CMXSL.org/trisquel-icecat
2
0
Fork 0
Code Issues Pull requests Projects Releases 11 Packages Wiki Activity Actions

icecat: add release icecat-140.9.0-1gnu1 for ecne

Browse source
This commit is contained in:
Ark74 2026-03-28 14:10:24 -06:00
parent 8eb1f1732f
commit a5f93cb214
1197 changed files with 30593 additions and 15344 deletions
Download patch file Download diff file Expand all files Collapse all files

10
icecat/security/ct/CTKnownLogs.h
View file

@ -14,7 +14,7 @@
#include <stddef.h>
static const PRTime kCTExpirationTime = INT64_C(1777287252000000);
static const PRTime kCTExpirationTime = INT64_C(1779695596000000);
namespace mozilla::ct {
@ -327,8 +327,8 @@ const CTLogInfo kCTLogList[] = {
"\xa3\x4f\x6b\xa3\x37\xdd\xaa\x18\xde\x8a\x12\x25\xdb\x9c\xbd\x03\x72\x61"
"\xc9",
91},
{"Let's Encrypt 'Oak2026h1'", CTLogState::Admissible, CTLogFormat::RFC6962,
1765578600000, // 2025-12-12T22:30:00Z
{"Let's Encrypt 'Oak2026h1'", CTLogState::Retired, CTLogFormat::RFC6962,
1772236800000, // 2026-02-28T00:00:00Z
4, // operated by Let's Encrypt
"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
"\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x99\xd4\x61\x70\x22\xfa\x77\x93\x0d"
@ -337,8 +337,8 @@ const CTLogInfo kCTLogList[] = {
"\x48\x90\x23\x40\xde\x7a\x4d\x89\x32\xfb\xd7\x0a\xeb\x5e\x8c\xa2\xf1\xf6"
"\x49",
91},
{"Let's Encrypt 'Oak2026h2'", CTLogState::Admissible, CTLogFormat::RFC6962,
1765578600000, // 2025-12-12T22:30:00Z
{"Let's Encrypt 'Oak2026h2'", CTLogState::Retired, CTLogFormat::RFC6962,
1772236800000, // 2026-02-28T00:00:00Z
4, // operated by Let's Encrypt
"\x30\x59\x30\x13\x06\x07\x2a\x86\x48\xce\x3d\x02\x01\x06\x08\x2a\x86\x48"
"\xce\x3d\x03\x01\x07\x03\x42\x00\x04\x6a\x70\x9d\xb3\x96\xe3\xec\x85\x36"

2
icecat/security/manager/ssl/StaticHPKPins.h
View file

@ -726,4 +726,4 @@ static const TransportSecurityPreload kPublicKeyPinningPreloadList[] = {
static const int32_t kUnknownId = -1;
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1779706430495000);
static const PRTime kPreloadPKPinsExpirationTime = INT64_C(1782114773318000);

3957
icecat/security/manager/ssl/nsSTSPreloadList.inc
View file

File diff suppressed because it is too large Load diff

20
icecat/security/manager/tools/log_list.json
View file

@ -1,6 +1,6 @@
{
"version": "84.3",
"log_list_timestamp": "2026-02-15T12:53:28Z",
"version": "85.16",
"log_list_timestamp": "2026-03-15T13:34:00Z",
"operators": [
{
"name": "Google",
@ -515,12 +515,8 @@
"url": "https://oak.ct.letsencrypt.org/2026h1/",
"mmd": 86400,
"state": {
"readonly": {
"timestamp": "2025-12-12T22:30:00Z",
"final_tree_head": {
"sha256_root_hash": "deSRNfTNPgd9wfzoXIznvi+QUTxuK0R+daC6JGKGK3Q=",
"tree_size": 598614696
}
"retired": {
"timestamp": "2026-02-28T00:00:00Z"
}
},
"temporal_interval": {
@ -535,12 +531,8 @@
"url": "https://oak.ct.letsencrypt.org/2026h2/",
"mmd": 86400,
"state": {
"readonly": {
"timestamp": "2025-12-12T22:30:00Z",
"final_tree_head": {
"sha256_root_hash": "uTgg1k3DUbSFFdXewyyxbsQuCc9RupplMphTwtXqvf4=",
"tree_size": 130815692
}
"retired": {
"timestamp": "2026-02-28T00:00:00Z"
}
},
"temporal_interval": {

56
icecat/security/sandbox/win/src/sandboxbroker/sandboxBroker.cpp
View file

@ -400,34 +400,34 @@ static void AddLLVMProfilePathDirectoryToPolicy(
#undef WSTRING
static void EnsureAppLockerAccess(sandbox::TargetPolicy* aPolicy) {
if (aPolicy->GetLockdownTokenLevel() < sandbox::USER_LIMITED) {
// The following rules are to allow DLLs to be loaded when the token level
// blocks access to AppLocker. If the sandbox does not allow access to the
// DLL or the AppLocker rules specifically block it, then it will not load.
auto result = aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
L"\\Device\\SrpDevice");
if (sandbox::SBOX_ALL_OK != result) {
NS_ERROR("Failed to add rule for SrpDevice.");
LOG_E("Failed (ResultCode %d) to add read access to SrpDevice", result);
}
result = aPolicy->AddRule(
sandbox::TargetPolicy::SUBSYS_REGISTRY,
sandbox::TargetPolicy::REG_ALLOW_READONLY,
L"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\GP\\");
if (sandbox::SBOX_ALL_OK != result) {
NS_ERROR("Failed to add rule for Srp\\GP.");
LOG_E("Failed (ResultCode %d) to add read access to Srp\\GP", result);
}
// On certain Windows versions there is a double slash before GP.
result = aPolicy->AddRule(
sandbox::TargetPolicy::SUBSYS_REGISTRY,
sandbox::TargetPolicy::REG_ALLOW_READONLY,
L"HKEY_LOCAL_MACHINE\\System\\CurrentControlSet\\Control\\Srp\\\\GP\\");
if (sandbox::SBOX_ALL_OK != result) {
NS_ERROR("Failed to add rule for Srp\\\\GP.");
LOG_E("Failed (ResultCode %d) to add read access to Srp\\\\GP", result);
}
// At USER_LIMITED and above AppLocker is not blocked.
if (aPolicy->GetLockdownTokenLevel() >= sandbox::USER_LIMITED) {
return;
}
// The ntdll check SaferpIsV2PolicyPresent reads from this key.
auto result = aPolicy->AddRule(
sandbox::TargetPolicy::SUBSYS_REGISTRY,
sandbox::TargetPolicy::REG_ALLOW_READONLY,
LR"(HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Srp\GP\)");
if (sandbox::SBOX_ALL_OK != result) {
NS_ERROR(R"(Failed to add rule for Srp\GP.)");
LOG_E(R"(Failed (ResultCode %d) to add read access to Srp\GP)", result);
}
// When AppLocker is deployed via Mobile Device Management, without this
// rule SaferpIsV2PolicyPresent silently fails to detect AppLocker, causing
// the AppLocker check to be bypassed entirely.
AddCachedWindowsDirRule(aPolicy, sandbox::TargetPolicy::FILES_ALLOW_READONLY,
FOLDERID_System, uR"(\AppLocker\MDM)"_ns);
// Read access to this device is required to make the AppLocker ioctl call.
result = aPolicy->AddRule(sandbox::TargetPolicy::SUBSYS_FILES,
sandbox::TargetPolicy::FILES_ALLOW_READONLY,
LR"(\Device\SrpDevice)");
if (sandbox::SBOX_ALL_OK != result) {
NS_ERROR("Failed to add rule for SrpDevice.");
LOG_E("Failed (ResultCode %d) to add read access to SrpDevice", result);
}
}