diff -Nru firefox-esr-78.10.0esr+build1/browser/base/content/test/siteIdentity/browser.ini firefox-esr-78.10.1esr+build1/browser/base/content/test/siteIdentity/browser.ini --- firefox-esr-78.10.0esr+build1/browser/base/content/test/siteIdentity/browser.ini 2021-04-12 18:35:17.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/browser/base/content/test/siteIdentity/browser.ini 2021-05-04 12:40:29.000000000 +0000 @@ -50,6 +50,7 @@ dummy_iframe_page.html [browser_identity_UI.js] [browser_identityBlock_flicker.js] +skip-if = true # bug 1667456 made this permafail, but it's a regression we'll accept on ESR [browser_identityBlock_focus.js] support-files = ../permissions/permissions.html [browser_identityIcon_img_url.js] diff -Nru firefox-esr-78.10.0esr+build1/browser/config/version_display.txt firefox-esr-78.10.1esr+build1/browser/config/version_display.txt --- firefox-esr-78.10.0esr+build1/browser/config/version_display.txt 2021-04-12 18:35:18.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/browser/config/version_display.txt 2021-05-04 12:41:05.000000000 +0000 @@ -1 +1 @@ -78.10.0esr +78.10.1esr diff -Nru firefox-esr-78.10.0esr+build1/browser/config/version.txt firefox-esr-78.10.1esr+build1/browser/config/version.txt --- firefox-esr-78.10.0esr+build1/browser/config/version.txt 2021-04-12 18:35:18.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/browser/config/version.txt 2021-05-04 12:41:05.000000000 +0000 @@ -1 +1 @@ -78.10.0 +78.10.1 diff -Nru firefox-esr-78.10.0esr+build1/BUILDID firefox-esr-78.10.1esr+build1/BUILDID --- firefox-esr-78.10.0esr+build1/BUILDID 2021-04-12 18:41:58.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/BUILDID 2021-05-04 12:48:14.000000000 +0000 @@ -1 +1 @@ -20210412162915 \ No newline at end of file +20210503134251 \ No newline at end of file diff -Nru firefox-esr-78.10.0esr+build1/config/milestone.txt firefox-esr-78.10.1esr+build1/config/milestone.txt --- firefox-esr-78.10.0esr+build1/config/milestone.txt 2021-04-12 18:35:18.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/config/milestone.txt 2021-05-04 12:41:05.000000000 +0000 @@ -10,4 +10,4 @@ # hardcoded milestones in the tree from these two files. #-------------------------------------------------------- -78.10.0 +78.10.1 diff -Nru firefox-esr-78.10.0esr+build1/debian/changelog firefox-esr-78.10.1esr+build1/debian/changelog --- firefox-esr-78.10.0esr+build1/debian/changelog 2021-04-12 18:30:13.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/debian/changelog 2021-05-04 12:51:48.000000000 +0000 @@ -1,3 +1,9 @@ +firefox-esr (78.10.1esr+build1-0ubuntu0.20.04.1) focal; urgency=medium + + * New upstream stable release (FIREFOX_78_10_1esr_BUILD1) + + -- Rico Tzschichholz Tue, 04 May 2021 14:51:48 +0200 + firefox-esr (78.10.0esr+build1-0ubuntu0.20.04.1) focal; urgency=medium * New upstream stable release (FIREFOX_78_10_0esr_BUILD1) diff -Nru firefox-esr-78.10.0esr+build1/debian/usr.bin.firefox.apparmor.14.10 firefox-esr-78.10.1esr+build1/debian/usr.bin.firefox.apparmor.14.10 --- firefox-esr-78.10.0esr+build1/debian/usr.bin.firefox.apparmor.14.10 2020-12-08 06:20:24.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/debian/usr.bin.firefox.apparmor.14.10 2021-04-22 20:29:34.000000000 +0000 @@ -195,6 +195,23 @@ member=ListMountableInfo peer=(label=unconfined), + # Allow remote control when running on Wayland + dbus (send) + bus=session + path=/org/freedesktop/DBus + interface=org.freedesktop.DBus + member=RequestName + peer=(name=org.freedesktop.DBus), + dbus (bind) + bus=session + name=org.mozilla.firefox.*, + dbus (send, receive) + bus=session + path=/org/mozilla/firefox/Remote + interface=org.mozilla.firefox + member=OpenURL + peer=(label=firefox), + # gnome-session dbus (send) bus=session @@ -274,9 +291,9 @@ /usr/share/distro-info/*.csv r, /var/lib/dpkg/** r, - /usr/local/lib/python3.[0-8]/dist-packages/ r, + /usr/local/lib/python3.[0-9]/dist-packages/ r, /usr/bin/ r, - /usr/bin/python3.[0-8] mr, + /usr/bin/python3.[0-9] mr, # file_inherit deny /tmp/gtalkplugin.log w, diff -Nru firefox-esr-78.10.0esr+build1/dom/media/gmp/ChromiumCDMChild.cpp firefox-esr-78.10.1esr+build1/dom/media/gmp/ChromiumCDMChild.cpp --- firefox-esr-78.10.0esr+build1/dom/media/gmp/ChromiumCDMChild.cpp 2021-04-12 18:35:23.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/dom/media/gmp/ChromiumCDMChild.cpp 2021-05-04 12:40:32.000000000 +0000 @@ -328,6 +328,14 @@ nsCString(aSessionId, aSessionIdSize)); } +void ChromiumCDMChild::QueryOutputProtectionStatus() { + GMP_LOG_DEBUG("ChromiumCDMChild::QueryOutputProtectionStatus()"); + if (mCDM) { + mCDM->OnQueryOutputProtectionStatus(cdm::kQuerySucceeded, uint32_t{}, + uint32_t{}); + } +} + void ChromiumCDMChild::OnInitialized(bool aSuccess) { MOZ_ASSERT(!mInitPromise.IsEmpty(), "mInitPromise should exist during init callback!"); diff -Nru firefox-esr-78.10.0esr+build1/dom/media/gmp/ChromiumCDMChild.h firefox-esr-78.10.1esr+build1/dom/media/gmp/ChromiumCDMChild.h --- firefox-esr-78.10.0esr+build1/dom/media/gmp/ChromiumCDMChild.h 2021-04-12 18:35:22.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/dom/media/gmp/ChromiumCDMChild.h 2021-05-04 12:40:32.000000000 +0000 @@ -55,7 +55,7 @@ const char* aChallenge, uint32_t aChallengeSize) override {} void EnableOutputProtection(uint32_t aDesiredProtectionMask) override {} - void QueryOutputProtectionStatus() override {} + void QueryOutputProtectionStatus() override; void OnDeferredInitializationDone(cdm::StreamType aStreamType, cdm::Status aDecoderStatus) override {} void RequestStorageId(uint32_t aVersion) override; diff -Nru firefox-esr-78.10.0esr+build1/services/settings/dumps/blocklists/addons-bloomfilters.json firefox-esr-78.10.1esr+build1/services/settings/dumps/blocklists/addons-bloomfilters.json --- firefox-esr-78.10.0esr+build1/services/settings/dumps/blocklists/addons-bloomfilters.json 2021-04-12 18:35:46.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/services/settings/dumps/blocklists/addons-bloomfilters.json 2021-05-04 12:41:06.000000000 +0000 @@ -3,6 +3,73 @@ { "stash": { "blocked": [ + "{a4d1f000-6993-47ca-a58f-1d8d7936c1df}:1.2", + "{a4d1f000-6993-47ca-a58f-1d8d7936c1df}:1.1" + ], + "unblocked": [] + }, + "schema": 1618425472182, + "key_format": "{guid}:{version}", + "stash_time": 1618490109488, + "id": "d2de3787-a36b-437e-85e4-a9ad7e85f740", + "last_modified": 1618490265360 + }, + { + "stash": { + "blocked": [ + "{1108908d-c1e7-4ffd-9ae0-78bc6a640166}:0.2", + "ff-addon@printfriendly.com:1.2", + "{1108908d-c1e7-4ffd-9ae0-78bc6a640166}:0.2.1", + "{1108908d-c1e7-4ffd-9ae0-78bc6a640166}:0.1", + "ff-addon@printfriendly.com:1.3", + "ff-addon@printfriendly.com:1.1" + ], + "unblocked": [] + }, + "schema": 1618403873818, + "key_format": "{guid}:{version}", + "stash_time": 1618425309855, + "id": "86389e8b-2baf-47db-9e2c-e9c0dd41fea3", + "last_modified": 1618425472068 + }, + { + "stash": { + "blocked": [ + "{da4fa581-9d56-4bc4-a27d-5f31d65f0b20}:0.5rc2", + "{dbfd42dd-6800-42bb-92cb-0e0fb9cc590e}:0.5rc2", + "{f296f642-de9a-4fb5-8c7e-aef33442523a}:0.5rc2", + "{d22373d9-8d99-40b3-8d08-ee878684d33c}:0.5rc2", + "{2834f934-554e-4399-99c4-a0a420153b00}:0.5rc2", + "{8cc8be5b-2656-4a0a-80e2-cbd6e1dabaef}:0.5rc2", + "{9367b7cb-7489-492e-85d2-7b2304fbff26}:0.5rc2", + "{b16020e0-2e57-4188-ad5c-1aef887321f8}:1.7", + "{20db15d1-731b-4d8f-a797-21b2774acbbc}:0.5rc2", + "{266f742a-1330-488f-9a5b-1cd06135f15a}:0.5rc2", + "{a459cfc0-067e-4fa8-96da-4861fbe1dd37}:0.5rc2", + "{cd72213e-e512-4aa3-bea2-26cbd120d992}:0.5rc2", + "{a8c2ae40-15c5-42d4-a4d1-c1fa835f2dbe}:0.5rc2", + "{b2a8f26a-9bb4-44d7-9d5c-92e8903fd385}:0.5rc2", + "{ffbf6936-66c2-4cc3-a14d-4e8ddeabe6a2}:0.5rc2", + "{fc221384-569e-4824-886e-d7f049fa5aa7}:0.5rc2", + "{b08caa88-ce20-49af-81db-d4a10bf3d145}:0.5rc2", + "{f22bb0b3-2c14-46ce-908e-3e14300e4446}:0.5rc2", + "{97e352b0-3509-4c6c-9e8d-5faf21b69e31}:0.5rc2", + "{b16020e0-2e57-4188-ad5c-1aef887321f8}:1.9", + "{7d4a6085-aa9d-43ff-b822-2ea7580cf46c}:0.5rc2", + "{b16020e0-2e57-4188-ad5c-1aef887321f8}:1.8", + "{d4546359-c0c2-4a7b-b387-5601637aa5f0}:0.5rc2" + ], + "unblocked": [] + }, + "schema": 1618389758866, + "key_format": "{guid}:{version}", + "stash_time": 1618403710265, + "id": "e74bd159-6f4d-422e-ab80-49b766cd1fad", + "last_modified": 1618403873680 + }, + { + "stash": { + "blocked": [ "{d4c5ecc6-b0ad-4642-8a47-f67c0d1ae22f}:2.0.0", "{bd2c5f82-e5ff-4bb1-8fa5-dc834d32d232}:1.0.4", "{3d84edc3-5e40-4615-9847-d8dfdc9c2151}:2.0.0", diff -Nru firefox-esr-78.10.0esr+build1/services/settings/dumps/security-state/intermediates.json firefox-esr-78.10.1esr+build1/services/settings/dumps/security-state/intermediates.json --- firefox-esr-78.10.0esr+build1/services/settings/dumps/security-state/intermediates.json 2021-04-12 18:35:48.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/services/settings/dumps/security-state/intermediates.json 2021-05-04 12:41:06.000000000 +0000 @@ -1,6 +1,240 @@ { "data": [ { + "schema": 1618473444924, + "derHash": "QhZScWOtLKqCXTv0j2GnZh0KvIm1irdrI6HhCZnwdp8=", + "subject": "CN=SHECA EV Server CA G2,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRVYgU2VydmVyIENBIEcy", + "whitelist": false, + "attachment": { + "hash": "fd9b635f3000431dd27c22b7ea2f2d637beacb75ccb76da39b98eda1c4871977", + "size": 2003, + "filename": "bUpcnmc4JpksMlGlIr1WSxLb8xQLir7IBpzPm_ONH8I=.pem", + "location": "security-state-staging/intermediates/e8b1027d-2d4b-46c5-bf92-00250d797fd2.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "bUpcnmc4JpksMlGlIr1WSxLb8xQLir7IBpzPm/ONH8I=", + "crlite_enrolled": false, + "id": "77c60b21-a651-4020-938a-b1b748bb507c", + "last_modified": 1618477060743 + }, + { + "schema": 1618473446599, + "derHash": "0WuprLdP7kqoCH7kguhuf29fVfrFAlY5cwdT/h5wXjw=", + "subject": "CN=TrustAsia RSA OV TLS CA - S1,O=TrustAsia Technologies\\, Inc.,C=CN", + "subjectDN": "MFsxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSUwIwYDVQQDDBxUcnVzdEFzaWEgUlNBIE9WIFRMUyBDQSAtIFMx", + "whitelist": false, + "attachment": { + "hash": "3478555efe90114245336918b07ce2fd5642c151b04ae871aa5b719513eff08c", + "size": 2044, + "filename": "3sdsoSIuRvtjF8OsOc4xIdevOWOclELQuaEQ85MqCYY=.pem", + "location": "security-state-staging/intermediates/75274961-d604-4b68-aa51-f26cb649f620.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "3sdsoSIuRvtjF8OsOc4xIdevOWOclELQuaEQ85MqCYY=", + "crlite_enrolled": false, + "id": "ec8b75a0-6ab3-4e4d-bdbb-0e95a229b12b", + "last_modified": 1618477060732 + }, + { + "schema": 1618473448083, + "derHash": "B0rdfx5z6xEOyOK3ipLFHPWkURNbb33vwBnunXS/pNY=", + "subject": "CN=TrustAsia RSA DV TLS CA - S1,O=TrustAsia Technologies\\, Inc.,C=CN", + "subjectDN": "MFsxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSUwIwYDVQQDDBxUcnVzdEFzaWEgUlNBIERWIFRMUyBDQSAtIFMx", + "whitelist": false, + "attachment": { + "hash": "e3e6be32df35be180b103881b25f39b0efcaad3bc88d3ff492084a8e2c77b85a", + "size": 2044, + "filename": "UnhoHanj6MYk29pqvTEkZnAW1vQGrFENyVWfwU-5cE8=.pem", + "location": "security-state-staging/intermediates/77625d05-cbf0-41a3-9a54-8400ecb3900b.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "UnhoHanj6MYk29pqvTEkZnAW1vQGrFENyVWfwU+5cE8=", + "crlite_enrolled": false, + "id": "28310da3-7143-4f1c-823f-c545ecead878", + "last_modified": 1618477060720 + }, + { + "schema": 1618473449550, + "derHash": "irOgrPKJ5u91S+RJI2hD1n9FwZG93WZIS4Xm5gVWqa8=", + "subject": "CN=SHECA OV Server CA G5,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgT1YgU2VydmVyIENBIEc1", + "whitelist": false, + "attachment": { + "hash": "f80efdafc27d6bb8367919d6877b83658178c312d7ff4c7951be66667c2a033e", + "size": 2008, + "filename": "Ml9jtIo6CaZwLt7q6tlW9x4oQNlrHC-AQOHP17SXtCk=.pem", + "location": "security-state-staging/intermediates/ecb85ef3-60a6-486c-a07a-96efc94a8698.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "Ml9jtIo6CaZwLt7q6tlW9x4oQNlrHC+AQOHP17SXtCk=", + "crlite_enrolled": false, + "id": "317681eb-a6d1-4ecd-bf18-a7af01dde81d", + "last_modified": 1618477060709 + }, + { + "schema": 1618473451032, + "derHash": "d4xRba7HAO5Ys1geQR5cDdR4ZjpRY6KYlTQVB9bpZN0=", + "subject": "CN=SHECA DV Server CA G5,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRFYgU2VydmVyIENBIEc1", + "whitelist": false, + "attachment": { + "hash": "4153674bf85308618da92043981bdd2d2f7ca5a4ed109d39c822cdd2408d1775", + "size": 2008, + "filename": "LSv8B00n0rDwNaioIz0qIgnC9J7YkSK9NS35qVjVZK4=.pem", + "location": "security-state-staging/intermediates/9e707aa9-a13b-417d-ac93-377ab92b3136.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "LSv8B00n0rDwNaioIz0qIgnC9J7YkSK9NS35qVjVZK4=", + "crlite_enrolled": false, + "id": "3884a378-6d9c-42ab-a578-6a20d7e609a8", + "last_modified": 1618477060698 + }, + { + "schema": 1618473452548, + "derHash": "fvP4lFbOY2VXsgxd+zf5jCU6C2YNLp5eeEXK+cA4x8E=", + "subject": "CN=SHECA EV Server CA G3,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRVYgU2VydmVyIENBIEcz", + "whitelist": false, + "attachment": { + "hash": "b11897cb46ef64d1a0bce0acb7e1da9d5d9319cb8cb0a1441d46af6510bd2188", + "size": 2003, + "filename": "a_eZydK7TPcC6VQUFv_ek8Goclpip8HIQF3iyBC1v9Y=.pem", + "location": "security-state-staging/intermediates/60506d56-954a-4d3c-8106-85456bee44ae.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "a/eZydK7TPcC6VQUFv/ek8Goclpip8HIQF3iyBC1v9Y=", + "crlite_enrolled": false, + "id": "eba42c33-9846-4b6d-974a-03a9a838ed0b", + "last_modified": 1618477060686 + }, + { + "schema": 1618476575598, + "derHash": "irOgrPKJ5u91S+RJI2hD1n9FwZG93WZIS4Xm5gVWqa8=", + "subject": "CN=SHECA OV Server CA G5,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgT1YgU2VydmVyIENBIEc1", + "whitelist": false, + "attachment": { + "hash": "f80efdafc27d6bb8367919d6877b83658178c312d7ff4c7951be66667c2a033e", + "size": 2008, + "filename": "Ml9jtIo6CaZwLt7q6tlW9x4oQNlrHC-AQOHP17SXtCk=.pem", + "location": "security-state-staging/intermediates/9bd0ec19-9f61-45d1-a9f4-651e6aa64389.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "Ml9jtIo6CaZwLt7q6tlW9x4oQNlrHC+AQOHP17SXtCk=", + "crlite_enrolled": false, + "id": "61ad8f77-7825-42e3-a828-72ff88095f6e", + "last_modified": 1618477060675 + }, + { + "schema": 1618476577195, + "derHash": "QhZScWOtLKqCXTv0j2GnZh0KvIm1irdrI6HhCZnwdp8=", + "subject": "CN=SHECA EV Server CA G2,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRVYgU2VydmVyIENBIEcy", + "whitelist": false, + "attachment": { + "hash": "fd9b635f3000431dd27c22b7ea2f2d637beacb75ccb76da39b98eda1c4871977", + "size": 2003, + "filename": "bUpcnmc4JpksMlGlIr1WSxLb8xQLir7IBpzPm_ONH8I=.pem", + "location": "security-state-staging/intermediates/6931f930-fdce-4e17-b7b4-d70bde3a993e.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "bUpcnmc4JpksMlGlIr1WSxLb8xQLir7IBpzPm/ONH8I=", + "crlite_enrolled": false, + "id": "2e90612f-ab97-4bc1-bd91-fad5cccdc563", + "last_modified": 1618477060664 + }, + { + "schema": 1618476578780, + "derHash": "B0rdfx5z6xEOyOK3ipLFHPWkURNbb33vwBnunXS/pNY=", + "subject": "CN=TrustAsia RSA DV TLS CA - S1,O=TrustAsia Technologies\\, Inc.,C=CN", + "subjectDN": "MFsxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSUwIwYDVQQDDBxUcnVzdEFzaWEgUlNBIERWIFRMUyBDQSAtIFMx", + "whitelist": false, + "attachment": { + "hash": "e3e6be32df35be180b103881b25f39b0efcaad3bc88d3ff492084a8e2c77b85a", + "size": 2044, + "filename": "UnhoHanj6MYk29pqvTEkZnAW1vQGrFENyVWfwU-5cE8=.pem", + "location": "security-state-staging/intermediates/37f7d2de-08d5-4779-82aa-7a2c73ea2a44.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "UnhoHanj6MYk29pqvTEkZnAW1vQGrFENyVWfwU+5cE8=", + "crlite_enrolled": false, + "id": "93e886dd-f297-4f1d-9bb2-163606f1a475", + "last_modified": 1618477060652 + }, + { + "schema": 1618476580401, + "derHash": "d4xRba7HAO5Ys1geQR5cDdR4ZjpRY6KYlTQVB9bpZN0=", + "subject": "CN=SHECA DV Server CA G5,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRFYgU2VydmVyIENBIEc1", + "whitelist": false, + "attachment": { + "hash": "4153674bf85308618da92043981bdd2d2f7ca5a4ed109d39c822cdd2408d1775", + "size": 2008, + "filename": "LSv8B00n0rDwNaioIz0qIgnC9J7YkSK9NS35qVjVZK4=.pem", + "location": "security-state-staging/intermediates/616b8c10-5e1d-4a6f-9d4b-0e50a8fd9dc5.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "LSv8B00n0rDwNaioIz0qIgnC9J7YkSK9NS35qVjVZK4=", + "crlite_enrolled": false, + "id": "0b34f843-08b5-4719-befd-242cfb5b537c", + "last_modified": 1618477060641 + }, + { + "schema": 1618476581969, + "derHash": "fvP4lFbOY2VXsgxd+zf5jCU6C2YNLp5eeEXK+cA4x8E=", + "subject": "CN=SHECA EV Server CA G3,O=UniTrust,C=CN", + "subjectDN": "MEAxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDEeMBwGA1UEAwwVU0hFQ0EgRVYgU2VydmVyIENBIEcz", + "whitelist": false, + "attachment": { + "hash": "b11897cb46ef64d1a0bce0acb7e1da9d5d9319cb8cb0a1441d46af6510bd2188", + "size": 2003, + "filename": "a_eZydK7TPcC6VQUFv_ek8Goclpip8HIQF3iyBC1v9Y=.pem", + "location": "security-state-staging/intermediates/0f5dca79-77d5-4e57-9ded-eb0296cc5f08.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "a/eZydK7TPcC6VQUFv/ek8Goclpip8HIQF3iyBC1v9Y=", + "crlite_enrolled": false, + "id": "b330c03a-11b2-494d-b82b-82107b92d393", + "last_modified": 1618477060630 + }, + { + "schema": 1618476583662, + "derHash": "0WuprLdP7kqoCH7kguhuf29fVfrFAlY5cwdT/h5wXjw=", + "subject": "CN=TrustAsia RSA OV TLS CA - S1,O=TrustAsia Technologies\\, Inc.,C=CN", + "subjectDN": "MFsxCzAJBgNVBAYTAkNOMSUwIwYDVQQKDBxUcnVzdEFzaWEgVGVjaG5vbG9naWVzLCBJbmMuMSUwIwYDVQQDDBxUcnVzdEFzaWEgUlNBIE9WIFRMUyBDQSAtIFMx", + "whitelist": false, + "attachment": { + "hash": "3478555efe90114245336918b07ce2fd5642c151b04ae871aa5b719513eff08c", + "size": 2044, + "filename": "3sdsoSIuRvtjF8OsOc4xIdevOWOclELQuaEQ85MqCYY=.pem", + "location": "security-state-staging/intermediates/6530bafe-f40a-4817-8f16-70306aae702f.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "3sdsoSIuRvtjF8OsOc4xIdevOWOclELQuaEQ85MqCYY=", + "crlite_enrolled": false, + "id": "3ba78d8f-25a7-41b2-9f78-ff4b4d33410b", + "last_modified": 1618477060618 + }, + { + "schema": 1618412253966, + "derHash": "Jv1MQ2fkY9OccXlq5AEOUzgNyTvBMvsBnWcYpoc+gfQ=", + "subject": "CN=SHECA RSA Organization Validation Server CA G3,O=UniTrust,C=CN", + "subjectDN": "MFkxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDE3MDUGA1UEAwwuU0hFQ0EgUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlcnZlciBDQSBHMw==", + "whitelist": false, + "attachment": { + "hash": "a02a5c8205e62c2ef5dc42345a1585558c86f166ed9875d861601a465bcc4651", + "size": 2016, + "filename": "0JA1q1ctk_4J8qS0t-GhJaG5egVDq9SB33oMY7SMpfs=.pem", + "location": "security-state-staging/intermediates/caec957d-379a-4c23-bf42-3bd122e7cf33.pem", + "mimetype": "application/x-pem-file" + }, + "pubKeyHash": "0JA1q1ctk/4J8qS0t+GhJaG5egVDq9SB33oMY7SMpfs=", + "crlite_enrolled": true, + "id": "10ec0271-99d5-4c06-a20d-1c03ccf7d780", + "last_modified": 1618451863956 + }, + { "schema": 1618102649607, "derHash": "fjI2jiSizEjT0p6IOyYOQM7aIq+XGJx4/FuShITpoBA=", "subject": "CN=COMODO ECC Domain Validation Secure Server CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB", @@ -451,24 +685,6 @@ "last_modified": 1618102648145 }, { - "schema": 1617181042117, - "derHash": "Jv1MQ2fkY9OccXlq5AEOUzgNyTvBMvsBnWcYpoc+gfQ=", - "subject": "CN=SHECA RSA Organization Validation Server CA G3,O=UniTrust,C=CN", - "subjectDN": "MFkxCzAJBgNVBAYTAkNOMREwDwYDVQQKDAhVbmlUcnVzdDE3MDUGA1UEAwwuU0hFQ0EgUlNBIE9yZ2FuaXphdGlvbiBWYWxpZGF0aW9uIFNlcnZlciBDQSBHMw==", - "whitelist": false, - "attachment": { - "hash": "a02a5c8205e62c2ef5dc42345a1585558c86f166ed9875d861601a465bcc4651", - "size": 2016, - "filename": "0JA1q1ctk_4J8qS0t-GhJaG5egVDq9SB33oMY7SMpfs=.pem", - "location": "security-state-staging/intermediates/caec957d-379a-4c23-bf42-3bd122e7cf33.pem", - "mimetype": "application/x-pem-file" - }, - "pubKeyHash": "0JA1q1ctk/4J8qS0t+GhJaG5egVDq9SB33oMY7SMpfs=", - "crlite_enrolled": true, - "id": "10ec0271-99d5-4c06-a20d-1c03ccf7d780", - "last_modified": 1617202637121 - }, - { "schema": 1617155855951, "derHash": "ntHt6pWqW3K1E6PkGhug0u+xTOyIiR400ASVyVVWYFw=", "subject": "CN=CrowdStrike Global EV CA G2,O=CrowdStrike\\, Inc.,C=US", diff -Nru firefox-esr-78.10.0esr+build1/SOURCE_CHANGESET firefox-esr-78.10.1esr+build1/SOURCE_CHANGESET --- firefox-esr-78.10.0esr+build1/SOURCE_CHANGESET 2021-04-12 18:36:11.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/SOURCE_CHANGESET 2021-05-04 12:41:06.000000000 +0000 @@ -1 +1 @@ -0dac34b853c6879d421456128afa3c4a5a4e86ff \ No newline at end of file +f685975ba5576001483e5521e06d5a0ccf9b5f54 \ No newline at end of file diff -Nru firefox-esr-78.10.0esr+build1/toolkit/components/maintenanceservice/serviceinstall.cpp firefox-esr-78.10.1esr+build1/toolkit/components/maintenanceservice/serviceinstall.cpp --- firefox-esr-78.10.0esr+build1/toolkit/components/maintenanceservice/serviceinstall.cpp 2021-04-12 18:36:04.000000000 +0000 +++ firefox-esr-78.10.1esr+build1/toolkit/components/maintenanceservice/serviceinstall.cpp 2021-05-04 12:41:01.000000000 +0000 @@ -678,46 +678,53 @@ return GetLastError(); } - PSID sid; + PSID sidBuiltinUsers; DWORD SIDSize = SECURITY_MAX_SID_SIZE; - sid = LocalAlloc(LMEM_FIXED, SIDSize); - if (!sid) { + sidBuiltinUsers = LocalAlloc(LMEM_FIXED, SIDSize); + if (!sidBuiltinUsers) { LOG_WARN(("Could not allocate SID memory. (%d)", GetLastError())); return GetLastError(); } + UniqueSidPtr uniqueSidBuiltinUsers(sidBuiltinUsers); - if (!CreateWellKnownSid(WinBuiltinUsersSid, nullptr, sid, &SIDSize)) { + if (!CreateWellKnownSid(WinBuiltinUsersSid, nullptr, sidBuiltinUsers, + &SIDSize)) { DWORD lastError = GetLastError(); - LOG_WARN(("Could not create well known SID. (%d)", lastError)); - LocalFree(sid); + LOG_WARN(("Could not create BI\\Users SID. (%d)", lastError)); return lastError; } - // Lookup the account name, the function fails if you don't pass in - // a buffer for the domain name but it's not used since we're using - // the built in account Sid. - SID_NAME_USE accountType; - WCHAR accountName[UNLEN + 1] = {L'\0'}; - WCHAR domainName[DNLEN + 1] = {L'\0'}; - DWORD accountNameSize = UNLEN + 1; - DWORD domainNameSize = DNLEN + 1; - if (!LookupAccountSidW(nullptr, sid, accountName, &accountNameSize, - domainName, &domainNameSize, &accountType)) { - LOG_WARN(("Could not lookup account Sid, will try Users. (%d)", - GetLastError())); - wcsncpy(accountName, L"Users", UNLEN); + PSID sidInteractive; + SIDSize = SECURITY_MAX_SID_SIZE; + sidInteractive = LocalAlloc(LMEM_FIXED, SIDSize); + if (!sidInteractive) { + LOG_WARN(("Could not allocate SID memory. (%d)", GetLastError())); + return GetLastError(); } + UniqueSidPtr uniqueSidInteractive(sidInteractive); + + if (!CreateWellKnownSid(WinInteractiveSid, nullptr, sidInteractive, + &SIDSize)) { + DWORD lastError = GetLastError(); + LOG_WARN(("Could not create Interactive SID. (%d)", lastError)); + return lastError; + } + + const size_t eaCount = 2; + EXPLICIT_ACCESS ea[eaCount]; + ZeroMemory(ea, sizeof(ea)); + ea[0].grfAccessMode = REVOKE_ACCESS; + ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP; + ea[0].Trustee.ptstrName = static_cast(sidBuiltinUsers); + ea[1].grfAccessPermissions = SERVICE_START | SERVICE_STOP | GENERIC_READ; + ea[1].grfAccessMode = SET_ACCESS; + ea[1].grfInheritance = NO_INHERITANCE; + ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID; + ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP; + ea[1].Trustee.ptstrName = static_cast(sidInteractive); - // We already have the group name so we can get rid of the SID - FreeSid(sid); - sid = nullptr; - - // Build the ACE, BuildExplicitAccessWithName cannot fail so it is not logged. - EXPLICIT_ACCESS ea; - BuildExplicitAccessWithNameW(&ea, accountName, - SERVICE_START | SERVICE_STOP | GENERIC_READ, - SET_ACCESS, NO_INHERITANCE); - DWORD lastError = SetEntriesInAclW(1, (PEXPLICIT_ACCESS)&ea, pacl, &pNewAcl); + DWORD lastError = SetEntriesInAclW(eaCount, ea, pacl, &pNewAcl); if (ERROR_SUCCESS != lastError) { LOG_WARN(("Could not set entries in ACL. (%d)", lastError)); return lastError;