL);
|
||||
+ if (wrapping_key == NULL) {
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ // Prepare a PK11 context for the raw_key -> wrapped_key encryption.
|
||||
+ SECItem tmp_sec_item;
|
||||
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
|
||||
+ wrap_key_crypt_context = PK11_CreateContextBySymKey(
|
||||
+ wrap_mechanism,
|
||||
+ CKA_ENCRYPT,
|
||||
+ wrapping_key,
|
||||
+ &tmp_sec_item);
|
||||
+ if (wrap_key_crypt_context == NULL) {
|
||||
+ SCOPE_DATA_FREE();
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ // Finally wrap the key. Important note is that the wrapping mechanism
|
||||
+ // selection (read: just grabbing a cipher) offers, at least in my NSS
|
||||
+ // copy, mostly CKM_*_ECB ciphers (with 3DES as the leading one, see
|
||||
+ // wrapMechanismList[] in pk11mech.c). There is no CKM_*_*_PAD variant
|
||||
+ // which means that plaintext we are providing to PK11_CipherOp() must
|
||||
+ // be aligned to cipher's block size. For 3DES it's 64 bits.
|
||||
+ raw_key_aligned = PK11_BlockData(raw_key, PK11_GetBlockSize(wrap_mechanism, NULL));
|
||||
+ if (raw_key_aligned == NULL) {
|
||||
+ SCOPE_DATA_FREE();
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (PK11_CipherOp(wrap_key_crypt_context, wrapped_key.data, &wrapped_key.len,
|
||||
+ sizeof(wrapped_key.data), raw_key_aligned->data,
|
||||
+ raw_key_aligned->len) != SECSuccess) {
|
||||
+ SCOPE_DATA_FREE();
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ if (PK11_Finalize(wrap_key_crypt_context) != SECSuccess) {
|
||||
+ SCOPE_DATA_FREE();
|
||||
+ return NULL;
|
||||
+ }
|
||||
+
|
||||
+ // Key is wrapped now so we can acquire the ultimate PK11SymKey through
|
||||
+ // unwrapping it. Of course these two opposite operations form NOP with
|
||||
+ // a side effect: FIPS level 1 compatibility.
|
||||
+ memset(&tmp_sec_item, 0, sizeof(tmp_sec_item));
|
||||
+
|
||||
+ SECItem wrapped_key_item;
|
||||
+ memset(&wrapped_key_item, 0, sizeof(wrapped_key_item));
|
||||
+ wrapped_key_item.data = wrapped_key.data;
|
||||
+ wrapped_key_item.len = wrapped_key.len;
|
||||
+
|
||||
+ PK11SymKey *ret = PK11_UnwrapSymKey(wrapping_key, wrap_mechanism,
|
||||
+ &tmp_sec_item, &wrapped_key_item, type,
|
||||
+ operation, raw_key->len);
|
||||
+ SCOPE_DATA_FREE();
|
||||
+ return ret;
|
||||
+ }
|
||||
+
|
||||
+#endif // NSS_FIPS_H
|
||||
@ -1,16 +0,0 @@
|
||||
diff --git a/intl/strres/nsStringBundle.cpp b/intl/strres/nsStringBundle.cpp
|
||||
--- a/intl/strres/nsStringBundle.cpp
|
||||
+++ b/intl/strres/nsStringBundle.cpp
|
||||
@@ -753,10 +753,11 @@
|
||||
const char16_t* aSomeData) {
|
||||
if (strcmp("profile-do-change", aTopic) == 0 ||
|
||||
strcmp("chrome-flush-caches", aTopic) == 0 ||
|
||||
strcmp("intl:app-locales-changed", aTopic) == 0) {
|
||||
flushBundleCache(/* ignoreShared = */ false);
|
||||
+ mBundleMap.Clear();
|
||||
} else if (strcmp("memory-pressure", aTopic) == 0) {
|
||||
flushBundleCache(/* ignoreShared = */ true);
|
||||
}
|
||||
|
||||
return NS_OK;
|
||||
|
||||
@ -1,53 +0,0 @@
|
||||
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
|
||||
--- a/modules/libpref/init/StaticPrefList.yaml
|
||||
+++ b/modules/libpref/init/StaticPrefList.yaml
|
||||
@@ -1762,10 +1762,16 @@
|
||||
- name: browser.privatebrowsing.forceMediaMemoryCache
|
||||
type: bool
|
||||
value: false
|
||||
mirror: always
|
||||
|
||||
+# Disable state restoration, allowing the kiosk desktop environment to manage state and position.
|
||||
+- name: browser.restoreWindowState.disabled
|
||||
+ type: bool
|
||||
+ value: false
|
||||
+ mirror: always
|
||||
+
|
||||
# Communicates the toolbar color to platform (for e.g., prefers-color-scheme).
|
||||
#
|
||||
# Returns whether the toolbar is dark (0), light (1), or system (2). The
|
||||
# theming code overrides it if appropriate.
|
||||
- name: browser.theme.toolbar-theme
|
||||
diff --git a/xpfe/appshell/AppWindow.cpp b/xpfe/appshell/AppWindow.cpp
|
||||
--- a/xpfe/appshell/AppWindow.cpp
|
||||
+++ b/xpfe/appshell/AppWindow.cpp
|
||||
@@ -58,10 +58,11 @@
|
||||
#include "mozilla/AutoRestore.h"
|
||||
#include "mozilla/Preferences.h"
|
||||
#include "mozilla/PresShell.h"
|
||||
#include "mozilla/Services.h"
|
||||
#include "mozilla/SpinEventLoopUntil.h"
|
||||
+#include "mozilla/StaticPrefs_browser.h"
|
||||
#include "mozilla/dom/BarProps.h"
|
||||
#include "mozilla/dom/DOMRect.h"
|
||||
#include "mozilla/dom/Element.h"
|
||||
#include "mozilla/dom/Event.h"
|
||||
#include "mozilla/dom/ScriptSettings.h"
|
||||
@@ -2393,10 +2394,16 @@
|
||||
nsCOMPtr<dom::Element> docShellElement = GetWindowDOMElement();
|
||||
if (!docShellElement) {
|
||||
return;
|
||||
}
|
||||
|
||||
+ // Disable state restoration, allowing the kiosk desktop environment
|
||||
+ // to manage state and position.
|
||||
+ if (StaticPrefs::browser_restoreWindowState_disabled()) {
|
||||
+ return;
|
||||
+ }
|
||||
+
|
||||
// Check if the window wants to persist anything.
|
||||
nsAutoString persist;
|
||||
docShellElement->GetAttr(nsGkAtoms::persist, persist);
|
||||
if (persist.IsEmpty()) {
|
||||
return;
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
diff --git a/gfx/webrender_bindings/RenderCompositorSWGL.cpp b/gfx/webrender_bindings/RenderCompositorSWGL.cpp
|
||||
--- a/gfx/webrender_bindings/RenderCompositorSWGL.cpp
|
||||
+++ b/gfx/webrender_bindings/RenderCompositorSWGL.cpp
|
||||
@@ -76,12 +76,14 @@
|
||||
const wr::DeviceIntRect* aOpaqueRects, size_t aNumOpaqueRects) {
|
||||
// Request a new draw target to use from the widget...
|
||||
MOZ_ASSERT(!mDT);
|
||||
mDT = mWidget->StartRemoteDrawingInRegion(mDirtyRegion);
|
||||
if (!mDT) {
|
||||
+#if !defined(MOZ_WAYLAND)
|
||||
gfxCriticalNoteOnce
|
||||
<< "RenderCompositorSWGL failed mapping default framebuffer, no dt";
|
||||
+#endif
|
||||
return false;
|
||||
}
|
||||
// Attempt to lock the underlying buffer directly from the draw target.
|
||||
// Verify that the size at least matches what the widget claims and that
|
||||
// the format is BGRA8 as SWGL requires.
|
||||
|
||||
@ -1,14 +0,0 @@
|
||||
diff --git a/modules/libpref/init/StaticPrefList.yaml b/modules/libpref/init/StaticPrefList.yaml
|
||||
index acadd3a2cc..11b217174d 100644
|
||||
--- a/modules/libpref/init/StaticPrefList.yaml
|
||||
+++ b/modules/libpref/init/StaticPrefList.yaml
|
||||
@@ -12561,6 +12561,8 @@
|
||||
type: RelaxedAtomicBool
|
||||
#if defined(MOZ_AV1)
|
||||
value: true
|
||||
+#else
|
||||
+ value: false
|
||||
#endif
|
||||
mirror: always
|
||||
|
||||
|
||||
@ -1,24 +1,24 @@
|
||||
diff -up firefox-140.1.0/media/ffvpx/libavcodec/av1dec.c.build-ffvpx firefox-140.1.0/media/ffvpx/libavcodec/av1dec.c
|
||||
--- firefox-140.1.0/media/ffvpx/libavcodec/av1dec.c.build-ffvpx 2025-07-14 19:14:53.000000000 +0200
|
||||
+++ firefox-140.1.0/media/ffvpx/libavcodec/av1dec.c 2025-07-31 13:02:48.131126439 +0200
|
||||
@@ -904,7 +904,7 @@ static av_cold int av1_decode_init(AVCod
|
||||
diff -up thunderbird-128.0/media/ffvpx/libavcodec/av1dec.c.build-ffvpx thunderbird-128.0/media/ffvpx/libavcodec/av1dec.c
|
||||
--- thunderbird-128.0/media/ffvpx/libavcodec/av1dec.c.build-ffvpx 2024-06-24 22:43:40.000000000 +0200
|
||||
+++ thunderbird-128.0/media/ffvpx/libavcodec/av1dec.c 2024-07-10 11:20:23.200948767 +0200
|
||||
@@ -887,7 +887,7 @@ static av_cold int av1_decode_init(AVCod
|
||||
ff_cbs_fragment_reset(&s->current_obu);
|
||||
}
|
||||
|
||||
- s->dovi.logctx = avctx;
|
||||
+ s->dovi.logctx = (AVContext *) avctx;
|
||||
s->dovi.cfg.dv_profile = 10; // default for AV1
|
||||
s->dovi.dv_profile = 10; // default for AV1
|
||||
sd = ff_get_coded_side_data(avctx, AV_PKT_DATA_DOVI_CONF);
|
||||
if (sd && sd->size >= sizeof(s->dovi.cfg))
|
||||
diff -up firefox-140.1.0/media/ffvpx/libavcodec/libdav1d.c.build-ffvpx firefox-140.1.0/media/ffvpx/libavcodec/libdav1d.c
|
||||
--- firefox-140.1.0/media/ffvpx/libavcodec/libdav1d.c.build-ffvpx 2025-07-14 19:14:54.000000000 +0200
|
||||
+++ firefox-140.1.0/media/ffvpx/libavcodec/libdav1d.c 2025-07-31 13:03:08.395175190 +0200
|
||||
@@ -293,7 +293,7 @@ static av_cold int libdav1d_init(AVCodec
|
||||
if (sd && sd->size > 0)
|
||||
diff -up thunderbird-128.0/media/ffvpx/libavcodec/libdav1d.c.build-ffvpx thunderbird-128.0/media/ffvpx/libavcodec/libdav1d.c
|
||||
--- thunderbird-128.0/media/ffvpx/libavcodec/libdav1d.c.build-ffvpx 2024-07-10 12:46:57.005539959 +0200
|
||||
+++ thunderbird-128.0/media/ffvpx/libavcodec/libdav1d.c 2024-07-10 12:47:19.067507705 +0200
|
||||
@@ -289,7 +289,7 @@ static av_cold int libdav1d_init(AVCodec
|
||||
c->delay = res > 1 ? res : 0;
|
||||
#endif
|
||||
|
||||
- dav1d->dovi.logctx = c;
|
||||
+ dav1d->dovi.logctx = (AVContext *) c;
|
||||
dav1d->dovi.cfg.dv_profile = 10; // default for AV1
|
||||
dav1d->dovi.dv_profile = 10; // default for AV1
|
||||
sd = ff_get_coded_side_data(c, AV_PKT_DATA_DOVI_CONF);
|
||||
if (sd && sd->size >= sizeof(dav1d->dovi.cfg))
|
||||
if (sd && sd->size > 0)
|
||||
|
||||
@ -1,13 +1,12 @@
|
||||
diff -up firefox-128.0/config/external/moz.build.libaom firefox-128.0/config/external/moz.build
|
||||
--- firefox-128.0/config/external/moz.build.libaom 2024-07-31 15:32:39.460374047 +0200
|
||||
+++ firefox-128.0/config/external/moz.build 2024-07-31 15:34:41.646064796 +0200
|
||||
@@ -39,9 +39,9 @@ if CONFIG["MOZ_VORBIS"]:
|
||||
|
||||
@@ -39,8 +39,8 @@ if CONFIG["MOZ_VORBIS"]:
|
||||
if not CONFIG["MOZ_SYSTEM_LIBVPX"]:
|
||||
external_dirs += ["media/libvpx"]
|
||||
+external_dirs += ["media/libaom"]
|
||||
|
||||
if not CONFIG["MOZ_SYSTEM_AV1"]:
|
||||
+external_dirs += ["media/libaom"]
|
||||
if CONFIG["MOZ_AV1"]:
|
||||
- external_dirs += ["media/libaom"]
|
||||
external_dirs += ["media/libdav1d"]
|
||||
|
||||
|
||||
@ -1,9 +1,8 @@
|
||||
diff -up firefox-140.0/python/mozbuild/mozbuild/nodeutil.py.build-rhel7-lower-node-min-version firefox-140.0/python/mozbuild/mozbuild/nodeutil.py
|
||||
--- firefox-140.0/python/mozbuild/mozbuild/nodeutil.py.build-rhel7-lower-node-min-version 2025-06-02 15:26:51.000000000 +0200
|
||||
+++ firefox-140.0/python/mozbuild/mozbuild/nodeutil.py 2025-06-12 11:54:37.075505124 +0200
|
||||
@@ -10,7 +10,7 @@ from mozboot.util import get_tools_dir
|
||||
from mozfile import which
|
||||
--- firefox-115.8.0/python/mozbuild/mozbuild/nodeutil.py.lower-node-min-version 2024-02-12 21:53:56.000000000 +0200
|
||||
+++ firefox-115.8.0/python/mozbuild/mozbuild/nodeutil.py 2024-02-14 16:48:12.476182627 +0200
|
||||
@@ -13,7 +13,7 @@ from mozboot.util import get_tools_dir
|
||||
from packaging.version import Version
|
||||
from six import PY3
|
||||
|
||||
-NODE_MIN_VERSION = Version("12.22.12")
|
||||
+NODE_MIN_VERSION = Version("10.24.0")
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
diff -up firefox-140.0/python/mozbuild/mozbuild/frontend/context.py.build-rhel7-nasm-dwarf firefox-140.0/python/mozbuild/mozbuild/frontend/context.py
|
||||
--- firefox-140.0/python/mozbuild/mozbuild/frontend/context.py.build-rhel7-nasm-dwarf 2025-06-02 15:26:51.000000000 +0200
|
||||
+++ firefox-140.0/python/mozbuild/mozbuild/frontend/context.py 2025-06-12 12:09:56.398728745 +0200
|
||||
@@ -417,7 +417,7 @@ class AsmFlags(BaseCompileFlags):
|
||||
diff -up firefox-91.0.1/python/mozbuild/mozbuild/frontend/context.py.rhel7-nasm firefox-91.0.1/python/mozbuild/mozbuild/frontend/context.py
|
||||
--- firefox-91.0.1/python/mozbuild/mozbuild/frontend/context.py.rhel7-nasm 2021-08-31 08:02:10.814740774 +0200
|
||||
+++ firefox-91.0.1/python/mozbuild/mozbuild/frontend/context.py 2021-08-31 08:04:03.967146994 +0200
|
||||
@@ -420,7 +420,7 @@ class AsmFlags(BaseCompileFlags):
|
||||
if self._context.config.substs.get("OS_ARCH") == "WINNT":
|
||||
debug_flags += ["-F", "cv8"]
|
||||
elif self._context.config.substs.get("OS_ARCH") != "Darwin":
|
||||
- debug_flags += ["-F", "dwarf"]
|
||||
+ debug_flags += ["-F", "elf32"]
|
||||
elif self._context.config.substs.get("CC_TYPE") == "clang-cl":
|
||||
if self._context.config.substs.get("TARGET_CPU") == "aarch64":
|
||||
# armasm64 accepts a paucity of options compared to ml/ml64.
|
||||
+ debug_flags += ["-f", "elf32"]
|
||||
elif (
|
||||
self._context.config.substs.get("OS_ARCH") == "WINNT"
|
||||
and self._context.config.substs.get("CPU_ARCH") == "aarch64"
|
||||
|
||||
@ -1,20 +0,0 @@
|
||||
diff -up firefox-140.0/third_party/rust/neqo-crypto/.cargo-checksum.json.system-nss firefox-140.0/third_party/rust/neqo-crypto/.cargo-checksum.json
|
||||
--- firefox-140.0/third_party/rust/neqo-crypto/.cargo-checksum.json.system-nss 2025-07-25 10:17:19.112202464 +0200
|
||||
+++ firefox-140.0/third_party/rust/neqo-crypto/.cargo-checksum.json 2025-07-25 10:17:55.824333955 +0200
|
||||
@@ -1 +1 @@
|
||||
-{"files":{"Cargo.toml":"a57adef48614a58209447e8bd115a2de3d8a42917a0b9a2ae9a97cabc3400c6a","bindings/bindings.toml":"e7e4b75736cfcf4d52febacb99a6f6c6c7b1d648ed8bdc424648be876c850e91","bindings/nspr_err.h":"2d5205d017b536c2d838bcf9bc4ec79f96dd50e7bb9b73892328781f1ee6629d","bindings/nspr_error.h":"e41c03c77b8c22046f8618832c9569fbcc7b26d8b9bbc35eea7168f35e346889","bindings/nspr_io.h":"085b289849ef0e77f88512a27b4d9bdc28252bd4d39c6a17303204e46ef45f72","bindings/nspr_time.h":"2e637fd338a5cf0fd3fb0070a47f474a34c2a7f4447f31b6875f5a9928d0a261","bindings/nss_ciphers.h":"95ec6344a607558b3c5ba8510f463b6295f3a2fb3f538a01410531045a5f62d1","bindings/nss_init.h":"ef49045063782fb612aff459172cc6a89340f15005808608ade5320ca9974310","bindings/nss_p11.h":"0b81e64fe6db49b2ecff94edd850be111ef99ec11220e88ceb1c67be90143a78","bindings/nss_secerr.h":"713e8368bdae5159af7893cfa517dabfe5103cede051dee9c9557c850a2defc6","bindings/nss_ssl.h":"af222fb957b989e392e762fa2125c82608a0053aff4fb97e556691646c88c335","bindings/nss_sslerr.h":"24b97f092183d8486f774cdaef5030d0249221c78343570d83a4ee5b594210ae","bindings/nss_sslopt.h":"b7807eb7abdad14db6ad7bc51048a46b065a0ea65a4508c95a12ce90e59d1eea","build.rs":"2f54f79958878ed7988441955344dd1a2a079b1bb409e8f12a70284fd7e351ef","min_version.txt":"0f9ddf9ddaeb5137a5ab3d238d06286822f9579b1f46ba76312a8c6d76176500","src/aead.rs":"08d7cad82e3bec32661cfd1689e6611b30ae328ec88481cb32201dd255777365","src/aead_null.rs":"a766e2f71fd8b77a8f81bc60aaaafcffb6aef1f0a1f39ea07fef45b3696718ce","src/agent.rs":"ec90d7556231c57da3a191f508eaf1f820f22d6b7912ee45d1a594eb0fea7a82","src/agentio.rs":"1baecfb725b54717a6a74bb4664692d187f62747cc5e0495f59b06729f96dea2","src/auth.rs":"7a1524bef0a0c71616f5ee8b3976d66201210b809271bcf5d06c0e560ae482af","src/cert.rs":"4fdaa3834d8a72f41198449010fd5c3f6be6a54e429427c37bde5aab9421585c","src/constants.rs":"83606aeb646b2833a8094f9d980c266ecc3e8cb40c93a4820da221988319dd1a","src/ech.rs":"19d16af5a30e2060a8942a72487bd820c0d9c62ff1d3c490871752c56781c44b","src/err.rs":"4c7d0b46955b58aa9375210c2c5d24012056c3ad8a856b72d2c7c9542cc97046","src/exp.rs":"cd864fb5a61cd1472baa5b1d0951fc712753c22d21af83ebed09a01585f33b48","src/ext.rs":"a5676f8b9815cc7f6ed1da6fea091cf8754d8b80e90d37b726e905abe18930f8","src/hkdf.rs":"76c5abc8b2d6ee12d8a86cd730af2cf47a59b2fbfd3b8a635a1826636156794d","src/hp.rs":"6adf4ad78b5a065ab7310c69ad239eec156256043e2c185bf60b9d1f12ab1be4","src/lib.rs":"3ab979c264a909e663c5ef140cd57013180745b99937671c73a9003ca6347f41","src/min_version.rs":"c6e1f98b9f56db0622ac38c1be131c55acf4a0f09ed0d6283f4d6308e2d1301a","src/p11.rs":"49bcde067e55228dab483bd11b70dc29d40dc3c59fa60136daccb205dc468df0","src/prio.rs":"1858088afd2668e8fbff56959765b7d4df09342371b9282ade27bb4d7bd6ce69","src/replay.rs":"594ce92f368cbc5fb71ebfb62214f07d1e86df8e5ce94255d5593ffabb91cd03","src/result.rs":"5a76688787741de7a935dbbab4bcb917d481d1c9c50a34df7e510036feb3da17","src/secrets.rs":"5d85b1e15f47cd267fe70fa8ea7e4ebc4b07eab7713f451afeefcf15f146f8a5","src/selfencrypt.rs":"4f106465f582c38d3bb04cb5cbcbf65a349e3186784726d9f2bf511a4a4a35ee","src/ssl.rs":"04950bb534b5304eb417909a3a39ebaa9be234c7c13eacdc41c00a8edab1b09f","src/time.rs":"22989caf3dab85cfe955cc279fcca98a6df02d14fcd0e93cac7b39374b8b5763","tests/aead.rs":"e36ae77802df1ea6d17cfd1bd2178a3706089577d6fd1554ca86e748b8b235b9","tests/agent.rs":"fb95a2d5c86ce3fafcb127cd0a2a163e5ee70baf09b2c8483e4d1fb25644cee2","tests/ext.rs":"57af4e2df211fa8afdb73125d4344ef5c70c1ea4579107c3e6f5746308ee3e7b","tests/handshake.rs":"df8a901048268a390785e05e28cbc97b82e41e47d7eab2d5c0a57e434ca1adcf","tests/hkdf.rs":"1d2098dc8398395864baf13e4886cfd1da6d36118727c3b264f457ee3da6b048","tests/hp.rs":"7ee5d7290a3f61af67ad2c94670cba376027136370d9784948db655b7e00fe54","tests/init.rs":"3cfe8411ca31ad7dfb23822bb1570e1a5b2b334857173bdd7df086b65b81d95a","tests/selfencrypt.rs":"b65aed70e83dce660017159fc8a956d3b52e0807b590ad8d0a3a4265caa8c1fa"},"package":null}
|
||||
\ No newline at end of file
|
||||
+{"files":{"Cargo.toml":"a57adef48614a58209447e8bd115a2de3d8a42917a0b9a2ae9a97cabc3400c6a","bindings/bindings.toml":"e7e4b75736cfcf4d52febacb99a6f6c6c7b1d648ed8bdc424648be876c850e91","bindings/nspr_err.h":"2d5205d017b536c2d838bcf9bc4ec79f96dd50e7bb9b73892328781f1ee6629d","bindings/nspr_error.h":"e41c03c77b8c22046f8618832c9569fbcc7b26d8b9bbc35eea7168f35e346889","bindings/nspr_io.h":"085b289849ef0e77f88512a27b4d9bdc28252bd4d39c6a17303204e46ef45f72","bindings/nspr_time.h":"2e637fd338a5cf0fd3fb0070a47f474a34c2a7f4447f31b6875f5a9928d0a261","bindings/nss_ciphers.h":"95ec6344a607558b3c5ba8510f463b6295f3a2fb3f538a01410531045a5f62d1","bindings/nss_init.h":"ef49045063782fb612aff459172cc6a89340f15005808608ade5320ca9974310","bindings/nss_p11.h":"0b81e64fe6db49b2ecff94edd850be111ef99ec11220e88ceb1c67be90143a78","bindings/nss_secerr.h":"713e8368bdae5159af7893cfa517dabfe5103cede051dee9c9557c850a2defc6","bindings/nss_ssl.h":"af222fb957b989e392e762fa2125c82608a0053aff4fb97e556691646c88c335","bindings/nss_sslerr.h":"24b97f092183d8486f774cdaef5030d0249221c78343570d83a4ee5b594210ae","bindings/nss_sslopt.h":"b7807eb7abdad14db6ad7bc51048a46b065a0ea65a4508c95a12ce90e59d1eea","build.rs":"2f54f79958878ed7988441955344dd1a2a079b1bb409e8f12a70284fd7e351ef","min_version.txt":"0f9ddf9ddaeb5137a5ab3d238d06286822f9579b1f46ba76312a8c6d76176500","src/aead.rs":"08d7cad82e3bec32661cfd1689e6611b30ae328ec88481cb32201dd255777365","src/aead_null.rs":"a766e2f71fd8b77a8f81bc60aaaafcffb6aef1f0a1f39ea07fef45b3696718ce","src/agent.rs":"ec90d7556231c57da3a191f508eaf1f820f22d6b7912ee45d1a594eb0fea7a82","src/agentio.rs":"1baecfb725b54717a6a74bb4664692d187f62747cc5e0495f59b06729f96dea2","src/auth.rs":"7a1524bef0a0c71616f5ee8b3976d66201210b809271bcf5d06c0e560ae482af","src/cert.rs":"4fdaa3834d8a72f41198449010fd5c3f6be6a54e429427c37bde5aab9421585c","src/constants.rs":"50c1b84e06cd9a71bb9199f2518947a4d4ad3e5c33c1b86c585486dc43e872a0","src/ech.rs":"19d16af5a30e2060a8942a72487bd820c0d9c62ff1d3c490871752c56781c44b","src/err.rs":"4c7d0b46955b58aa9375210c2c5d24012056c3ad8a856b72d2c7c9542cc97046","src/exp.rs":"cd864fb5a61cd1472baa5b1d0951fc712753c22d21af83ebed09a01585f33b48","src/ext.rs":"a5676f8b9815cc7f6ed1da6fea091cf8754d8b80e90d37b726e905abe18930f8","src/hkdf.rs":"76c5abc8b2d6ee12d8a86cd730af2cf47a59b2fbfd3b8a635a1826636156794d","src/hp.rs":"6adf4ad78b5a065ab7310c69ad239eec156256043e2c185bf60b9d1f12ab1be4","src/lib.rs":"3ab979c264a909e663c5ef140cd57013180745b99937671c73a9003ca6347f41","src/min_version.rs":"c6e1f98b9f56db0622ac38c1be131c55acf4a0f09ed0d6283f4d6308e2d1301a","src/p11.rs":"49bcde067e55228dab483bd11b70dc29d40dc3c59fa60136daccb205dc468df0","src/prio.rs":"1858088afd2668e8fbff56959765b7d4df09342371b9282ade27bb4d7bd6ce69","src/replay.rs":"594ce92f368cbc5fb71ebfb62214f07d1e86df8e5ce94255d5593ffabb91cd03","src/result.rs":"5a76688787741de7a935dbbab4bcb917d481d1c9c50a34df7e510036feb3da17","src/secrets.rs":"5d85b1e15f47cd267fe70fa8ea7e4ebc4b07eab7713f451afeefcf15f146f8a5","src/selfencrypt.rs":"4f106465f582c38d3bb04cb5cbcbf65a349e3186784726d9f2bf511a4a4a35ee","src/ssl.rs":"04950bb534b5304eb417909a3a39ebaa9be234c7c13eacdc41c00a8edab1b09f","src/time.rs":"22989caf3dab85cfe955cc279fcca98a6df02d14fcd0e93cac7b39374b8b5763","tests/aead.rs":"e36ae77802df1ea6d17cfd1bd2178a3706089577d6fd1554ca86e748b8b235b9","tests/agent.rs":"fb95a2d5c86ce3fafcb127cd0a2a163e5ee70baf09b2c8483e4d1fb25644cee2","tests/ext.rs":"57af4e2df211fa8afdb73125d4344ef5c70c1ea4579107c3e6f5746308ee3e7b","tests/handshake.rs":"df8a901048268a390785e05e28cbc97b82e41e47d7eab2d5c0a57e434ca1adcf","tests/hkdf.rs":"1d2098dc8398395864baf13e4886cfd1da6d36118727c3b264f457ee3da6b048","tests/hp.rs":"7ee5d7290a3f61af67ad2c94670cba376027136370d9784948db655b7e00fe54","tests/init.rs":"3cfe8411ca31ad7dfb23822bb1570e1a5b2b334857173bdd7df086b65b81d95a","tests/selfencrypt.rs":"b65aed70e83dce660017159fc8a956d3b52e0807b590ad8d0a3a4265caa8c1fa"},"package":null}
|
||||
\ No newline at end of file
|
||||
diff -up firefox-140.0/third_party/rust/neqo-crypto/src/constants.rs.system-nss firefox-140.0/third_party/rust/neqo-crypto/src/constants.rs
|
||||
--- firefox-140.0/third_party/rust/neqo-crypto/src/constants.rs.system-nss 2025-07-25 10:16:27.299270237 +0200
|
||||
+++ firefox-140.0/third_party/rust/neqo-crypto/src/constants.rs 2025-07-25 10:16:39.698529915 +0200
|
||||
@@ -83,7 +83,7 @@ remap_enum! {
|
||||
TLS_GRP_EC_SECP521R1 = ssl_grp_ec_secp521r1,
|
||||
TLS_GRP_EC_X25519 = ssl_grp_ec_curve25519,
|
||||
TLS_GRP_KEM_XYBER768D00 = ssl_grp_kem_xyber768d00,
|
||||
- TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_mlkem768x25519,
|
||||
+ TLS_GRP_KEM_MLKEM768X25519 = ssl_grp_kem_x25519mlkem768,
|
||||
}
|
||||
}
|
||||
|
||||
274
SOURCES/disable-pipewire.patch
Normal file
274
SOURCES/disable-pipewire.patch
Normal file
@ -0,0 +1,274 @@
|
||||
diff -up firefox-128.0/dom/media/webrtc/third_party_build/webrtc.mozbuild.disable-pipewire firefox-128.0/dom/media/webrtc/third_party_build/webrtc.mozbuild
|
||||
--- firefox-128.0/dom/media/webrtc/third_party_build/webrtc.mozbuild.disable-pipewire 2024-07-17 14:01:36.290603114 +0200
|
||||
+++ firefox-128.0/dom/media/webrtc/third_party_build/webrtc.mozbuild 2024-07-17 14:52:02.039208338 +0200
|
||||
@@ -31,7 +31,7 @@ if CONFIG["MOZ_WEBRTC"]:
|
||||
and CONFIG["TARGET_CPU"].startswith("mips")
|
||||
)
|
||||
):
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
+ DEFINES["WEBRTC_USE_PIPEWIRE"] = False
|
||||
elif CONFIG["OS_TARGET"] == "Darwin":
|
||||
DEFINES["WEBRTC_MAC"] = True
|
||||
elif CONFIG["OS_TARGET"] == "WINNT":
|
||||
diff -up firefox-128.0/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn/moz.build.disable-pipewire firefox-128.0/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn/moz.build
|
||||
--- firefox-128.0/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn/moz.build.disable-pipewire 2024-07-17 14:01:36.291603109 +0200
|
||||
+++ firefox-128.0/third_party/libwebrtc/modules/desktop_capture/desktop_capture_gn/moz.build 2024-07-17 14:56:35.419826494 +0200
|
||||
@@ -241,102 +241,6 @@ if CONFIG["TARGET_CPU"] == "aarch64":
|
||||
DEFINES["WEBRTC_ARCH_ARM64"] = True
|
||||
DEFINES["WEBRTC_HAS_NEON"] = True
|
||||
|
||||
-if CONFIG["TARGET_CPU"] == "arm":
|
||||
-
|
||||
- CXXFLAGS += [
|
||||
- "-mfpu=neon"
|
||||
- ]
|
||||
-
|
||||
- DEFINES["WEBRTC_ARCH_ARM"] = True
|
||||
- DEFINES["WEBRTC_ARCH_ARM_V7"] = True
|
||||
- DEFINES["WEBRTC_HAS_NEON"] = True
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
-if CONFIG["TARGET_CPU"] == "mips32":
|
||||
-
|
||||
- DEFINES["MIPS32_LE"] = True
|
||||
- DEFINES["MIPS_FPU_LE"] = True
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
-if CONFIG["TARGET_CPU"] == "mips64":
|
||||
-
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
if CONFIG["TARGET_CPU"] == "ppc64":
|
||||
|
||||
DEFINES["USE_X11"] = "1"
|
||||
@@ -389,35 +293,6 @@ if CONFIG["MOZ_DEBUG"] == "1" and CONFIG
|
||||
|
||||
DEFINES["_HAS_ITERATOR_DEBUGGING"] = "0"
|
||||
|
||||
-if CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "aarch64":
|
||||
-
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
if CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "riscv64":
|
||||
|
||||
DEFINES["USE_X11"] = "1"
|
||||
@@ -446,95 +321,6 @@ if CONFIG["OS_TARGET"] == "Linux" and CO
|
||||
"/third_party/libwebrtc/modules/desktop_capture/linux/x11/x_window_property.cc"
|
||||
]
|
||||
|
||||
-if CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "x86":
|
||||
-
|
||||
- CXXFLAGS += [
|
||||
- "-msse2"
|
||||
- ]
|
||||
-
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
-if CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "x86_64":
|
||||
-
|
||||
- DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
- DEFINES["_GNU_SOURCE"] = True
|
||||
-
|
||||
- LOCAL_INCLUDES += [
|
||||
- "/gfx/angle/checkout/include/",
|
||||
- "/third_party/drm/drm/",
|
||||
- "/third_party/drm/drm/include/",
|
||||
- "/third_party/drm/drm/include/libdrm/",
|
||||
- "/third_party/gbm/gbm/",
|
||||
- "/third_party/libepoxy/libepoxy/include/",
|
||||
- "/third_party/pipewire/"
|
||||
- ]
|
||||
-
|
||||
- SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/base_capturer_pipewire.cc"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/egl_dmabuf.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/mouse_cursor_monitor_pipewire.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/restore_token_manager.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screen_capture_portal_interface.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_portal.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/screencast_stream_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/wayland/shared_screencast_stream.cc"
|
||||
- ]
|
||||
-
|
||||
-if CONFIG["MOZ_X11"] == "1" and CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "aarch64":
|
||||
-
|
||||
- DEFINES["USE_X11"] = "1"
|
||||
- DEFINES["WEBRTC_USE_X11"] = True
|
||||
-
|
||||
- OS_LIBS += [
|
||||
- "X11",
|
||||
- "Xcomposite",
|
||||
- "Xdamage",
|
||||
- "Xext",
|
||||
- "Xfixes",
|
||||
- "Xrandr",
|
||||
- "Xrender"
|
||||
- ]
|
||||
-
|
||||
- UNIFIED_SOURCES += [
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/mouse_cursor_monitor_x11.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/screen_capturer_x11.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/shared_x_display.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/window_capturer_x11.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/window_finder_x11.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/window_list_utils.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/x_atom_cache.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/x_error_trap.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/x_server_pixel_buffer.cc",
|
||||
- "/third_party/libwebrtc/modules/desktop_capture/linux/x11/x_window_property.cc"
|
||||
- ]
|
||||
|
||||
if CONFIG["MOZ_X11"] == "1" and CONFIG["OS_TARGET"] == "Linux" and CONFIG["TARGET_CPU"] == "arm":
|
||||
|
||||
diff -up firefox-128.0/third_party/libwebrtc/modules/portal/portal_gn/moz.build.disable-pipewire firefox-128.0/third_party/libwebrtc/modules/portal/portal_gn/moz.build
|
||||
--- firefox-128.0/third_party/libwebrtc/modules/portal/portal_gn/moz.build.disable-pipewire 2024-07-04 18:20:41.000000000 +0200
|
||||
+++ firefox-128.0/third_party/libwebrtc/modules/portal/portal_gn/moz.build 2024-07-17 14:01:36.291603109 +0200
|
||||
@@ -27,7 +27,7 @@ DEFINES["WEBRTC_MOZILLA_BUILD"] = True
|
||||
DEFINES["WEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS"] = "0"
|
||||
DEFINES["WEBRTC_POSIX"] = True
|
||||
DEFINES["WEBRTC_STRICT_FIELD_TRIALS"] = "0"
|
||||
-DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
+DEFINES["WEBRTC_USE_PIPEWIRE"] = False
|
||||
DEFINES["_FILE_OFFSET_BITS"] = "64"
|
||||
DEFINES["_GNU_SOURCE"] = True
|
||||
DEFINES["_LARGEFILE64_SOURCE"] = True
|
||||
diff -up firefox-128.0/third_party/libwebrtc/third_party/pipewire/pipewire_gn/moz.build.disable-pipewire firefox-128.0/third_party/libwebrtc/third_party/pipewire/pipewire_gn/moz.build
|
||||
--- firefox-128.0/third_party/libwebrtc/third_party/pipewire/pipewire_gn/moz.build.disable-pipewire 2024-07-04 18:20:41.000000000 +0200
|
||||
+++ firefox-128.0/third_party/libwebrtc/third_party/pipewire/pipewire_gn/moz.build 2024-07-17 14:01:36.291603109 +0200
|
||||
@@ -25,7 +25,7 @@ DEFINES["WEBRTC_MOZILLA_BUILD"] = True
|
||||
DEFINES["WEBRTC_NON_STATIC_TRACE_EVENT_HANDLERS"] = "0"
|
||||
DEFINES["WEBRTC_POSIX"] = True
|
||||
DEFINES["WEBRTC_STRICT_FIELD_TRIALS"] = "0"
|
||||
-DEFINES["WEBRTC_USE_PIPEWIRE"] = True
|
||||
+DEFINES["WEBRTC_USE_PIPEWIRE"] = False
|
||||
DEFINES["_FILE_OFFSET_BITS"] = "64"
|
||||
DEFINES["_GNU_SOURCE"] = True
|
||||
DEFINES["_LARGEFILE64_SOURCE"] = True
|
||||
9
SOURCES/distribution.ini
Normal file
9
SOURCES/distribution.ini
Normal file
@ -0,0 +1,9 @@
|
||||
[Global]
|
||||
id=almalinux
|
||||
version=1.0
|
||||
about=Mozilla Firefox for AlmaLinux
|
||||
|
||||
[Preferences]
|
||||
app.distributor=almalinux
|
||||
app.distributor.channel=almalinux
|
||||
app.partner.fedora=almalinux
|
||||
@ -1,9 +0,0 @@
|
||||
[Global]
|
||||
id=__ID__
|
||||
version=1.0
|
||||
about=Mozilla Firefox for __NAME__
|
||||
|
||||
[Preferences]
|
||||
app.distributor=__ID__
|
||||
app.distributor.channel=__ID__
|
||||
app.partner.__ID__=__ID__
|
||||
@ -1,29 +0,0 @@
|
||||
diff -up firefox-140.1.0/testing/mozbase/mozprocess/mozprocess/processhandler.py.exceptionHandled-for-IO-error-processhandler firefox-140.1.0/testing/mozbase/mozprocess/mozprocess/processhandler.py
|
||||
--- firefox-140.1.0/testing/mozbase/mozprocess/mozprocess/processhandler.py.exceptionHandled-for-IO-error-processhandler 2025-07-14 19:14:55.000000000 +0200
|
||||
+++ firefox-140.1.0/testing/mozbase/mozprocess/mozprocess/processhandler.py 2025-08-05 18:05:54.329479764 +0200
|
||||
@@ -1098,11 +1098,22 @@ class ProcessReader:
|
||||
|
||||
def _read_stream(self, stream, queue, callback):
|
||||
sentinel = "" if isinstance(stream, io.TextIOBase) else b""
|
||||
- for line in iter(stream.readline, sentinel):
|
||||
- queue.put((line, callback))
|
||||
+ try:
|
||||
+ for line in iter(stream.readline, sentinel):
|
||||
+ queue.put((line, callback))
|
||||
+ except ValueError as e:
|
||||
+ if "I/O operation on closed file" in str(e):
|
||||
+ # Stream was closed by the process, this is normal
|
||||
+ pass
|
||||
+ else:
|
||||
+ raise
|
||||
# Give a chance to the reading loop to exit without a timeout.
|
||||
queue.put((b"", None))
|
||||
- stream.close()
|
||||
+ try:
|
||||
+ stream.close()
|
||||
+ except ValueError:
|
||||
+ # Stream might already be closed
|
||||
+ pass
|
||||
|
||||
def start(self, proc):
|
||||
queue = Queue()
|
||||
@ -1,31 +0,0 @@
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixnss.cpp b/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
index 31aa1ddd67..6eb367eae4 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
@@ -323,13 +323,21 @@ VerifyMLDSASignedDataNSS(Input data,
|
||||
SECItem dataItem(UnsafeMapInputToSECItem(data));
|
||||
CK_MECHANISM_TYPE mechanism;
|
||||
|
||||
- switch (pubk->u.mldsa.paramSet) {
|
||||
- case SEC_OID_ML_DSA_44:
|
||||
- case SEC_OID_ML_DSA_65:
|
||||
- case SEC_OID_ML_DSA_87:
|
||||
+ switch (SEC_GetSignatureAlgorithmOidTag(pubk->keyType, pubk->u.mldsa.params)) {
|
||||
+ case CKP_ML_DSA_44:
|
||||
+ hashPolicyTag = SEC_OID_UNKNOWN;
|
||||
+ mechanism = CKM_ML_DSA;
|
||||
+ signaturePolicyTag = SEC_OID_PRIVATE_3;
|
||||
+ break;
|
||||
+ case CKP_ML_DSA_65:
|
||||
+ hashPolicyTag = SEC_OID_UNKNOWN;
|
||||
mechanism = CKM_ML_DSA;
|
||||
- signaturePolicyTag = pubk->u.mldsa.paramSet;
|
||||
+ signaturePolicyTag = SEC_OID_PRIVATE_4;
|
||||
+ break;
|
||||
+ case CKP_ML_DSA_87:
|
||||
hashPolicyTag = SEC_OID_UNKNOWN;
|
||||
+ mechanism = CKM_ML_DSA;
|
||||
+ signaturePolicyTag = SEC_OID_PRIVATE_5;
|
||||
break;
|
||||
default:
|
||||
return Result::ERROR_UNSUPPORTED_KEYALG;
|
||||
@ -1,323 +0,0 @@
|
||||
diff --git a/toolkit/components/certviewer/content/certDecoder.mjs b/toolkit/components/certviewer/content/certDecoder.mjs
|
||||
--- a/toolkit/components/certviewer/content/certDecoder.mjs
|
||||
+++ b/toolkit/components/certviewer/content/certDecoder.mjs
|
||||
@@ -5,10 +5,11 @@
|
||||
import {
|
||||
Certificate,
|
||||
ECNamedCurves,
|
||||
ECPublicKey,
|
||||
RSAPublicKey,
|
||||
+ MLDSAPublicKey,
|
||||
} from "./vendor/pkijs.js";
|
||||
|
||||
const getTimeZone = () => {
|
||||
let timeZone = new Date().toString().match(/\(([A-Za-z\s].*)\)/);
|
||||
if (timeZone === null) {
|
||||
@@ -45,10 +46,19 @@
|
||||
x, // x coordinate
|
||||
y, // y coordinate
|
||||
xy: `04:${x}:${y}`, // 04 (uncompressed) public key
|
||||
};
|
||||
}
|
||||
+ if (publicKey instanceof MLDSAPublicKey) {
|
||||
+ let keyHex = publicKey.rhoT1.valueBlock.valueHex;
|
||||
+ let keyBytes = new Uint8Array(keyHex);
|
||||
+ return {
|
||||
+ kty: publicKey.alg,
|
||||
+ keysize: keyBytes.length,
|
||||
+ rhoT1: hashify(keyHex),
|
||||
+ };
|
||||
+ }
|
||||
return { kty: "Unknown" };
|
||||
};
|
||||
|
||||
const getX509Ext = (extensions, v) => {
|
||||
for (var extension in extensions) {
|
||||
@@ -1132,10 +1142,13 @@
|
||||
"2.16.840.1.101.3.4.3.2": "DSA with SHA-256",
|
||||
"1.2.840.10045.4.1": "ECDSA with SHA-1",
|
||||
"1.2.840.10045.4.3.2": "ECDSA with SHA-256",
|
||||
"1.2.840.10045.4.3.3": "ECDSA with SHA-384",
|
||||
"1.2.840.10045.4.3.4": "ECDSA with SHA-512",
|
||||
+ "2.16.840.1.101.3.4.3.17": "ML-DSA-44",
|
||||
+ "2.16.840.1.101.3.4.3.18": "ML-DSA-65",
|
||||
+ "2.16.840.1.101.3.4.3.19": "ML-DSA-87",
|
||||
},
|
||||
|
||||
aia: {
|
||||
"1.3.6.1.5.5.7.48.1": "Online Certificate Status Protocol (OCSP)",
|
||||
"1.3.6.1.5.5.7.48.2": "CA Issuers",
|
||||
diff --git a/toolkit/components/certviewer/content/certviewer.mjs b/toolkit/components/certviewer/content/certviewer.mjs
|
||||
--- a/toolkit/components/certviewer/content/certviewer.mjs
|
||||
+++ b/toolkit/components/certviewer/content/certviewer.mjs
|
||||
@@ -74,10 +74,23 @@
|
||||
}
|
||||
}
|
||||
return result ? result : false;
|
||||
};
|
||||
|
||||
+const getMLDSASecurityLevel = signatureName => {
|
||||
+ switch (signatureName) {
|
||||
+ case "ML-DSA-44":
|
||||
+ return "Level 2 (NIST)";
|
||||
+ case "ML-DSA-65":
|
||||
+ return "Level 3 (NIST)";
|
||||
+ case "ML-DSA-87":
|
||||
+ return "Level 5 (NIST)";
|
||||
+ default:
|
||||
+ return null;
|
||||
+ }
|
||||
+};
|
||||
+
|
||||
export const adjustCertInformation = cert => {
|
||||
let certItems = [];
|
||||
let tabName = cert?.subject?.cn || "";
|
||||
if (cert && !tabName) {
|
||||
// No common name, use the value of the last item in the cert's entries.
|
||||
@@ -173,10 +186,15 @@
|
||||
createEntryItem("key-size", cert.subjectPublicKeyInfo.keysize),
|
||||
createEntryItem("curve", cert.subjectPublicKeyInfo.crv),
|
||||
createEntryItem("public-value", cert.subjectPublicKeyInfo.xy, true),
|
||||
createEntryItem("exponent", cert.subjectPublicKeyInfo.e),
|
||||
createEntryItem("modulus", cert.subjectPublicKeyInfo.n, true),
|
||||
+ createEntryItem(
|
||||
+ "mldsa-public-value",
|
||||
+ cert.subjectPublicKeyInfo.rhoT1,
|
||||
+ true
|
||||
+ ),
|
||||
].filter(elem => elem != null);
|
||||
}
|
||||
return items;
|
||||
},
|
||||
certItems,
|
||||
@@ -190,14 +208,23 @@
|
||||
createEntryItem("serial-number", cert.serialNumber, true),
|
||||
createEntryItem(
|
||||
"signature-algorithm",
|
||||
cert.signature ? cert.signature.name : null
|
||||
),
|
||||
+ ];
|
||||
+
|
||||
+ const secLvl = getMLDSASecurityLevel(cert.signature?.name);
|
||||
+ if (secLvl) {
|
||||
+ items.push(createEntryItem("security-level", secLvl));
|
||||
+ }
|
||||
+
|
||||
+ items.push(
|
||||
createEntryItem("version", cert.version),
|
||||
- createEntryItem("download", cert.files ? cert.files.pem : null),
|
||||
- ].filter(elem => elem != null);
|
||||
- return items;
|
||||
+ createEntryItem("download", cert.files ? cert.files.pem : null)
|
||||
+ );
|
||||
+
|
||||
+ return items.filter(elem => elem != null);
|
||||
},
|
||||
certItems,
|
||||
"miscellaneous",
|
||||
false
|
||||
);
|
||||
diff --git a/toolkit/components/certviewer/content/vendor/pkijs.js b/toolkit/components/certviewer/content/vendor/pkijs.js
|
||||
--- a/toolkit/components/certviewer/content/vendor/pkijs.js
|
||||
+++ b/toolkit/components/certviewer/content/vendor/pkijs.js
|
||||
@@ -8609,10 +8609,90 @@
|
||||
this.publicExponent = new Integer({ valueHex: stringToArrayBuffer(fromBase64(json.e, true)).slice(0, 3) });
|
||||
}
|
||||
}
|
||||
RSAPublicKey.CLASS_NAME = "RSAPublicKey";
|
||||
|
||||
+/* @see https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-11.html */
|
||||
+const RHO_T1 = "rhoT1";
|
||||
+const ALG = "alg";
|
||||
+const CLEAR_PROPS_MLDSA = [RHO_T1, ALG];
|
||||
+const MLDSA_MIN_LENGTH = 32;
|
||||
+class MLDSAPublicKey extends PkiObject {
|
||||
+ constructor(parameters = {}) {
|
||||
+ super();
|
||||
+
|
||||
+ this.rhoT1 = getParametersValue(parameters, RHO_T1, MLDSAPublicKey.defaultValues(RHO_T1));
|
||||
+ this.alg = getParametersValue(parameters, ALG, MLDSAPublicKey.defaultValues(ALG));
|
||||
+
|
||||
+ if (parameters.json) {
|
||||
+ this.fromJSON(parameters.json);
|
||||
+ }
|
||||
+
|
||||
+ if (parameters.schema) {
|
||||
+ this.fromSchema(parameters.schema);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ static defaultValues(memberName) {
|
||||
+ switch (memberName) {
|
||||
+ case RHO_T1:
|
||||
+ return new BitString();
|
||||
+ case ALG:
|
||||
+ return "";
|
||||
+ default:
|
||||
+ return super.defaultValues(memberName);
|
||||
+ }
|
||||
+ }
|
||||
+
|
||||
+ static schema(parameters = {}) {
|
||||
+ const names = getParametersValue(parameters, "names", {});
|
||||
+ return new BitString({ name: names.rhoT1 || RHO_T1 });
|
||||
+ }
|
||||
+
|
||||
+ fromSchema(schema) {
|
||||
+ clearProps(schema, CLEAR_PROPS_MLDSA);
|
||||
+
|
||||
+ const asn1 = compareSchema(schema, schema, MLDSAPublicKey.schema({
|
||||
+ names: { rhoT1: RHO_T1 }
|
||||
+ }));
|
||||
+
|
||||
+ AsnError.assertSchema(asn1, this.className);
|
||||
+
|
||||
+ const bitString = asn1.result.rhoT1;
|
||||
+ const length = bitString.valueBlock.valueHexView.length;
|
||||
+
|
||||
+ if (length < MLDSA_MIN_LENGTH || (length - MLDSA_MIN_LENGTH) % 320 !== 0) {
|
||||
+ throw new Error(`Invalid ML-DSA key length: ${length} bytes`);
|
||||
+ }
|
||||
+
|
||||
+ this.rhoT1 = bitString;
|
||||
+ }
|
||||
+
|
||||
+ toSchema() {
|
||||
+ return this.rhoT1;
|
||||
+ }
|
||||
+
|
||||
+ toJSON() {
|
||||
+ return {
|
||||
+ rhoT1: Convert.ToBase64Url(this.rhoT1.valueBlock.valueHexView),
|
||||
+ alg: this.alg
|
||||
+ };
|
||||
+ }
|
||||
+
|
||||
+ fromJSON(json) {
|
||||
+ ParameterError.assert("json", json, "rhoT1");
|
||||
+ const rawBuffer = stringToArrayBuffer(fromBase64(json.rhoT1, true));
|
||||
+
|
||||
+ if (rawBuffer.byteLength < MLDSA_MIN_LENGTH || (rawBuffer.byteLength - MLDSA_MIN_LENGTH) % 320 !== 0) {
|
||||
+ throw new Error(`Invalid ML-DSA key length: ${rawBuffer.byteLength} bytes`);
|
||||
+ }
|
||||
+
|
||||
+ this.rhoT1 = new BitString({ valueHex: rawBuffer });
|
||||
+ }
|
||||
+}
|
||||
+MLDSAPublicKey.CLASS_NAME = "MLDSAPublicKey";
|
||||
+
|
||||
const ALGORITHM$1 = "algorithm";
|
||||
const SUBJECT_PUBLIC_KEY = "subjectPublicKey";
|
||||
const CLEAR_PROPS$1a = [ALGORITHM$1, SUBJECT_PUBLIC_KEY];
|
||||
class PublicKeyInfo extends PkiObject {
|
||||
constructor(parameters = {}) {
|
||||
@@ -8657,10 +8737,22 @@
|
||||
catch (ex) {
|
||||
}
|
||||
}
|
||||
}
|
||||
break;
|
||||
+ case "2.16.840.1.101.3.4.3.17":
|
||||
+ /* Already a bitstring */
|
||||
+ this._parsedKey = new MLDSAPublicKey({ rhoT1: this.subjectPublicKey, alg: "ML-DSA-44" });
|
||||
+ break;
|
||||
+ case "2.16.840.1.101.3.4.3.18":
|
||||
+ /* Already a bitstring */
|
||||
+ this._parsedKey = new MLDSAPublicKey({ rhoT1: this.subjectPublicKey, alg: "ML-DSA-65" });
|
||||
+ break;
|
||||
+ case "2.16.840.1.101.3.4.3.19":
|
||||
+ /* Already a bitstring */
|
||||
+ this._parsedKey = new MLDSAPublicKey({ rhoT1: this.subjectPublicKey, alg: "ML-DSA-87" });
|
||||
+ break;
|
||||
}
|
||||
this._parsedKey || (this._parsedKey = null);
|
||||
}
|
||||
return this._parsedKey || undefined;
|
||||
}
|
||||
@@ -8724,10 +8816,19 @@
|
||||
jwk.kty = "EC";
|
||||
break;
|
||||
case "1.2.840.113549.1.1.1":
|
||||
jwk.kty = "RSA";
|
||||
break;
|
||||
+ case "2.16.840.1.101.3.4.3.17":
|
||||
+ jwk.kty = "ML-DSA-44";
|
||||
+ break;
|
||||
+ case "2.16.840.1.101.3.4.3.18":
|
||||
+ jwk.kty = "ML-DSA-65";
|
||||
+ break;
|
||||
+ case "2.16.840.1.101.3.4.3.19":
|
||||
+ jwk.kty = "ML-DSA-87";
|
||||
+ break;
|
||||
}
|
||||
const publicKeyJWK = this.parsedKey.toJSON();
|
||||
Object.assign(jwk, publicKeyJWK);
|
||||
return jwk;
|
||||
}
|
||||
@@ -8746,10 +8847,31 @@
|
||||
this.algorithm = new AlgorithmIdentifier({
|
||||
algorithmId: "1.2.840.113549.1.1.1",
|
||||
algorithmParams: new Null()
|
||||
});
|
||||
break;
|
||||
+ case "ML-DSA-44":
|
||||
+ this.parsedKey = new MLDSAPublicKey({ json });
|
||||
+ this.algorithm = new AlgorithmIdentifier({
|
||||
+ algorithmId: "2.16.840.1.101.3.4.3.17",
|
||||
+ algorithmParams: new Null()
|
||||
+ });
|
||||
+ break;
|
||||
+ case "ML-DSA-65":
|
||||
+ this.parsedKey = new MLDSAPublicKey({ json });
|
||||
+ this.algorithm = new AlgorithmIdentifier({
|
||||
+ algorithmId: "2.16.840.1.101.3.4.3.18",
|
||||
+ algorithmParams: new Null()
|
||||
+ });
|
||||
+ break;
|
||||
+ case "ML-DSA-87":
|
||||
+ this.parsedKey = new MLDSAPublicKey({ json });
|
||||
+ this.algorithm = new AlgorithmIdentifier({
|
||||
+ algorithmId: "2.16.840.1.101.3.4.3.19",
|
||||
+ algorithmParams: new Null()
|
||||
+ });
|
||||
+ break;
|
||||
default:
|
||||
throw new Error(`Invalid value for "kty" parameter: ${json.kty}`);
|
||||
}
|
||||
this.subjectPublicKey = new BitString({ valueHex: this.parsedKey.toSchema().toBER(false) });
|
||||
}
|
||||
@@ -24078,6 +24200,6 @@
|
||||
}
|
||||
}
|
||||
|
||||
initCryptoEngine();
|
||||
|
||||
-export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate };
|
||||
+export { AbstractCryptoEngine, AccessDescription, Accuracy, AlgorithmIdentifier, AltName, ArgumentError, AsnError, AttCertValidityPeriod, Attribute, AttributeCertificateInfoV1, AttributeCertificateInfoV2, AttributeCertificateV1, AttributeCertificateV2, AttributeTypeAndValue, AuthenticatedSafe, AuthorityKeyIdentifier, BasicConstraints, BasicOCSPResponse, CAVersion, CRLBag, CRLDistributionPoints, CertBag, CertID, Certificate, CertificateChainValidationEngine, CertificatePolicies, CertificateRevocationList, CertificateSet, CertificateTemplate, CertificationRequest, ChainValidationCode, ChainValidationError, ContentInfo, CryptoEngine, DigestInfo, DistributionPoint, ECCCMSSharedInfo, ECNamedCurves, ECPrivateKey, ECPublicKey, EncapsulatedContentInfo, EncryptedContentInfo, EncryptedData, EnvelopedData, ExtKeyUsage, Extension, ExtensionValueFactory, Extensions, GeneralName, GeneralNames, GeneralSubtree, HASHED_MESSAGE, HASH_ALGORITHM, Holder, InfoAccess, IssuerAndSerialNumber, IssuerSerial, IssuingDistributionPoint, KEKIdentifier, KEKRecipientInfo, KeyAgreeRecipientIdentifier, KeyAgreeRecipientInfo, KeyBag, KeyTransRecipientInfo, MICROS, MILLIS, MacData, MessageImprint, NameConstraints, OCSPRequest, OCSPResponse, ObjectDigestInfo, OriginatorIdentifierOrKey, OriginatorInfo, OriginatorPublicKey, OtherCertificateFormat, OtherKeyAttribute, OtherPrimeInfo, OtherRecipientInfo, OtherRevocationInfoFormat, PBES2Params, PBKDF2Params, PFX, PKCS8ShroudedKeyBag, PKIStatus, PKIStatusInfo, POLICY_IDENTIFIER, POLICY_QUALIFIERS, ParameterError, PasswordRecipientinfo, PkiObject, PolicyConstraints, PolicyInformation, PolicyMapping, PolicyMappings, PolicyQualifierInfo, PrivateKeyInfo, PrivateKeyUsagePeriod, PublicKeyInfo, QCStatement, QCStatements, RDN, RSAESOAEPParams, RSAPrivateKey, RSAPublicKey, RSASSAPSSParams, RecipientEncryptedKey, RecipientEncryptedKeys, RecipientIdentifier, RecipientInfo, RecipientKeyIdentifier, RelativeDistinguishedNames, Request, ResponseBytes, ResponseData, RevocationInfoChoices, RevokedCertificate, SECONDS, SafeBag, SafeBagValueFactory, SafeContents, SecretBag, Signature, SignedAndUnsignedAttributes, SignedCertificateTimestamp, SignedCertificateTimestampList, SignedData, SignedDataVerifyError, SignerInfo, SingleResponse, SubjectDirectoryAttributes, TBSRequest, TSTInfo, TYPE$4 as TYPE, TYPE_AND_VALUES, Time, TimeStampReq, TimeStampResp, TimeType, V2Form, VALUE$5 as VALUE, VALUE_BEFORE_DECODE, checkCA, createCMSECDSASignature, createECDSASignatureFromCMS, engine, getAlgorithmByOID, getAlgorithmParameters, getCrypto, getEngine, getHashAlgorithm, getOIDByAlgorithm, getRandomValues, id_AnyPolicy, id_AuthorityInfoAccess, id_AuthorityKeyIdentifier, id_BaseCRLNumber, id_BasicConstraints, id_CRLBag_X509CRL, id_CRLDistributionPoints, id_CRLNumber, id_CRLReason, id_CertBag_AttributeCertificate, id_CertBag_SDSICertificate, id_CertBag_X509Certificate, id_CertificateIssuer, id_CertificatePolicies, id_ContentType_Data, id_ContentType_EncryptedData, id_ContentType_EnvelopedData, id_ContentType_SignedData, id_ExtKeyUsage, id_FreshestCRL, id_InhibitAnyPolicy, id_InvalidityDate, id_IssuerAltName, id_IssuingDistributionPoint, id_KeyUsage, id_MicrosoftAppPolicies, id_MicrosoftCaVersion, id_MicrosoftCertTemplateV1, id_MicrosoftCertTemplateV2, id_MicrosoftPrevCaCertHash, id_NameConstraints, id_PKIX_OCSP_Basic, id_PolicyConstraints, id_PolicyMappings, id_PrivateKeyUsagePeriod, id_QCStatements, id_SignedCertificateTimestampList, id_SubjectAltName, id_SubjectDirectoryAttributes, id_SubjectInfoAccess, id_SubjectKeyIdentifier, id_ad, id_ad_caIssuers, id_ad_ocsp, id_eContentType_TSTInfo, id_pkix, id_sha1, id_sha256, id_sha384, id_sha512, kdf, setEngine, stringPrep, verifySCTsForCertificate, MLDSAPublicKey };
|
||||
diff --git a/toolkit/locales/en-US/toolkit/about/certviewer.ftl b/toolkit/locales/en-US/toolkit/about/certviewer.ftl
|
||||
--- a/toolkit/locales/en-US/toolkit/about/certviewer.ftl
|
||||
+++ b/toolkit/locales/en-US/toolkit/about/certviewer.ftl
|
||||
@@ -45,20 +45,22 @@
|
||||
certificate-viewer-organization = Organization
|
||||
certificate-viewer-organizational-unit = Organizational Unit
|
||||
certificate-viewer-policy = Policy
|
||||
certificate-viewer-protocol = Protocol
|
||||
certificate-viewer-public-value = Public Value
|
||||
+certificate-viewer-mldsa-public-value = Public Value
|
||||
certificate-viewer-purposes = Purposes
|
||||
certificate-viewer-qualifier = Qualifier
|
||||
certificate-viewer-qualifiers = Qualifiers
|
||||
certificate-viewer-required = Required
|
||||
certificate-viewer-unsupported = <unsupported>
|
||||
# Inc. means Incorporated, e.g GitHub is incorporated in Delaware
|
||||
certificate-viewer-inc-state-province = Inc. State/Province
|
||||
certificate-viewer-state-province = State/Province
|
||||
certificate-viewer-sha-1 = SHA-1
|
||||
certificate-viewer-sha-256 = SHA-256
|
||||
+certificate-viewer-security-level = Security Level
|
||||
certificate-viewer-serial-number = Serial Number
|
||||
certificate-viewer-signature-algorithm = Signature Algorithm
|
||||
certificate-viewer-signature-scheme = Signature Scheme
|
||||
certificate-viewer-timestamp = Timestamp
|
||||
certificate-viewer-value = Value
|
||||
|
||||
@ -1,48 +0,0 @@
|
||||
diff --git a/security/manager/ssl/nsNSSCallbacks.cpp b/security/manager/ssl/nsNSSCallbacks.cpp
|
||||
index 2dc48c9f4c..0a7b84d787 100644
|
||||
--- a/security/manager/ssl/nsNSSCallbacks.cpp
|
||||
+++ b/security/manager/ssl/nsNSSCallbacks.cpp
|
||||
@@ -722,6 +722,15 @@ nsCString getSignatureName(uint32_t aSignatureScheme) {
|
||||
case ssl_sig_rsa_pkcs1_sha1md5:
|
||||
signatureName = "RSA-PKCS1-SHA1MD5"_ns;
|
||||
break;
|
||||
+ case ssl_sig_mldsa44:
|
||||
+ signatureName = "ML-DSA-44"_ns;
|
||||
+ break;
|
||||
+ case ssl_sig_mldsa65:
|
||||
+ signatureName = "ML-DSA-65"_ns;
|
||||
+ break;
|
||||
+ case ssl_sig_mldsa87:
|
||||
+ signatureName = "ML-DSA-87"_ns;
|
||||
+ break;
|
||||
// All other groups are not enabled in Firefox. See sEnabledSignatureSchemes
|
||||
// in nsNSSIOLayer.cpp.
|
||||
default:
|
||||
@@ -1061,6 +1070,13 @@ void HandshakeCallback(PRFileDesc* fd, void* client_data) {
|
||||
glean::ssl::auth_ecdsa_curve_full.AccumulateSingleSample(
|
||||
ECCCurve(channelInfo.authKeyBits));
|
||||
break;
|
||||
+ case ssl_auth_mldsa44:
|
||||
+ case ssl_auth_mldsa65:
|
||||
+ case ssl_auth_mldsa87:
|
||||
+ /* TODO: add auth_mldsa_key_size_full in ssl/metrics.yaml
|
||||
+ glean::ssl::auth_mldsa_key_size_full.AccumulateSingleSample(
|
||||
+ NonECCKeySize(channelInfo.authKeyBits)); */
|
||||
+ break;
|
||||
default:
|
||||
MOZ_CRASH("impossible auth algorithm");
|
||||
break;
|
||||
diff --git a/security/manager/ssl/nsNSSIOLayer.cpp b/security/manager/ssl/nsNSSIOLayer.cpp
|
||||
index b1a5f5c2df..7443011b13 100644
|
||||
--- a/security/manager/ssl/nsNSSIOLayer.cpp
|
||||
+++ b/security/manager/ssl/nsNSSIOLayer.cpp
|
||||
@@ -1300,6 +1300,9 @@ static PRFileDesc* nsSSLIOLayerImportFD(PRFileDesc* fd,
|
||||
// Please change getSignatureName in nsNSSCallbacks.cpp when changing the list
|
||||
// here. See NOTE at SSL_SignatureSchemePrefSet call site.
|
||||
static const SSLSignatureScheme sEnabledSignatureSchemes[] = {
|
||||
+ ssl_sig_mldsa87,
|
||||
+ ssl_sig_mldsa65,
|
||||
+ ssl_sig_mldsa44,
|
||||
ssl_sig_ecdsa_secp256r1_sha256,
|
||||
ssl_sig_ecdsa_secp384r1_sha384,
|
||||
ssl_sig_ecdsa_secp521r1_sha512,
|
||||
@ -1,239 +0,0 @@
|
||||
diff --git a/security/nss/lib/mozpkix/include/pkix/pkixder.h b/security/nss/lib/mozpkix/include/pkix/pkixder.h
|
||||
index ac1ec24393..40eb5027af 100644
|
||||
--- a/security/nss/lib/mozpkix/include/pkix/pkixder.h
|
||||
+++ b/security/nss/lib/mozpkix/include/pkix/pkixder.h
|
||||
@@ -488,7 +488,7 @@ inline Result OptionalExtensions(Reader& input, uint8_t tag,
|
||||
Result DigestAlgorithmIdentifier(Reader& input,
|
||||
/*out*/ DigestAlgorithm& algorithm);
|
||||
|
||||
-enum class PublicKeyAlgorithm { RSA_PKCS1, RSA_PSS, ECDSA };
|
||||
+enum class PublicKeyAlgorithm { RSA_PKCS1, RSA_PSS, ECDSA, MLDSA };
|
||||
|
||||
Result SignatureAlgorithmIdentifierValue(
|
||||
Reader& input,
|
||||
diff --git a/security/nss/lib/mozpkix/include/pkix/pkixnss.h b/security/nss/lib/mozpkix/include/pkix/pkixnss.h
|
||||
index 6711959e71..b87e88a599 100644
|
||||
--- a/security/nss/lib/mozpkix/include/pkix/pkixnss.h
|
||||
+++ b/security/nss/lib/mozpkix/include/pkix/pkixnss.h
|
||||
@@ -50,6 +50,13 @@ Result VerifyECDSASignedDataNSS(Input data, DigestAlgorithm digestAlgorithm,
|
||||
Input signature, Input subjectPublicKeyInfo,
|
||||
void* pkcs11PinArg);
|
||||
|
||||
+// Verifies the ML-DSA signature on the given data using the given ML-DSA
|
||||
+// public key
|
||||
+Result VerifyMLDSASignedDataNSS(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo,
|
||||
+ void* pkcs11PinArg);
|
||||
+
|
||||
// Computes the digest of the given data using the given digest algorithm.
|
||||
//
|
||||
// item contains the data to hash.
|
||||
diff --git a/security/nss/lib/mozpkix/include/pkix/pkixtypes.h b/security/nss/lib/mozpkix/include/pkix/pkixtypes.h
|
||||
index 6a07d6e885..f24bd546e4 100644
|
||||
--- a/security/nss/lib/mozpkix/include/pkix/pkixtypes.h
|
||||
+++ b/security/nss/lib/mozpkix/include/pkix/pkixtypes.h
|
||||
@@ -334,6 +334,10 @@ class TrustDomain {
|
||||
Input signature,
|
||||
Input subjectPublicKeyInfo) = 0;
|
||||
|
||||
+ virtual Result VerifyMLDSASignedData(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo) = 0;
|
||||
+
|
||||
// Check that the validity duration is acceptable.
|
||||
//
|
||||
// Return Success if the validity duration is acceptable,
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixc.cpp b/security/nss/lib/mozpkix/lib/pkixc.cpp
|
||||
index 5dea13c43e..f797a3b3a1 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixc.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixc.cpp
|
||||
@@ -143,6 +143,15 @@ class CodeSigningTrustDomain final : public TrustDomain {
|
||||
subjectPublicKeyInfo, nullptr);
|
||||
}
|
||||
|
||||
+ virtual Result VerifyMLDSASignedData(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo) override {
|
||||
+ return VerifyMLDSASignedDataNSS(data,
|
||||
+ signature,
|
||||
+ subjectPublicKeyInfo,
|
||||
+ nullptr);
|
||||
+ }
|
||||
+
|
||||
virtual Result CheckValidityIsAcceptable(Time notBefore, Time notAfter,
|
||||
EndEntityOrCA endEntityOrCA,
|
||||
KeyPurposeId keyPurpose) override {
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixcheck.cpp b/security/nss/lib/mozpkix/lib/pkixcheck.cpp
|
||||
index 8b7e1bf73e..4ce73f3944 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixcheck.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixcheck.cpp
|
||||
@@ -118,6 +118,9 @@ CheckSignatureAlgorithm(TrustDomain& trustDomain,
|
||||
// for any curve that we support, the chances of us encountering a curve
|
||||
// during path building is too low to be worth bothering with.
|
||||
break;
|
||||
+
|
||||
+ case der::PublicKeyAlgorithm::MLDSA:
|
||||
+ break;
|
||||
MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
|
||||
}
|
||||
|
||||
@@ -248,6 +251,24 @@ CheckSubjectPublicKeyInfoContents(Reader& input, TrustDomain& trustDomain,
|
||||
0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, 0x01
|
||||
};
|
||||
|
||||
+ // Params for pure ML-DSA-44 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-44 2.16.840.1.101.3.4.3.17
|
||||
+ static const uint8_t id_ml_dsa_44[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11
|
||||
+ };
|
||||
+
|
||||
+ // Params for pure ML-DSA-65 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-65 2.16.840.1.101.3.4.3.18
|
||||
+ static const uint8_t id_ml_dsa_65[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12
|
||||
+ };
|
||||
+
|
||||
+ // Params for pure ML-DSA-87 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-87 2.16.840.1.101.3.4.3.19
|
||||
+ static const uint8_t id_ml_dsa_87[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13
|
||||
+ };
|
||||
+
|
||||
if (algorithmOID.MatchRest(id_ecPublicKey)) {
|
||||
// An id-ecPublicKey AlgorithmIdentifier has a parameter that identifes
|
||||
// the curve being used. Although RFC 5480 specifies multiple forms, we
|
||||
@@ -361,6 +382,30 @@ CheckSubjectPublicKeyInfoContents(Reader& input, TrustDomain& trustDomain,
|
||||
if (rv != Success) {
|
||||
return rv;
|
||||
}
|
||||
+ } else if (algorithmOID.MatchRest(id_ml_dsa_44) ||
|
||||
+ algorithmOID.MatchRest(id_ml_dsa_65) ||
|
||||
+ algorithmOID.MatchRest(id_ml_dsa_87)) {
|
||||
+
|
||||
+ /*
|
||||
+ * The ML-DSA AlgorithmIdentifier is expected to contain only the OID,
|
||||
+ * with no parameters field present. According to the Internet-Draft
|
||||
+ * https://www.ietf.org/archive/id/draft-ietf-lamps-dilithium-certificates-11.html
|
||||
+ * (Section 3), the AlgorithmIdentifier for ML-DSA variants must omit the `parameters`
|
||||
+ * field entirely.
|
||||
+ * In DER encoding, the absence of the parameters field means that after parsing the
|
||||
+ * OID, no additional bytes should remain. Calling `der::End(algorithm)` confirms that
|
||||
+ * this constraint is satisfied and that the structure is correctly encoded.
|
||||
+ */
|
||||
+ rv = der::End(algorithm);
|
||||
+ if (rv != Success) {
|
||||
+ return rv;
|
||||
+ }
|
||||
+
|
||||
+ Input rawPublicKey;
|
||||
+ rv = subjectPublicKeyReader.SkipToEnd(rawPublicKey);
|
||||
+ if (rv != Success) {
|
||||
+ return rv;
|
||||
+ }
|
||||
} else {
|
||||
return Result::ERROR_UNSUPPORTED_KEYALG;
|
||||
}
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixder.cpp b/security/nss/lib/mozpkix/lib/pkixder.cpp
|
||||
index 59454c7d3c..4ff45ed566 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixder.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixder.cpp
|
||||
@@ -211,6 +211,24 @@ SignatureAlgorithmIdentifierValue(Reader& input,
|
||||
0x00, 0xa2, 0x03, 0x02, 0x01, 0x40
|
||||
};
|
||||
|
||||
+ // Params for pure ML-DSA-44 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-44 2.16.840.1.101.3.4.3.17
|
||||
+ static const uint8_t id_ml_dsa_44[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x11
|
||||
+ };
|
||||
+
|
||||
+ // Params for pure ML-DSA-65 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-65 2.16.840.1.101.3.4.3.18
|
||||
+ static const uint8_t id_ml_dsa_65[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x12
|
||||
+ };
|
||||
+
|
||||
+ // Params for pure ML-DSA-87 signature
|
||||
+ // python DottedOIDToCode.py id-ml-dsa-87 2.16.840.1.101.3.4.3.19
|
||||
+ static const uint8_t id_ml_dsa_87[] = {
|
||||
+ 0x60, 0x86, 0x48, 0x01, 0x65, 0x03, 0x04, 0x03, 0x13
|
||||
+ };
|
||||
+
|
||||
// Matching is attempted based on a rough estimate of the commonality of the
|
||||
// algorithm, to minimize the number of MatchRest calls.
|
||||
if (algorithmID.MatchRest(sha256WithRSAEncryption)) {
|
||||
@@ -252,6 +270,10 @@ SignatureAlgorithmIdentifierValue(Reader& input,
|
||||
} else {
|
||||
return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
|
||||
}
|
||||
+ } else if (algorithmID.MatchRest(id_ml_dsa_44) ||
|
||||
+ algorithmID.MatchRest(id_ml_dsa_65) ||
|
||||
+ algorithmID.MatchRest(id_ml_dsa_87)) {
|
||||
+ publicKeyAlgorithm = PublicKeyAlgorithm::MLDSA;
|
||||
} else {
|
||||
return Result::ERROR_CERT_SIGNATURE_ALGORITHM_DISABLED;
|
||||
}
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixnss.cpp b/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
index 606ef708d8..31aa1ddd67 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixnss.cpp
|
||||
@@ -303,6 +303,44 @@ DigestBufNSS(Input item,
|
||||
return Success;
|
||||
}
|
||||
|
||||
+Result
|
||||
+VerifyMLDSASignedDataNSS(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo,
|
||||
+ void* pkcs11PinArg)
|
||||
+{
|
||||
+ ScopedSECKEYPublicKey publicKey;
|
||||
+ SECKEYPublicKey *pubk = NULL;
|
||||
+ SECOidTag signaturePolicyTag, hashPolicyTag;
|
||||
+ Result rv = SubjectPublicKeyInfoToSECKEYPublicKey(subjectPublicKeyInfo,
|
||||
+ publicKey);
|
||||
+ if (rv != Success) {
|
||||
+ return rv;
|
||||
+ }
|
||||
+
|
||||
+ pubk = publicKey.get();
|
||||
+ SECItem signatureItem(UnsafeMapInputToSECItem(signature));
|
||||
+ SECItem dataItem(UnsafeMapInputToSECItem(data));
|
||||
+ CK_MECHANISM_TYPE mechanism;
|
||||
+
|
||||
+ switch (pubk->u.mldsa.paramSet) {
|
||||
+ case SEC_OID_ML_DSA_44:
|
||||
+ case SEC_OID_ML_DSA_65:
|
||||
+ case SEC_OID_ML_DSA_87:
|
||||
+ mechanism = CKM_ML_DSA;
|
||||
+ signaturePolicyTag = pubk->u.mldsa.paramSet;
|
||||
+ hashPolicyTag = SEC_OID_UNKNOWN;
|
||||
+ break;
|
||||
+ default:
|
||||
+ return Result::ERROR_UNSUPPORTED_KEYALG;
|
||||
+ break;
|
||||
+ }
|
||||
+
|
||||
+ SECOidTag policyTags[2] = {signaturePolicyTag, hashPolicyTag};
|
||||
+ return VerifySignedData(pubk, mechanism, nullptr, &signatureItem,
|
||||
+ &dataItem, policyTags, pkcs11PinArg);
|
||||
+}
|
||||
+
|
||||
Result
|
||||
MapPRErrorCodeToResult(PRErrorCode error)
|
||||
{
|
||||
diff --git a/security/nss/lib/mozpkix/lib/pkixverify.cpp b/security/nss/lib/mozpkix/lib/pkixverify.cpp
|
||||
index 8cb58bf7de..ff132d89df 100644
|
||||
--- a/security/nss/lib/mozpkix/lib/pkixverify.cpp
|
||||
+++ b/security/nss/lib/mozpkix/lib/pkixverify.cpp
|
||||
@@ -53,6 +53,9 @@ VerifySignedData(TrustDomain& trustDomain,
|
||||
case der::PublicKeyAlgorithm::RSA_PSS:
|
||||
return trustDomain.VerifyRSAPSSSignedData(signedData.data,
|
||||
digestAlgorithm, signedData.signature, signerSubjectPublicKeyInfo);
|
||||
+ case der::PublicKeyAlgorithm::MLDSA:
|
||||
+ return trustDomain.VerifyMLDSASignedData(signedData.data,
|
||||
+ signedData.signature, signerSubjectPublicKeyInfo);
|
||||
MOZILLA_PKIX_UNREACHABLE_DEFAULT_ENUM
|
||||
}
|
||||
}
|
||||
@ -1,12 +0,0 @@
|
||||
diff --git a/config/system-headers.mozbuild b/config/system-headers.mozbuild
|
||||
index 028002a1d0..9dcb50fe5e 100644
|
||||
--- a/config/system-headers.mozbuild
|
||||
+++ b/config/system-headers.mozbuild
|
||||
@@ -310,6 +310,7 @@ system_headers = [
|
||||
"getopt.h",
|
||||
"gio/gdesktopappinfo.h",
|
||||
"gio/gio.h",
|
||||
+ "gio/gunixfdlist.h",
|
||||
"glibconfig.h",
|
||||
"glib.h",
|
||||
"glib-object.h",
|
||||
@ -1,244 +0,0 @@
|
||||
diff --git a/netwerk/protocol/http/WebTransportCertificateVerifier.cpp b/netwerk/protocol/http/WebTransportCertificateVerifier.cpp
|
||||
index cc77864..1e978ef 100644
|
||||
--- a/netwerk/protocol/http/WebTransportCertificateVerifier.cpp
|
||||
+++ b/netwerk/protocol/http/WebTransportCertificateVerifier.cpp
|
||||
@@ -53,6 +53,11 @@ class ServerCertHashesTrustDomain : public mozilla::pkix::TrustDomain {
|
||||
mozilla::pkix::Input signature,
|
||||
mozilla::pkix::Input subjectPublicKeyInfo) override;
|
||||
|
||||
+ virtual mozilla::pkix::Result VerifyMLDSASignedData(
|
||||
+ mozilla::pkix::Input data,
|
||||
+ mozilla::pkix::Input signature,
|
||||
+ mozilla::pkix::Input subjectPublicKeyInfo) override;
|
||||
+
|
||||
virtual mozilla::pkix::Result DigestBuf(
|
||||
mozilla::pkix::Input item, mozilla::pkix::DigestAlgorithm digestAlg,
|
||||
/*out*/ uint8_t* digestBuf, size_t digestBufLen) override;
|
||||
@@ -151,6 +156,15 @@ mozilla::pkix::Result ServerCertHashesTrustDomain::VerifyECDSASignedData(
|
||||
return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
|
||||
}
|
||||
|
||||
+mozilla::pkix::Result ServerCertHashesTrustDomain::VerifyMLDSASignedData(
|
||||
+ mozilla::pkix::Input data,
|
||||
+ mozilla::pkix::Input signature,
|
||||
+ mozilla::pkix::Input subjectPublicKeyInfo) {
|
||||
+ MOZ_ASSERT_UNREACHABLE("not expecting this to be called");
|
||||
+
|
||||
+ return mozilla::pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
|
||||
+}
|
||||
+
|
||||
mozilla::pkix::Result ServerCertHashesTrustDomain::DigestBuf(
|
||||
mozilla::pkix::Input item, mozilla::pkix::DigestAlgorithm digestAlg,
|
||||
/*out*/ uint8_t* digestBuf, size_t digestBufLen) {
|
||||
diff --git a/security/certverifier/CertVerifier.cpp b/security/certverifier/CertVerifier.cpp
|
||||
index ca33077..cb96f58 100644
|
||||
--- a/security/certverifier/CertVerifier.cpp
|
||||
+++ b/security/certverifier/CertVerifier.cpp
|
||||
@@ -1048,10 +1048,14 @@ void HashSignatureParams(pkix::Input data, pkix::Input signature,
|
||||
sizeof(publicKeyAlgorithm)))) {
|
||||
return;
|
||||
}
|
||||
- if (NS_FAILED(
|
||||
+ // Digest algorithm is expected to be null since ML-DSA is not an hash and
|
||||
+ // sign algorithm. Skip digestAlgorithm for ML-DSA.
|
||||
+ if (publicKeyAlgorithm != der::PublicKeyAlgorithm::MLDSA) {
|
||||
+ if (NS_FAILED(
|
||||
digest.Update(reinterpret_cast<const uint8_t*>(&digestAlgorithm),
|
||||
sizeof(digestAlgorithm)))) {
|
||||
- return;
|
||||
+ return;
|
||||
+ }
|
||||
}
|
||||
nsTArray<uint8_t> result;
|
||||
if (NS_FAILED(digest.End(result))) {
|
||||
@@ -1064,12 +1068,19 @@ Result VerifySignedDataWithCache(
|
||||
der::PublicKeyAlgorithm publicKeyAlg,
|
||||
mozilla::glean::impl::DenominatorMetric telemetryDenominator,
|
||||
mozilla::glean::impl::NumeratorMetric telemetryNumerator, Input data,
|
||||
- DigestAlgorithm digestAlgorithm, Input signature,
|
||||
+ std::optional<DigestAlgorithm> digestAlgorithm, Input signature,
|
||||
Input subjectPublicKeyInfo, SignatureCache* signatureCache, void* pinArg) {
|
||||
telemetryDenominator.Add(1);
|
||||
Maybe<nsTArray<uint8_t>> sha512Hash;
|
||||
+
|
||||
+ // Currently, it is only acceptable for `digestAlgorithm` to be null when the
|
||||
+ // public key algorithm is pure ML-DSA. Fail immediately otherwise.
|
||||
+ if ((publicKeyAlg != der::PublicKeyAlgorithm::MLDSA) && !digestAlgorithm) {
|
||||
+ return Result::ERROR_INVALID_ALGORITHM;
|
||||
+ }
|
||||
+
|
||||
HashSignatureParams(data, signature, subjectPublicKeyInfo, publicKeyAlg,
|
||||
- digestAlgorithm, sha512Hash);
|
||||
+ digestAlgorithm.value_or(pkix::DigestAlgorithm::sha512), sha512Hash);
|
||||
// If hashing the signature parameters succeeded, see if this signature is in
|
||||
// the signature cache.
|
||||
if (sha512Hash.isSome() &&
|
||||
@@ -1080,16 +1091,23 @@ Result VerifySignedDataWithCache(
|
||||
Result result;
|
||||
switch (publicKeyAlg) {
|
||||
case der::PublicKeyAlgorithm::ECDSA:
|
||||
- result = VerifyECDSASignedDataNSS(data, digestAlgorithm, signature,
|
||||
- subjectPublicKeyInfo, pinArg);
|
||||
+ result = VerifyECDSASignedDataNSS(data, digestAlgorithm.value(),
|
||||
+ signature, subjectPublicKeyInfo,
|
||||
+ pinArg);
|
||||
break;
|
||||
case der::PublicKeyAlgorithm::RSA_PKCS1:
|
||||
- result = VerifyRSAPKCS1SignedDataNSS(data, digestAlgorithm, signature,
|
||||
- subjectPublicKeyInfo, pinArg);
|
||||
+ result = VerifyRSAPKCS1SignedDataNSS(data, digestAlgorithm.value(),
|
||||
+ signature, subjectPublicKeyInfo,
|
||||
+ pinArg);
|
||||
break;
|
||||
case der::PublicKeyAlgorithm::RSA_PSS:
|
||||
- result = VerifyRSAPSSSignedDataNSS(data, digestAlgorithm, signature,
|
||||
- subjectPublicKeyInfo, pinArg);
|
||||
+ result = VerifyRSAPSSSignedDataNSS(data, digestAlgorithm.value(),
|
||||
+ signature, subjectPublicKeyInfo,
|
||||
+ pinArg);
|
||||
+ break;
|
||||
+ case der::PublicKeyAlgorithm::MLDSA:
|
||||
+ result = VerifyMLDSASignedDataNSS(data, signature, subjectPublicKeyInfo,
|
||||
+ pinArg);
|
||||
break;
|
||||
default:
|
||||
MOZ_ASSERT_UNREACHABLE("unhandled public key algorithm");
|
||||
diff --git a/security/certverifier/CertVerifier.h b/security/certverifier/CertVerifier.h
|
||||
index 6432547..f9a0365 100644
|
||||
--- a/security/certverifier/CertVerifier.h
|
||||
+++ b/security/certverifier/CertVerifier.h
|
||||
@@ -331,7 +331,7 @@ mozilla::pkix::Result VerifySignedDataWithCache(
|
||||
mozilla::pkix::der::PublicKeyAlgorithm publicKeyAlg,
|
||||
mozilla::glean::impl::DenominatorMetric telemetryDenominator,
|
||||
mozilla::glean::impl::NumeratorMetric telemetryNumerator,
|
||||
- mozilla::pkix::Input data, mozilla::pkix::DigestAlgorithm digestAlgorithm,
|
||||
+ mozilla::pkix::Input data, std::optional<mozilla::pkix::DigestAlgorithm> digestAlgorithm,
|
||||
mozilla::pkix::Input signature, mozilla::pkix::Input subjectPublicKeyInfo,
|
||||
SignatureCache* signatureCache, void* pinArg);
|
||||
|
||||
diff --git a/security/certverifier/NSSCertDBTrustDomain.cpp b/security/certverifier/NSSCertDBTrustDomain.cpp
|
||||
index 77c17c1..741892f 100644
|
||||
--- a/security/certverifier/NSSCertDBTrustDomain.cpp
|
||||
+++ b/security/certverifier/NSSCertDBTrustDomain.cpp
|
||||
@@ -1541,6 +1541,17 @@ Result NSSCertDBTrustDomain::VerifyECDSASignedData(
|
||||
signature, subjectPublicKeyInfo, mSignatureCache, mPinArg);
|
||||
}
|
||||
|
||||
+Result NSSCertDBTrustDomain::VerifyMLDSASignedData(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo)
|
||||
+{
|
||||
+ return VerifySignedDataWithCache(
|
||||
+ der::PublicKeyAlgorithm::MLDSA,
|
||||
+ mozilla::glean::cert_signature_cache::total,
|
||||
+ mozilla::glean::cert_signature_cache::hits, data, std::nullopt,
|
||||
+ signature, subjectPublicKeyInfo, mSignatureCache, mPinArg);
|
||||
+}
|
||||
+
|
||||
Result NSSCertDBTrustDomain::CheckValidityIsAcceptable(
|
||||
Time notBefore, Time notAfter, EndEntityOrCA endEntityOrCA,
|
||||
KeyPurposeId keyPurpose) {
|
||||
diff --git a/security/certverifier/NSSCertDBTrustDomain.h b/security/certverifier/NSSCertDBTrustDomain.h
|
||||
index fc210f3..8d17a4f 100644
|
||||
--- a/security/certverifier/NSSCertDBTrustDomain.h
|
||||
+++ b/security/certverifier/NSSCertDBTrustDomain.h
|
||||
@@ -197,6 +197,11 @@ class NSSCertDBTrustDomain : public mozilla::pkix::TrustDomain {
|
||||
mozilla::pkix::Input signature,
|
||||
mozilla::pkix::Input subjectPublicKeyInfo) override;
|
||||
|
||||
+ virtual Result VerifyMLDSASignedData(
|
||||
+ mozilla::pkix::Input data,
|
||||
+ mozilla::pkix::Input signature,
|
||||
+ mozilla::pkix::Input subjectPublicKeyInfo) override;
|
||||
+
|
||||
virtual Result DigestBuf(mozilla::pkix::Input item,
|
||||
mozilla::pkix::DigestAlgorithm digestAlg,
|
||||
/*out*/ uint8_t* digestBuf,
|
||||
diff --git a/security/ct/CTLogVerifier.cpp b/security/ct/CTLogVerifier.cpp
|
||||
index d5e665a..4712137 100644
|
||||
--- a/security/ct/CTLogVerifier.cpp
|
||||
+++ b/security/ct/CTLogVerifier.cpp
|
||||
@@ -99,6 +99,10 @@ class SignatureParamsTrustDomain final : public TrustDomain {
|
||||
return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
|
||||
}
|
||||
|
||||
+ pkix::Result VerifyMLDSASignedData(Input, Input, Input) override {
|
||||
+ return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
|
||||
+ }
|
||||
+
|
||||
pkix::Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
|
||||
KeyPurposeId) override {
|
||||
return pkix::Result::FATAL_ERROR_LIBRARY_FAILURE;
|
||||
diff --git a/security/ct/tests/gtest/CTTestUtils.cpp b/security/ct/tests/gtest/CTTestUtils.cpp
|
||||
index 6a25307..03d19f7 100644
|
||||
--- a/security/ct/tests/gtest/CTTestUtils.cpp
|
||||
+++ b/security/ct/tests/gtest/CTTestUtils.cpp
|
||||
@@ -807,6 +807,15 @@ class OCSPExtensionTrustDomain : public TrustDomain {
|
||||
subjectPublicKeyInfo, nullptr);
|
||||
}
|
||||
|
||||
+ pkix::Result VerifyMLDSASignedData(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo) override {
|
||||
+ return VerifyMLDSASignedDataNSS(data,
|
||||
+ signature,
|
||||
+ subjectPublicKeyInfo,
|
||||
+ nullptr);
|
||||
+ }
|
||||
+
|
||||
pkix::Result CheckValidityIsAcceptable(Time, Time, EndEntityOrCA,
|
||||
KeyPurposeId) override {
|
||||
ADD_FAILURE();
|
||||
diff --git a/security/manager/ssl/AppTrustDomain.cpp b/security/manager/ssl/AppTrustDomain.cpp
|
||||
index ab49d7e..36e7e19 100644
|
||||
--- a/security/manager/ssl/AppTrustDomain.cpp
|
||||
+++ b/security/manager/ssl/AppTrustDomain.cpp
|
||||
@@ -322,6 +322,16 @@ pkix::Result AppTrustDomain::VerifyECDSASignedData(
|
||||
subjectPublicKeyInfo, nullptr);
|
||||
}
|
||||
|
||||
+pkix::Result AppTrustDomain::VerifyMLDSASignedData(Input data,
|
||||
+ Input signature,
|
||||
+ Input subjectPublicKeyInfo)
|
||||
+{
|
||||
+ return VerifyMLDSASignedDataNSS(data,
|
||||
+ signature,
|
||||
+ subjectPublicKeyInfo,
|
||||
+ nullptr);
|
||||
+}
|
||||
+
|
||||
pkix::Result AppTrustDomain::CheckValidityIsAcceptable(
|
||||
Time /*notBefore*/, Time /*notAfter*/, EndEntityOrCA /*endEntityOrCA*/,
|
||||
KeyPurposeId /*keyPurpose*/) {
|
||||
diff --git a/security/manager/ssl/AppTrustDomain.h b/security/manager/ssl/AppTrustDomain.h
|
||||
index 4b0212e..083d5fb 100644
|
||||
--- a/security/manager/ssl/AppTrustDomain.h
|
||||
+++ b/security/manager/ssl/AppTrustDomain.h
|
||||
@@ -80,6 +80,10 @@ class AppTrustDomain final : public mozilla::pkix::TrustDomain {
|
||||
mozilla::pkix::DigestAlgorithm digestAlg,
|
||||
/*out*/ uint8_t* digestBuf,
|
||||
size_t digestBufLen) override;
|
||||
+ virtual Result VerifyMLDSASignedData(
|
||||
+ mozilla::pkix::Input data,
|
||||
+ mozilla::pkix::Input signature,
|
||||
+ mozilla::pkix::Input subjectPublicKeyInfo) override;
|
||||
|
||||
private:
|
||||
nsTArray<Span<const uint8_t>> mTrustedRoots;
|
||||
diff --git a/security/manager/ssl/TLSClientAuthCertSelection.cpp b/security/manager/ssl/TLSClientAuthCertSelection.cpp
|
||||
index 3a84b15..8450076 100644
|
||||
--- a/security/manager/ssl/TLSClientAuthCertSelection.cpp
|
||||
+++ b/security/manager/ssl/TLSClientAuthCertSelection.cpp
|
||||
@@ -217,6 +217,12 @@ class ClientAuthCertNonverifyingTrustDomain final : public TrustDomain {
|
||||
pkix::Input subjectPublicKeyInfo) override {
|
||||
return pkix::Success;
|
||||
}
|
||||
+ virtual mozilla::pkix::Result VerifyMLDSASignedData(
|
||||
+ pkix::Input data,
|
||||
+ pkix::Input signature,
|
||||
+ pkix::Input subjectPublicKeyInfo) override {
|
||||
+ return pkix::Success;
|
||||
+ }
|
||||
virtual mozilla::pkix::Result CheckValidityIsAcceptable(
|
||||
pkix::Time notBefore, pkix::Time notAfter,
|
||||
pkix::EndEntityOrCA endEntityOrCA,
|
||||
@ -12,7 +12,9 @@ ac_add_options --enable-official-branding
|
||||
ac_add_options --enable-pulseaudio
|
||||
ac_add_options --enable-release
|
||||
ac_add_options --enable-system-ffi
|
||||
ac_add_options --without-sysroot
|
||||
ac_add_options --without-system-icu
|
||||
ac_add_options --without-wasm-sandboxed-libraries
|
||||
ac_add_options --with-system-jpeg
|
||||
ac_add_options --with-system-zlib
|
||||
ac_add_options --with-unsigned-addon-scopes=app,system
|
||||
|
||||
@ -1,6 +1,6 @@
|
||||
diff -up firefox-140.0/extensions/pref/autoconfig/src/nsReadConfig.cpp.mozilla-bmo1170092 firefox-140.0/extensions/pref/autoconfig/src/nsReadConfig.cpp
|
||||
--- firefox-140.0/extensions/pref/autoconfig/src/nsReadConfig.cpp.mozilla-bmo1170092 2025-06-02 15:26:44.000000000 +0200
|
||||
+++ firefox-140.0/extensions/pref/autoconfig/src/nsReadConfig.cpp 2025-06-04 13:24:00.344728697 +0200
|
||||
diff -up firefox-115.0.2/extensions/pref/autoconfig/src/nsReadConfig.cpp.1170092 firefox-115.0.2/extensions/pref/autoconfig/src/nsReadConfig.cpp
|
||||
--- firefox-115.0.2/extensions/pref/autoconfig/src/nsReadConfig.cpp.1170092 2023-07-10 21:08:53.000000000 +0200
|
||||
+++ firefox-115.0.2/extensions/pref/autoconfig/src/nsReadConfig.cpp 2023-07-17 10:33:23.443355156 +0200
|
||||
@@ -263,8 +263,20 @@ nsresult nsReadConfig::openAndEvaluateJS
|
||||
if (NS_FAILED(rv)) return rv;
|
||||
|
||||
@ -23,10 +23,10 @@ diff -up firefox-140.0/extensions/pref/autoconfig/src/nsReadConfig.cpp.mozilla-b
|
||||
} else {
|
||||
nsAutoCString location("resource://gre/defaults/autoconfig/");
|
||||
location += aFileName;
|
||||
diff -up firefox-140.0/modules/libpref/Preferences.cpp.mozilla-bmo1170092 firefox-140.0/modules/libpref/Preferences.cpp
|
||||
--- firefox-140.0/modules/libpref/Preferences.cpp.mozilla-bmo1170092 2025-06-02 15:26:51.000000000 +0200
|
||||
+++ firefox-140.0/modules/libpref/Preferences.cpp 2025-06-04 13:24:00.345430064 +0200
|
||||
@@ -4914,6 +4914,9 @@ nsresult Preferences::InitInitialObjects
|
||||
diff -up firefox-115.0.2/modules/libpref/Preferences.cpp.1170092 firefox-115.0.2/modules/libpref/Preferences.cpp
|
||||
--- firefox-115.0.2/modules/libpref/Preferences.cpp.1170092 2023-07-10 21:09:00.000000000 +0200
|
||||
+++ firefox-115.0.2/modules/libpref/Preferences.cpp 2023-07-17 10:33:23.444355156 +0200
|
||||
@@ -4825,6 +4825,9 @@ nsresult Preferences::InitInitialObjects
|
||||
//
|
||||
// Thus, in the omni.jar case, we always load app-specific default
|
||||
// preferences from omni.jar, whether or not `$app == $gre`.
|
||||
@ -36,10 +36,10 @@ diff -up firefox-140.0/modules/libpref/Preferences.cpp.mozilla-bmo1170092 firefo
|
||||
|
||||
nsresult rv = NS_ERROR_FAILURE;
|
||||
UniquePtr<nsZipFind> find;
|
||||
diff -up firefox-140.0/toolkit/xre/nsXREDirProvider.cpp.mozilla-bmo1170092 firefox-140.0/toolkit/xre/nsXREDirProvider.cpp
|
||||
--- firefox-140.0/toolkit/xre/nsXREDirProvider.cpp.mozilla-bmo1170092 2025-06-02 15:27:00.000000000 +0200
|
||||
+++ firefox-140.0/toolkit/xre/nsXREDirProvider.cpp 2025-06-04 15:44:09.413562326 +0200
|
||||
@@ -76,6 +76,7 @@
|
||||
diff -up firefox-115.0.2/toolkit/xre/nsXREDirProvider.cpp.1170092 firefox-115.0.2/toolkit/xre/nsXREDirProvider.cpp
|
||||
--- firefox-115.0.2/toolkit/xre/nsXREDirProvider.cpp.1170092 2023-07-10 22:57:20.000000000 +0200
|
||||
+++ firefox-115.0.2/toolkit/xre/nsXREDirProvider.cpp 2023-07-17 10:56:25.309692121 +0200
|
||||
@@ -72,6 +72,7 @@
|
||||
#endif
|
||||
#ifdef XP_UNIX
|
||||
# include <ctype.h>
|
||||
@ -47,7 +47,7 @@ diff -up firefox-140.0/toolkit/xre/nsXREDirProvider.cpp.mozilla-bmo1170092 firef
|
||||
#endif
|
||||
#ifdef XP_IOS
|
||||
# include "UIKitDirProvider.h"
|
||||
@@ -462,6 +463,17 @@ nsXREDirProvider::GetFile(const char* aP
|
||||
@@ -478,6 +479,17 @@ nsXREDirProvider::GetFile(const char* aP
|
||||
rv = file->AppendNative(nsLiteralCString(PREF_OVERRIDE_DIRNAME));
|
||||
NS_ENSURE_SUCCESS(rv, rv);
|
||||
rv = EnsureDirectoryExists(file);
|
||||
@ -60,12 +60,12 @@ diff -up firefox-140.0/toolkit/xre/nsXREDirProvider.cpp.mozilla-bmo1170092 firef
|
||||
+ appInfo->GetName(appName);
|
||||
+ ToLowerCase(appName);
|
||||
+ sysConfigDir.Append(appName);
|
||||
+ NS_NewNativeLocalFile(sysConfigDir, getter_AddRefs(file));
|
||||
+ NS_NewNativeLocalFile(sysConfigDir, false, getter_AddRefs(file));
|
||||
+ rv = EnsureDirectoryExists(file);
|
||||
} else {
|
||||
// We don't know anything about this property. Fail without warning, because
|
||||
// otherwise we'll get too much warning spam due to
|
||||
@@ -518,6 +530,16 @@ nsXREDirProvider::GetFiles(const char* a
|
||||
@@ -694,6 +706,16 @@ nsXREDirProvider::GetFiles(const char* a
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -82,9 +82,9 @@ diff -up firefox-140.0/toolkit/xre/nsXREDirProvider.cpp.mozilla-bmo1170092 firef
|
||||
rv = NS_NewArrayEnumerator(aResult, directories, NS_GET_IID(nsIFile));
|
||||
} else if (!strcmp(aProperty, NS_APP_CHROME_DIR_LIST)) {
|
||||
// NS_APP_CHROME_DIR_LIST is only used to get default (native) icons
|
||||
diff -up firefox-140.0/xpcom/io/nsAppDirectoryServiceDefs.h.mozilla-bmo1170092 firefox-140.0/xpcom/io/nsAppDirectoryServiceDefs.h
|
||||
--- firefox-140.0/xpcom/io/nsAppDirectoryServiceDefs.h.mozilla-bmo1170092 2025-06-02 15:27:01.000000000 +0200
|
||||
+++ firefox-140.0/xpcom/io/nsAppDirectoryServiceDefs.h 2025-06-04 13:24:00.346423861 +0200
|
||||
diff -up firefox-115.0.2/xpcom/io/nsAppDirectoryServiceDefs.h.1170092 firefox-115.0.2/xpcom/io/nsAppDirectoryServiceDefs.h
|
||||
--- firefox-115.0.2/xpcom/io/nsAppDirectoryServiceDefs.h.1170092 2023-07-10 21:09:13.000000000 +0200
|
||||
+++ firefox-115.0.2/xpcom/io/nsAppDirectoryServiceDefs.h 2023-07-17 10:33:23.444355156 +0200
|
||||
@@ -58,6 +58,7 @@
|
||||
#define NS_APP_PREFS_DEFAULTS_DIR_LIST "PrefDL"
|
||||
#define NS_APP_PREFS_OVERRIDE_DIR \
|
||||
|
||||
@ -1,28 +1,29 @@
|
||||
diff -up firefox-140.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen firefox-140.0/widget/gtk/nsWindow.cpp
|
||||
--- firefox-140.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen 2025-06-02 15:27:00.000000000 +0200
|
||||
+++ firefox-140.0/widget/gtk/nsWindow.cpp 2025-06-12 10:23:04.789578675 +0200
|
||||
@@ -196,7 +196,7 @@ constexpr gint kEvents =
|
||||
GDK_VISIBILITY_NOTIFY_MASK | GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK |
|
||||
GDK_BUTTON_PRESS_MASK | GDK_BUTTON_RELEASE_MASK | GDK_SMOOTH_SCROLL_MASK |
|
||||
GDK_TOUCH_MASK | GDK_SCROLL_MASK | GDK_POINTER_MOTION_MASK |
|
||||
- GDK_PROPERTY_CHANGE_MASK;
|
||||
+ GDK_PROPERTY_CHANGE_MASK | GDK_FOCUS_CHANGE_MASK;
|
||||
diff -up firefox-128.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen firefox-128.0/widget/gtk/nsWindow.cpp
|
||||
--- firefox-128.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen 2024-07-04 18:20:43.000000000 +0200
|
||||
+++ firefox-128.0/widget/gtk/nsWindow.cpp 2024-07-16 14:54:21.026716936 +0200
|
||||
@@ -174,7 +174,8 @@ const gint kEvents = GDK_TOUCHPAD_GESTUR
|
||||
GDK_ENTER_NOTIFY_MASK | GDK_LEAVE_NOTIFY_MASK |
|
||||
GDK_BUTTON_PRESS_MASK | GDK_BUTTON_RELEASE_MASK |
|
||||
GDK_SMOOTH_SCROLL_MASK | GDK_TOUCH_MASK | GDK_SCROLL_MASK |
|
||||
- GDK_POINTER_MOTION_MASK | GDK_PROPERTY_CHANGE_MASK;
|
||||
+ GDK_POINTER_MOTION_MASK | GDK_PROPERTY_CHANGE_MASK |
|
||||
+ GDK_FOCUS_CHANGE_MASK;
|
||||
|
||||
/* utility functions */
|
||||
static bool is_mouse_in_window(GdkWindow* aWindow, gdouble aMouseX,
|
||||
@@ -454,7 +454,8 @@ nsWindow::nsWindow()
|
||||
@@ -430,7 +431,8 @@ nsWindow::nsWindow()
|
||||
mResizedAfterMoveToRect(false),
|
||||
mConfiguredClearColor(false),
|
||||
mGotNonBlankPaint(false),
|
||||
- mNeedsToRetryCapturingMouse(false) {
|
||||
+ mNeedsToRetryCapturingMouse(false),
|
||||
+ mPendingFullscreen(false) {
|
||||
mWindowType = WindowType::Child;
|
||||
mSizeConstraints.mMaxSize = GetSafeWindowSize(mSizeConstraints.mMaxSize);
|
||||
|
||||
if (!gGlobalsInitialized) {
|
||||
@@ -5424,6 +5425,19 @@ void nsWindow::OnWindowStateEvent(GtkWid
|
||||
if (mSizeMode != oldSizeMode && mWidgetListener) {
|
||||
mWidgetListener->SizeModeChanged(mSizeMode);
|
||||
@@ -5374,6 +5376,19 @@ void nsWindow::OnWindowStateEvent(GtkWid
|
||||
ClearTransparencyBitmap();
|
||||
}
|
||||
}
|
||||
+
|
||||
+ // Hack to ensure window switched to fullscreen - avoid to fail when starting
|
||||
@ -40,7 +41,7 @@ diff -up firefox-140.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen firefo
|
||||
}
|
||||
|
||||
void nsWindow::OnDPIChanged() {
|
||||
@@ -7239,6 +7253,7 @@ nsresult nsWindow::MakeFullScreen(bool a
|
||||
@@ -7526,6 +7541,7 @@ nsresult nsWindow::MakeFullScreen(bool a
|
||||
|
||||
if (mKioskMonitor.isSome()) {
|
||||
KioskLockOnMonitor();
|
||||
@ -48,10 +49,10 @@ diff -up firefox-140.0/widget/gtk/nsWindow.cpp.mozilla-bmo1636168-fscreen firefo
|
||||
} else {
|
||||
gtk_window_fullscreen(GTK_WINDOW(mShell));
|
||||
}
|
||||
diff -up firefox-140.0/widget/gtk/nsWindow.h.mozilla-bmo1636168-fscreen firefox-140.0/widget/gtk/nsWindow.h
|
||||
--- firefox-140.0/widget/gtk/nsWindow.h.mozilla-bmo1636168-fscreen 2025-06-02 15:27:00.000000000 +0200
|
||||
+++ firefox-140.0/widget/gtk/nsWindow.h 2025-06-12 10:18:42.354025723 +0200
|
||||
@@ -786,6 +786,7 @@ class nsWindow final : public nsBaseWidg
|
||||
diff -up firefox-128.0/widget/gtk/nsWindow.h.mozilla-bmo1636168-fscreen firefox-128.0/widget/gtk/nsWindow.h
|
||||
--- firefox-128.0/widget/gtk/nsWindow.h.mozilla-bmo1636168-fscreen 2024-07-04 18:20:43.000000000 +0200
|
||||
+++ firefox-128.0/widget/gtk/nsWindow.h 2024-07-16 14:25:51.636952919 +0200
|
||||
@@ -758,6 +758,7 @@ class nsWindow final : public nsBaseWidg
|
||||
* move-to-rect callback we set mMovedAfterMoveToRect/mResizedAfterMoveToRect.
|
||||
*/
|
||||
bool mWaitingForMoveToRectCallback : 1;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
diff -up firefox-140.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 firefox-140.0/dom/media/mp4/MP4Demuxer.cpp
|
||||
--- firefox-140.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 2025-06-17 18:15:13.000000000 +0200
|
||||
+++ firefox-140.0/dom/media/mp4/MP4Demuxer.cpp 2025-06-18 10:17:47.394794429 +0200
|
||||
@@ -32,6 +32,8 @@ mozilla::LogModule* GetDemuxerLog() { re
|
||||
diff -up firefox-128.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 firefox-128.0/dom/media/mp4/MP4Demuxer.cpp
|
||||
--- firefox-128.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 2024-07-04 18:20:27.000000000 +0200
|
||||
+++ firefox-128.0/dom/media/mp4/MP4Demuxer.cpp 2024-07-16 13:49:10.475630426 +0200
|
||||
@@ -33,6 +33,8 @@ mozilla::LogModule* GetDemuxerLog() { re
|
||||
DDMOZ_LOG(gMediaDemuxerLog, mozilla::LogLevel::Debug, "::%s: " arg, \
|
||||
__func__, ##__VA_ARGS__)
|
||||
|
||||
@ -11,9 +11,9 @@ diff -up firefox-140.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 firefox-1
|
||||
|
||||
using TimeUnit = media::TimeUnit;
|
||||
@@ -419,6 +421,12 @@ already_AddRefed<MediaRawData> MP4TrackD
|
||||
[[fallthrough]];
|
||||
case H264::FrameType::OTHER: {
|
||||
bool keyframe = type == H264::FrameType::I_FRAME_OTHER ||
|
||||
type == H264::FrameType::I_FRAME_IDR;
|
||||
bool keyframe = type == H264::FrameType::I_FRAME;
|
||||
+ if (gUseKeyframeFromContainer) {
|
||||
+ if (sample->mKeyframe && sample->mKeyframe != keyframe) {
|
||||
+ sample->mKeyframe = keyframe;
|
||||
@ -23,10 +23,10 @@ diff -up firefox-140.0/dom/media/mp4/MP4Demuxer.cpp.mozilla-bmo1670333 firefox-1
|
||||
if (sample->mKeyframe != keyframe) {
|
||||
NS_WARNING(nsPrintfCString("Frame incorrectly marked as %skeyframe "
|
||||
"@ pts:%" PRId64 " dur:%" PRId64
|
||||
diff -up firefox-140.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 firefox-140.0/dom/media/platforms/PDMFactory.cpp
|
||||
--- firefox-140.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 2025-06-17 18:15:13.000000000 +0200
|
||||
+++ firefox-140.0/dom/media/platforms/PDMFactory.cpp 2025-06-18 10:10:29.209789856 +0200
|
||||
@@ -61,6 +61,8 @@
|
||||
diff -up firefox-128.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 firefox-128.0/dom/media/platforms/PDMFactory.cpp
|
||||
--- firefox-128.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 2024-07-04 18:20:26.000000000 +0200
|
||||
+++ firefox-128.0/dom/media/platforms/PDMFactory.cpp 2024-07-16 14:16:04.635809901 +0200
|
||||
@@ -62,6 +62,8 @@
|
||||
|
||||
#include <functional>
|
||||
|
||||
@ -35,7 +35,7 @@ diff -up firefox-140.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 fir
|
||||
using DecodeSupport = mozilla::media::DecodeSupport;
|
||||
using DecodeSupportSet = mozilla::media::DecodeSupportSet;
|
||||
using MediaCodec = mozilla::media::MediaCodec;
|
||||
@@ -573,7 +575,7 @@ void PDMFactory::CreateRddPDMs() {
|
||||
@@ -543,7 +545,7 @@ void PDMFactory::CreateRddPDMs() {
|
||||
#ifdef MOZ_FFMPEG
|
||||
if (StaticPrefs::media_ffmpeg_enabled() &&
|
||||
StaticPrefs::media_rdd_ffmpeg_enabled() &&
|
||||
@ -44,7 +44,7 @@ diff -up firefox-140.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 fir
|
||||
mFailureFlags += GetFailureFlagBasedOnFFmpegStatus(
|
||||
FFmpegRuntimeLinker::LinkStatusCode());
|
||||
}
|
||||
@@ -749,7 +751,7 @@ void PDMFactory::CreateDefaultPDMs() {
|
||||
@@ -719,7 +721,7 @@ void PDMFactory::CreateDefaultPDMs() {
|
||||
StartupPDM(AgnosticDecoderModule::Create(),
|
||||
StaticPrefs::media_prefer_non_ffvpx());
|
||||
|
||||
@ -53,10 +53,10 @@ diff -up firefox-140.0/dom/media/platforms/PDMFactory.cpp.mozilla-bmo1670333 fir
|
||||
!StartupPDM(GMPDecoderModule::Create(),
|
||||
StaticPrefs::media_gmp_decoder_preferred())) {
|
||||
mFailureFlags += DecoderDoctorDiagnostics::Flags::GMPPDMFailedToStartup;
|
||||
diff -up firefox-140.0/dom/media/platforms/PDMFactory.h.mozilla-bmo1670333 firefox-140.0/dom/media/platforms/PDMFactory.h
|
||||
--- firefox-140.0/dom/media/platforms/PDMFactory.h.mozilla-bmo1670333 2025-06-17 18:15:13.000000000 +0200
|
||||
+++ firefox-140.0/dom/media/platforms/PDMFactory.h 2025-06-18 10:10:29.210054963 +0200
|
||||
@@ -105,6 +105,7 @@ class PDMFactory final {
|
||||
diff -up firefox-128.0/dom/media/platforms/PDMFactory.h.mozilla-bmo1670333 firefox-128.0/dom/media/platforms/PDMFactory.h
|
||||
--- firefox-128.0/dom/media/platforms/PDMFactory.h.mozilla-bmo1670333 2024-07-04 18:20:26.000000000 +0200
|
||||
+++ firefox-128.0/dom/media/platforms/PDMFactory.h 2024-07-16 13:49:10.476630421 +0200
|
||||
@@ -98,6 +98,7 @@ class PDMFactory final {
|
||||
RefPtr<PlatformDecoderModule> mNullPDM;
|
||||
|
||||
DecoderDoctorDiagnostics::FlagsSet mFailureFlags;
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
diff -up firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-disable-av1 firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c
|
||||
--- firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-disable-av1 2025-07-14 19:14:53.000000000 +0200
|
||||
+++ firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c 2025-07-31 15:12:56.818469857 +0200
|
||||
@@ -769,8 +769,11 @@ extern const FFCodec ff_libaribb24_decod
|
||||
diff -up firefox-128.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-disable-av1 firefox-128.0/media/ffvpx/libavcodec/allcodecs.c
|
||||
--- firefox-128.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-disable-av1 2024-06-12 15:03:01.000000000 +0200
|
||||
+++ firefox-128.0/media/ffvpx/libavcodec/allcodecs.c 2024-06-13 11:44:10.637215674 +0200
|
||||
@@ -764,8 +764,11 @@ extern const FFCodec ff_libaribb24_decod
|
||||
extern const FFCodec ff_libcelt_decoder;
|
||||
extern const FFCodec ff_libcodec2_encoder;
|
||||
extern const FFCodec ff_libcodec2_decoder;
|
||||
@ -13,7 +13,7 @@ diff -up firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-d
|
||||
extern const FFCodec ff_libfdk_aac_encoder;
|
||||
extern const FFCodec ff_libfdk_aac_decoder;
|
||||
extern const FFCodec ff_libgsm_encoder;
|
||||
@@ -800,7 +803,6 @@ extern const FFCodec ff_libspeex_decoder
|
||||
@@ -793,7 +796,6 @@ extern const FFCodec ff_libspeex_decoder
|
||||
extern const FFCodec ff_libsvtav1_encoder;
|
||||
extern const FFCodec ff_libtheora_encoder;
|
||||
extern const FFCodec ff_libtwolame_encoder;
|
||||
@ -21,9 +21,9 @@ diff -up firefox-140.1.0/media/ffvpx/libavcodec/allcodecs.c.mozilla-bmo1789216-d
|
||||
extern const FFCodec ff_libvo_amrwbenc_encoder;
|
||||
extern const FFCodec ff_libvorbis_encoder;
|
||||
extern const FFCodec ff_libvorbis_decoder;
|
||||
diff -up firefox-140.1.0/media/ffvpx/libavcodec/codec_list.c.mozilla-bmo1789216-disable-av1 firefox-140.1.0/media/ffvpx/libavcodec/codec_list.c
|
||||
--- firefox-140.1.0/media/ffvpx/libavcodec/codec_list.c.mozilla-bmo1789216-disable-av1 2025-07-14 19:14:53.000000000 +0200
|
||||
+++ firefox-140.1.0/media/ffvpx/libavcodec/codec_list.c 2025-07-31 15:12:56.820214239 +0200
|
||||
diff -up firefox-128.0/media/ffvpx/libavcodec/codec_list.c.mozilla-bmo1789216-disable-av1 firefox-128.0/media/ffvpx/libavcodec/codec_list.c
|
||||
--- firefox-128.0/media/ffvpx/libavcodec/codec_list.c.mozilla-bmo1789216-disable-av1 2024-06-13 11:40:12.668924117 +0200
|
||||
+++ firefox-128.0/media/ffvpx/libavcodec/codec_list.c 2024-06-13 11:44:41.411253372 +0200
|
||||
@@ -11,12 +11,14 @@ static const FFCodec * const codec_list[
|
||||
#if CONFIG_MP3_DECODER
|
||||
&ff_mp3_decoder,
|
||||
@ -35,13 +35,13 @@ diff -up firefox-140.1.0/media/ffvpx/libavcodec/codec_list.c.mozilla-bmo1789216-
|
||||
#if CONFIG_AV1_DECODER
|
||||
&ff_av1_decoder,
|
||||
#endif
|
||||
+#endif
|
||||
+#endif
|
||||
#if CONFIG_LIBVORBIS_DECODER
|
||||
&ff_libvorbis_decoder,
|
||||
#endif
|
||||
diff -up firefox-140.1.0/media/ffvpx/libavcodec/moz.build.mozilla-bmo1789216-disable-av1 firefox-140.1.0/media/ffvpx/libavcodec/moz.build
|
||||
--- firefox-140.1.0/media/ffvpx/libavcodec/moz.build.mozilla-bmo1789216-disable-av1 2025-07-14 19:14:53.000000000 +0200
|
||||
+++ firefox-140.1.0/media/ffvpx/libavcodec/moz.build 2025-08-01 12:40:58.374987298 +0200
|
||||
diff -up firefox-128.0/media/ffvpx/libavcodec/moz.build.mozilla-bmo1789216-disable-av1 firefox-128.0/media/ffvpx/libavcodec/moz.build
|
||||
--- firefox-128.0/media/ffvpx/libavcodec/moz.build.mozilla-bmo1789216-disable-av1 2024-06-13 11:40:12.669924118 +0200
|
||||
+++ firefox-128.0/media/ffvpx/libavcodec/moz.build 2024-06-13 11:45:22.867304151 +0200
|
||||
@@ -94,7 +94,6 @@ if not CONFIG['MOZ_FFVPX_AUDIOONLY']:
|
||||
'imgconvert.c',
|
||||
'libaom.c',
|
||||
@ -50,25 +50,24 @@ diff -up firefox-140.1.0/media/ffvpx/libavcodec/moz.build.mozilla-bmo1789216-dis
|
||||
'libvpxdec.c',
|
||||
'libvpxenc.c',
|
||||
'mathtables.c',
|
||||
@@ -120,16 +119,15 @@ if not CONFIG['MOZ_FFVPX_AUDIOONLY']:
|
||||
@@ -119,10 +118,16 @@ if not CONFIG['MOZ_FFVPX_AUDIOONLY']:
|
||||
'vp9recon.c',
|
||||
'vpx_rac.c',
|
||||
]
|
||||
|
||||
- if CONFIG["MOZ_SYSTEM_AV1"]:
|
||||
- CFLAGS += CONFIG['MOZ_SYSTEM_LIBDAV1D_CFLAGS']
|
||||
- CFLAGS += CONFIG['MOZ_SYSTEM_LIBAOM_CFLAGS']
|
||||
- OS_LIBS += CONFIG['MOZ_SYSTEM_LIBDAV1D_LIBS']
|
||||
- OS_LIBS += CONFIG['MOZ_SYSTEM_LIBAOM_LIBS']
|
||||
- else:
|
||||
+ if CONFIG["MOZ_AV1"]:
|
||||
USE_LIBS += [
|
||||
'dav1d',
|
||||
'media_libdav1d_asm',
|
||||
]
|
||||
- USE_LIBS += [
|
||||
- 'dav1d',
|
||||
- 'media_libdav1d_asm',
|
||||
- ]
|
||||
+ if CONFIG['MOZ_AV1']:
|
||||
+ USE_LIBS += [
|
||||
+ 'dav1d',
|
||||
+ 'media_libdav1d_asm',
|
||||
+ ]
|
||||
+ SOURCES += [
|
||||
+ 'libdav1d.c',
|
||||
+ ]
|
||||
+
|
||||
|
||||
+
|
||||
if CONFIG["MOZ_WIDGET_TOOLKIT"] == "gtk":
|
||||
LOCAL_INCLUDES += ['/media/mozva']
|
||||
SOURCES += [
|
||||
|
||||
@ -17,12 +17,6 @@ rm -vf ./process-tarball-dir/*/mobile/android/android-components/components/brow
|
||||
rm -vf ./process-tarball-dir/*/mobile/android/android-components/components/feature/addons/src/main/res/values-ur/strings.xml
|
||||
rm -vf ./process-tarball-dir/*/third_party/webkit/PerformanceTests/Speedometer3/resources/editors/dist/assets/codemirror-521de7ab.js
|
||||
rm -vf ./process-tarball-dir/*/third_party/python/pip/pip-24.0.dist-info/AUTHORS.txt
|
||||
rm -vf ./process-tarball-dir/*/dom/locks/test/crashtests/1908240.js
|
||||
|
||||
# We uses system freetype2
|
||||
rm -vrf ./process-tarball-dir/*/modules/freetype2
|
||||
# We use system zlib
|
||||
rm -vrf ./process-tarball-dir/*/modules/zlib
|
||||
|
||||
processed_tarball=${1/source/processed-source}
|
||||
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
diff -up firefox-140.0/extensions/auth/nsAuthSambaNTLM.cpp.rhbz-1173156 firefox-140.0/extensions/auth/nsAuthSambaNTLM.cpp
|
||||
--- firefox-140.0/extensions/auth/nsAuthSambaNTLM.cpp.rhbz-1173156 2025-06-02 15:26:45.000000000 +0200
|
||||
+++ firefox-140.0/extensions/auth/nsAuthSambaNTLM.cpp 2025-06-12 11:02:37.183715940 +0200
|
||||
@@ -153,7 +153,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
|
||||
options.fds_to_remap.push_back(
|
||||
std::pair{fromChildPipeWrite.get(), STDOUT_FILENO});
|
||||
|
||||
- std::vector<std::string> argvVec{"ntlm_auth", "--helper-protocol",
|
||||
+ std::vector<std::string> argvVec{"/usr/bin/ntlm_auth", "--helper-protocol",
|
||||
"ntlmssp-client-1", "--use-cached-creds",
|
||||
"--username", username};
|
||||
diff -up firefox-60.5.0/extensions/auth/nsAuthSambaNTLM.cpp.rhbz-1173156 firefox-60.5.0/extensions/auth/nsAuthSambaNTLM.cpp
|
||||
--- firefox-60.5.0/extensions/auth/nsAuthSambaNTLM.cpp.rhbz-1173156 2019-01-22 10:36:09.284069020 +0100
|
||||
+++ firefox-60.5.0/extensions/auth/nsAuthSambaNTLM.cpp 2019-01-22 10:37:12.669757744 +0100
|
||||
@@ -161,7 +161,7 @@ nsresult nsAuthSambaNTLM::SpawnNTLMAuthH
|
||||
const char* username = PR_GetEnv("USER");
|
||||
if (!username) return NS_ERROR_FAILURE;
|
||||
|
||||
- const char* const args[] = {"ntlm_auth",
|
||||
+ const char* const args[] = {"/usr/bin/ntlm_auth",
|
||||
"--helper-protocol",
|
||||
"ntlmssp-client-1",
|
||||
"--use-cached-creds",
|
||||
|
||||
@ -1,43 +0,0 @@
|
||||
changeset: 781221:573380ae60a7
|
||||
tag: tip
|
||||
user: stransky <stransky@redhat.com>
|
||||
date: Mon Mar 24 10:13:50 2025 +0100
|
||||
files: dom/cache/CacheStorage.cpp dom/indexedDB/ActorsParent.cpp
|
||||
description:
|
||||
FIPS-youtube
|
||||
|
||||
|
||||
diff --git a/dom/cache/CacheStorage.cpp b/dom/cache/CacheStorage.cpp
|
||||
--- a/dom/cache/CacheStorage.cpp
|
||||
+++ b/dom/cache/CacheStorage.cpp
|
||||
@@ -38,6 +38,7 @@
|
||||
#include "nsURLParsers.h"
|
||||
#include "js/Object.h" // JS::GetClass
|
||||
#include "js/PropertyAndElement.h" // JS_DefineProperty
|
||||
+#include "pk11pub.h"
|
||||
|
||||
namespace mozilla::dom::cache {
|
||||
|
||||
@@ -581,7 +582,7 @@ bool CacheStorage::HasStorageAccess(UseC
|
||||
if (!principal->IsSystemPrincipal() &&
|
||||
principal->GetPrivateBrowsingId() !=
|
||||
nsIScriptSecurityManager::DEFAULT_PRIVATE_BROWSING_ID &&
|
||||
- !StaticPrefs::dom_cache_privateBrowsing_enabled()) {
|
||||
+ (!StaticPrefs::dom_cache_privateBrowsing_enabled() || PK11_IsFIPS())) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
diff --git a/dom/indexedDB/ActorsParent.cpp b/dom/indexedDB/ActorsParent.cpp
|
||||
--- a/dom/indexedDB/ActorsParent.cpp
|
||||
+++ b/dom/indexedDB/ActorsParent.cpp
|
||||
@@ -14791,7 +14791,8 @@ nsresult FactoryOp::Open() {
|
||||
mEnforcingQuota = mPersistenceType != PERSISTENCE_TYPE_PERSISTENT;
|
||||
|
||||
if (mOriginMetadata.mIsPrivate) {
|
||||
- if (StaticPrefs::dom_indexedDB_privateBrowsing_enabled()) {
|
||||
+ if (StaticPrefs::dom_indexedDB_privateBrowsing_enabled() &&
|
||||
+ !PK11_IsFIPS()) {
|
||||
// Explicitly disallow moz-extension urls from using the encrypted
|
||||
// indexedDB storage mode when the caller is an extension (see Bug
|
||||
// 1841806).
|
||||
|
||||
@ -1,12 +0,0 @@
|
||||
diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure
|
||||
--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100
|
||||
+++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100
|
||||
@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing
|
||||
def wasi_sysroot_flags(wasi_sysroot):
|
||||
if wasi_sysroot:
|
||||
log.info("Using wasi sysroot in %s", wasi_sysroot)
|
||||
- return ["--sysroot=%s" % wasi_sysroot]
|
||||
+ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "/home/jhorak/r/firefox/firefox-140.4.0-build/firefox-140.4.0/wasi-sdk-20/build/compiler-rt/lib/wasi/libclang_rt.builtins-wasm32.a"]
|
||||
return []
|
||||
|
||||
set_config("WASI_SYSROOT", wasi_sysroot)
|
||||
@ -1,12 +0,0 @@
|
||||
diff -up firefox-121.0.1/toolkit/moz.configure.wasi firefox-121.0.1/toolkit/moz.configure
|
||||
--- firefox-121.0.1/toolkit/moz.configure.wasi 2024-02-01 09:14:33.816548952 +0100
|
||||
+++ firefox-121.0.1/toolkit/moz.configure 2024-02-01 09:15:53.264684309 +0100
|
||||
@@ -2663,7 +2663,7 @@ with only_when(requires_wasm_sandboxing
|
||||
def wasi_sysroot_flags(wasi_sysroot):
|
||||
if wasi_sysroot:
|
||||
log.info("Using wasi sysroot in %s", wasi_sysroot)
|
||||
- return ["--sysroot=%s" % wasi_sysroot]
|
||||
+ return ["--sysroot=%s" % wasi_sysroot, "-nodefaultlibs", "-lc", "-lwasi-emulated-process-clocks", "-lc++", "-lc++abi", "$LIBCLANG_RT"]
|
||||
return []
|
||||
|
||||
set_config("WASI_SYSROOT", wasi_sysroot)
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
Loading…
Reference in New Issue
Block a user